From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@suse.com>
Subject: [PATCH] public: there's no MMUEXT_SET_FOREIGNDOM
Date: Thu, 08 Jun 2017 09:19:03 -0600
Message-ID: <593987070200007800160EE5@prv-mh.provo.novell.com>
References: <593987070200007800160EE5@prv-mh.provo.novell.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=__Part95ADF8F7.4__="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <JBeulich@suse.com>) id 1dIzDI-0003Ir-14
 for xen-devel@lists.xenproject.org; Thu, 08 Jun 2017 15:19:08 +0000
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: xen-devel <xen-devel@lists.xenproject.org>
Cc: Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wei.liu2@citrix.com>, George Dunlap <George.Dunlap@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>, Julien Grall <julien.grall@arm.com>
List-Id: xen-devel@lists.xenproject.org

This is a MIME message. If you are reading this text, you may want to 
consider changing to a mail reader or gateway that understands how to 
properly handle MIME multipart messages.

--=__Part95ADF8F7.4__=
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Correct respective comments.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
MMUEXT_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO
owned pages at present. I've intentionally not added this to the text,
as I'm not sure we really mean to allow this. If we do, I think the
operation should also be allowed for MMIO pages not happening to have
an associated struct page_info.

--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
  * is useful to ensure that no mappings to the OS's own heap are =
accidentally
  * installed. (e.g., in Linux this could cause havoc as reference counts
  * aren't adjusted on the I/O-mapping code path).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context =
can
- * be specified by any calling domain.
+ * This only makes sense as HYPERVISOR_mmu_update()'s and
+ * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. =
For
+ * HYPERVISOR_mmu_update() context it can be specified by any calling =
domain,
+ * otherwise it's only permitted if the caller is privileged.
  */
 #define DOMID_IO             xen_mk_uint(0x7FF1)
=20
 /*
  * DOMID_XEN is used to allow privileged domains to map restricted parts =
of
  * Xen's heap space (e.g., the machine_to_phys table).
- * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted =
if
- * the caller is privileged.
+ * This only makes sense as HYPERVISOR_mmu_update()'s, HYPERVISOR_mmuext_o=
p()'s,
+ * or HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument, =
and is
+ * only permitted if the caller is privileged.
  */
 #define DOMID_XEN            xen_mk_uint(0x7FF2)
=20




--=__Part95ADF8F7.4__=
Content-Type: text/plain; name="public-no-MMUEXT_SET_FOREIGN.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="public-no-MMUEXT_SET_FOREIGN.patch"

public: there's no MMUEXT_SET_FOREIGNDOM=0A=0ACorrect respective =
comments.=0A=0ASigned-off-by: Jan Beulich <jbeulich@suse.com>=0A---=0AMMUEX=
T_{CLEAR,COPY}_PAGE in fact also allow to be invoked on DOMID_IO=0Aowned =
pages at present. I've intentionally not added this to the text,=0Aas I'm =
not sure we really mean to allow this. If we do, I think the=0Aoperation =
should also be allowed for MMIO pages not happening to have=0Aan associated=
 struct page_info.=0A=0A--- a/xen/include/public/xen.h=0A+++ b/xen/include/=
public/xen.h=0A@@ -550,16 +550,19 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);=
=0A  * is useful to ensure that no mappings to the OS's own heap are =
accidentally=0A  * installed. (e.g., in Linux this could cause havoc as =
reference counts=0A  * aren't adjusted on the I/O-mapping code path).=0A- =
* This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context =
can=0A- * be specified by any calling domain.=0A+ * This only makes sense =
as HYPERVISOR_mmu_update()'s and=0A+ * HYPERVISOR_update_va_mapping_otherdo=
main()'s "foreigndom" argument. For=0A+ * HYPERVISOR_mmu_update() context =
it can be specified by any calling domain,=0A+ * otherwise it's only =
permitted if the caller is privileged.=0A  */=0A #define DOMID_IO          =
   xen_mk_uint(0x7FF1)=0A =0A /*=0A  * DOMID_XEN is used to allow =
privileged domains to map restricted parts of=0A  * Xen's heap space =
(e.g., the machine_to_phys table).=0A- * This only makes sense in =
MMUEXT_SET_FOREIGNDOM, and is only permitted if=0A- * the caller is =
privileged.=0A+ * This only makes sense as HYPERVISOR_mmu_update()'s, =
HYPERVISOR_mmuext_op()'s,=0A+ * or HYPERVISOR_update_va_mapping_otherdomain=
()'s "foreigndom" argument, and is=0A+ * only permitted if the caller is =
privileged.=0A  */=0A #define DOMID_XEN            xen_mk_uint(0x7FF2)=0A =
=0A
--=__Part95ADF8F7.4__=
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs
IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v
cmcveGVuLWRldmVsCg==

--=__Part95ADF8F7.4__=--