Hello, El 07/05/15 a les 17.22, Jan Beulich ha escrit: >>>> On 07.05.15 at 16:54, <roger....@citrix.com> wrote: >> This port is used by PM1a and should not be accessed directly by Dom0. > > I don't think this is unconditionally PM1a - that should be read out > of the FADT if at all. I also don't think port CF9 universally serves > as the port to do reboots. I.e. I don't think this should be done > unconditionally. > >> This >> also premits trapping 2 and 4 byte accesses to 0xcf8, which need to be >> handled by the hypervisor. > > Only 4-byte ones need to be handled in the hypervisor, and you're > not adding any code forcing 2-byte ones to be allowed through. I.e. > >> Also, since admin_io_okay is now a wrapper around ioports_access_permitted >> remove it. > > ... this should not be the final result afaict.
Thanks for the comments. IMHO the best way to deal with this is to not add anything in the 0xcf8-0xcfb to ioports_deny_access, leaving admin_io_okay as-is. Then in the PVH io bitmap blocking access to 0xcf8-0xcfb in order to trap accesses to that range. Does that sound suitable? Roger. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
