WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] Disallow domain 0 access to certain I/O port ranges

from [Xen patchbot -unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] Disallow domain 0 access to certain I/O port ranges
From: Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Aug 2005 12:58:23 +0000
Delivery-date: Wed, 31 Aug 2005 12:56:50 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID a51e78a2a01a7012b64de7f5c1a1bc2610b3fd5b
# Parent  d6752f193ffa85b9eaa449ff854a6aac986cf821
Disallow domain 0 access to certain I/O port ranges
(Master/Slave PICs, PIT, Speaker Control). Modifying
these can seriously harm Xen's health.

Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>

diff -r d6752f193ffa -r a51e78a2a01a xen/arch/x86/domain_build.c
--- a/xen/arch/x86/domain_build.c       Wed Aug 31 10:39:53 2005
+++ b/xen/arch/x86/domain_build.c       Wed Aug 31 12:56:42 2005
@@ -20,6 +20,7 @@
 #include <asm/processor.h>
 #include <asm/desc.h>
 #include <asm/i387.h>
+#include <asm/physdev.h>
 #include <asm/shadow.h>
 
 static long dom0_nrpages;
@@ -707,6 +708,18 @@
         printk("dom0: shadow setup done\n");
     }
 
+    /*
+     * Modify I/O port access permissions.
+     */
+    /* Master Interrupt Controller (PIC). */
+    physdev_modify_ioport_access_range(dom0, 0, 0x20, 2);
+    /* Slave Interrupt Controller (PIC). */
+    physdev_modify_ioport_access_range(dom0, 0, 0xA0, 2);
+    /* Interval Timer (PIT). */
+    physdev_modify_ioport_access_range(dom0, 0, 0x40, 4);
+    /* PIT Channel 2 / PC Speaker Control. */
+    physdev_modify_ioport_access_range(dom0, 0, 0x61, 1);
+
     return 0;
 }
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] Disallow domain 0 access to certain I/O port ranges, Xen patchbot -unstable <=
Previous by Date:  [Xen-changelog] extends xm info with xen version and various others information., Xen patchbot -unstable
Next by Date:  [Xen-changelog] Fix DEBUG_PREEMPT builds. irq_disabled() macro must not use, Xen patchbot -unstable
Previous by Thread:  [Xen-changelog] extends xm info with xen version and various others information., Xen patchbot -unstable
Next by Thread:  [Xen-changelog] Fix DEBUG_PREEMPT builds. irq_disabled() macro must not use, Xen patchbot -unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy