github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-09-23 17:58:30 +00:00
Code Issues Projects Releases Wiki Activity

hv: deny access to HV owned legacy PIO UART from SOS

Browse Source 
We need to deny accesses from SOS to the HV owned UART device, otherwise
SOS could have direct access to this physical device and mess up the HV
console.

If ACRN debug UART is configured as PIO based, For example,
CONFIG_SERIAL_PIO_BASE is generated from acrn-config tool, or the UART
config is overwritten by hypervisor parameter "uart=port@<port address>",
it could run into problem if ACRN doesn't emulate this UART PIO port
to SOS. For example:

- none of the ACRN emulated vUART devices has same PIO port with the
  port of the debug UART device.
- ACRN emulates PCI vUART for SOS (configure "console_vuart" with
  PCI_VUART in the scenario configuration)

This patch fixes the above issue by masking PIO accesses from SOS.
deny_hv_owned_devices() is moved after setup_io_bitmap() where
vm->arch_vm.io_bitmap is initialized.

Commit 50d852561 ("HV: deny HV owned PCI bar access from SOS") handles
the case that ACRN debug UART is configured as a PCI device. e.g.,
hypervisor parameter "uart=bdf@<BDF value>" is appended.

If the hypervisor debug UART is MMIO based, need to configured it as
a PCI type device, so that it can be hidden from SOS.

Tracked-On: #5923
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Zide Chen
2021-05-28 09:26:55 -07:00
committed by wenlingz
parent 067cf8aa2c
commit b6b5373818
5 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
hypervisor/arch/x86/guest/vm.c
View File

@@ -38,6 +38,7 @@
#include <vgpio.h>
#include <asm/rtcm.h>
#include <asm/irq.h>
#include <uart16550.h>
/* Local variables */
@@ -354,13 +355,18 @@ static void deny_pdevs(struct acrn_vm *sos, struct acrn_vm_pci_dev_config *pci_d
static void deny_hv_owned_devices(struct acrn_vm *sos)
{
uint32_t i;
uint16_t pio_address;
uint32_t nbytes, i;
const struct pci_pdev **hv_owned = get_hv_owned_pdevs();
for (i = 0U; i < get_hv_owned_pdev_num(); i++) {
deny_pci_bar_access(sos, hv_owned[i]);
}
if (get_pio_dbg_uart_cfg(&pio_address, &nbytes)) {
deny_guest_pio_access(sos, pio_address, nbytes);
}
}
/**
@@ -435,8 +441,6 @@ static void prepare_sos_vm_memmap(struct acrn_vm *vm)
}
}
deny_hv_owned_devices(vm);
/* unmap AP trampoline code for security
* This buffer is guaranteed to be page aligned.
*/
@@ -579,6 +583,10 @@ int32_t create_vm(uint16_t vm_id, uint64_t pcpu_bitmap, struct acrn_vm_config *v
vrtc_init(vm);
}
if (is_sos_vm(vm)) {
deny_hv_owned_devices(vm);
}
init_vpci(vm);
enable_iommu();