xen: additionally restrict xenforeignmemory operations
commit14d015b6fcd0b94a1e0983f82fab3e144143a314
authorPaul Durrant <paul.durrant@citrix.com>
Tue, 28 Mar 2017 15:54:55 +0000 (28 16:54 +0100)
committerStefano Stabellini <sstabellini@kernel.org>
Fri, 21 Apr 2017 19:40:14 +0000 (21 12:40 -0700)
treef76729e37ccc73bc258be97566792edb1fb58aee
parent1c599472b02783ee80691bfdaa465af9fbf25c8a
xen: additionally restrict xenforeignmemory operations

Commit f0f272baf3a7 "xen: use libxendevice model to restrict operations"
added a command-line option (-xen-domid-restrict) to limit operations
using the libxendevicemodel API to a specified domid. The commit also
noted that the restriction would be extended to cover operations issued
via other xen libraries by subsequent patches.

My recent Xen patch [1] added a call to the xenforeignmemory API to allow
it to be restricted. This patch now makes use of that new call when the
-xen-domid-restrict option is passed.

[1] http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5823d6eb

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
include/hw/xen/xen_common.h