[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 19/23] xsm/dummy: Allow sysctls to both hardware and control

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Mon, 17 Mar 2025 12:37:14 -0400
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sDJYWTcfnZ31VuFH5iGTJG2LI/i+KQLO7hgmYkxFWJ8=; b=fp3YWdB1zs5TOdPVwhO6GG/sVt1v5Orj6BsyLTo4wlMwm8qX5DtdcGY8cOiDKvq8sGt0AtmitrKBs6gjWN9rZ1MdHLMbOfjgoF9ekO3z//MvyJaxVMFzo/J6Ju4vYhg0cfnJs6vBXJJm99Sn91C126xrQZeAOUc96UXIK4DdZJNfTzdEuo6SNAv2ThTUMuufSEul6l5SvsqfTBeO2GRhde4rGaQZJu9c5Vg5tzmI9+WkgaaumhvvqlQvtyMKPRFGOHg1/8nwh25d59uvI/8KAf2e75i1ZLx5dLcQTa3pWe1BgaF/nKGqtV7mBXc0j82sJ6wSL016xULerqjKhVwmfQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ogoT8aXI3yDtpjYWY1+aYBlptyVYgQj3/NU7eyLoc84lxxmvTE+nwxc1dEGaIXL//4pEMbPkbL2e5eTkgJ5023MjUF3+png3JwrTD3NsKQmpqFvPU1lVuuP2TX/I3EYZaM3HKm3cYm+qoemGhQ1vpqPXrwCjmMMhG+MRhizAC98OsRbSakObi3j3cBLTvhpr6CZfK1hX/oS/7cVJ+iJkD3aDGL5CUXzhnWvFkN3oD04uQHKzHGEjzlbRBkP1FdkK/OrKk+5JjIMoYSVz55pWcv5EodJyoFoHuuEHFSa/kXzS2tO6IMAFU+iZmRD0doa8aMgyxw6G3Wga8p8ib/yfCQ==
Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 17 Mar 2025 16:37:30 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-03-17 10:36, Jan Beulich wrote:

On 06.03.2025 23:03, Jason Andryuk wrote:

xl queries SYSCTL_physinfo for the physical cpus:
domU:~# xl list
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the 
maximum number of cpus
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the 
maximum number of cpus
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the 
maximum number of cpus
Name                    ID   Mem VCPUs        State   Time(s)
Domain-0                 0   800     1     r-----     130.0
dom0less-1               1   400     1     r-----     130.3
dom0less-2               2   800     1     r-----     130.3

Hardware and control are both privileged.  Allow them both access to
sysctls so they have insight into the running system.  This is coarse
grained permissions for the dummy policy.


In an earlier patch you alluded to the control domain being guarded against
the hardware one. Shouldn't hwdom be limited operations retrieving info,
but refused to make any changes to the system? Or maybe some kinds of
changes are to be done by hwdom, but then shouldn't be possible to be made
by the control domain?

As an example, with ACPI living in the hardware_domain, it would be thedomain to issue XEN_SYSCTL_pm_op to upload cpufreq data. But thencontrol domain should be in charge of controlling how the system isrunning by setting cpufreq parameters.

--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -194,9 +194,10 @@ static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG 
int cmd)
      case XEN_SYSCTL_getdomaininfolist:
          return xsm_default_action(XSM_XS_PRIV, current->domain, NULL);
      case XEN_SYSCTL_readconsole:
-    case XEN_SYSCTL_physinfo:


Didn't you add this line just a single patch ago?

Yes. The previous patch was a minimal change. This patch is a maximalchange. I thought this could be rejected and didn't want to merge thetwo. Though XEN_SYSCTL_physinfo should be handled better even for theminimal change.

This patch may go too far, hardware domain does have legitimate use tosome sysctls. For a coarse, base policy I went with allowing more tohardware domain. Hardware domain can't be untrusted, so I erred on theside of more permissions rather than fewer.


Regards,
Jason

References:
- [PATCH 00/23] ARM split hardware and control domains
  - From: Jason Andryuk
- [PATCH 19/23] xsm/dummy: Allow sysctls to both hardware and control
  - From: Jason Andryuk
- Re: [PATCH 19/23] xsm/dummy: Allow sysctls to both hardware and control
  - From: Jan Beulich

Prev by Date: Re: S3 regression on AMD in 4.20
Next by Date: Re: [PATCH 8/8] automation/cirrus-ci: add smoke tests for the FreeBSD builds
Previous by thread: Re: [PATCH 19/23] xsm/dummy: Allow sysctls to both hardware and control
Next by thread: [PATCH 23/23] DO NOT COMMIT: automation: updated imagebuilder
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.