Hi Jan, 2017-10-23 15:26 GMT+08:00 Jan Beulich <jbeul...@suse.com>: >>>> On 22.10.17 at 13:21, <blacksk...@gmail.com> wrote: >> How about changing the policy to (c over d) && ((d over t) || (c over t))? >> Given that (c over d) is a must, which is always checked somewhere higher >> in the call stack as Daniel pointed out, permitting (d over t) or (c >> over t) actually infers >> permitting the other. >> >> - if you permit (d over t) but not (c over t): >> Given (c over t), >> (c) can first map the src page from (t) into its own memory space and then >> map >> this page from its own memory space to (d)'s memory space. > > Would that work? The page, when in (c)'s space, is still owned by (t), > so I don't see how mapping into (d)'s space could become possible > just because it's mapped into (c)'s.
Yes, indeed. This won't work. Sorry for giving a wrong example here. I think I now agree to add a new subop, too. Cheers, Zhongze Liu _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
