[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 15/23] xen/xsm: Add XSM_HW_PRIV

To: Jason Andryuk <jason.andryuk@xxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Mon, 17 Mar 2025 16:55:29 -0700 (PDT)
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 17 Mar 2025 23:55:41 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, 17 Mar 2025, Jason Andryuk wrote:
> On 2025-03-17 10:22, Jan Beulich wrote:
> > On 06.03.2025 23:03, Jason Andryuk wrote:
> > > --- a/xen/include/xsm/dummy.h
> > > +++ b/xen/include/xsm/dummy.h
> > > @@ -95,7 +95,11 @@ static always_inline int xsm_default_action(
> > >               return 0;
> > >           fallthrough;
> > >       case XSM_PRIV:
> > > -        if ( is_control_domain(src) )
> > > +    case XSM_HW_PRIV:
> > > +        if ( is_control_domain(src) && action != XSM_HW_PRIV )
> > > +            return 0;
> > > +        if ( is_hardware_domain(src) &&
> > > +             (action == XSM_HW_PRIV || action == XSM_DM_PRIV) )
> > >               return 0;
> > >           return -EPERM;
> > 
> > Hmm. Isn't DM_PRIV a property applying to the control domain (besides
> > any stub domains), but not the hardware one?
> 
> I ran QEMU in hardware domain to provide devices to a domU.  I thought QEMU
> would better run in hardware domain than control domain.

Leaving stubdoms aside, QEMU has to run in the hardware domain because
the hardware domain is less privileged. QEMU can be attacked or affected
by the guest so it is undesirable to run QEMU in the control domain
which is highly privileged, and considered highly secure / safe.

Follow-Ups:
- Re: [PATCH 15/23] xen/xsm: Add XSM_HW_PRIV
  - From: Jan Beulich

References:
- [PATCH 00/23] ARM split hardware and control domains
  - From: Jason Andryuk
- [PATCH 15/23] xen/xsm: Add XSM_HW_PRIV
  - From: Jason Andryuk
- Re: [PATCH 15/23] xen/xsm: Add XSM_HW_PRIV
  - From: Jan Beulich
- Re: [PATCH 15/23] xen/xsm: Add XSM_HW_PRIV
  - From: Jason Andryuk

Prev by Date: Re: [PATCH] xen: vm_event: do not do vm_event_op for an invalid domain
Next by Date: Re: [PATCH] xen: vm_event: do not do vm_event_op for an invalid domain
Previous by thread: Re: [PATCH 15/23] xen/xsm: Add XSM_HW_PRIV
Next by thread: Re: [PATCH 15/23] xen/xsm: Add XSM_HW_PRIV
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.