On Tue, Jun 23, 2020 at 05:04:53PM +0200, Jan Beulich wrote: > On 23.06.2020 15:52, Roger Pau Monne wrote: > > XENMEM_acquire_resource and it's related structure is currently inside > > a __XEN__ or __XEN_TOOLS__ guarded section to limit it's scope to the > > hypervisor or the toolstack only. This is wrong as the hypercall is > > already being used by the Linux kernel at least, and as such needs to > > be public. > > Actually - how does this work for the Linux kernel, seeing > > rc = rcu_lock_remote_domain_by_id(xmar.domid, &d); > if ( rc ) > return rc; > > rc = xsm_domain_resource_map(XSM_DM_PRIV, d); > if ( rc ) > goto out; > > in the function?
It's my understanding (I haven't tried to use that hypercall yet on FreeBSD, so I cannot say I've tested it), that xmar.domid is the remote domain, which the functions locks and then uses xsm_domain_resource_map to check whether the current domain has permissions to do privileged operations against it. Roger.
