When adding a passed-through PCI device to a domain after it was already
started, IOMMU page tables may need constructing on the fly. For PV
guests the decision whether a page ought to have a mapping is based on
whether the page is writable, to prevent IOMMU access to things like
page tables. Writablility of a page may, however, change at any time.
Failure of the relevant code to respect this possible race may lead
to IOMMU mappings of, in particular, page tables, allowing the guest
to alter such page tables without Xen auditing the changes.
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1685577]