freebsd-nq/lib/libvmmapi
Mark Johnston 3e9b4532d1 libvmmapi: Provide an interface for limiting rights on the device fd
Currently libvmmapi provides a way to get a list of the allowed ioctls
on the vmm device file, so that bhyve can limit rights on the device
file fd.  The interface is rather strange: it allocates a copy of the
list but returns a const pointer, so the caller has to cast away the
const in order to free it without aggravating the compiler.

As far as I can see, there's no reason to make a copy of the array, but
changing vm_get_ioctls() to not do that would break compatibility.  So
this change just introduces a better interface: move all rights-limiting
logic into libvmmapi.

Any new operations on the fd should be wrapped by libvmmapi, so also
discourage use of vm_get_device_fd().  Currently bhyve uses it only when
limiting rights on the device fd.

No functional change intended.

Reviewed by:	jhb
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D37098
2022-10-24 17:33:13 -04:00
..
Makefile libvmmapi: Fix warnings and stop overridding WARNS 2021-07-26 16:40:16 -04:00
Makefile.depend Update Makefile.depend files 2019-12-11 17:37:53 +00:00
vmmapi_freebsd.c
vmmapi.c libvmmapi: Provide an interface for limiting rights on the device fd 2022-10-24 17:33:13 -04:00
vmmapi.h libvmmapi: Provide an interface for limiting rights on the device fd 2022-10-24 17:33:13 -04:00