From: Paul Durrant [mailto:paul.durrant@xxxxxxxxxx]
Sent: 09 February 2017 14:18
To: xen-devel@xxxxxxxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
Cc: Paul Durrant <Paul.Durrant@xxxxxxxxxx>; Boris Ostrovsky
<boris.ostrovsky@xxxxxxxxxx>; Juergen Gross <jgross@xxxxxxxx>
Subject: [PATCH 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP
Recently a new dm_op hypercall was added to Xen to provide a
for restricting device emulators (such as QEMU) to a limited set of
hypervisor operations, and being able to audit those operations in the
kernel of the domain in which they run.
This patch adds IOCTL_PRIVCMD_DM_OP as gateway for
bouncing the callers buffers through kernel memory to allow the address
ranges to be audited (and negating the need to bounce through locked
memory in user-space).
Actually, it strikes me (now that I've posted the patch) that I should probably just mlock the user buffers rather than bouncing them through kernel... Anyway, I'd still appreciate review on other aspects of the patch.