Xen project Mailing List

[PATCH 3/4] tools/xenstored: allow @releaseDomain watch for all domains

From: Juergen Gross <jgross@xxxxxxxx>

Date: Thu, 23 Apr 2026 10:08:39 +0200

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com" header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References"; dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com" header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References"

Authentication-results: smtp-out1.suse.de; dkim=pass header.d=suse.com header.s=susede1 header.b=AgfXxE44

Cc: dmukhin@xxxxxxxx, Juergen Gross <jgross@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>

Delivery-date: Thu, 23 Apr 2026 08:09:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Currently the @releaseDomain watch is allowed for dom0 only. This is problematic for guests which want to give other domains access to Xenstore entries, as they have no simple way to tell when such a domain is stopped. Allow @releaseDomain to be usable by all domains as the default. Signed-off-by: Juergen Gross <jgross@xxxxxxxx> --- tools/xenstored/core.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c index 5a621f53ba..421f227ff1 100644 --- a/tools/xenstored/core.c +++ b/tools/xenstored/core.c @@ -2279,19 +2279,19 @@ struct connection *get_connection_by_id(unsigned int conn_id) } /* We create initial nodes manually. */ -static void manual_node(const char *name, const char *child) +static void manual_node_perms(const char *name, const char *child, + struct xs_permissions *perms, + unsigned int n_perms) { struct node *node; - struct xs_permissions perms = { .id = priv_domid, - .perms = XS_PERM_NONE }; node = talloc_zero(NULL, struct node); if (!node) barf_perror("Could not allocate initial node %s", name); node->name = name; - node->perms = &perms; - node->hdr.num_perms = 1; + node->perms = perms; + node->hdr.num_perms = n_perms; node->children = (char *)child; if (child) node->hdr.childlen = strlen(child) + 1; @@ -2301,6 +2301,14 @@ static void manual_node(const char *name, const char *child) talloc_free(node); } +static void manual_node(const char *name, const char *child) +{ + struct xs_permissions perms = { .id = priv_domid, + .perms = XS_PERM_NONE }; + + manual_node_perms(name, child, &perms, 1); +} + static unsigned int hash_from_key_fn(const void *k) { const char *str = k; @@ -2320,6 +2328,11 @@ static int keys_equal_fn(const void *key1, const void *key2) void setup_structure(bool live_update) { + struct xs_permissions perms[] = { + { .id = priv_domid, .perms = XS_PERM_NONE }, + { .id = DOMID_ANY, .perms = XS_PERM_READ }, + }; + nodes = create_hashtable(NULL, "nodes", hash_from_key_fn, keys_equal_fn, HASHTABLE_FREE_KEY | HASHTABLE_FREE_VALUE); if (!nodes) @@ -2331,7 +2344,8 @@ void setup_structure(bool live_update) manual_node("/", "tool"); manual_node("/tool", "xenstored"); manual_node("/tool/xenstored", NULL); - manual_node("@releaseDomain", NULL); + manual_node_perms("@releaseDomain", NULL, + perms, ARRAY_SIZE(perms)); manual_node("@introduceDomain", NULL); domain_nbentry_fix(priv_domid, 5); } -- 2.53.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.