domctl: tighten XEN_DOMCTL_*_permission
With proper permission (and, for the I/O port case, wrap-around) checks
added (note that for the I/O port case a count of zero is now being
disallowed, in line with I/O memory handling):
XEN_DOMCTL_irq_permission:
XEN_DOMCTL_ioport_permission:
Of both IRQs and I/O ports there is only a reasonably small amount, so
there's no excess resource consumption involved here. Additionally
they both have a specialized XSM hook associated.
XEN_DOMCTL_iomem_permission:
While this also has a specialized XSM hook associated (just like
XEN_DOMCTL_{irq,ioport}_permission), it's not clear whether it's
reasonable to expect XSM to restrict the number of ranges associated
with a domain via this hook (which is the main resource consumption
item here).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
projects / xen.git / commit