Stefano Stabellini
2009-Oct-21 14:32 UTC
[Xen-devel] [PATCH 0 of 2] fix security issue with stubdoms and pci passthrough
Hi all, this patch series fixes the outstanding security problem with stubdoms and pci passthrough. The idea is to allow mmio, irq and ioport remapping not only if the current domain IS_PRIV_FOR but also if the current domain has permissions over those mmio areas, irqs and ioports. This way a stubdom can only remap resources that currently "owns". This patch series also moves the de\assign_device hypercalls from the list of hypercalls made by qemu\stubdom to xend. The two patches must be applied at the same time otherwise pci passthrough won''t work for HVM guests. Cheers, Stefano _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel