xen: use libxendevice model to restrict operations

This patch adds a command-line option (-xen-domid-restrict) which will use the new libxendevicemodel API to restrict devicemodel [1] operations to the specified domid. (Such operations are not applicable to the xenpv machine type). This patch also adds a tracepoint to allow successful enabling of the restriction to be monitored. [1] I.e. operations issued by libxendevicemodel. Operation issued by other xen libraries (e.g. libxenforeignmemory) are currently still unrestricted but this will be rectified by subsequent patches. Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2025-08-04 16:23:55 -06:00 · 2017-03-22 09:39:15 +00:00 · 2017-03-22 09:39:15 +00:00 · 1c599472b0
commit 1c599472b0
parent f1167ee684
6 changed files with 45 additions and 0 deletions
--- a/include/hw/xen/xen.h
+++ b/include/hw/xen/xen.h
@ -21,6 +21,7 @@ enum xen_mode {

 extern uint32_t xen_domid;
 extern enum xen_mode xen_mode;
+extern bool xen_domid_restrict;

 extern bool xen_allowed;

--- a/include/hw/xen/xen_common.h
+++ b/include/hw/xen/xen_common.h
@ -151,6 +151,13 @@ static inline int xendevicemodel_set_mem_type(
    return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr);
 }

+static inline int xendevicemodel_restrict(
+    xendevicemodel_handle *dmod, domid_t domid)
+{
+    errno = ENOTTY;
+    return -1;
+}
+
 #else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */

 #undef XC_WANT_COMPAT_DEVICEMODEL_API
@ -206,6 +213,19 @@ static inline int xen_modified_memory(domid_t domid, uint64_t first_pfn,
    return xendevicemodel_modified_memory(xen_dmod, domid, first_pfn, nr);
 }

+static inline int xen_restrict(domid_t domid)
+{
+    int rc = xendevicemodel_restrict(xen_dmod, domid);
+
+    trace_xen_domid_restrict(errno);
+
+    if (errno == ENOTTY) {
+        return 0;
+    }
+
+    return rc;
+}
+
 /* Xen 4.2 through 4.6 */
 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40701