Re: [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT

From: Boris Ostrovsky
Date: Wed Feb 15 2017 - 09:48:04 EST

Next message: Chao Peng: "[RFC PATCH] x86/boot: make ELF kernel multiboot-able"
Previous message: Boris Ostrovsky: "Re: [PATCH v3 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP"
In reply to: Boris Ostrovsky: "Re: [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/13/2017 12:03 PM, Paul Durrant wrote:
> The purpose if this ioctl is to allow a user of privcmd to restrict its
> operation such that it will no longer service arbitrary hypercalls via
> IOCTL_PRIVCMD_HYPERCALL, and will check for a matching domid when
> servicing IOCTL_PRIVCMD_DM_OP. The aim of this is to limit the attack
> surface for a compromised device model.
>
> Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>

Applied to for-linus-4.11 (with commit message adjustment)

-boris

Next message: Chao Peng: "[RFC PATCH] x86/boot: make ELF kernel multiboot-able"
Previous message: Boris Ostrovsky: "Re: [PATCH v3 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP"
In reply to: Boris Ostrovsky: "Re: [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]