From 306e3dc919211f1b24b6261f767e2436a98ab818 Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Thu, 2 Nov 2023 10:44:46 +0100 Subject: [PATCH] x86/PVH: deny Dom0 access to the ISA DMA controller MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Unlike PV, a PVH Dom0 has no sensible way of driving the address and page registers correctly, as it would need to translate guest physical addresses to host ones. Rather than allowing data corruption to occur from e.g. the use of a legacy floppy drive, disallow access altogether. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/dom0_build.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index c31afc734f..640e666685 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -505,6 +505,13 @@ int __init dom0_setup_permissions(struct domain *d) #ifdef CONFIG_HVM if ( is_hvm_domain(d) ) { + /* ISA DMA controller, channels 0-3 (incl possible aliases). */ + rc |= ioports_deny_access(d, 0x00, 0x1F); + /* ISA DMA controller, page registers (incl various reserved ones). */ + rc |= ioports_deny_access(d, 0x80 + !!hvm_port80_allowed, 0x8F); + /* ISA DMA controller, channels 4-7 (incl usual aliases). */ + rc |= ioports_deny_access(d, 0xC0, 0xDF); + /* HVM debug console IO port. */ rc |= ioports_deny_access(d, XEN_HVM_DEBUGCONS_IOPORT, XEN_HVM_DEBUGCONS_IOPORT); -- 2.39.5