On 03.03.2022 17:45, Alex Olson wrote:
> --- a/xen/arch/x86/hvm/hypercall.c
> +++ b/xen/arch/x86/hvm/hypercall.c
> @@ -84,6 +84,17 @@ static long hvm_physdev_op(int cmd,
> XEN_GUEST_HANDLE_PARAM(void) arg)
>
> switch ( cmd )
> {
> +
> + case PHYSDEVOP_manage_pci_add:
> + case PHYSDEVOP_manage_pci_remove:
> + case PHYSDEVOP_pci_device_add:
> + case PHYSDEVOP_pci_device_remove:
> + case PHYSDEVOP_manage_pci_add_ext:
> + case PHYSDEVOP_prepare_msix:
> + case PHYSDEVOP_release_msix:
> + if ( is_control_domain(currd) )
> + break;
These are all operations which I think are purposefully permitted to
be invoked by the hardware domain only. That's where all the devices
live when they're not passed through to guests.
Jan
