[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 0 of 2] fix security issue with stubdoms and pci passthrough

Hi all,
this patch series fixes the outstanding security problem with stubdoms
and pci passthrough.
The idea is to allow mmio, irq and ioport remapping not only if the
current domain IS_PRIV_FOR but also if the current domain has
permissions over those mmio areas, irqs and ioports.
This way a stubdom can only remap resources that currently "owns".
This patch series also moves the de\assign_device hypercalls from the
list of hypercalls made by qemu\stubdom to xend.

The two patches must be applied at the same time otherwise pci
passthrough won't work for HVM guests.



Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.