Searched hist:fbc872c38c8fed31948c85683b5326ee5ab9fccc (Results 1 – 2 of 2) sorted by relevance
| /openbmc/linux/include/uapi/xen/ |
| H A D | evtchn.h | diff fbc872c38c8fed31948c85683b5326ee5ab9fccc Mon Jul 11 09:45:51 CDT 2016 David Vrabel <david.vrabel@citrix.com> xen/evtchn: add IOCTL_EVTCHN_RESTRICT
IOCTL_EVTCHN_RESTRICT limits the file descriptor to being able to bind
to interdomain event channels from a specific domain. Event channels
that are already bound continue to work for sending and receiving
notifications.
This is useful as part of deprivileging a user space PV backend or
device model (QEMU). e.g., Once the device model as bound to the
ioreq server event channels it can restrict the file handle so an
exploited DM cannot use it to create or bind to arbitrary event
channels.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
| /openbmc/linux/drivers/xen/ |
| H A D | evtchn.c | diff fbc872c38c8fed31948c85683b5326ee5ab9fccc Mon Jul 11 09:45:51 CDT 2016 David Vrabel <david.vrabel@citrix.com> xen/evtchn: add IOCTL_EVTCHN_RESTRICT
IOCTL_EVTCHN_RESTRICT limits the file descriptor to being able to bind
to interdomain event channels from a specific domain. Event channels
that are already bound continue to work for sending and receiving
notifications.
This is useful as part of deprivileging a user space PV backend or
device model (QEMU). e.g., Once the device model as bound to the
ioreq server event channels it can restrict the file handle so an
exploited DM cannot use it to create or bind to arbitrary event
channels.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|