On 06.05.2022 09:24, Penny Zheng wrote: > --- a/xen/common/domain.c > +++ b/xen/common/domain.c > @@ -777,8 +777,22 @@ void __init setup_system_domains(void) > > /* > * Initialise our DOMID_IO domain. > - * This domain owns I/O pages that are within the range of the page_info > - * array. Mappings occur at the priv of the caller.
This information is effectively lost; I cannot spot a suitable replacement in the new text. > + * DOMID_IO is used for mapping memory and MMIO regions when no explicit > + * Domain need to be specified. > + * > + * For instance, DOMID_IO is the owner of memory pre-shared among > + * multiple domains at boot time, when no explicit owner is specified. > + * > + * Also, DOMID_IO is used to restrict page-table updates to mapping I/O > + * memory. Although no Foreign Domain need to be specified to map I/O > + * pages, DOMID_IO is useful to ensure that no mappings to the OS's own > + * heap are accidentally installed. (e.g., in Linux this could cause > + * havoc as reference counts aren't adjusted on the I/O-mapping code > + * path). This only makes sense as HYPERVISOR_mmu_update()'s and > + * HYPERVISOR_update_va_mapping_otherdomain()'s "foreigndom" argument. > + * For HYPERVISOR_mmu_update() context it can be specified by any > + * calling domain, otherwise it's only permitted if the caller is > + * privileged. Much of this looks to have been copied from the public header. I don't see why you did this; if anything a reference there would suffice. > * Quarantined PCI devices will be associated with this domain. > */ I would also like to ask that you add the new purpose of this domain _below_ all pre-existing ones, such that this also somewhat expressed how things have evolved. Jan
