>>> On 01.12.14 at 10:24, <tiejun.c...@intel.com> wrote: > We always reserve these ranges since we never allow any stuff to > poke them. > > But in theory some untrusted VM can maliciously access them. So we > need to intercept this approach. But we just don't want to leak > anything or introduce any side affect since other OSs may touch them > by careless behavior, so its enough to have a lightweight way, and > it shouldn't be same as those broken pages which cause domain crush.
This needs a better explanation: If the devices associated with the reserved region being touched are assigned to the guest, it is permitted to touch them. If it touches regions of devices not yet or not anymore assigned to it, the behavior should match real hardware: Writes ignored and reads return all ones. I.e. such accesses should get handed to the DM in that latter case. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
