[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 04/17] xen: Introduce XEN_DOMCTL_CDF_not_hypercall_target
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Jason Andryuk <jason.andryuk@xxxxxxx>
- Date: Wed, 30 Jul 2025 17:30:43 -0400
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gc4EnfLX1MA0bMFbQ2KC0kWa0Hk1oFGi7KzIMJVQrA8=; b=pbp40SElGdasC4+Yo3KwHSxHF5tR52Eq8580LmZeu/whftGr702MvIrOZyn6czFaW/nkNEQI+OVmpXZGHXxrwZv7u0hV+Oks4SbJpg89M5zVgunLj0dNbHgV/2KFapDwm6enGoybzmcUjWGqwNx0tNnT/P6tKcy0oTFfWRB0IdpXPuCG7In+spYkkeGJ2ggAVfUvQeRsaCdWRTPDd7JGmRmf3n3rXozQP5YbivYilht0Zq/i0hAK1JtL0P4uHIfNULBUbwOd89ml9cr6EWM7hkE5XLa8F7MBFnS4oAPVq+jB1sQk1Hr2AJiTBBamf4M1LaSTIDkgGaSVpsXfZca0cw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pTuIpymzwDBwkgwgce5xC7ZPdoG0yw8t5KrwjHrWw6khpHb0Es3ZyXCsOJKPVHcO8sveGbtPG1BhndPZwQSL6gEkaUXWYcJwHU620WAk/HbSb7dEOEDnJcPKUSeRAwrr+wZ0dG3bq9u5E+beUvXuGgCYfyLW4P3cj6pYsb5+iZw+k+Ji24Esduk2Y25BK+axVTaa9fWUFTeDHho4ynv5UZMVkATUTey5iEZeoxq7Ru//H6ZncYAA5GHaN6uqhOz59rA1LG+/+bGAk36oWu+hp46yqjAFLqS1RzQOHC9IcBHXINCJWlTx5jVuffVIv7SnF2imRmwhAowkiXVmrCbbRQ==
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 30 Jul 2025 21:30:57 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-07-30 11:06, Jan Beulich wrote:
On 16.07.2025 23:14, Jason Andryuk wrote:
Add a new create domain flag to indicate if a domain can be the target
of hypercalls. By default all domains can be targetted - subject to any
other permission checks.
I think terminology needs clarifying here: What exactly does "targeted"
mean? Is that e.g. also intended to cover
XENMEM_{current,maximum}_reservation, which "target" a particular domain,
when at the same time they don't interfere with the targeted domain in
any way?
Avoiding interference is the primary goal. Those hypercalls definitely
need to be blocked. xsm_default_action() has limited information
available, so we can't differentiate particular hypercalls. Blocking
extra non-interfering hypercalls is not a problem for us.
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -91,12 +91,16 @@ static always_inline int xsm_default_action(
return 0;
fallthrough;
case XSM_DM_PRIV:
+ if ( target && !is_hypercall_target(target) )
+ return -EPERM;
if ( is_dm_domain(src) )
return 0;
if ( target && evaluate_nospec(src->target == target) )
return 0;
fallthrough;
case XSM_PRIV:
+ if ( target && !is_hypercall_target(target) )
+ return -EPERM;
Hmm, for TARGET, XS_PRIV, and DM_PRIV we're now doing the same check
twice.
The different cases need to be covered somehow. I didn't see a good way
to avoid the duplication.
Regards,
Jason
|
