xenbits.xensource.com Git - people/liuw/xen.git/commit

author	Paul Durrant <paul.durrant@citrix.com>
	Wed, 9 Aug 2017 16:39:01 +0000 (17:39 +0100)
committer	Wei Liu <wei.liu2@citrix.com>
	Tue, 3 Apr 2018 16:05:07 +0000 (17:05 +0100)
commit	6e387461ed6d8952de43a2cc76a4e5e75043f3e7
tree	bfda5e17e71c4c226728520473c948331114c765	tree
parent	3f8f12281dd20da62366f555cf13be0e87d68a91	commit \| diff

x86/hvm/ioreq: add a new mappable resource type...

... XENMEM_resource_ioreq_server

This patch adds support for a new resource type that can be mapped using
the XENMEM_acquire_resource memory op.

If an emulator makes use of this resource type then, instead of mapping
gfns, the IOREQ server will allocate pages which are assigned to the
emulating domain. These pages will never be present in the P2M of the
guest at any point (and are not even shared with the guest) and so are not
vulnerable to any direct attack by the guest.

NOTE: Use of the new resource type is not compatible with use of
XEN_DMOP_get_ioreq_server_info unless the XEN_DMOP_no_gfns flag is
set.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Julien Grall <julien.grall@arm.com>

xen/arch/x86/hvm/ioreq.c		diff \| blob \| blame \| history
xen/arch/x86/mm.c		diff \| blob \| blame \| history
xen/common/memory.c		diff \| blob \| blame \| history
xen/include/asm-arm/mm.h		diff \| blob \| blame \| history
xen/include/asm-x86/hvm/ioreq.h		diff \| blob \| blame \| history
xen/include/asm-x86/mm.h		diff \| blob \| blame \| history
xen/include/public/hvm/dm_op.h		diff \| blob \| blame \| history
xen/include/public/memory.h		diff \| blob \| blame \| history