diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-04-23 11:56:05 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2013-04-23 11:56:05 +0200 |
| commit | 3f28d0077788e7f8cd3ee25b023a4225d7e26e87 (patch) | |
| tree | 56758394d52f0aed5f71ad2763a54d76c07d8810 /xen/xsm/flask/policy/access_vectors | |
| parent | 4bc22a50ebc1fb1695d59f69105797e208021edb (diff) | |
| download | xen-3f28d0077788e7f8cd3ee25b023a4225d7e26e87.tar.gz xen-3f28d0077788e7f8cd3ee25b023a4225d7e26e87.tar.bz2 xen-3f28d0077788e7f8cd3ee25b023a4225d7e26e87.zip | |
x86: remove IS_PRIV_FOR references
The check in guest_physmap_mark_populate_on_demand is redundant, since
its only caller is populate_physmap whose only caller checks the
xsm_memory_adjust_reservation hook prior to calling.
Add a new XSM hook for the other two checks since they allow privileged
domains to arbitrarily map a guest's memory.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (release perspective)
Diffstat (limited to 'xen/xsm/flask/policy/access_vectors')
| -rw-r--r-- | xen/xsm/flask/policy/access_vectors | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 36b8b2c271..c8ae8060cd 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -330,6 +330,9 @@ class mmu # source = domain making the hypercall # target = domain whose pages are being exchanged exchange +# Allow a privileged domain to install a map of a page it does not own. Used +# for stub domain device models with the PV framebuffer. + target_hack } # control of the paging_domctl split by subop |