Discussion:
[PATCH] gnumach - Restrict pci io cfg ports to one process
Damien Zammit
2018-11-10 08:17:32 UTC
Permalink
Hi all,

This patch for gnumach restricts the number of processes that can
simultaneously access pci io cfg range of ports down to 1 as per
discussion:

https://lists.x.org/archives/xorg-devel/2018-November/057691.html

Please review attached, thanks,

Damien
Samuel Thibault
2018-11-10 09:50:20 UTC
Permalink
Again, thanks :)
@@ -185,6 +191,13 @@ i386_io_perm_create (const ipc_port_t master_port, io_port_t from, io_port_t to,
if (from > to)
return KERN_INVALID_ARGUMENT;
+ if (from <= PCI_CFG1_ADDRESS_REG && to >= PCI_CFG1_DATA_REG)
+ in_pcicfg_range = TRUE;
Mmm, it seems not enough to me.

The data register port is 0xCFC + (reg & 3); so it could be as much as
0xCFF.

The x86 conf2 method also uses 0xC000 | dev << 8 | reg; so we need to
also protect 0xc000 - 0xcfff.

Samuel
Damien Zammit
2018-11-11 01:43:07 UTC
Permalink
Post by Samuel Thibault
The data register port is 0xCFC + (reg & 3); so it could be as much as
0xCFF.
The x86 conf2 method also uses 0xC000 | dev << 8 | reg; so we need to
also protect 0xc000 - 0xcfff.
See attached patch with corrections.

Thanks, Damien
Samuel Thibault
2018-11-11 01:51:27 UTC
Permalink
+#define IS_IN_PROTECTED_RANGE(from, to) \
+ ( ( ( from <= PCI_CFG1_START ) && ( to >= PCI_CFG1_END ) ) || \
That should be from <= END && to >= BEGIN, shouldn't it?

Samuel
Damien Zammit
2018-11-11 02:24:00 UTC
Permalink
Post by Samuel Thibault
+#define IS_IN_PROTECTED_RANGE(from, to) \
+ ( ( ( from <= PCI_CFG1_START ) && ( to >= PCI_CFG1_END ) ) || \
That should be from <= END && to >= BEGIN, shouldn't it?
Well, in my mind I was only thinking about whole overlaps.
Your idea handles partial overlap too, so yes!

See attached, thanks.

Damien
Samuel Thibault
2018-12-05 21:40:51 UTC
Permalink
Post by Damien Zammit
Post by Samuel Thibault
+#define IS_IN_PROTECTED_RANGE(from, to) \
+ ( ( ( from <= PCI_CFG1_START ) && ( to >= PCI_CFG1_END ) ) || \
That should be from <= END && to >= BEGIN, shouldn't it?
Well, in my mind I was only thinking about whole overlaps.
Your idea handles partial overlap too, so yes!
See attached, thanks.
Applied, thanks!

Samuel

Loading...