[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG v2] common/domctl: xsm update for get_domain_state access

To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Mon, 23 Feb 2026 13:01:51 -0500
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=apertussolutions.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x7prGWXpcud7zodgdqdXLoIDodLrd6uyeQ52pqsTLsA=; b=n/cJdREWtoBXyn5yu93JuWnpE0eVWnUSzF8atqM40cS6+WsQjOeoe+oOg0KnoYb5q4sp9XsPP7RDttyRDm1EJsc18F5qgqEMcJyqw5nRuh8sICSSNdNHE0bGtgL0WzOnexuPpxSSQuRXXzqY48QHxSMYy76n0Ye4urKAe0Ll8Ll7y5JZ0V0RMGBstymBHhZRVcfLPQzR/p23lcBjaGfy4dmJsq9itrUvpu4DUtoIKYbA7JBMh29dxcdcR172Zd9ywwqICF6NAi+kHBOz4yZTtqDt2IMKvSEedXMac99WcyNBapE7aOGcAeGa9MZRUiW7OpFkCUct6Lo+QP/Irjzwdg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mfWJ02KCOje2+q5J0HakVqiwOXO2ZQwgIq08ttJvLajebxKMBk8LuYtQ9bHoVx71HFCIahGJhJN6hy9Fq7Hy137u1KykJ/leAlaaRLFCgJQ6n/ljxGx0ZtIecLzT2iavwDEoSzgRTPsR5IXZ2wmB1Qwqn5ZJ4N8RRh+6klCy5djfFrLvxtHQn+wj3F0cKLr9SGdfHt2IiF+FusN9WUhjCoacp6HB8o7XbK1XRAWgNjnpsbipv0Q1NBTN2P5IgijHw/Ei9WL7krzdg+NXYGY+EceQWb79L4bbYY3zakdr8wKmRkCg4QghovAWmFIKFV0LXIGwRqMtXGRP1KoX195bfQ==
Cc: Chris Rogers <rogersc@xxxxxxxxxxxx>, Dmytro Firsov <dmytro_firsov@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "Anthony PERARD" <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
Delivery-date: Mon, 23 Feb 2026 18:02:13 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2026-02-19 07:15, Daniel P. Smith wrote:

On 2/18/26 18:04, Jason Andryuk wrote:

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 29a7726d32d0..2eedc639c72a 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -860,12 +860,9 @@ longdo_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
          break;
      case XEN_DOMCTL_get_domain_state:
-        ret = xsm_get_domain_state(XSM_XS_PRIV, d);
With the initial NULL deref issue, I wondered if this wouldn't bebetter off modified to drop the d param -xsm_get_domain_state(XSM_XS_PRIV) - and changing flask permissions like:
allow dom0_t xen_t:xen get_domain_state;
That would gate the external call, and individual domain permissionscould be checked with xsm_getdomaininfo(), or a new hook if you don'twant to re-use.
But as your approach avoids passing NULL, it seems okay to me. Italso doesn't change the flask policy, which is nice.
That's a plain nack from me. Whether it is viewed as a pipe dream ornot, my goal continues to be to work towards enabling the ability tohave a truly disaggregated platform. In the original architecture, itwas envisioned to have multiple toolstack domains, each responsible fora distinct set of domains. In terms of implementation, that would meanmultiple xenstored instances, each with a purview over a subset of domains.


I don't think what I wrote is at odds with your pipe dream.

My main concern is passing NULL as a domain. I think that is wrong,beyond the fault seen on ARM. In domain_target_sid(), I think the NULLdst was mistakenly matched to dom0's NULL src->target. src->target_sidis 0 from zalloc, which is not otherwise initialized and invalid. Thatis returned. Later when sidtab_search() can't find it, it is remappedto SECINITSID_UNLABELED and returned. That silent remapping is dubious,and it points toward unlabled_t should never be allowed in any rule.Maybe it should remap unknown sids to a dedicated invalid_t, but maybeinvalid_t is already supposed to be that?


Regards,
Jason

Follow-Ups:
- Re: [BUG v2] common/domctl: xsm update for get_domain_state access
  - From: Daniel P. Smith

References:
- [BUG v2] common/domctl: xsm update for get_domain_state access
  - From: Daniel P. Smith
- Re: [BUG v2] common/domctl: xsm update for get_domain_state access
  - From: Jason Andryuk
- Re: [BUG v2] common/domctl: xsm update for get_domain_state access
  - From: Daniel P. Smith

Prev by Date: [PATCH] x86/emul: Remove fallback path from SWAPGS
Next by Date: Re: [PATCH] x86: Remove x86 prefixed names from cpuinfo for common.c
Previous by thread: Re: [BUG v2] common/domctl: xsm update for get_domain_state access
Next by thread: Re: [BUG v2] common/domctl: xsm update for get_domain_state access
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.