From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Durrant Subject: [PATCH v2] xen: use libxendevice model to restrict operations Date: Mon, 20 Mar 2017 16:53:33 +0000 Message-ID: <1490028813-3911-1-git-send-email-paul.durrant@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq0ZK-0005lF-AC for xen-devel@lists.xenproject.org; Mon, 20 Mar 2017 16:54:06 +0000 List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: qemu-devel@nongnu.org, xen-devel@lists.xenproject.org Cc: Anthony Perard , Paolo Bonzini , Paul Durrant , Stefano Stabellini List-Id: xen-devel@lists.xenproject.org VGhpcyBwYXRjaCBhZGRzIGEgY29tbWFuZC1saW5lIG9wdGlvbiAoLXhlbi1kb21pZC1yZXN0cmlj dCkgd2hpY2ggd2lsbAp1c2UgdGhlIG5ldyBsaWJ4ZW5kZXZpY2Vtb2RlbCBBUEkgdG8gcmVzdHJp Y3QgZGV2aWNlbW9kZWwgb3BlcmF0aW9ucyB0bwp0aGUgc3BlY2lmaWVkIGRvbWlkLgoKVGhpcyBw YXRjaCBhbHNvIGFkZHMgYSB0cmFjZXBvaW50IHRvIGFsbG93IHN1Y2Nlc3NmdWwgZW5hYmxpbmcg b2YgdGhlCnJlc3RyaWN0aW9uIHRvIGJlIG1vbml0b3JlZC4KClNpZ25lZC1vZmYtYnk6IFBhdWwg RHVycmFudCA8cGF1bC5kdXJyYW50QGNpdHJpeC5jb20+Ci0tLQpDYzogU3RlZmFubyBTdGFiZWxs aW5pIDxzc3RhYmVsbGluaUBrZXJuZWwub3JnPgpDYzogQW50aG9ueSBQZXJhcmQgPGFudGhvbnku cGVyYXJkQGNpdHJpeC5jb20+CkNjOiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQuY29t PgoKTk9URTogVGhpcyBpcyBhbHJlYWR5IHJlLWJhc2VkIG9uIEp1ZXJnZW4gR3Jvc3MncyBwYXRj aCAieGVuOiB1c2UgNSBkaWdpdAogICAgICB4ZW4gdmVyc2lvbnMiIGFuZCBzbyBzaG91bGQgbm90 IGJlIGFwcGxpZWQgdW50aWwgYWZ0ZXIgdGhhdCBwYXRjaAogICAgICBoYXMgYmVlbiBhcHBsaWVk LgoKdjI6CiAtIExvZyBlcnJubyBpbiB0cmFjZXBvaW50Ci0tLQogaHcveGVuL3RyYWNlLWV2ZW50 cyAgICAgICAgIHwgIDEgKwogaW5jbHVkZS9ody94ZW4veGVuLmggICAgICAgIHwgIDEgKwogaW5j bHVkZS9ody94ZW4veGVuX2NvbW1vbi5oIHwgMjAgKysrKysrKysrKysrKysrKysrKysKIHFlbXUt b3B0aW9ucy5oeCAgICAgICAgICAgICB8ICA2ICsrKysrKwogdmwuYyAgICAgICAgICAgICAgICAg ICAgICAgIHwgIDggKysrKysrKysKIHhlbi1odm0uYyAgICAgICAgICAgICAgICAgICB8ICA4ICsr KysrKysrCiA2IGZpbGVzIGNoYW5nZWQsIDQ0IGluc2VydGlvbnMoKykKCmRpZmYgLS1naXQgYS9o dy94ZW4vdHJhY2UtZXZlbnRzIGIvaHcveGVuL3RyYWNlLWV2ZW50cwppbmRleCBjNGZiNmYxLi41 NjE1ZGNlIDEwMDY0NAotLS0gYS9ody94ZW4vdHJhY2UtZXZlbnRzCisrKyBiL2h3L3hlbi90cmFj ZS1ldmVudHMKQEAgLTExLDMgKzExLDQgQEAgeGVuX21hcF9wb3J0aW9fcmFuZ2UodWludDMyX3Qg aWQsIHVpbnQ2NF90IHN0YXJ0X2FkZHIsIHVpbnQ2NF90IGVuZF9hZGRyKSAiaWQ6ICUKIHhlbl91 bm1hcF9wb3J0aW9fcmFuZ2UodWludDMyX3QgaWQsIHVpbnQ2NF90IHN0YXJ0X2FkZHIsIHVpbnQ2 NF90IGVuZF9hZGRyKSAiaWQ6ICV1IHN0YXJ0OiAlIyJQUkl4NjQiIGVuZDogJSMiUFJJeDY0CiB4 ZW5fbWFwX3BjaWRldih1aW50MzJfdCBpZCwgdWludDhfdCBidXMsIHVpbnQ4X3QgZGV2LCB1aW50 OF90IGZ1bmMpICJpZDogJXUgYmRmOiAlMDJ4LiUwMnguJTAyeCIKIHhlbl91bm1hcF9wY2lkZXYo dWludDMyX3QgaWQsIHVpbnQ4X3QgYnVzLCB1aW50OF90IGRldiwgdWludDhfdCBmdW5jKSAiaWQ6 ICV1IGJkZjogJTAyeC4lMDJ4LiUwMngiCit4ZW5fZG9taWRfcmVzdHJpY3QoaW50IGVycikgImVy cjogJXUiCmRpZmYgLS1naXQgYS9pbmNsdWRlL2h3L3hlbi94ZW4uaCBiL2luY2x1ZGUvaHcveGVu L3hlbi5oCmluZGV4IDJiMTczM2IuLjdlZmNkYWEgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvaHcveGVu L3hlbi5oCisrKyBiL2luY2x1ZGUvaHcveGVuL3hlbi5oCkBAIC0yMSw2ICsyMSw3IEBAIGVudW0g eGVuX21vZGUgewogCiBleHRlcm4gdWludDMyX3QgeGVuX2RvbWlkOwogZXh0ZXJuIGVudW0geGVu X21vZGUgeGVuX21vZGU7CitleHRlcm4gYm9vbCB4ZW5fZG9taWRfcmVzdHJpY3Q7CiAKIGV4dGVy biBib29sIHhlbl9hbGxvd2VkOwogCmRpZmYgLS1naXQgYS9pbmNsdWRlL2h3L3hlbi94ZW5fY29t bW9uLmggYi9pbmNsdWRlL2h3L3hlbi94ZW5fY29tbW9uLmgKaW5kZXggZGYwOThjNy4uNGYzYmQz NSAxMDA2NDQKLS0tIGEvaW5jbHVkZS9ody94ZW4veGVuX2NvbW1vbi5oCisrKyBiL2luY2x1ZGUv aHcveGVuL3hlbl9jb21tb24uaApAQCAtMTUyLDYgKzE1MiwxMyBAQCBzdGF0aWMgaW5saW5lIGlu dCB4ZW5kZXZpY2Vtb2RlbF9zZXRfbWVtX3R5cGUoCiAgICAgcmV0dXJuIHhjX2h2bV9zZXRfbWVt X3R5cGUoZG1vZCwgZG9taWQsIG1lbV90eXBlLCBmaXJzdF9wZm4sIG5yKTsKIH0KIAorc3RhdGlj IGlubGluZSBpbnQgeGVuZGV2aWNlbW9kZWxfcmVzdHJpY3QoCisgICAgeGVuZGV2aWNlbW9kZWxf aGFuZGxlICpkbW9kLCBkb21pZF90IGRvbWlkKQoreworICAgIGVycm5vID0gRU5PVFRZOworICAg IHJldHVybiAtMTsKK30KKwogI2Vsc2UgLyogQ09ORklHX1hFTl9DVFJMX0lOVEVSRkFDRV9WRVJT SU9OID49IDQwOTAwICovCiAKICNpbmNsdWRlIDx4ZW5kZXZpY2Vtb2RlbC5oPgpAQCAtMjA2LDYg KzIxMywxOSBAQCBzdGF0aWMgaW5saW5lIGludCB4ZW5fbW9kaWZpZWRfbWVtb3J5KGRvbWlkX3Qg ZG9taWQsIHVpbnQ2NF90IGZpcnN0X3BmbiwKICAgICByZXR1cm4geGVuZGV2aWNlbW9kZWxfbW9k aWZpZWRfbWVtb3J5KHhlbl9kbW9kLCBkb21pZCwgZmlyc3RfcGZuLCBucik7CiB9CiAKK3N0YXRp YyBpbmxpbmUgaW50IHhlbl9yZXN0cmljdChkb21pZF90IGRvbWlkKQoreworICAgIGludCByYyA9 IHhlbmRldmljZW1vZGVsX3Jlc3RyaWN0KHhlbl9kbW9kLCBkb21pZCk7CisKKyAgICB0cmFjZV94 ZW5fZG9taWRfcmVzdHJpY3QoZXJybm8pOworCisgICAgaWYgKGVycm5vID09IEVOT1RUWSkgewor ICAgICAgICByZXR1cm4gMDsKKyAgICB9CisKKyAgICByZXR1cm4gcmM7Cit9CisKIC8qIFhlbiA0 LjIgdGhyb3VnaCA0LjYgKi8KICNpZiBDT05GSUdfWEVOX0NUUkxfSU5URVJGQUNFX1ZFUlNJT04g PCA0MDcwMQogCmRpZmYgLS1naXQgYS9xZW11LW9wdGlvbnMuaHggYi9xZW11LW9wdGlvbnMuaHgK aW5kZXggOTlhZjhlZC4uNGFhYjA3NyAxMDA2NDQKLS0tIGEvcWVtdS1vcHRpb25zLmh4CisrKyBi L3FlbXUtb3B0aW9ucy5oeApAQCAtMzM1NCw2ICszMzU0LDEwIEBAIERFRigieGVuLWF0dGFjaCIs IDAsIFFFTVVfT1BUSU9OX3hlbl9hdHRhY2gsCiAgICAgIi14ZW4tYXR0YWNoICAgICBhdHRhY2gg dG8gZXhpc3RpbmcgeGVuIGRvbWFpblxuIgogICAgICIgICAgICAgICAgICAgICAgeGVuZCB3aWxs IHVzZSB0aGlzIHdoZW4gc3RhcnRpbmcgUUVNVVxuIiwKICAgICBRRU1VX0FSQ0hfQUxMKQorREVG KCJ4ZW4tZG9taWQtcmVzdHJpY3QiLCAwLCBRRU1VX09QVElPTl94ZW5fZG9taWRfcmVzdHJpY3Qs CisgICAgIi14ZW4tZG9taWQtcmVzdHJpY3QgICAgIHJlc3RyaWN0IHNldCBvZiBhdmFpbGFibGUg eGVuIG9wZXJhdGlvbnNcbiIKKyAgICAiICAgICAgICAgICAgICAgICAgICAgICAgdG8gc3BlY2lm aWVkIGRvbWFpbiBpZFxuIiwKKyAgICBRRU1VX0FSQ0hfQUxMKQogU1RFWEkKIEBpdGVtIC14ZW4t ZG9taWQgQHZhcntpZH0KIEBmaW5kZXggLXhlbi1kb21pZApAQCAtMzM2Niw2ICszMzcwLDggQEAg V2FybmluZzogc2hvdWxkIG5vdCBiZSB1c2VkIHdoZW4geGVuZCBpcyBpbiB1c2UgKFhFTiBvbmx5 KS4KIEBmaW5kZXggLXhlbi1hdHRhY2gKIEF0dGFjaCB0byBleGlzdGluZyB4ZW4gZG9tYWluLgog eGVuZCB3aWxsIHVzZSB0aGlzIHdoZW4gc3RhcnRpbmcgUUVNVSAoWEVOIG9ubHkpLgorQGZpbmRl eCAteGVuLWRvbWlkLXJlc3RyaWN0CitSZXN0cmljdCBzZXQgb2YgYXZhaWxhYmxlIHhlbiBvcGVy YXRpb25zIHRvIHNwZWNpZmllZCBkb21haW4gaWQgKFhFTiBvbmx5KS4KIEVURVhJCiAKIERFRigi bm8tcmVib290IiwgMCwgUUVNVV9PUFRJT05fbm9fcmVib290LCBcCmRpZmYgLS1naXQgYS92bC5j IGIvdmwuYwppbmRleCAwYjRlZDUyLi5mNDZlMDcwIDEwMDY0NAotLS0gYS92bC5jCisrKyBiL3Zs LmMKQEAgLTIwNSw2ICsyMDUsNyBAQCBzdGF0aWMgTm90aWZpZXJMaXN0IG1hY2hpbmVfaW5pdF9k b25lX25vdGlmaWVycyA9CiBib29sIHhlbl9hbGxvd2VkOwogdWludDMyX3QgeGVuX2RvbWlkOwog ZW51bSB4ZW5fbW9kZSB4ZW5fbW9kZSA9IFhFTl9FTVVMQVRFOworYm9vbCB4ZW5fZG9taWRfcmVz dHJpY3Q7CiAKIHN0YXRpYyBpbnQgaGFzX2RlZmF1bHRzID0gMTsKIHN0YXRpYyBpbnQgZGVmYXVs dF9zZXJpYWwgPSAxOwpAQCAtMzkzMyw2ICszOTM0LDEzIEBAIGludCBtYWluKGludCBhcmdjLCBj aGFyICoqYXJndiwgY2hhciAqKmVudnApCiAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAg ICAgIHhlbl9tb2RlID0gWEVOX0FUVEFDSDsKICAgICAgICAgICAgICAgICBicmVhazsKKyAgICAg ICAgICAgIGNhc2UgUUVNVV9PUFRJT05feGVuX2RvbWlkX3Jlc3RyaWN0OgorICAgICAgICAgICAg ICAgIGlmICghKHhlbl9hdmFpbGFibGUoKSkpIHsKKyAgICAgICAgICAgICAgICAgICAgZXJyb3Jf cmVwb3J0KCJPcHRpb24gbm90IHN1cHBvcnRlZCBmb3IgdGhpcyB0YXJnZXQiKTsKKyAgICAgICAg ICAgICAgICAgICAgZXhpdCgxKTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICAgICAg eGVuX2RvbWlkX3Jlc3RyaWN0ID0gdHJ1ZTsKKyAgICAgICAgICAgICAgICBicmVhazsKICAgICAg ICAgICAgIGNhc2UgUUVNVV9PUFRJT05fdHJhY2U6CiAgICAgICAgICAgICAgICAgZ19mcmVlKHRy YWNlX2ZpbGUpOwogICAgICAgICAgICAgICAgIHRyYWNlX2ZpbGUgPSB0cmFjZV9vcHRfcGFyc2Uo b3B0YXJnKTsKZGlmZiAtLWdpdCBhL3hlbi1odm0uYyBiL3hlbi1odm0uYwppbmRleCA0YjkyOGNm Li4zMzVlMjYzIDEwMDY0NAotLS0gYS94ZW4taHZtLmMKKysrIGIveGVuLWh2bS5jCkBAIC0xMjI2 LDYgKzEyMjYsMTQgQEAgdm9pZCB4ZW5faHZtX2luaXQoUENNYWNoaW5lU3RhdGUgKnBjbXMsIE1l bW9yeVJlZ2lvbiAqKnJhbV9tZW1vcnkpCiAgICAgICAgIGdvdG8gZXJyOwogICAgIH0KIAorICAg IGlmICh4ZW5fZG9taWRfcmVzdHJpY3QpIHsKKyAgICAgICAgcmMgPSB4ZW5fcmVzdHJpY3QoeGVu X2RvbWlkKTsKKyAgICAgICAgaWYgKHJjIDwgMCkgeworICAgICAgICAgICAgZXJyb3JfcmVwb3J0 KCJmYWlsZWQgdG8gcmVzdHJpY3Q6IGVycm9yICVkIiwgZXJybm8pOworICAgICAgICAgICAgZ290 byBlcnI7CisgICAgICAgIH0KKyAgICB9CisKICAgICB4ZW5fY3JlYXRlX2lvcmVxX3NlcnZlcih4 ZW5fZG9taWQsICZzdGF0ZS0+aW9zZXJ2aWQpOwogCiAgICAgc3RhdGUtPmV4aXQubm90aWZ5ID0g eGVuX2V4aXRfbm90aWZpZXI7Ci0tIAoyLjEuNAoKCl9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVsQGxp c3RzLnhlbi5vcmcKaHR0cHM6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=