From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Durrant <paul.durrant@citrix.com>
Subject: [PATCH v4] xen: use libxendevice model to restrict
	operations
Date: Wed, 22 Mar 2017 09:39:15 +0000
Message-ID: <1490175555-17827-1-git-send-email-paul.durrant@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <prvs=2479a8bc7=Paul.Durrant@citrix.com>)
 id 1cqcjq-0007Zv-UA
 for xen-devel@lists.xenproject.org; Wed, 22 Mar 2017 09:39:31 +0000
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: qemu-devel@nongnu.org, xen-devel@lists.xenproject.org
Cc: Anthony Perard <anthony.perard@citrix.com>, Paolo Bonzini <pbonzini@redhat.com>, Paul Durrant <paul.durrant@citrix.com>, Stefano Stabellini <sstabellini@kernel.org>
List-Id: xen-devel@lists.xenproject.org

VGhpcyBwYXRjaCBhZGRzIGEgY29tbWFuZC1saW5lIG9wdGlvbiAoLXhlbi1kb21pZC1yZXN0cmlj
dCkgd2hpY2ggd2lsbAp1c2UgdGhlIG5ldyBsaWJ4ZW5kZXZpY2Vtb2RlbCBBUEkgdG8gcmVzdHJp
Y3QgZGV2aWNlbW9kZWwgWzFdIG9wZXJhdGlvbnMKdG8gdGhlIHNwZWNpZmllZCBkb21pZC4gKFN1
Y2ggb3BlcmF0aW9ucyBhcmUgbm90IGFwcGxpY2FibGUgdG8gdGhlIHhlbnB2Cm1hY2hpbmUgdHlw
ZSkuCgpUaGlzIHBhdGNoIGFsc28gYWRkcyBhIHRyYWNlcG9pbnQgdG8gYWxsb3cgc3VjY2Vzc2Z1
bCBlbmFibGluZyBvZiB0aGUKcmVzdHJpY3Rpb24gdG8gYmUgbW9uaXRvcmVkLgoKWzFdIEkuZS4g
b3BlcmF0aW9ucyBpc3N1ZWQgYnkgbGlieGVuZGV2aWNlbW9kZWwuIE9wZXJhdGlvbiBpc3N1ZWQg
Ynkgb3RoZXIKICAgIHhlbiBsaWJyYXJpZXMgKGUuZy4gbGlieGVuZm9yZWlnbm1lbW9yeSkgYXJl
IGN1cnJlbnRseSBzdGlsbCB1bnJlc3RyaWN0ZWQKICAgIGJ1dCB0aGlzIHdpbGwgYmUgcmVjdGlm
aWVkIGJ5IHN1YnNlcXVlbnQgcGF0Y2hlcy4KClNpZ25lZC1vZmYtYnk6IFBhdWwgRHVycmFudCA8
cGF1bC5kdXJyYW50QGNpdHJpeC5jb20+Ci0tLQpDYzogU3RlZmFubyBTdGFiZWxsaW5pIDxzc3Rh
YmVsbGluaUBrZXJuZWwub3JnPgpDYzogQW50aG9ueSBQZXJhcmQgPGFudGhvbnkucGVyYXJkQGNp
dHJpeC5jb20+CkNjOiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQuY29tPgoKTk9URTog
VGhpcyBpcyBhbHJlYWR5IHJlLWJhc2VkIG9uIEp1ZXJnZW4gR3Jvc3MncyBwYXRjaCAieGVuOiB1
c2UgNSBkaWdpdAogICAgICB4ZW4gdmVyc2lvbnMiIGFuZCBzbyBzaG91bGQgbm90IGJlIGFwcGxp
ZWQgdW50aWwgYWZ0ZXIgdGhhdCBwYXRjaAogICAgICBoYXMgYmVlbiBhcHBsaWVkLgoKdjQ6CiAt
IEFkZGVkIG1pc3NpbmcgcXVvdGUKCnYzOgogLSBVcGRhdGVkIHVzYWdlIGNvbW1lbnQKCnYyOgog
LSBMb2cgZXJybm8gaW4gdHJhY2Vwb2ludAotLS0KIGh3L3hlbi90cmFjZS1ldmVudHMgICAgICAg
ICB8ICAxICsKIGluY2x1ZGUvaHcveGVuL3hlbi5oICAgICAgICB8ICAxICsKIGluY2x1ZGUvaHcv
eGVuL3hlbl9jb21tb24uaCB8IDIwICsrKysrKysrKysrKysrKysrKysrCiBxZW11LW9wdGlvbnMu
aHggICAgICAgICAgICAgfCAgNyArKysrKysrCiB2bC5jICAgICAgICAgICAgICAgICAgICAgICAg
fCAgOCArKysrKysrKwogeGVuLWh2bS5jICAgICAgICAgICAgICAgICAgIHwgIDggKysrKysrKysK
IDYgZmlsZXMgY2hhbmdlZCwgNDUgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL2h3L3hlbi90
cmFjZS1ldmVudHMgYi9ody94ZW4vdHJhY2UtZXZlbnRzCmluZGV4IGM0ZmI2ZjEuLjU2MTVkY2Ug
MTAwNjQ0Ci0tLSBhL2h3L3hlbi90cmFjZS1ldmVudHMKKysrIGIvaHcveGVuL3RyYWNlLWV2ZW50
cwpAQCAtMTEsMyArMTEsNCBAQCB4ZW5fbWFwX3BvcnRpb19yYW5nZSh1aW50MzJfdCBpZCwgdWlu
dDY0X3Qgc3RhcnRfYWRkciwgdWludDY0X3QgZW5kX2FkZHIpICJpZDogJQogeGVuX3VubWFwX3Bv
cnRpb19yYW5nZSh1aW50MzJfdCBpZCwgdWludDY0X3Qgc3RhcnRfYWRkciwgdWludDY0X3QgZW5k
X2FkZHIpICJpZDogJXUgc3RhcnQ6ICUjIlBSSXg2NCIgZW5kOiAlIyJQUkl4NjQKIHhlbl9tYXBf
cGNpZGV2KHVpbnQzMl90IGlkLCB1aW50OF90IGJ1cywgdWludDhfdCBkZXYsIHVpbnQ4X3QgZnVu
YykgImlkOiAldSBiZGY6ICUwMnguJTAyeC4lMDJ4IgogeGVuX3VubWFwX3BjaWRldih1aW50MzJf
dCBpZCwgdWludDhfdCBidXMsIHVpbnQ4X3QgZGV2LCB1aW50OF90IGZ1bmMpICJpZDogJXUgYmRm
OiAlMDJ4LiUwMnguJTAyeCIKK3hlbl9kb21pZF9yZXN0cmljdChpbnQgZXJyKSAiZXJyOiAldSIK
ZGlmZiAtLWdpdCBhL2luY2x1ZGUvaHcveGVuL3hlbi5oIGIvaW5jbHVkZS9ody94ZW4veGVuLmgK
aW5kZXggMmIxNzMzYi4uN2VmY2RhYSAxMDA2NDQKLS0tIGEvaW5jbHVkZS9ody94ZW4veGVuLmgK
KysrIGIvaW5jbHVkZS9ody94ZW4veGVuLmgKQEAgLTIxLDYgKzIxLDcgQEAgZW51bSB4ZW5fbW9k
ZSB7CiAKIGV4dGVybiB1aW50MzJfdCB4ZW5fZG9taWQ7CiBleHRlcm4gZW51bSB4ZW5fbW9kZSB4
ZW5fbW9kZTsKK2V4dGVybiBib29sIHhlbl9kb21pZF9yZXN0cmljdDsKIAogZXh0ZXJuIGJvb2wg
eGVuX2FsbG93ZWQ7CiAKZGlmZiAtLWdpdCBhL2luY2x1ZGUvaHcveGVuL3hlbl9jb21tb24uaCBi
L2luY2x1ZGUvaHcveGVuL3hlbl9jb21tb24uaAppbmRleCBkZjA5OGM3Li40ZjNiZDM1IDEwMDY0
NAotLS0gYS9pbmNsdWRlL2h3L3hlbi94ZW5fY29tbW9uLmgKKysrIGIvaW5jbHVkZS9ody94ZW4v
eGVuX2NvbW1vbi5oCkBAIC0xNTIsNiArMTUyLDEzIEBAIHN0YXRpYyBpbmxpbmUgaW50IHhlbmRl
dmljZW1vZGVsX3NldF9tZW1fdHlwZSgKICAgICByZXR1cm4geGNfaHZtX3NldF9tZW1fdHlwZShk
bW9kLCBkb21pZCwgbWVtX3R5cGUsIGZpcnN0X3BmbiwgbnIpOwogfQogCitzdGF0aWMgaW5saW5l
IGludCB4ZW5kZXZpY2Vtb2RlbF9yZXN0cmljdCgKKyAgICB4ZW5kZXZpY2Vtb2RlbF9oYW5kbGUg
KmRtb2QsIGRvbWlkX3QgZG9taWQpCit7CisgICAgZXJybm8gPSBFTk9UVFk7CisgICAgcmV0dXJu
IC0xOworfQorCiAjZWxzZSAvKiBDT05GSUdfWEVOX0NUUkxfSU5URVJGQUNFX1ZFUlNJT04gPj0g
NDA5MDAgKi8KIAogI2luY2x1ZGUgPHhlbmRldmljZW1vZGVsLmg+CkBAIC0yMDYsNiArMjEzLDE5
IEBAIHN0YXRpYyBpbmxpbmUgaW50IHhlbl9tb2RpZmllZF9tZW1vcnkoZG9taWRfdCBkb21pZCwg
dWludDY0X3QgZmlyc3RfcGZuLAogICAgIHJldHVybiB4ZW5kZXZpY2Vtb2RlbF9tb2RpZmllZF9t
ZW1vcnkoeGVuX2Rtb2QsIGRvbWlkLCBmaXJzdF9wZm4sIG5yKTsKIH0KIAorc3RhdGljIGlubGlu
ZSBpbnQgeGVuX3Jlc3RyaWN0KGRvbWlkX3QgZG9taWQpCit7CisgICAgaW50IHJjID0geGVuZGV2
aWNlbW9kZWxfcmVzdHJpY3QoeGVuX2Rtb2QsIGRvbWlkKTsKKworICAgIHRyYWNlX3hlbl9kb21p
ZF9yZXN0cmljdChlcnJubyk7CisKKyAgICBpZiAoZXJybm8gPT0gRU5PVFRZKSB7CisgICAgICAg
IHJldHVybiAwOworICAgIH0KKworICAgIHJldHVybiByYzsKK30KKwogLyogWGVuIDQuMiB0aHJv
dWdoIDQuNiAqLwogI2lmIENPTkZJR19YRU5fQ1RSTF9JTlRFUkZBQ0VfVkVSU0lPTiA8IDQwNzAx
CiAKZGlmZiAtLWdpdCBhL3FlbXUtb3B0aW9ucy5oeCBiL3FlbXUtb3B0aW9ucy5oeAppbmRleCA5
OWFmOGVkLi4yMDQzMzcxIDEwMDY0NAotLS0gYS9xZW11LW9wdGlvbnMuaHgKKysrIGIvcWVtdS1v
cHRpb25zLmh4CkBAIC0zMzU0LDYgKzMzNTQsMTEgQEAgREVGKCJ4ZW4tYXR0YWNoIiwgMCwgUUVN
VV9PUFRJT05feGVuX2F0dGFjaCwKICAgICAiLXhlbi1hdHRhY2ggICAgIGF0dGFjaCB0byBleGlz
dGluZyB4ZW4gZG9tYWluXG4iCiAgICAgIiAgICAgICAgICAgICAgICB4ZW5kIHdpbGwgdXNlIHRo
aXMgd2hlbiBzdGFydGluZyBRRU1VXG4iLAogICAgIFFFTVVfQVJDSF9BTEwpCitERUYoInhlbi1k
b21pZC1yZXN0cmljdCIsIDAsIFFFTVVfT1BUSU9OX3hlbl9kb21pZF9yZXN0cmljdCwKKyAgICAi
LXhlbi1kb21pZC1yZXN0cmljdCAgICAgcmVzdHJpY3Qgc2V0IG9mIGF2YWlsYWJsZSB4ZW4gb3Bl
cmF0aW9uc1xuIgorICAgICIgICAgICAgICAgICAgICAgICAgICAgICB0byBzcGVjaWZpZWQgZG9t
YWluIGlkLiAoRG9lcyBub3QgYWZmZWN0XG4iCisgICAgIiAgICAgICAgICAgICAgICAgICAgICAg
IHhlbnB2IG1hY2hpbmUgdHlwZSkuXG4iLAorICAgIFFFTVVfQVJDSF9BTEwpCiBTVEVYSQogQGl0
ZW0gLXhlbi1kb21pZCBAdmFye2lkfQogQGZpbmRleCAteGVuLWRvbWlkCkBAIC0zMzY2LDYgKzMz
NzEsOCBAQCBXYXJuaW5nOiBzaG91bGQgbm90IGJlIHVzZWQgd2hlbiB4ZW5kIGlzIGluIHVzZSAo
WEVOIG9ubHkpLgogQGZpbmRleCAteGVuLWF0dGFjaAogQXR0YWNoIHRvIGV4aXN0aW5nIHhlbiBk
b21haW4uCiB4ZW5kIHdpbGwgdXNlIHRoaXMgd2hlbiBzdGFydGluZyBRRU1VIChYRU4gb25seSku
CitAZmluZGV4IC14ZW4tZG9taWQtcmVzdHJpY3QKK1Jlc3RyaWN0IHNldCBvZiBhdmFpbGFibGUg
eGVuIG9wZXJhdGlvbnMgdG8gc3BlY2lmaWVkIGRvbWFpbiBpZCAoWEVOIG9ubHkpLgogRVRFWEkK
IAogREVGKCJuby1yZWJvb3QiLCAwLCBRRU1VX09QVElPTl9ub19yZWJvb3QsIFwKZGlmZiAtLWdp
dCBhL3ZsLmMgYi92bC5jCmluZGV4IDBiNGVkNTIuLmY0NmUwNzAgMTAwNjQ0Ci0tLSBhL3ZsLmMK
KysrIGIvdmwuYwpAQCAtMjA1LDYgKzIwNSw3IEBAIHN0YXRpYyBOb3RpZmllckxpc3QgbWFjaGlu
ZV9pbml0X2RvbmVfbm90aWZpZXJzID0KIGJvb2wgeGVuX2FsbG93ZWQ7CiB1aW50MzJfdCB4ZW5f
ZG9taWQ7CiBlbnVtIHhlbl9tb2RlIHhlbl9tb2RlID0gWEVOX0VNVUxBVEU7Citib29sIHhlbl9k
b21pZF9yZXN0cmljdDsKIAogc3RhdGljIGludCBoYXNfZGVmYXVsdHMgPSAxOwogc3RhdGljIGlu
dCBkZWZhdWx0X3NlcmlhbCA9IDE7CkBAIC0zOTMzLDYgKzM5MzQsMTMgQEAgaW50IG1haW4oaW50
IGFyZ2MsIGNoYXIgKiphcmd2LCBjaGFyICoqZW52cCkKICAgICAgICAgICAgICAgICB9CiAgICAg
ICAgICAgICAgICAgeGVuX21vZGUgPSBYRU5fQVRUQUNIOwogICAgICAgICAgICAgICAgIGJyZWFr
OworICAgICAgICAgICAgY2FzZSBRRU1VX09QVElPTl94ZW5fZG9taWRfcmVzdHJpY3Q6CisgICAg
ICAgICAgICAgICAgaWYgKCEoeGVuX2F2YWlsYWJsZSgpKSkgeworICAgICAgICAgICAgICAgICAg
ICBlcnJvcl9yZXBvcnQoIk9wdGlvbiBub3Qgc3VwcG9ydGVkIGZvciB0aGlzIHRhcmdldCIpOwor
ICAgICAgICAgICAgICAgICAgICBleGl0KDEpOworICAgICAgICAgICAgICAgIH0KKyAgICAgICAg
ICAgICAgICB4ZW5fZG9taWRfcmVzdHJpY3QgPSB0cnVlOworICAgICAgICAgICAgICAgIGJyZWFr
OwogICAgICAgICAgICAgY2FzZSBRRU1VX09QVElPTl90cmFjZToKICAgICAgICAgICAgICAgICBn
X2ZyZWUodHJhY2VfZmlsZSk7CiAgICAgICAgICAgICAgICAgdHJhY2VfZmlsZSA9IHRyYWNlX29w
dF9wYXJzZShvcHRhcmcpOwpkaWZmIC0tZ2l0IGEveGVuLWh2bS5jIGIveGVuLWh2bS5jCmluZGV4
IDRiOTI4Y2YuLjMzNWUyNjMgMTAwNjQ0Ci0tLSBhL3hlbi1odm0uYworKysgYi94ZW4taHZtLmMK
QEAgLTEyMjYsNiArMTIyNiwxNCBAQCB2b2lkIHhlbl9odm1faW5pdChQQ01hY2hpbmVTdGF0ZSAq
cGNtcywgTWVtb3J5UmVnaW9uICoqcmFtX21lbW9yeSkKICAgICAgICAgZ290byBlcnI7CiAgICAg
fQogCisgICAgaWYgKHhlbl9kb21pZF9yZXN0cmljdCkgeworICAgICAgICByYyA9IHhlbl9yZXN0
cmljdCh4ZW5fZG9taWQpOworICAgICAgICBpZiAocmMgPCAwKSB7CisgICAgICAgICAgICBlcnJv
cl9yZXBvcnQoImZhaWxlZCB0byByZXN0cmljdDogZXJyb3IgJWQiLCBlcnJubyk7CisgICAgICAg
ICAgICBnb3RvIGVycjsKKyAgICAgICAgfQorICAgIH0KKwogICAgIHhlbl9jcmVhdGVfaW9yZXFf
c2VydmVyKHhlbl9kb21pZCwgJnN0YXRlLT5pb3NlcnZpZCk7CiAKICAgICBzdGF0ZS0+ZXhpdC5u
b3RpZnkgPSB4ZW5fZXhpdF9ub3RpZmllcjsKLS0gCjIuMS40CgoKX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4t
ZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==