El 02/04/15 a les 12.42, Ian Campbell ha escrit: > On Thu, 2015-04-02 at 12:26 +0200, Roger Pau Monne wrote: >> This is needed for performing save/restore of PV guests. > > It's quite a big interface though, isn't it?
AFAICT it contains MMU_NORMAL_PT_UPDATE, MMU_PT_UPDATE_PRESERVE_AD and MMU_MACHPHYS_UPDATE. > Could we restrict it to a subset of the operations perhaps? Or at least > justify here how it has been audited and found to be safe to allow an > HVM guest this access. XSA-109 should have fixed all issues with this operations. IIRC only MMU_MACHPHYS_UPDATE is needed for save/restore of PV guests, but I will have to check. If that's the case, I could restrict PVH domains to only have access to that operation. Roger. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
