xen: use libxendevice model to restrict operations
This patch adds a command-line option (-xen-domid-restrict) which will
use the new libxendevicemodel API to restrict devicemodel [1] operations
to the specified domid. (Such operations are not applicable to the xenpv
machine type).
This patch also adds a tracepoint to allow successful enabling of the
restriction to be monitored.
[1] I.e. operations issued by libxendevicemodel. Operation issued by other
xen libraries (e.g. libxenforeignmemory) are currently still unrestricted
but this will be rectified by subsequent patches.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
diff --git a/qemu-options.hx b/qemu-options.hx
index 99af8ed..2043371 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3354,6 +3354,11 @@
"-xen-attach attach to existing xen domain\n"
" xend will use this when starting QEMU\n",
QEMU_ARCH_ALL)
+DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict,
+ "-xen-domid-restrict restrict set of available xen operations\n"
+ " to specified domain id. (Does not affect\n"
+ " xenpv machine type).\n",
+ QEMU_ARCH_ALL)
STEXI
@item -xen-domid @var{id}
@findex -xen-domid
@@ -3366,6 +3371,8 @@
@findex -xen-attach
Attach to existing xen domain.
xend will use this when starting QEMU (XEN only).
+@findex -xen-domid-restrict
+Restrict set of available xen operations to specified domain id (XEN only).
ETEXI
DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \