www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Paul Durrant <paul.durrant@citrix.com>
	Mon, 13 Feb 2017 17:03:24 +0000 (17:03 +0000)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Wed, 13 Sep 2017 04:37:53 +0000 (21:37 -0700)
commit	1654be601975c6ae0a8df76189480e3c16c6aaa0
tree	22f33de70c2ffdace46fcf45e4493e39f8dc2ed2	tree
parent	5ee958b7ad83911a8f6a7bd2ba273e8a161d45c7	commit \| diff

xen/privcmd: add IOCTL_PRIVCMD_RESTRICT

The purpose if this ioctl is to allow a user of privcmd to restrict its
operation such that it will no longer service arbitrary hypercalls via
IOCTL_PRIVCMD_HYPERCALL, and will check for a matching domid when
servicing IOCTL_PRIVCMD_DM_OP or IOCTL_PRIVCMD_MMAP*. The aim of this
is to limit the attack surface for a compromised device model.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
OraBug: 26662731

(cherry picked from commit 4610d240d691768203fdd210a5da0a2e02eddb76)
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>

drivers/xen/privcmd.c		diff \| blob \| history
include/uapi/xen/privcmd.h		diff \| blob \| history