dgit.raspbian.org Git - xen.git/commit

author	Sergey Dyasli <sergey.dyasli@citrix.com>
	Thu, 21 Jun 2018 14:35:50 +0000 (16:35 +0200)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 6 Nov 2018 17:51:18 +0000 (17:51 +0000)
commit	60529dfeca145a8ec00f5813a4c7179f0c1bfb97
tree	f59ec0459f52ad1818fb1564d2cdcb80f5d4572f	tree \| snapshot
parent	6b85e427098cce1a6d386b3bae2f0c7ce86e47f7	commit \| diff

x86/domctl: Implement XEN_DOMCTL_get_cpu_policy

This finally (after literally years of work!) marks the point where the
toolstack can ask the hypervisor for the current CPUID configuration of a
specific domain.

Introduce a new flask access vector and update the default policies.

Also extend xen-cpuid's --policy mode to be able to take a domid and dump a
specific domains CPUID and MSR policy.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>

tools/flask/policy/modules/dom0.te		diff \| blob \| history
tools/flask/policy/modules/xen.if		diff \| blob \| history
tools/libxc/include/xenctrl.h		diff \| blob \| history
tools/libxc/xc_cpuid_x86.c		diff \| blob \| history
tools/misc/xen-cpuid.c		diff \| blob \| history
xen/arch/x86/domctl.c		diff \| blob \| history
xen/include/public/domctl.h		diff \| blob \| history
xen/xsm/flask/hooks.c		diff \| blob \| history
xen/xsm/flask/policy/access_vectors		diff \| blob \| history