Re: [Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-08-01 Thread David Vrabel
On 01/08/16 12:15, Jan Beulich wrote: On 11.07.16 at 16:57, wrote: >> @@ -553,6 +570,27 @@ static long evtchn_ioctl(struct file *file, >> break; >> } >> >> +case IOCTL_EVTCHN_RESTRICT_DOMID: { >> +struct ioctl_evtchn_restrict_domid ierd; >> + >> +

Re: [Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-08-01 Thread Jan Beulich
>>> On 11.07.16 at 16:57, wrote: > @@ -553,6 +570,27 @@ static long evtchn_ioctl(struct file *file, > break; > } > > + case IOCTL_EVTCHN_RESTRICT_DOMID: { > + struct ioctl_evtchn_restrict_domid ierd; > + > + rc = -EACCES; > + if (u->res

Re: [Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-07-11 Thread Boris Ostrovsky
On 07/11/2016 12:44 PM, David Vrabel wrote: > On 11/07/16 17:33, Andrew Cooper wrote: >> On 11/07/16 17:15, David Vrabel wrote: >>> On 11/07/16 16:31, Boris Ostrovsky wrote: On 07/11/2016 10:57 AM, David Vrabel wrote: > diff --git a/include/uapi/xen/evtchn.h b/include/uapi/xen/evtchn.h >>>

Re: [Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-07-11 Thread David Vrabel
On 11/07/16 17:33, Andrew Cooper wrote: > On 11/07/16 17:15, David Vrabel wrote: >> On 11/07/16 16:31, Boris Ostrovsky wrote: >>> On 07/11/2016 10:57 AM, David Vrabel wrote: diff --git a/include/uapi/xen/evtchn.h b/include/uapi/xen/evtchn.h index 14e833ee4..f057b53 100644 --- a/inclu

Re: [Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-07-11 Thread Andrew Cooper
On 11/07/16 17:15, David Vrabel wrote: > On 11/07/16 16:31, Boris Ostrovsky wrote: >> On 07/11/2016 10:57 AM, David Vrabel wrote: >>> diff --git a/include/uapi/xen/evtchn.h b/include/uapi/xen/evtchn.h >>> index 14e833ee4..f057b53 100644 >>> --- a/include/uapi/xen/evtchn.h >>> +++ b/include/uapi/xen

Re: [Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-07-11 Thread David Vrabel
On 11/07/16 16:31, Boris Ostrovsky wrote: > On 07/11/2016 10:57 AM, David Vrabel wrote: >> diff --git a/include/uapi/xen/evtchn.h b/include/uapi/xen/evtchn.h >> index 14e833ee4..f057b53 100644 >> --- a/include/uapi/xen/evtchn.h >> +++ b/include/uapi/xen/evtchn.h >> @@ -85,4 +85,19 @@ struct ioctl_e

Re: [Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-07-11 Thread Boris Ostrovsky
On 07/11/2016 10:57 AM, David Vrabel wrote: > diff --git a/include/uapi/xen/evtchn.h b/include/uapi/xen/evtchn.h > index 14e833ee4..f057b53 100644 > --- a/include/uapi/xen/evtchn.h > +++ b/include/uapi/xen/evtchn.h > @@ -85,4 +85,19 @@ struct ioctl_evtchn_notify { > #define IOCTL_EVTCHN_RESET

[Xen-devel] [PATCHv1] xen/evtchn: add IOCTL_EVTCHN_RESTRICT

2016-07-11 Thread David Vrabel
IOCTL_EVTCHN_RESTRICT limits the file descriptor to being able to bind to interdomain event channels from a specific domain. Event channels that are already bound continue to work for sending and receiving notifications. This is useful as part of deprivileging a user space PV backend or device mo