dgit.raspbian.org Git - xen.git/commit

author	Arianna Avanzini <avanzini.arianna@gmail.com>
	Mon, 8 Sep 2014 15:05:34 +0000 (17:05 +0200)
committer	Ian Campbell <ian.campbell@citrix.com>
	Tue, 9 Sep 2014 12:25:44 +0000 (13:25 +0100)
commit	0561e1f01e87b777bcc47971e4ae1f420314f4a0
tree	8cfe83590f53191dfb763826e8283e089e4f0ae9	tree \| snapshot
parent	be7a8653d9f4fa564b809c6fdf79c810a8fbfeca	commit \| diff

xen/common: do not implicitly permit access to mapped I/O memory

Currently, the XEN_DOMCTL_memory_mapping hypercall implicitly grants
to a domain access permission to the I/O memory areas mapped in its
guest address space. This conflicts with the presence of a specific
hypercall (XEN_DOMCTL_iomem_permission) used to grant such a permission
to a domain.
This commit separates the functions of the two hypercalls by having only
the latter be able to permit I/O memory access to a domain, and the
former just performing the mapping after a permissions check on both the
granting and the grantee domains.

Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com>
Acked-by: Jan Beulich <JBeulich@suse.com>
Cc: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Paolo Valente <paolo.valente@unimore.it>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Julien Grall <julien.grall@citrix.com>
Cc: Ian Campbell <Ian.Campbell@eu.citrix.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Eric Trudeau <etrudeau@broadcom.com>
Cc: Viktor Kleinik <viktor.kleinik@globallogic.com>
Cc: Andrii Tseglytskyi <andrii.tseglytskyi@globallogic.com>