From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH v1 for-4.6 1/2] xen: fixes for PVH Dom0 MMIO regions Date: Thu, 18 Dec 2014 18:39:24 +0000 Message-ID: <54931F5C.4000403@citrix.com> References: <1418927225-60266-1-git-send-email-roger.pau@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Y1g0t-00010K-SK for xen-devel@lists.xenproject.org; Thu, 18 Dec 2014 18:41:27 +0000 In-Reply-To: <1418927225-60266-1-git-send-email-roger.pau@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Roger Pau Monne , xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org On 18/12/14 18:27, Roger Pau Monne wrote: > Hello, > > This series contains a bug-fix for PVH Dom0, that prevents Xen from adding > MMIO regions that should not be accesible to Dom0. The second patch also > prevents Dom0 from accessing the HPET, which AFAICT is used by Xen. > > I'm not sure if there's a reason why the HPET MMIO region wasn't added to > iomem_deny_access, but I don't think Dom0 should access it. The HPET region is awkward. It is only 1024 bytes wide. Dom0 may legitimately need access to other MMIO which lives in the remainder of page. Having said that, the HPET ACPI table does have a flag indicating that the HPET page has nothing else in the remainder of the page. We probably should deny dom0 access in the case that the BIOS has told us it is safe to do so. ~Andrew