Xen project Mailing List

[PATCH 4/4] xsm/dummy: Allow hwdom SYSCTL_readconsole/physinfo

From: Jason Andryuk <jason.andryuk@xxxxxxx>

Date: Tue, 10 Jun 2025 18:57:37 -0400

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2iazIvehT3EXJi3bBAC4f/lbNizm3XVxsCKUkoYsOvY=; b=Lw4nxIkQRq3S+77ni6pVXuweG5H+FoqpG2GC0LPI/Po0EYLmn7AbORARNvCN9oKS0XeQuFfV3nAP5S/LzEMBvNbBsKZY/tUYniScggdV/LBQ453Sce+n6gRLXrbC7fuLa/t32YHt0uuE31p6eMx9pgg8uz4RqmcCzWJi5B3TQA4a/Om18/klYc/47EHfZSm7dNMGsfhr/fgJKnujKhFr8HbXvKGF46uois4SFZZtFGIVzTJD3/crzRjhx9nhStWdSjdaQdt4rh7D+QARQL7gZQgJFwsU685+nUr7EsT2/of5ho+ZqTdVl+YX76tWdvjXSk7lTx7LXdBycydqVoJkkg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=K0a8s21PwKTVpvvTscnReOu/9sepoRKx5Br+pK0Nh5f5Y9Wl4jKYdpV2hGC0iePFa1zPQdo4F/6RCc6RrBU0J8SEzkj8J03aPzY+imS0BfAji/66ze7P9WcV2omke9MzBIum3NlfoC+vwt5FoThXBJUAme5GBUog+oBgYo+DIxkp7BPCjJ3VD7j6fVPWOonCzX1gaGc84O92oWhW2w+DnZLHB/TRQSFwCfyn4tD7l4rLpb3vIpuESCWmONK0i4c316dIUbEiX/kUBGV8uoaZmmJz4mR/W4Nw1vquyY8sxnnysqIJpg6Ho4qBT+g8njI9Ipf/Qqcv0Ie65j4hzUziQg==

Cc: Jason Andryuk <jason.andryuk@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 11 Jun 2025 00:00:51 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Allow the hwdom to access the console, and to access physical information about the system. xenconsoled can read Xen's dmesg. If it's in hwdom, then that permission would be required. SYSCTL_physinfo is mainly to silence xl messages: $ xl list libxl: error: libxl_utils.c:818:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number of cpus Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx> --- This is not strictly needed. --- xen/common/sysctl.c | 2 +- xen/include/xsm/dummy.h | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index c2d99ae12e..89d5176f4d 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -42,7 +42,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) if ( op->interface_version != XEN_SYSCTL_INTERFACE_VERSION ) return -EACCES; - ret = xsm_sysctl(XSM_PRIV, op->cmd); + ret = xsm_sysctl(XSM_OTHER, op->cmd); if ( ret ) return ret; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 477fadaefd..5e806dc241 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -188,8 +188,18 @@ static XSM_INLINE int cf_check xsm_domctl( static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + XSM_ASSERT_ACTION(XSM_OTHER); + switch ( cmd ) + { + case XEN_SYSCTL_readconsole: + return xsm_default_action(XSM_HW_PRIV, current->domain, NULL); + case XEN_SYSCTL_physinfo: + if ( is_hardware_domain(current->domain) ) + return xsm_default_action(XSM_HW_PRIV, current->domain, NULL); + fallthrough; + default: + return xsm_default_action(XSM_PRIV, current->domain, NULL); + } } static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear) -- 2.49.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.