[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 17/23] xsm/dummy: Allow hwdom more - except targeting control

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jason Andryuk <jason.andryuk@xxxxxxx>
  • Date: Thu, 6 Mar 2025 17:03:37 -0500
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4iIiBhdZ7Z/AESKlqv+uNMrJ77HKz/XFz38UqOCX6i4=; b=ciJ52d8y0Lvk6R96qNP/RT9BRc9XKfFe3YuuhxEXAU9sp0N0WFZj2C6jRl/PkraDZcB8bN0SYHlvvTojJHVsq4aieujoj8vjvUSxx7Bs3CaIY7WFgMMzK6DI2b2f4dJifu2tI2HnAVhCrHg9EozvKidrSUlP6cRKoWw608Mvhh1ab7f3rqTFwAzWZLMsfee/guqhFtHDuwN0W7HBUBfXxRuzUoPbYO3r4gJxgB9266vkk0HyrqTaYRJjbiCogCRe+wPsEdUf+c50w3+51was54ObRSo/qVtRCi56KLLkhUd7SncKPxW7+davVvGmEq//iKHtWLZvrFQaFLOFROUFkA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=j+B6nF9GP4kAsmdO2oe6t0L0McwVqexmty6UvxFtuWbUYqIBm/7WiHsQjU+GtBGSWFxPo+ErTUPVikihko3ku0t9JpdvmWfCQrt8KKfC/Cq0S7/UmcZW+mUuVyAkV5pGwEMHP8OuIryRAjodX1HYZjV4npyprnGG19tYwQY2OWccWhvwRpkDFV6M6zeebAM7hlJb+FH+XaSt+y651DaMlRLe5auBr/6mfM19ddP41g973x6ubqOXjhp0yW6ot/rq1vM+ny4kypUahR2P/913txPF1BsEcAPvme6pbku7Fmi5SUfwbslXnyqbvKzsDCam2GkF1dagi8wU8oborgZNSA==
  • Cc: Jason Andryuk <jason.andryuk@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 06 Mar 2025 22:40:51 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Allow hwdom all perms, except XSM_PRIV, and except commands where the
target is the control domain.  This protects the control domain from
hwdom while allowing the hardware domain to serve as the backend and
device model for other domUs.

Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
---
 xen/include/xsm/dummy.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 9e6bc0ed12..294777e904 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -98,9 +98,12 @@ static always_inline int xsm_default_action(
     case XSM_HW_PRIV:
         if ( is_control_domain(src) && action != XSM_HW_PRIV )
             return 0;
-        if ( is_hardware_domain(src) &&
-             (action == XSM_HW_PRIV || action == XSM_DM_PRIV) )
+        if ( is_hardware_domain(src) && action != XSM_PRIV )
+        {
+            if ( target && is_control_domain(target) )
+                return -EPERM;
             return 0;
+        }
         return -EPERM;
     default:
         LINKER_BUG_ON(1);
-- 
2.48.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.