@@ -22,6 +22,7 @@
#include <xen/init.h>
#include <xen/mm.h>
#include <xen/irq.h>
+#include <xen/iocap.h>
#include <xen/sched.h>
#include <xen/errno.h>
#include <xen/softirq.h>
@@ -684,6 +685,31 @@ static void __init gicv2_dt_init(void)
csize, vsize);
}
+static int gicv2_iomem_deny_access(const struct domain *d)
+{
+ int rc;
+ unsigned long gfn, nr;
+
+ gfn = dbase >> PAGE_SHIFT;
+ rc = iomem_deny_access(d, gfn, gfn + 1);
+ if ( rc )
+ return rc;
+
+ gfn = hbase >> PAGE_SHIFT;
+ rc = iomem_deny_access(d, gfn, gfn + 1);
+ if ( rc )
+ return rc;
+
+ gfn = cbase >> PAGE_SHIFT;
+ nr = DIV_ROUND_UP(csize, PAGE_SIZE);
+ rc = iomem_deny_access(d, gfn, gfn + nr);
+ if ( rc )
+ return rc;
+
+ gfn = vbase >> PAGE_SHIFT;
+ return iomem_deny_access(d, gfn, gfn + nr);
+}
+
#ifdef CONFIG_ACPI
static int gicv2_make_hwdom_madt(const struct domain *d, u32 offset)
{
@@ -910,6 +936,7 @@ const static struct gic_hw_operations gicv2_ops = {
.read_apr = gicv2_read_apr,
.make_hwdom_dt_node = gicv2_make_hwdom_dt_node,
.make_hwdom_madt = gicv2_make_hwdom_madt,
+ .iomem_deny_access = gicv2_iomem_deny_access,
};
/* Set up the GIC */
@@ -27,6 +27,7 @@
#include <xen/cpu.h>
#include <xen/mm.h>
#include <xen/irq.h>
+#include <xen/iocap.h>
#include <xen/sched.h>
#include <xen/errno.h>
#include <xen/delay.h>
@@ -1235,6 +1236,45 @@ static void __init gicv3_dt_init(void)
&vbase, &vsize);
}
+static int gicv3_iomem_deny_access(const struct domain *d)
+{
+ int rc, i;
+ unsigned long gfn, nr;
+
+ gfn = dbase >> PAGE_SHIFT;
+ nr = DIV_ROUND_UP(SZ_64K, PAGE_SIZE);
+ rc = iomem_deny_access(d, gfn, gfn + nr);
+ if ( rc )
+ return rc;
+
+ for ( i = 0; i < gicv3.rdist_count; i++ )
+ {
+ gfn = gicv3.rdist_regions[i].base >> PAGE_SHIFT;
+ nr = DIV_ROUND_UP(gicv3.rdist_regions[i].size, PAGE_SIZE);
+ rc = iomem_deny_access(d, gfn, gfn + nr);
+ if ( rc )
+ return rc;
+ }
+
+ if ( cbase != INVALID_PADDR )
+ {
+ gfn = cbase >> PAGE_SHIFT;
+ nr = DIV_ROUND_UP(csize, PAGE_SIZE);
+ rc = iomem_deny_access(d, gfn, gfn + nr);
+ if ( rc )
+ return rc;
+ }
+
+ if ( vbase != INVALID_PADDR )
+ {
+ gfn = vbase >> PAGE_SHIFT;
+ nr = DIV_ROUND_UP(csize, PAGE_SIZE);
+ return iomem_deny_access(d, gfn, gfn + nr);
+ }
+
+ return 0;
+}
+
#ifdef CONFIG_ACPI
static int gicv3_make_hwdom_madt(const struct domain *d, u32 offset)
{
@@ -1530,6 +1570,7 @@ static const struct gic_hw_operations gicv3_ops = {
.secondary_init = gicv3_secondary_cpu_init,
.make_hwdom_dt_node = gicv3_make_hwdom_dt_node,
.make_hwdom_madt = gicv3_make_hwdom_madt,
+ .iomem_deny_access = gicv3_iomem_deny_access,
};
static int __init gicv3_dt_preinit(struct dt_device_node *node, const void *data)
@@ -744,6 +744,11 @@ int gic_make_hwdom_madt(const struct domain *d, u32 offset)
return gic_hw_ops->make_hwdom_madt(d, offset);
}
+int gic_iomem_deny_access(const struct domain *d)
+{
+ return gic_hw_ops->iomem_deny_access(d);
+}
+
/*
* Local variables:
* mode: C
@@ -360,6 +360,8 @@ struct gic_hw_operations {
const struct dt_device_node *gic, void *fdt);
/* Create MADT table for the hardware domain */
int (*make_hwdom_madt)(const struct domain *d, u32 offset);
+ /* Deny access to GIC regions */
+ int (*iomem_deny_access)(const struct domain *d);
};
void register_gic_ops(const struct gic_hw_operations *ops);
@@ -367,6 +369,7 @@ int gic_make_hwdom_dt_node(const struct domain *d,
const struct dt_device_node *gic,
void *fdt);
int gic_make_hwdom_madt(const struct domain *d, u32 offset);
+int gic_iomem_deny_access(const struct domain *d);
#endif /* __ASSEMBLY__ */
#endif
Add a new member in gic_hw_operations which is used to deny Dom0 access to GIC regions. Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> --- v7: move them out of CONFIG_ACPI --- xen/arch/arm/gic-v2.c | 27 +++++++++++++++++++++++++++ xen/arch/arm/gic-v3.c | 41 +++++++++++++++++++++++++++++++++++++++++ xen/arch/arm/gic.c | 5 +++++ xen/include/asm-arm/gic.h | 3 +++ 4 files changed, 76 insertions(+)