[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 14/23] xsm/dummy: Allow XS_PRIV to call get_hvm_param


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Jason Andryuk <jason.andryuk@xxxxxxx>
  • Date: Mon, 17 Mar 2025 10:50:13 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j0lkKx3Jb2DU2LR95VJ95PvkUFyW+EpqbP/Cn9ITtY0=; b=hg/PCThikwPE2zmQqWD0kZ2U+5Z5ZH0mEiA4MUY9BOWnqh5nwg5bgiwkX+odmw+YsY09m0nTSkUdWXtzXA8AnFR6vs61TEPmsukFF0O7kLBaDM24UpuAxv5vAGk6E240V6UhOCHRPuIcW8ws32RdIacCFtq1NV+QUdtLS4jg6f3moWx37RSi0GcOnRnMMU2QhzA529aDbQGLcYTFOpHeONob2sMLVOXPsfcr6GrhXUWXrTrwAcxDdsY4/4/a4thAqtDCu6He2zhvtUc8h1PyEwSNYOdooXsTew74XAaba02/OahUpbNRYu07KjMuAIi/nO+NKY+fKI6tlIJaLgH4LQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=U/OYPpT5gbeCfV6TzADYGinQR17VzTigWFXBbQcR8+VEp71g7i2nHvjYwA/TT98jXtWR0evpFBdhmGW/s+SdjupEaOHU22aos7obQFZEmKdIV5RnSNxL0mr9aJ9C6eW1b0Y3BmYNvX8nnMDGZRlLj7NhdAwTa/APezh8apy/MO/I586mAsimSOuhqyHqsAiitWsrHL6P7u5B6qauPnsnzfLWZi3cqsI8H8Pk9tP6u5yNFxO+SAiqfRNVbAnwix9u1v2QC4bniO/qlM0pM0Y7sqU15xOvFW2sWZ/qUT/IuiBgzgePzoEX48Zlzi1ARZSGU/W3l6WtfHUwuKP4pgqZ7w==
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 17 Mar 2025 14:50:31 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-03-17 10:18, Jan Beulich wrote:
On 06.03.2025 23:03, Jason Andryuk wrote:
This is useful for a combined hardware/xenstore domain that will run
init-dom0less and xenstored.  init-dom0less calls xc_hvm_param_get() to
retrieve the xenstore event channel and pfn to configure xenstore for a
guest.  With a hypervisor-allocated event channel and page, the
set_hvm_param is not needed, and the normal domid permissions will allow
xenstored to connect.

Similarly, a hyperlaunch-ed xenstore stubdom needs to read a domain's
xenstore event channel out of hvm_param.

This allows reading but not modifying the guest, so allow the permission.

Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>

Since this is exposing the entire param space to Xenstore, what I'm missing
is a security discussion for existing as well as potential future params.
There could well be some that better wouldn't be available for Xenstrore to
fetch.

I can't speak for future parameters, but existing HVM_PARAMs didn't seem sensitive to me. The safest choice is to just pass the index to xsm_hvm_param() and allow just HVM_PARAM_STORE_EVTCHN (and HVM_PARAM_STORE_PFN) for the xenstore domain.

This works for ARM and x86 HVM/PVH. PV doesn't have a way to determine a domain's event channel port, FWICT.

Regards,
Jason



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.