From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Durrant <paul.durrant@citrix.com>
Subject: [PATCH] xen: additionally restrict xenforeignmemory
	operations
Date: Fri, 24 Mar 2017 16:58:08 +0000
Message-ID: <1490374688-488-1-git-send-email-paul.durrant@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <prvs=249263d75=Paul.Durrant@citrix.com>)
 id 1crSY3-0007Zd-ED
 for xen-devel@lists.xenproject.org; Fri, 24 Mar 2017 16:58:47 +0000
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: qemu-devel@nongnu.org, xen-devel@lists.xenproject.org
Cc: Anthony Perard <anthony.perard@citrix.com>, Paul Durrant <paul.durrant@citrix.com>, Stefano Stabellini <sstabellini@kernel.org>
List-Id: xen-devel@lists.xenproject.org

Q29tbWl0IGYwZjI3MmJhZjNhNyAieGVuOiB1c2UgbGlieGVuZGV2aWNlIG1vZGVsIHRvIHJlc3Ry
aWN0IG9wZXJhdGlvbnMiCmFkZGVkIGEgY29tbWFuZC1saW5lIG9wdGlvbiAoLXhlbi1kb21pZC1y
ZXN0cmljdCkgdG8gbGltaXQgb3BlcmF0aW9ucwp1c2luZyB0aGUgbGlieGVuZGV2aWNlbW9kZWwg
QVBJIHRvIGEgc3BlY2lmaWVkIGRvbWlkLiBUaGUgY29tbWl0IGFsc28Kbm90ZWQgdGhhdCB0aGUg
cmVzdHJpY3Rpb24gd291bGQgYmUgZXh0ZW5kZWQgdG8gY292ZXIgb3BlcmF0aW9ucyBpc3N1ZWQK
dmlhIG90aGVyIHhlbiBsaWJyYXJpZXMgYnkgc3Vic2VxdWVudCBwYXRjaGVzLgoKTXkgcmVjZW50
IFhlbiBwYXRjaCBbMV0gYWRkZWQgYSBjYWxsIHRvIHRoZSB4ZW5mb3JlaWdubWVtb3J5IEFQSSB0
byBhbGxvdwppdCB0byBiZSByZXN0cmljdGVkLiBUaGlzIHBhdGNoIG5vdyBtYWtlcyB1c2Ugb2Yg
dGhhdCBuZXcgY2FsbCB3aGVuIHRoZQoteGVuLWRvbWlkLXJlc3RyaWN0IG9wdGlvbiBpcyBwYXNz
ZWQuCgpbMV0gaHR0cDovL3hlbmJpdHMueGVuLm9yZy9naXR3ZWIvP3A9eGVuLmdpdDthPWNvbW1p
dDtoPTU4MjNkNmViCgpTaWduZWQtb2ZmLWJ5OiBQYXVsIER1cnJhbnQgPHBhdWwuZHVycmFudEBj
aXRyaXguY29tPgotLS0KQ2M6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxpbmlAa2VybmVs
Lm9yZz4KQ2M6IEFudGhvbnkgUGVyYXJkIDxhbnRob255LnBlcmFyZEBjaXRyaXguY29tPgotLS0K
IGluY2x1ZGUvaHcveGVuL3hlbl9jb21tb24uaCB8IDUyICsrKysrKysrKysrKysrKysrKysrKysr
KysrKysrKysrKy0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDM5IGluc2VydGlvbnMoKyks
IDEzIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2luY2x1ZGUvaHcveGVuL3hlbl9jb21tb24u
aCBiL2luY2x1ZGUvaHcveGVuL3hlbl9jb21tb24uaAppbmRleCA0ZjNiZDM1Li42ZjEzZThjIDEw
MDY0NAotLS0gYS9pbmNsdWRlL2h3L3hlbi94ZW5fY29tbW9uLmgKKysrIGIvaW5jbHVkZS9ody94
ZW4veGVuX2NvbW1vbi5oCkBAIC0yMTMsMTkgKzIxMyw2IEBAIHN0YXRpYyBpbmxpbmUgaW50IHhl
bl9tb2RpZmllZF9tZW1vcnkoZG9taWRfdCBkb21pZCwgdWludDY0X3QgZmlyc3RfcGZuLAogICAg
IHJldHVybiB4ZW5kZXZpY2Vtb2RlbF9tb2RpZmllZF9tZW1vcnkoeGVuX2Rtb2QsIGRvbWlkLCBm
aXJzdF9wZm4sIG5yKTsKIH0KIAotc3RhdGljIGlubGluZSBpbnQgeGVuX3Jlc3RyaWN0KGRvbWlk
X3QgZG9taWQpCi17Ci0gICAgaW50IHJjID0geGVuZGV2aWNlbW9kZWxfcmVzdHJpY3QoeGVuX2Rt
b2QsIGRvbWlkKTsKLQotICAgIHRyYWNlX3hlbl9kb21pZF9yZXN0cmljdChlcnJubyk7Ci0KLSAg
ICBpZiAoZXJybm8gPT0gRU5PVFRZKSB7Ci0gICAgICAgIHJldHVybiAwOwotICAgIH0KLQotICAg
IHJldHVybiByYzsKLX0KLQogLyogWGVuIDQuMiB0aHJvdWdoIDQuNiAqLwogI2lmIENPTkZJR19Y
RU5fQ1RSTF9JTlRFUkZBQ0VfVkVSU0lPTiA8IDQwNzAxCiAKQEAgLTI3Niw4ICsyNjMsNDcgQEAg
c3RhdGljIGlubGluZSB2b2lkICp4ZW5mb3JlaWdubWVtb3J5X21hcCh4Y19pbnRlcmZhY2UgKmgs
IHVpbnQzMl90IGRvbSwKIAogI2VuZGlmCiAKKyNpZiBDT05GSUdfWEVOX0NUUkxfSU5URVJGQUNF
X1ZFUlNJT04gPCA0MDkwMAorCitzdGF0aWMgaW5saW5lIGludCB4ZW5mb3JlaWdubWVtb3J5X3Jl
c3RyaWN0KAorICAgIHhlbmZvcmVpZ25tZW1vcnlfaGFuZGxlICpmbWVtLCBkb21pZF90IGRvbWlk
KQoreworICAgIGVycm5vID0gRU5PVFRZOworICAgIHJldHVybiAtMTsKK30KKworI2VuZGlmCisK
IGV4dGVybiB4ZW5mb3JlaWdubWVtb3J5X2hhbmRsZSAqeGVuX2ZtZW07CiAKK3N0YXRpYyBpbmxp
bmUgaW50IHhlbl9yZXN0cmljdChkb21pZF90IGRvbWlkKQoreworICAgIGludCByYzsKKworICAg
IC8qIEF0dGVtcHQgdG8gcmVzdHJpY3QgZGV2aWNlbW9kZWwgb3BlcmF0aW9ucyAqLworICAgIHJj
ID0geGVuZGV2aWNlbW9kZWxfcmVzdHJpY3QoeGVuX2Rtb2QsIGRvbWlkKTsKKyAgICB0cmFjZV94
ZW5fZG9taWRfcmVzdHJpY3QocmMgPyBlcnJubyA6IDApOworCisgICAgaWYgKHJjIDwgMCkgewor
ICAgICAgICAvKgorICAgICAgICAgKiBJZiBlcnJubyBpcyBFTk9UVFkgdGhlbiByZXN0cmljdGlv
biBpcyBub3QgaW1wbGVtZW50ZWQgc28KKyAgICAgICAgICogdGhlcmUncyBubyBwb2ludCBpbiB0
cnlpbmcgdG8gcmVzdHJpY3Qgb3RoZXIgdHlwZXMgb2YKKyAgICAgICAgICogb3BlcmF0aW9uLCBi
dXQgaXQgc2hvdWxkIG5vdCBiZSB0cmVhdGVkIGFzIGEgZmFpbHVyZS4KKyAgICAgICAgICovCisg
ICAgICAgIGlmIChlcnJubyA9PSBFTk9UVFkpIHsKKyAgICAgICAgICAgIHJldHVybiAwOworICAg
ICAgICB9CisKKyAgICAgICAgcmV0dXJuIHJjOworICAgIH0KKworICAgIC8qIFJlc3RyaWN0IGZv
cmVpZ25tZW1vcnkgb3BlcmF0aW9ucyAqLworICAgIHJjID0geGVuZm9yZWlnbm1lbW9yeV9yZXN0
cmljdCh4ZW5fZm1lbSwgZG9taWQpOworICAgIHRyYWNlX3hlbl9kb21pZF9yZXN0cmljdChyYyA/
IGVycm5vIDogMCk7CisKKyAgICByZXR1cm4gcmM7Cit9CisKIHZvaWQgZGVzdHJveV9odm1fZG9t
YWluKGJvb2wgcmVib290KTsKIAogLyogc2h1dGRvd24vZGVzdHJveSBjdXJyZW50IGRvbWFpbiBi
ZWNhdXNlIG9mIGFuIGVycm9yICovCi0tIAoyLjEuNAoKCl9fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVs
QGxpc3RzLnhlbi5vcmcKaHR0cHM6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=