>>> On 07.05.15 at 16:54, <roger....@citrix.com> wrote: > --- a/xen/arch/x86/domain_build.c > +++ b/xen/arch/x86/domain_build.c > @@ -37,6 +37,7 @@ > #include <asm/io_apic.h> > #include <asm/hap.h> > #include <asm/hpet.h> > +#include <asm/mc146818rtc.h> > > #include <public/version.h> > > @@ -1548,6 +1549,8 @@ int __init construct_dom0( > rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); > /* PCI configuration space (NB. 0xcf8 has special treatment). */ > rc |= ioports_deny_access(d, 0xcfc, 0xcff); > + /* Never permit direct access to the RTC/CMOS registers. */ > + rc |= ioports_deny_access(d, RTC_PORT(0), RTC_PORT(1)); > /* Command-line I/O ranges. */ > process_dom0_ioports_disable(d);
This indeed is a direct replacement of what we had before (and hence I'm considering the patch okay as is). I nevertheless wonder how useful it is: Frequently the RTC/CMOS can also be accessed via ports 72 and 73 (and then all 256 bytes of CMOS), and often address decoding is even more lax (e.g. aliasing the whole 70...77 range to 70/71 or 70...73). Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
