On 10/04/2018 11:45 AM, Paul Durrant wrote: > This patch removes the implicit domain_crash() from iommu_map(), > unmap_page() and iommu_iotlb_flush() and turns them into straightforward > wrappers that check the existence of the relevant iommu_op and call > through to it. This makes them usable by PV IOMMU code to be delivered in > future patches.
Hmm, apparently I gave this an R-b before, but now I'm not totally happy with it. The point of putting the domain_crash() inside those functions was because forgetting to crash the domain, particularly in the event of an unmap or a flush, was very likely to be a security issue. Would it be possible to either add a `mayfail` parameter, or a new function (iommu_map_mayfail() or something), that the PV IOMMU code could use instead? It looks like git is comfortable putting this patch at the end; all the other patches look like they probably have enough acks to go in while we discuss this one. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
