Hi all,
On 12.07.19 17:59, Ralf Ramsauer wrote:
Hi,
On 6/21/19 12:06 AM, Andrej Utz wrote:
This replaces the old static port list with actual port regions from
'/proc/ioports'. The static regions from said list are kept and override
the data in case of region overlap to retain compability.
The generated port list is virtually identicall to the old one but eases
manual configuration.
just found a bug in this series. This series creates regions such as:
<snip>
[ 0x80/8 ... 0x87/8] = -1, /* 0080-0087 : dma page reg */
[ 0x88/8 ... 0x8f/8] = -1, /* 0088-008f : dma page reg */
[ 0xa0/8 ... 0xa7/8] = -1, /* 00a0-00a1 : pic2 */
<snip>
Now we have a hole between [0x90/8 ... 0x1f/8]. A hole means that this
area will be initialised with zero -> access is permitted.
Ack, this is not intended.
Root of this bug: In addition known port regions, we must also respect
unknown port regions and deny access.
@Jan: This brings me to an idea. The TODO says that whitelist-based MSR
bitmaps are a v1.0 target. I think the PIO bitmap would also benefit if
it would be whitelist based. Do you agree?
E.g.:
.pio_bitmap = {
[ 0x3f8/8 ... 0x3ff/8 ] = -1,
},
would denote that only access to 3f8-3ff is allowed. All other ports are
denied. Much easier to write and understand.
Ralf
Unless there is some bit trickery optimization, I would also prefer "0 =
disallowed".
Also including Hennings concerns:
>The main issue really is that a lot of device drivers do not register
>themselfs as port-users, so we can not detect them.
>But those exotic ports are probably blocked in the default config so
>there is no new problem.
I will reconsider my approach how to generate ioports list. Parsing PCI
config space seems like a better source instead of /proc/ioports.
Depending how secretive PCI devices are with their I/O specs,
refactoring MemRegion generation may also be necessary to use the same
logic. Need to investigate further.
But for now thanks for reviewing. Consider this patch queue retracted.
Andrej Utz
<snip>
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jailhouse-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/011d894f-8cc0-1603-0c72-df3aedff943c%40st.oth-regensburg.de.
For more options, visit https://groups.google.com/d/optout.
