diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2008-05-26 08:24:55 +0100 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2008-05-26 08:24:55 +0100 |
| commit | 7fefb0d6ae2b0949523e2933ac59d363450a9543 (patch) | |
| tree | 2864601dc866d561a5149540900e3f4dfad882f8 /xen/arch/x86/tboot.c | |
| parent | a9f43ccc9e98b225fdcc4e0278313c3f3e563380 (diff) | |
| download | xen-7fefb0d6ae2b0949523e2933ac59d363450a9543.tar.gz xen-7fefb0d6ae2b0949523e2933ac59d363450a9543.tar.bz2 xen-7fefb0d6ae2b0949523e2933ac59d363450a9543.zip | |
VT-d: remove Xen and tboot range from dom0's VT-d table
This a step forward to fix the security hole introduced by dom0's 1:1
mapping VT-d table: remove the critical code and data from it. The
more flexible solution is to update dom0's VT-d table on demand as what
will be done for other PV domains. However, there could bring a
performance issue even with software optimization. Iotlb flush of some
hardware is time-consuming.
Signed-off-by: Yang, Xiaowei <xiaowei.yang@intel.com>
Diffstat (limited to 'xen/arch/x86/tboot.c')
| -rw-r--r-- | xen/arch/x86/tboot.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index 697ca9f461..37841c41fa 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -96,6 +96,18 @@ int tboot_in_measured_env(void) return (g_tboot_shared != NULL); } +int tboot_in_range(unsigned long start, unsigned long end) +{ + if ( g_tboot_shared == NULL || g_tboot_shared->version < 0x02 ) + return 0; + + start = max_t(unsigned long, start, g_tboot_shared->tboot_base); + end = min_t(unsigned long, end, + g_tboot_shared->tboot_base + g_tboot_shared->tboot_size); + + return start < end; +} + /* * Local variables: * mode: C |