Commit
8ef5f344d061 "tools/libxendevicemodel: add a call to restrict the
handle" added a function to the devicemodel interface to restrict
operations through the API to a specific domain, where a capable under-
lying privcmd driver exists.
This patch adds similar functionality to the xenforeignmemory API. This
will be necessary (as much as xendevicemodel restriction) for limiting
the scope of device models to specific domains.
NOTE: My patch to the linux kernel [1] added the appropriate checks to
the foreign memory ioctls.
[1] https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=
4610d240
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
return osdep_xenforeignmemory_unmap(fmem, addr, num);
}
+int xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid)
+{
+ return osdep_xenforeignmemory_restrict(fmem, domid);
+}
+
/*
* Local variables:
* mode: C
return munmap(addr, num << PAGE_SHIFT);
}
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid)
+{
+ errno = -EOPNOTSUPP;
+ return -1;
+}
+
/*
* Local variables:
* mode: C
int xenforeignmemory_unmap(xenforeignmemory_handle *fmem,
void *addr, size_t pages);
+/**
+ * This function restricts the use of this handle to the specified
+ * domain.
+ *
+ * @parm fmem handle to the open foreignmemory interface
+ * @parm domid the domain id
+ * @return 0 on success, -1 on failure.
+ */
+int xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid);
+
#endif
/*
xenforeignmemory_close;
xenforeignmemory_map;
xenforeignmemory_unmap;
+ xenforeignmemory_restrict;
local: *; /* Do not expose anything by default */
};
return munmap(addr, num << PAGE_SHIFT);
}
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid)
+{
+ return ioctl(fmem->fd, IOCTL_PRIVCMD_RESTRICT, &domid);
+}
+
/*
* Local variables:
* mode: C
return munmap(addr, num << PAGE_SHIFT);
}
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid)
+{
+ errno = -EOPNOTSUPP;
+ return -1;
+}
+
/*
* Local variables:
* mode: C
return munmap(addr, num*XC_PAGE_SIZE);
}
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid)
+{
+ errno = -EOPNOTSUPP;
+ return -1;
+}
+
/*
* Local variables:
* mode: C
int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem,
void *addr, size_t num);
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid);
+
#if defined(__NetBSD__) || defined(__sun__)
/* Strictly compat for those two only only */
void *compat_mapforeign_batch(xenforeignmem_handle *fmem, uint32_t dom,
return munmap(addr, num*XC_PAGE_SIZE);
}
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+ domid_t domid)
+{
+ errno = -EOPNOTSUPP;
+ return -1;
+}
+
/*
* Local variables:
* mode: C
projects / people / royger / xen.git / commitdiff