From 9f8198d9469118a54ca1f9c476637430093837ad Mon Sep 17 00:00:00 2001
From: Alexander Boettcher <alexander.boettcher@genode-labs.com>
Date: Thu, 10 Jan 2019 13:58:11 +0100
Subject: [PATCH] hw: deny to attach managed dataspaces to VMs

Issue #3111
---
 .../core/spec/arm_v7/virtualization/vm_session_component.cc   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/repos/base-hw/src/core/spec/arm_v7/virtualization/vm_session_component.cc b/repos/base-hw/src/core/spec/arm_v7/virtualization/vm_session_component.cc
index ef781b4a6a..48d8497602 100644
--- a/repos/base-hw/src/core/spec/arm_v7/virtualization/vm_session_component.cc
+++ b/repos/base-hw/src/core/spec/arm_v7/virtualization/vm_session_component.cc
@@ -59,6 +59,10 @@ void Vm_session_component::attach(Dataspace_capability ds_cap, addr_t vm_addr)
 	_ds_ep->apply(ds_cap, [&] (Dataspace_component *dsc) {
 		if (!dsc) throw Invalid_dataspace();
 
+		/* unsupported - deny otherwise arbitrary physical memory can be mapped to a VM */
+		if (dsc->managed())
+			throw Invalid_dataspace();
+
 		_attach(dsc->phys_addr(), vm_addr, dsc->size());
 	});
 }