From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Durrant Subject: Re: [Qemu-devel] [PATCH] xen: use libxendevice model to restrict operations Date: Mon, 20 Mar 2017 08:41:07 +0000 Message-ID: References: <1489757419-8179-1-git-send-email-paul.durrant@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cpssH-0002p7-Ne for xen-devel@lists.xenproject.org; Mon, 20 Mar 2017 08:41:09 +0000 In-Reply-To: Content-Language: en-US List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: =?iso-8859-1?Q?=27Philippe_Mathieu-Daud=E9=27?= , "qemu-devel@nongnu.org" , "xen-devel@lists.xenproject.org" Cc: Anthony Perard , Paolo Bonzini , Stefano Stabellini List-Id: xen-devel@lists.xenproject.org PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQo+IEZyb206IFBoaWxpcHBlIE1hdGhpZXUtRGF1 ZMOpIFttYWlsdG86cGhpbGlwcGUubWF0aGlldS5kYXVkZUBnbWFpbC5jb21dCj4gT24gQmVoYWxm IE9mIFBoaWxpcHBlIE1hdGhpZXUtRGF1ZMOpCj4gU2VudDogMTcgTWFyY2ggMjAxNyAyMToyMQo+ IFRvOiBQYXVsIER1cnJhbnQgPFBhdWwuRHVycmFudEBjaXRyaXguY29tPjsgcWVtdS1kZXZlbEBu b25nbnUub3JnOyB4ZW4tCj4gZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcKPiBDYzogQW50aG9u eSBQZXJhcmQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+OyBQYW9sbyBCb256aW5pCj4gPHBi b256aW5pQHJlZGhhdC5jb20+OyBTdGVmYW5vIFN0YWJlbGxpbmkgPHNzdGFiZWxsaW5pQGtlcm5l bC5vcmc+Cj4gU3ViamVjdDogUmU6IFtRZW11LWRldmVsXSBbUEFUQ0hdIHhlbjogdXNlIGxpYnhl bmRldmljZSBtb2RlbCB0byByZXN0cmljdAo+IG9wZXJhdGlvbnMKPiAKPiBIaSBQYXVsLAo+IAo+ IE9uIDAzLzE3LzIwMTcgMTA6MzAgQU0sIFBhdWwgRHVycmFudCB3cm90ZToKPiA+IFRoaXMgcGF0 Y2ggYWRkcyBhIGNvbW1hbmQtbGluZSBvcHRpb24gKC14ZW4tZG9taWQtcmVzdHJpY3QpIHdoaWNo IHdpbGwKPiA+IHVzZSB0aGUgbmV3IGxpYnhlbmRldmljZW1vZGVsIEFQSSB0byByZXN0cmljdCBk ZXZpY2Vtb2RlbCBvcGVyYXRpb25zIHRvCj4gPiB0aGUgc3BlY2lmaWVkIGRvbWlkLgo+ID4KPiA+ IFRoaXMgcGF0Y2ggYWxzbyBhZGRzIGEgdHJhY2Vwb2ludCB0byBhbGxvdyBzdWNjZXNzZnVsIGVu YWJsaW5nIG9mIHRoZQo+ID4gcmVzdHJpY3Rpb24gdG8gYmUgbW9uaXRvcmVkLgo+ID4KPiA+IFNp Z25lZC1vZmYtYnk6IFBhdWwgRHVycmFudCA8cGF1bC5kdXJyYW50QGNpdHJpeC5jb20+Cj4gPiAt LS0KPiA+IENjOiBTdGVmYW5vIFN0YWJlbGxpbmkgPHNzdGFiZWxsaW5pQGtlcm5lbC5vcmc+Cj4g PiBDYzogQW50aG9ueSBQZXJhcmQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+Cj4gPiBDYzog UGFvbG8gQm9uemluaSA8cGJvbnppbmlAcmVkaGF0LmNvbT4KPiA+Cj4gPiBOT1RFOiBUaGlzIGlz IGFscmVhZHkgcmUtYmFzZWQgb24gSnVlcmdlbiBHcm9zcydzIHBhdGNoICJ4ZW46IHVzZSA1IGRp Z2l0Cj4gPiAgICAgICB4ZW4gdmVyc2lvbnMiIGFuZCBzbyBzaG91bGQgbm90IGJlIGFwcGxpZWQg dW50aWwgYWZ0ZXIgdGhhdCBwYXRjaAo+ID4gICAgICAgaGFzIGJlZW4gYXBwbGllZC4KPiA+IC0t LQo+ID4gIGh3L3hlbi90cmFjZS1ldmVudHMgICAgICAgICB8ICAxICsKPiA+ICBpbmNsdWRlL2h3 L3hlbi94ZW4uaCAgICAgICAgfCAgMSArCj4gPiAgaW5jbHVkZS9ody94ZW4veGVuX2NvbW1vbi5o IHwgMjMgKysrKysrKysrKysrKysrKysrKysrKysKPiA+ICBxZW11LW9wdGlvbnMuaHggICAgICAg ICAgICAgfCAgNiArKysrKysKPiA+ICB2bC5jICAgICAgICAgICAgICAgICAgICAgICAgfCAgOCAr KysrKysrKwo+ID4gIHhlbi1odm0uYyAgICAgICAgICAgICAgICAgICB8ICA4ICsrKysrKysrCj4g PiAgNiBmaWxlcyBjaGFuZ2VkLCA0NyBpbnNlcnRpb25zKCspCj4gPgo+ID4gZGlmZiAtLWdpdCBh L2h3L3hlbi90cmFjZS1ldmVudHMgYi9ody94ZW4vdHJhY2UtZXZlbnRzCj4gPiBpbmRleCBjNGZi NmYxLi5hNWI1ZThiIDEwMDY0NAo+ID4gLS0tIGEvaHcveGVuL3RyYWNlLWV2ZW50cwo+ID4gKysr IGIvaHcveGVuL3RyYWNlLWV2ZW50cwo+ID4gQEAgLTExLDMgKzExLDQgQEAgeGVuX21hcF9wb3J0 aW9fcmFuZ2UodWludDMyX3QgaWQsIHVpbnQ2NF90Cj4gc3RhcnRfYWRkciwgdWludDY0X3QgZW5k X2FkZHIpICJpZDogJQo+ID4gIHhlbl91bm1hcF9wb3J0aW9fcmFuZ2UodWludDMyX3QgaWQsIHVp bnQ2NF90IHN0YXJ0X2FkZHIsIHVpbnQ2NF90Cj4gZW5kX2FkZHIpICJpZDogJXUgc3RhcnQ6ICUj IlBSSXg2NCIgZW5kOiAlIyJQUkl4NjQKPiA+ICB4ZW5fbWFwX3BjaWRldih1aW50MzJfdCBpZCwg dWludDhfdCBidXMsIHVpbnQ4X3QgZGV2LCB1aW50OF90IGZ1bmMpICJpZDoKPiAldSBiZGY6ICUw MnguJTAyeC4lMDJ4Igo+ID4gIHhlbl91bm1hcF9wY2lkZXYodWludDMyX3QgaWQsIHVpbnQ4X3Qg YnVzLCB1aW50OF90IGRldiwgdWludDhfdCBmdW5jKSAiaWQ6Cj4gJXUgYmRmOiAlMDJ4LiUwMngu JTAyeCIKPiA+ICt4ZW5fZG9taWRfcmVzdHJpY3Qodm9pZCkgIiIKPiA+IGRpZmYgLS1naXQgYS9p bmNsdWRlL2h3L3hlbi94ZW4uaCBiL2luY2x1ZGUvaHcveGVuL3hlbi5oCj4gPiBpbmRleCAyYjE3 MzNiLi43ZWZjZGFhIDEwMDY0NAo+ID4gLS0tIGEvaW5jbHVkZS9ody94ZW4veGVuLmgKPiA+ICsr KyBiL2luY2x1ZGUvaHcveGVuL3hlbi5oCj4gPiBAQCAtMjEsNiArMjEsNyBAQCBlbnVtIHhlbl9t b2RlIHsKPiA+Cj4gPiAgZXh0ZXJuIHVpbnQzMl90IHhlbl9kb21pZDsKPiA+ICBleHRlcm4gZW51 bSB4ZW5fbW9kZSB4ZW5fbW9kZTsKPiA+ICtleHRlcm4gYm9vbCB4ZW5fZG9taWRfcmVzdHJpY3Q7 Cj4gPgo+ID4gIGV4dGVybiBib29sIHhlbl9hbGxvd2VkOwo+ID4KPiA+IGRpZmYgLS1naXQgYS9p bmNsdWRlL2h3L3hlbi94ZW5fY29tbW9uLmgKPiBiL2luY2x1ZGUvaHcveGVuL3hlbl9jb21tb24u aAo+ID4gaW5kZXggZGYwOThjNy4uNTk2MmJjNCAxMDA2NDQKPiA+IC0tLSBhL2luY2x1ZGUvaHcv eGVuL3hlbl9jb21tb24uaAo+ID4gKysrIGIvaW5jbHVkZS9ody94ZW4veGVuX2NvbW1vbi5oCj4g PiBAQCAtMTUyLDYgKzE1MiwxMyBAQCBzdGF0aWMgaW5saW5lIGludCB4ZW5kZXZpY2Vtb2RlbF9z ZXRfbWVtX3R5cGUoCj4gPiAgICAgIHJldHVybiB4Y19odm1fc2V0X21lbV90eXBlKGRtb2QsIGRv bWlkLCBtZW1fdHlwZSwgZmlyc3RfcGZuLCBucik7Cj4gPiAgfQo+ID4KPiA+ICtzdGF0aWMgaW5s aW5lIGludCB4ZW5kZXZpY2Vtb2RlbF9yZXN0cmljdCgKPiA+ICsgICAgeGVuZGV2aWNlbW9kZWxf aGFuZGxlICpkbW9kLCBkb21pZF90IGRvbWlkKQo+ID4gK3sKPiA+ICsgICAgZXJybm8gPSBFTk9U VFk7Cj4gPiArICAgIHJldHVybiAtMTsKPiA+ICt9Cj4gPiArCj4gPiAgI2Vsc2UgLyogQ09ORklH X1hFTl9DVFJMX0lOVEVSRkFDRV9WRVJTSU9OID49IDQwOTAwICovCj4gPgo+ID4gICNpbmNsdWRl IDx4ZW5kZXZpY2Vtb2RlbC5oPgo+ID4gQEAgLTIwNiw2ICsyMTMsMjIgQEAgc3RhdGljIGlubGlu ZSBpbnQgeGVuX21vZGlmaWVkX21lbW9yeShkb21pZF90Cj4gZG9taWQsIHVpbnQ2NF90IGZpcnN0 X3BmbiwKPiA+ICAgICAgcmV0dXJuIHhlbmRldmljZW1vZGVsX21vZGlmaWVkX21lbW9yeSh4ZW5f ZG1vZCwgZG9taWQsCj4gZmlyc3RfcGZuLCBucik7Cj4gPiAgfQo+ID4KPiA+ICtzdGF0aWMgaW5s aW5lIGludCB4ZW5fcmVzdHJpY3QoZG9taWRfdCBkb21pZCkKPiA+ICt7Cj4gPiArICAgIGludCBy YyA9IHhlbmRldmljZW1vZGVsX3Jlc3RyaWN0KHhlbl9kbW9kLCBkb21pZCk7Cj4gCj4gbWlnaHQg aXQgYmUgbW9yZSB1c2VmdWwgdG8gbG9nIHRoZSByZXRjb2RlPwo+IAo+ICAgICAgICAgdHJhY2Vf eGVuX2RvbWlkX3Jlc3RyaWN0KHJjKTsKPiAKPiA+ICsKPiA+ICsgICAgaWYgKHJjID09IDApIHsK PiA+ICsgICAgICAgIHRyYWNlX3hlbl9kb21pZF9yZXN0cmljdCgpOwo+IAo+IGFuZCBkcm9wIHRo ZSBwcmV2aW91cyBsaW5lLgoKQWN0dWFsbHkgdGhlIHJldGNvZGUgaXMgcHJldHR5IHVuaW50ZXJl c3RpbmcgYnV0IHRyYWNpbmcgZXJybm8gd291bGQgYmUgYSBnb29kIGlkZWEgc28gSSB0aGluayBJ J2xsIGRvIHRoYXQuCgpDaGVlcnMsCgogIFBhdWwKCj4gCj4gPiArICAgICAgICByZXR1cm4gMDsK PiA+ICsgICAgfQo+ID4gKwo+ID4gKyAgICBpZiAoZXJybm8gPT0gRU5PVFRZKSB7Cj4gPiArICAg ICAgICByZXR1cm4gMDsKPiA+ICsgICAgfQo+ID4gKwo+ID4gKyAgICByZXR1cm4gcmM7Cj4gPiAr fQo+ID4gKwo+ID4gIC8qIFhlbiA0LjIgdGhyb3VnaCA0LjYgKi8KPiA+ICAjaWYgQ09ORklHX1hF Tl9DVFJMX0lOVEVSRkFDRV9WRVJTSU9OIDwgNDA3MDEKPiA+Cj4gPiBkaWZmIC0tZ2l0IGEvcWVt dS1vcHRpb25zLmh4IGIvcWVtdS1vcHRpb25zLmh4Cj4gPiBpbmRleCA5OWFmOGVkLi40YWFiMDc3 IDEwMDY0NAo+ID4gLS0tIGEvcWVtdS1vcHRpb25zLmh4Cj4gPiArKysgYi9xZW11LW9wdGlvbnMu aHgKPiA+IEBAIC0zMzU0LDYgKzMzNTQsMTAgQEAgREVGKCJ4ZW4tYXR0YWNoIiwgMCwKPiBRRU1V X09QVElPTl94ZW5fYXR0YWNoLAo+ID4gICAgICAiLXhlbi1hdHRhY2ggICAgIGF0dGFjaCB0byBl eGlzdGluZyB4ZW4gZG9tYWluXG4iCj4gPiAgICAgICIgICAgICAgICAgICAgICAgeGVuZCB3aWxs IHVzZSB0aGlzIHdoZW4gc3RhcnRpbmcgUUVNVVxuIiwKPiA+ICAgICAgUUVNVV9BUkNIX0FMTCkK PiA+ICtERUYoInhlbi1kb21pZC1yZXN0cmljdCIsIDAsIFFFTVVfT1BUSU9OX3hlbl9kb21pZF9y ZXN0cmljdCwKPiA+ICsgICAgIi14ZW4tZG9taWQtcmVzdHJpY3QgICAgIHJlc3RyaWN0IHNldCBv ZiBhdmFpbGFibGUgeGVuIG9wZXJhdGlvbnNcbiIKPiA+ICsgICAgIiAgICAgICAgICAgICAgICAg ICAgICAgIHRvIHNwZWNpZmllZCBkb21haW4gaWRcbiIsCj4gPiArICAgIFFFTVVfQVJDSF9BTEwp Cj4gPiAgU1RFWEkKPiA+ICBAaXRlbSAteGVuLWRvbWlkIEB2YXJ7aWR9Cj4gPiAgQGZpbmRleCAt eGVuLWRvbWlkCj4gPiBAQCAtMzM2Niw2ICszMzcwLDggQEAgV2FybmluZzogc2hvdWxkIG5vdCBi ZSB1c2VkIHdoZW4geGVuZCBpcyBpbiB1c2UKPiAoWEVOIG9ubHkpLgo+ID4gIEBmaW5kZXggLXhl bi1hdHRhY2gKPiA+ICBBdHRhY2ggdG8gZXhpc3RpbmcgeGVuIGRvbWFpbi4KPiA+ICB4ZW5kIHdp bGwgdXNlIHRoaXMgd2hlbiBzdGFydGluZyBRRU1VIChYRU4gb25seSkuCj4gPiArQGZpbmRleCAt eGVuLWRvbWlkLXJlc3RyaWN0Cj4gPiArUmVzdHJpY3Qgc2V0IG9mIGF2YWlsYWJsZSB4ZW4gb3Bl cmF0aW9ucyB0byBzcGVjaWZpZWQgZG9tYWluIGlkIChYRU4gb25seSkuCj4gPiAgRVRFWEkKPiA+ Cj4gPiAgREVGKCJuby1yZWJvb3QiLCAwLCBRRU1VX09QVElPTl9ub19yZWJvb3QsIFwKPiA+IGRp ZmYgLS1naXQgYS92bC5jIGIvdmwuYwo+ID4gaW5kZXggMGI0ZWQ1Mi4uZjQ2ZTA3MCAxMDA2NDQK PiA+IC0tLSBhL3ZsLmMKPiA+ICsrKyBiL3ZsLmMKPiA+IEBAIC0yMDUsNiArMjA1LDcgQEAgc3Rh dGljIE5vdGlmaWVyTGlzdCBtYWNoaW5lX2luaXRfZG9uZV9ub3RpZmllcnMgPQo+ID4gIGJvb2wg eGVuX2FsbG93ZWQ7Cj4gPiAgdWludDMyX3QgeGVuX2RvbWlkOwo+ID4gIGVudW0geGVuX21vZGUg eGVuX21vZGUgPSBYRU5fRU1VTEFURTsKPiA+ICtib29sIHhlbl9kb21pZF9yZXN0cmljdDsKPiA+ Cj4gPiAgc3RhdGljIGludCBoYXNfZGVmYXVsdHMgPSAxOwo+ID4gIHN0YXRpYyBpbnQgZGVmYXVs dF9zZXJpYWwgPSAxOwo+ID4gQEAgLTM5MzMsNiArMzkzNCwxMyBAQCBpbnQgbWFpbihpbnQgYXJn YywgY2hhciAqKmFyZ3YsIGNoYXIgKiplbnZwKQo+ID4gICAgICAgICAgICAgICAgICB9Cj4gPiAg ICAgICAgICAgICAgICAgIHhlbl9tb2RlID0gWEVOX0FUVEFDSDsKPiA+ICAgICAgICAgICAgICAg ICAgYnJlYWs7Cj4gPiArICAgICAgICAgICAgY2FzZSBRRU1VX09QVElPTl94ZW5fZG9taWRfcmVz dHJpY3Q6Cj4gPiArICAgICAgICAgICAgICAgIGlmICghKHhlbl9hdmFpbGFibGUoKSkpIHsKPiA+ ICsgICAgICAgICAgICAgICAgICAgIGVycm9yX3JlcG9ydCgiT3B0aW9uIG5vdCBzdXBwb3J0ZWQg Zm9yIHRoaXMgdGFyZ2V0Iik7Cj4gPiArICAgICAgICAgICAgICAgICAgICBleGl0KDEpOwo+ID4g KyAgICAgICAgICAgICAgICB9Cj4gPiArICAgICAgICAgICAgICAgIHhlbl9kb21pZF9yZXN0cmlj dCA9IHRydWU7Cj4gPiArICAgICAgICAgICAgICAgIGJyZWFrOwo+ID4gICAgICAgICAgICAgIGNh c2UgUUVNVV9PUFRJT05fdHJhY2U6Cj4gPiAgICAgICAgICAgICAgICAgIGdfZnJlZSh0cmFjZV9m aWxlKTsKPiA+ICAgICAgICAgICAgICAgICAgdHJhY2VfZmlsZSA9IHRyYWNlX29wdF9wYXJzZShv cHRhcmcpOwo+ID4gZGlmZiAtLWdpdCBhL3hlbi1odm0uYyBiL3hlbi1odm0uYwo+ID4gaW5kZXgg NGI5MjhjZi4uMzM1ZTI2MyAxMDA2NDQKPiA+IC0tLSBhL3hlbi1odm0uYwo+ID4gKysrIGIveGVu LWh2bS5jCj4gPiBAQCAtMTIyNiw2ICsxMjI2LDE0IEBAIHZvaWQgeGVuX2h2bV9pbml0KFBDTWFj aGluZVN0YXRlICpwY21zLAo+IE1lbW9yeVJlZ2lvbiAqKnJhbV9tZW1vcnkpCj4gPiAgICAgICAg ICBnb3RvIGVycjsKPiA+ICAgICAgfQo+ID4KPiA+ICsgICAgaWYgKHhlbl9kb21pZF9yZXN0cmlj dCkgewo+ID4gKyAgICAgICAgcmMgPSB4ZW5fcmVzdHJpY3QoeGVuX2RvbWlkKTsKPiA+ICsgICAg ICAgIGlmIChyYyA8IDApIHsKPiA+ICsgICAgICAgICAgICBlcnJvcl9yZXBvcnQoImZhaWxlZCB0 byByZXN0cmljdDogZXJyb3IgJWQiLCBlcnJubyk7Cj4gPiArICAgICAgICAgICAgZ290byBlcnI7 Cj4gPiArICAgICAgICB9Cj4gPiArICAgIH0KPiA+ICsKPiA+ICAgICAgeGVuX2NyZWF0ZV9pb3Jl cV9zZXJ2ZXIoeGVuX2RvbWlkLCAmc3RhdGUtPmlvc2VydmlkKTsKPiA+Cj4gPiAgICAgIHN0YXRl LT5leGl0Lm5vdGlmeSA9IHhlbl9leGl0X25vdGlmaWVyOwo+ID4KCl9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVu LWRldmVsQGxpc3RzLnhlbi5vcmcKaHR0cHM6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=