diff options
author | Paul Durrant <paul.durrant@citrix.com> | 2017-03-22 09:39:15 +0000 |
---|---|---|
committer | Stefano Stabellini <sstabellini@kernel.org> | 2017-04-21 12:40:14 -0700 |
commit | 1c599472b02783ee80691bfdaa465af9fbf25c8a (patch) | |
tree | 10afa631ab372f500ae8af5793684ae6f17b0512 /include | |
parent | f1167ee684279bffabe7bb3ab23eff87577fe427 (diff) |
xen: use libxendevice model to restrict operations
This patch adds a command-line option (-xen-domid-restrict) which will
use the new libxendevicemodel API to restrict devicemodel [1] operations
to the specified domid. (Such operations are not applicable to the xenpv
machine type).
This patch also adds a tracepoint to allow successful enabling of the
restriction to be monitored.
[1] I.e. operations issued by libxendevicemodel. Operation issued by other
xen libraries (e.g. libxenforeignmemory) are currently still unrestricted
but this will be rectified by subsequent patches.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/hw/xen/xen.h | 1 | ||||
-rw-r--r-- | include/hw/xen/xen_common.h | 20 |
2 files changed, 21 insertions, 0 deletions
diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h index 2b1733b747..7efcdaa8fe 100644 --- a/include/hw/xen/xen.h +++ b/include/hw/xen/xen.h @@ -21,6 +21,7 @@ enum xen_mode { extern uint32_t xen_domid; extern enum xen_mode xen_mode; +extern bool xen_domid_restrict; extern bool xen_allowed; diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h index fa990a07c0..0fcbba8c54 100644 --- a/include/hw/xen/xen_common.h +++ b/include/hw/xen/xen_common.h @@ -151,6 +151,13 @@ static inline int xendevicemodel_set_mem_type( return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr); } +static inline int xendevicemodel_restrict( + xendevicemodel_handle *dmod, domid_t domid) +{ + errno = ENOTTY; + return -1; +} + #else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */ #undef XC_WANT_COMPAT_DEVICEMODEL_API @@ -206,6 +213,19 @@ static inline int xen_modified_memory(domid_t domid, uint64_t first_pfn, return xendevicemodel_modified_memory(xen_dmod, domid, first_pfn, nr); } +static inline int xen_restrict(domid_t domid) +{ + int rc = xendevicemodel_restrict(xen_dmod, domid); + + trace_xen_domid_restrict(errno); + + if (errno == ENOTTY) { + return 0; + } + + return rc; +} + /* Xen 4.2 through 4.6 */ #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40701 |