[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 14/23] xsm/dummy: Allow XS_PRIV to call get_hvm_param
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Jason Andryuk <jason.andryuk@xxxxxxx>
- Date: Mon, 17 Mar 2025 10:50:13 -0400
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j0lkKx3Jb2DU2LR95VJ95PvkUFyW+EpqbP/Cn9ITtY0=; b=hg/PCThikwPE2zmQqWD0kZ2U+5Z5ZH0mEiA4MUY9BOWnqh5nwg5bgiwkX+odmw+YsY09m0nTSkUdWXtzXA8AnFR6vs61TEPmsukFF0O7kLBaDM24UpuAxv5vAGk6E240V6UhOCHRPuIcW8ws32RdIacCFtq1NV+QUdtLS4jg6f3moWx37RSi0GcOnRnMMU2QhzA529aDbQGLcYTFOpHeONob2sMLVOXPsfcr6GrhXUWXrTrwAcxDdsY4/4/a4thAqtDCu6He2zhvtUc8h1PyEwSNYOdooXsTew74XAaba02/OahUpbNRYu07KjMuAIi/nO+NKY+fKI6tlIJaLgH4LQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=U/OYPpT5gbeCfV6TzADYGinQR17VzTigWFXBbQcR8+VEp71g7i2nHvjYwA/TT98jXtWR0evpFBdhmGW/s+SdjupEaOHU22aos7obQFZEmKdIV5RnSNxL0mr9aJ9C6eW1b0Y3BmYNvX8nnMDGZRlLj7NhdAwTa/APezh8apy/MO/I586mAsimSOuhqyHqsAiitWsrHL6P7u5B6qauPnsnzfLWZi3cqsI8H8Pk9tP6u5yNFxO+SAiqfRNVbAnwix9u1v2QC4bniO/qlM0pM0Y7sqU15xOvFW2sWZ/qUT/IuiBgzgePzoEX48Zlzi1ARZSGU/W3l6WtfHUwuKP4pgqZ7w==
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Mon, 17 Mar 2025 14:50:31 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-03-17 10:18, Jan Beulich wrote:
On 06.03.2025 23:03, Jason Andryuk wrote:
This is useful for a combined hardware/xenstore domain that will run
init-dom0less and xenstored. init-dom0less calls xc_hvm_param_get() to
retrieve the xenstore event channel and pfn to configure xenstore for a
guest. With a hypervisor-allocated event channel and page, the
set_hvm_param is not needed, and the normal domid permissions will allow
xenstored to connect.
Similarly, a hyperlaunch-ed xenstore stubdom needs to read a domain's
xenstore event channel out of hvm_param.
This allows reading but not modifying the guest, so allow the permission.
Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
Since this is exposing the entire param space to Xenstore, what I'm missing
is a security discussion for existing as well as potential future params.
There could well be some that better wouldn't be available for Xenstrore to
fetch.
I can't speak for future parameters, but existing HVM_PARAMs didn't seem
sensitive to me. The safest choice is to just pass the index to
xsm_hvm_param() and allow just HVM_PARAM_STORE_EVTCHN (and
HVM_PARAM_STORE_PFN) for the xenstore domain.
This works for ARM and x86 HVM/PVH. PV doesn't have a way to determine
a domain's event channel port, FWICT.
Regards,
Jason
|