Xen project Mailing List

[PATCH 14/23] xsm/dummy: Allow XS_PRIV to call get_hvm_param

From: Jason Andryuk <jason.andryuk@xxxxxxx>

Date: Thu, 6 Mar 2025 17:03:34 -0500

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TNgQrZnx+1brlKFiQ9NUOt1D3BsJYWITfDLiw9hTcZM=; b=SITUgxldZs16Fi75BN80NqQboE/qAziRO4Eevh2RSgz55Z+TVBM4qLRktuJcjlFcI4aqGAgurioDtqR8g3aqxyb7GgIHX9Hc5Vk4QBuNdb823uywL7C2Y/Kj2AxSOQJAkrUh8ymlM4rHJYRDN9pUQQzYD0VM89hrXVeVk8NjBj1JI9zbDPpFJBdINNlei3ULK+J2k2HNy2JDR9FmO/PsFQPQY5FALkya9dlmEYofuAAuiG7TYkomACHEc9GUkZqimIu8wFRX/b5s9N1H6mNl8FyworqXkT6gMRNZs1EBg9lL47jjMzZzA81/pbK8CbJU5gk1i6xrKHC61ODz0RNt5g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=M+duMxeKFPY+K2EpRSRoDLL047tDFglfbWulRwOx2yNLxEoI4yT7jqnowhSn+QrNikdjo0GZNsqN6XnR0wQ+yKP5DjOwDhvN9++7Zj92yHVXFERDnYbxAKqqccbmgVj3h6fqChgpwgGnaBh0Jy4zNlzlcZwCDDaQGFCmqTCHxooQ+7Ffakptw0x2boyLO8TW3l7nZSl3v0n0ONi0JVJmb8k+AIC0lYcJHbHKO1n3q8f6N9GGoke8f3HJBdHwjUlhcI7fEHte1vSye1XtrdIlk6TlSYgBM8yW1SfLR8BJ9p+NjBvjBMahjc45xsxWWjB76h3Z6FzwAgSkjiE4HNmMTw==

Cc: Jason Andryuk <jason.andryuk@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Volodymyr Babchuk" <Volodymyr_Babchuk@xxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 06 Mar 2025 22:41:28 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This is useful for a combined hardware/xenstore domain that will run init-dom0less and xenstored. init-dom0less calls xc_hvm_param_get() to retrieve the xenstore event channel and pfn to configure xenstore for a guest. With a hypervisor-allocated event channel and page, the set_hvm_param is not needed, and the normal domid permissions will allow xenstored to connect. Similarly, a hyperlaunch-ed xenstore stubdom needs to read a domain's xenstore event channel out of hvm_param. This allows reading but not modifying the guest, so allow the permission. Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx> --- xen/arch/arm/hvm.c | 2 +- xen/arch/x86/hvm/hvm.c | 8 ++++---- xen/include/xsm/dummy.h | 14 ++++++++++++-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/hvm.c b/xen/arch/arm/hvm.c index 86e49bf474..b50ca10cee 100644 --- a/xen/arch/arm/hvm.c +++ b/xen/arch/arm/hvm.c @@ -89,7 +89,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_hvm_param(XSM_TARGET, d, op); + rc = xsm_hvm_param(XSM_OTHER, d, op); if ( rc ) goto param_fail; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 969e43c2f2..f3f1002cc9 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4177,7 +4177,7 @@ static int hvm_allow_set_param(struct domain *d, uint64_t value; int rc; - rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_set_param); + rc = xsm_hvm_param(XSM_OTHER, d, HVMOP_set_param); if ( rc ) return rc; @@ -4458,7 +4458,7 @@ static int hvm_allow_get_param(struct domain *d, { int rc; - rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_get_param); + rc = xsm_hvm_param(XSM_OTHER, d, HVMOP_get_param); if ( rc ) return rc; @@ -5055,7 +5055,7 @@ static int hvmop_get_mem_type( if ( d == NULL ) return -ESRCH; - rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_get_mem_type); + rc = xsm_hvm_param(XSM_OTHER, d, HVMOP_get_mem_type); if ( rc ) goto out; @@ -5148,7 +5148,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( unlikely(d != current->domain) ) rc = -EOPNOTSUPP; else if ( is_hvm_domain(d) && paging_mode_shadow(d) ) - rc = xsm_hvm_param(XSM_TARGET, d, op); + rc = xsm_hvm_param(XSM_OTHER, d, op); if ( !rc ) pagetable_dying(a.gpa); diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index f2d6662a9d..06f4eccf5f 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -614,8 +614,18 @@ static XSM_INLINE int cf_check xsm_map_gmfn_foreign( static XSM_INLINE int cf_check xsm_hvm_param( XSM_DEFAULT_ARG struct domain *d, unsigned long op) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, current->domain, d); + XSM_ASSERT_ACTION(XSM_OTHER); + switch ( op ) + { + case HVMOP_get_param: + /* A domain can query itself, or a DM can query its target. */ + if ( !xsm_default_action(XSM_TARGET, current->domain, d) ) + return 0; + /* Xenstore domain needs to be able to query for mapping. */ + return xsm_default_action(XSM_XS_PRIV, current->domain, d); + default: + return xsm_default_action(XSM_TARGET, current->domain, d); + } } static XSM_INLINE int cf_check xsm_hvm_param_altp2mhvm( -- 2.48.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.