[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 07/17] xsm/dummy: Allow HVMOP_get_param for control domain
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Jason Andryuk <jason.andryuk@xxxxxxx>
- Date: Wed, 30 Jul 2025 17:16:35 -0400
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HQnoHP9IuN/X3JsDGX2vc23Pg9J3WfCD3RF88NSdH2w=; b=HNj+PmmgFpAnT+a/1RhZY1SQ4JzwpYnzP5yZc/kbTTwFKO28rEZjI9K0VWyTFYdmwTRLnOujoHk/yWl8U53ua5lvWI3jPgy4nzoGgR62CVyLSBk5wRdftB9lZ3VOrIOYWkD/ewQVyhsCFIo46NtrJAMCog30OkZ60OuUbvLYtQrlS7x9Onwjy9rxqo6D6Mej+Dtul+DxVLVYZ500L0jZ5GmariSidBHHaPYgGPL4Ait6aHwcpE57sXWdW8LmVlcI0qH6ADSIa2hKzstRC4sLgr6Zm0BFcFp85wX9n3vT3kuw2eHDK43BV1O/6YEsev145bh4WEuVmp8ygfGkS13TNw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gkehDnYPbTxDQ9UFOWFU4FYw+r3mZvNrj47CXMqb0zXxXBRFIgw6S4W6L6fiT+avz2/YBmXv/aON5U2jz7h0RX5Zxi3wEEtvTtbGu5otkHrwMgH91s2QKIJVHk7K1UgXkWpUFP3ycU/HAR2hMGUoKla3UwZVNNcsOfuNH1zQnsfkiOOWBfgbNZ9K3lm1e6JMK2Jj0MWqm0qp64LWctgVpjze1ctZyoUE6CqIXyasebBWcfh5T0fvU9bZD5sCbmCx6rcwLM+F2DClfsl9EMUjRURe1yZKaTxI8cvs2JluORAuuN+AbB70p9/2Fa5gKYbka1tiBwdccq+y39i8gOBKTA==
- Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 30 Jul 2025 21:16:50 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-07-30 11:21, Jan Beulich wrote:
On 16.07.2025 23:14, Jason Andryuk wrote:
The Control domain is denied access to an untargetable domain. However
init-dom0less wants to read the xenstore event channel HVM param to
determine if xenstore should be set up.
This is a read operation, so it is not modifying the domain. Special
case the HVMOP_get_param operation for is_control_domain(). It is done
in xsm_hvm_param() because xsm_default_action() is too complicated.
HVMOP_get_param should be allowed for a domain itself (XSM_TARGET) and
its device model - src->target or is_dm_domain(). It should otherwise
be denied for untargetable domains. xsm_default_action() doesn't have
sufficient information to identify the particular operation, so put it
in xsm_hvm_param().
Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
---
It's messy, but I couldn't think of a better way.
Fits well with my remarks on earlier patches. The granularity you want
simply can't be had this way, unless you use such undesirable "overrides".
Following Stefano's suggestion, this patch can be dropped. With
xenstored auto-introducing predefined domains, init-dom0less can use the
introduced state to determine which domains to handle.
Regards,
Jason
|