dgit.raspbian.org Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Sat, 25 May 2019 20:03:05 +0000 (21:03 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 26 Sep 2019 12:40:18 +0000 (13:40 +0100)
commit	14ba07e6f8164f8fe7a9797996df5079ac61f4ac
tree	6276f6d64f9a7728035e59ce6c81db84769d8903	tree \| snapshot
parent	205f3b638070110683a451ee98b57c60e23235d7	commit \| diff

x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy

This hypercall allows the toolstack to present one combined CPUID and MSR
policy for a domain, which can be audited in one go by Xen, which is necessary
for correctness of the auditing.

Reuse the existing set_cpuid XSM access vector, as this is logically the same
operation.

As x86_cpu_policies_are_compatible() is still only a stub, retain the call to
recalculate_cpuid_policy() to discard unsafe toolstack settings.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Juergen Gross <jgross@suse.com>

tools/libxc/include/xenctrl.h		diff \| blob \| history
tools/libxc/xc_cpuid_x86.c		diff \| blob \| history
xen/arch/x86/domctl.c		diff \| blob \| history
xen/include/public/domctl.h		diff \| blob \| history
xen/xsm/flask/hooks.c		diff \| blob \| history
xen/xsm/flask/policy/access_vectors		diff \| blob \| history