Disallow domain 0 access to certain I/O port ranges

(Master/Slave PICs, PIT, Speaker Control). Modifying
these can seriously harm Xen's health.

Signed-off-by: Keir Fraser <keir@xensource.com>

diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c
index 8b64b0ee45eb5a4487031f57559a6efaeb2fbf0d..474ad1b18b1b7a5135f5dc7d6f3a50dcee8dde3a 100644 (file)
--- a/xen/arch/x86/domain_build.c
+++ b/xen/arch/x86/domain_build.c
@@ -20,6 +20,7 @@
 #include <asm/processor.h>
 #include <asm/desc.h>
 #include <asm/i387.h>
+#include <asm/physdev.h>
 #include <asm/shadow.h>
 
 static long dom0_nrpages;
@@ -707,6 +708,18 @@ int construct_dom0(struct domain *d,
         printk("dom0: shadow setup done\n");
     }
 
+    /*
+     * Modify I/O port access permissions.
+     */
+    /* Master Interrupt Controller (PIC). */
+    physdev_modify_ioport_access_range(dom0, 0, 0x20, 2);
+    /* Slave Interrupt Controller (PIC). */
+    physdev_modify_ioport_access_range(dom0, 0, 0xA0, 2);
+    /* Interval Timer (PIT). */
+    physdev_modify_ioport_access_range(dom0, 0, 0x40, 4);
+    /* PIT Channel 2 / PC Speaker Control. */
+    physdev_modify_ioport_access_range(dom0, 0, 0x61, 1);
+
     return 0;
 }