Re: [PATCH 08/23] xen/arm: dom0less seed xenstore grant table entry

[Jason Andryuk <jason.andryuk@xxxxxxx>]

On 2025-03-06 20:47, Stefano Stabellini wrote:
> On Thu, 6 Mar 2025, Jason Andryuk wrote:
> > With a split hardware and control domain, the control domain may still
> > want and xenstore access.  Currently this relies on init-dom0less to
> > seed the grants.  This is problematic since we don't want hardware
> > domain to be able to map the control domain's resources.  Instead have
> > the hypervisor see the grant table entry.  The grant is then accessible
> > as normal.
> >
> > This is also useful with a xenstore stubdom to setup the xenbus page
> > much earlier.
> Reading the patch, it seems that what is doing is letting the xenstore
> domain map the domU's grant table page. Is that correct?
The end result is everything is setup for xenstored to map 
GNTTAB_RESERVED_XENSTORE at some time later.
> If so, I would suggest to update the commit message as follows:
>
> With split hardware/control/xenstore domains, the xenstore domain may
> still want to access other domains' xenstore page. Currently this relies
> on init-dom0less to seed the grants from Dom0.  This is problematic
> since we don't want the hardware domain to be able to map other domains'
> resources without their permission.  Instead have the hypervisor seed
> the grant table entry for every dom0less domain.  The grant is then
> accessible as normal.
I'll go with a tweaked version of yours:
xenstored maps other domains' xenstore pages.  Currently this relies
on init-dom0less or xl to seed the grants from Dom0.  With split 
hardware/control/xenstore domains, this is problematic since we don't 
want the hardware domain to be able to map other domains' resources 
without their permission.  Instead have the hypervisor seed the grant 
table entry for every dom0less domain.  The grant is then accessible as 
normal.
Regards,
Jason