On 07/28/2016 12:13 PM, David Vrabel wrote:
>
> diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
> index df2e6f7..513d1c5 100644
> --- a/drivers/xen/privcmd.c
> +++ b/drivers/xen/privcmd.c
> @@ -43,6 +43,18 @@ MODULE_LICENSE("GPL");
>
> #define PRIV_VMA_LOCKED ((void *)1)
>
> +#defin
This restricts the file descriptor to only being able map foreign
memory belonging to a specific domain. Once a file descriptor has
been restricted its restriction cannot be removed or changed.
A device model (e.g., QEMU) or similar can make use of this before
dropping privileges to prevent the f