From 041a7dec98aa34e9a6e78e3afb5533384f3d3872 Mon Sep 17 00:00:00 2001 From: "Liu,Junming" Date: Sat, 28 Aug 2021 13:14:09 +0000 Subject: [PATCH] hv: refine the VMCS io bitmap handling when pass-thru PIO bar In current design, when pass-thru dev, for the PIO bar, need to ensure the guest PIO start address equals to host PIO start address. Then set the VMCS io bitmap to pass-thru the corresponding port io to guest for performance. But malicious guest may reprogram the PIO bar, then hv will pass-thru the reprogramed PIO address to guest. This isn't safe behavior. Here only pass-thru the host physical device PIO to guest. If guest regrogram the PIO bar, just update the virtual bar only. Currently, we don't support PIO bar reprogramming, if guest reprogram the PIO bar, guest should take responsibility itself When init the pass-thru dev PIO bars, set the VMCS io bitmap. setup_io_bitmap is called before init pass-thru dev to initiailize the io bitmap, so don't need to call deny_guest_pio_access when deinit pass-thru dev. v1 -> v2: * set the VMCS io bitmap when init pass-thru devices to migrate redoing allow_guest_pio_access()/deny_guest_pio_access(). Tracked-On: #6508 Signed-off-by: Liu,Junming --- hypervisor/dm/vpci/pci_pt.c | 29 +++++++---------------------- hypervisor/dm/vpci/vpci.c | 7 +++---- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/hypervisor/dm/vpci/pci_pt.c b/hypervisor/dm/vpci/pci_pt.c index 01b9d2fb4..34225eb74 100644 --- a/hypervisor/dm/vpci/pci_pt.c +++ b/hypervisor/dm/vpci/pci_pt.c @@ -260,31 +260,12 @@ static void vdev_pt_allow_io_vbar(struct pci_vdev *vdev, uint32_t idx) /* For SOS, all port IO access is allowed by default, so skip SOS here */ if (!is_sos_vm(vm)) { struct pci_vbar *vbar = &vdev->vbars[idx]; - if (vbar->base_gpa != 0UL) { - allow_guest_pio_access(vm, (uint16_t)vbar->base_gpa, (uint32_t)(vbar->size)); + if (vbar->base_hpa != 0UL) { + allow_guest_pio_access(vm, (uint16_t)vbar->base_hpa, (uint32_t)(vbar->size)); } } } -/** - * @brief Deny IO bar access - * @pre vdev != NULL - * @pre vdev->vpci != NULL - */ -static void vdev_pt_deny_io_vbar(struct pci_vdev *vdev, uint32_t idx) -{ - struct acrn_vm *vm = vpci2vm(vdev->vpci); - - /* For SOS, all port IO access is allowed by default, so skip SOS here */ - if (!is_sos_vm(vm)) { - struct pci_vbar *vbar = &vdev->vbars[idx]; - if (vbar->base_gpa != 0UL) { - deny_guest_pio_access(vm, (uint16_t)(vbar->base_gpa), (uint32_t)(vbar->size)); - } - - } -} - /** * @pre vdev != NULL */ @@ -293,7 +274,7 @@ void vdev_pt_write_vbar(struct pci_vdev *vdev, uint32_t idx, uint32_t val) struct pci_vbar *vbar = &vdev->vbars[idx]; if (is_pci_io_bar(vbar)) { - vpci_update_one_vbar(vdev, idx, val, vdev_pt_allow_io_vbar, vdev_pt_deny_io_vbar); + vpci_update_one_vbar(vdev, idx, val, NULL, NULL); } else if (is_pci_mem_bar(vbar)) { vpci_update_one_vbar(vdev, idx, val, vdev_pt_map_mem_vbar, vdev_pt_unmap_mem_vbar); } @@ -426,6 +407,10 @@ static void init_bars(struct pci_vdev *vdev, bool is_sriov_bar) if (!is_sriov_bar) { pci_vdev_write_vbar(vdev, idx, lo); } + + if (is_pci_io_bar(vbar)) { + vdev_pt_allow_io_vbar(vdev, idx); + } } } } diff --git a/hypervisor/dm/vpci/vpci.c b/hypervisor/dm/vpci/vpci.c index 73b7fcb9e..8e7db822a 100644 --- a/hypervisor/dm/vpci/vpci.c +++ b/hypervisor/dm/vpci/vpci.c @@ -784,9 +784,6 @@ int32_t vpci_deassign_pcidev(struct acrn_vm *tgt_vm, struct acrn_pcidev *pcidev) return ret; } -/* - * @pre unmap_cb != NULL - */ void vpci_update_one_vbar(struct pci_vdev *vdev, uint32_t bar_idx, uint32_t val, map_pcibar map_cb, unmap_pcibar unmap_cb) { @@ -796,7 +793,9 @@ void vpci_update_one_vbar(struct pci_vdev *vdev, uint32_t bar_idx, uint32_t val, if (vbar->is_mem64hi) { update_idx -= 1U; } - unmap_cb(vdev, update_idx); + if (unmap_cb != NULL) { + unmap_cb(vdev, update_idx); + } pci_vdev_write_vbar(vdev, bar_idx, val); if ((map_cb != NULL) && (vdev->vbars[update_idx].base_gpa != 0UL)) { map_cb(vdev, update_idx);