this patch series fixes the outstanding security problem with stubdoms
and pci passthrough.
The idea is to allow mmio, irq and ioport remapping not only if the
current domain IS_PRIV_FOR but also if the current domain has
permissions over those mmio areas, irqs and ioports.
This way a stubdom can only remap resources that currently "owns".
This patch series also moves the de\assign_device hypercalls from the
list of hypercalls made by qemu\stubdom to xend.
The two patches must be applied at the same time otherwise pci
passthrough won't work for HVM guests.
[PATCH 2 of 2] qemu: do not call xc_assign_device
This patch removes the call to xc_assign_device from qemu.
projects / qemu-xen-4.1-testing.git / commit