|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] x86/hvm: simplify hvm_physdev_op allowance control
On 04/05/2020 17:31, Roger Pau Monne wrote: > PVHv1 dom0 was given access to all PHYSDEVOP hypercalls, and such > restriction was not removed when PVHv1 code was removed. As a result > the switch in hvm_physdev_op was more complicated than required, and > relied on PVHv2 dom0 not having PIRQ support in order to prevent > access to some PV specific PHYSDEVOPs. > > Fix this by moving the default case to the bottom of the switch, since > there's no need for any fall through now. Also remove the hardware > domain check, as all the not explicitly listed PHYSDEVOPs are > forbidden for HVM domains. > > Finally tighten the condition to allow usage of > PHYSDEVOP_pci_mmcfg_reserved: apart from having vPCI enabled it should > only be used by the hardware domain. Note that the code in > do_physdev_op is already restricting the call to privileged domains > only, but it can be further restricted to the hardware domain only, as > other privileged domains don't have access to MMCFG regions anyway. > > Overall no functional change should arise from this change. > > Reported-by: Julien Grall <jgrall@xxxxxxxxxx> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |