From d9527b2a51a4f7ba130dae632e20e177f347a6a3 Mon Sep 17 00:00:00 2001
From: Roger Pau Monne <roger.pau@citrix.com>
Date: Thu, 11 Jan 2018 11:41:18 +0000
Subject: [PATCH] xen/pvshim: skip Dom0-only domain builder parts
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Do not allow access to any iomem or ioport by the shim, and also
remove the check for Dom0 kernel support.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
 xen/arch/x86/dom0_build.c    | 4 ++++
 xen/arch/x86/pv/dom0_build.c | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c
index 75b2bb3bee..907acad060 100644
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -13,6 +13,7 @@
 #include <xen/softirq.h>
 
 #include <asm/dom0_build.h>
+#include <asm/guest.h>
 #include <asm/hpet.h>
 #include <asm/io_apic.h>
 #include <asm/p2m.h>
@@ -385,6 +386,9 @@ int __init dom0_setup_permissions(struct domain *d)
     unsigned int i;
     int rc;
 
+    if ( pv_shim )
+        return 0;
+
     /* The hardware domain is initially permitted full I/O capabilities. */
     rc = ioports_permit_access(d, 0, 0xFFFF);
     rc |= iomem_permit_access(d, 0UL, (1UL << (paddr_bits - PAGE_SHIFT)) - 1);
diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c
index 50a423e35d..6118970d44 100644
--- a/xen/arch/x86/pv/dom0_build.c
+++ b/xen/arch/x86/pv/dom0_build.c
@@ -17,6 +17,7 @@
 
 #include <asm/bzimage.h>
 #include <asm/dom0_build.h>
+#include <asm/guest.h>
 #include <asm/page.h>
 #include <asm/pv/mm.h>
 #include <asm/setup.h>
@@ -372,7 +373,7 @@ int __init dom0_construct_pv(struct domain *d,
 
     if ( parms.elf_notes[XEN_ELFNOTE_SUPPORTED_FEATURES].type != XEN_ENT_NONE )
     {
-        if ( !test_bit(XENFEAT_dom0, parms.f_supported) )
+        if ( !pv_shim && !test_bit(XENFEAT_dom0, parms.f_supported) )
         {
             printk("Kernel does not support Dom0 operation\n");
             rc = -EINVAL;
-- 
2.30.2