[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/4] tools/xenstored: add support for "all domains" node permission

To: Juergen Gross <jgross@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Mon, 27 Apr 2026 18:00:37 -0400
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Plj1IuUk+kxpPzBNOKhSZ00paaee269CWXprrl/G2DA=; b=KA5tvd7QVmUwGj+wXn1xKK4gn3db15ntQp0Mv/lZjvCQNqdNX/ZTQrpZp433R7PMzDnoCTiYsqHZxy077y0pbVEL0hbYkdC4yIZBwEbWtGPQ32z3yvKC/97M5yh5n39Vx17cegww7JAF8ngwAmgQWNxetnLNAjeC5b5Q16fdOFyIGJx99F4wURcD+4SSt55EJ4j+SGbmkPUKluw+db3rEzBpDzTra3PnWZOTRqo6WFT1QMAJnciahrLboeqGC1Anh6qKgc1wBw8hZzGzxBgVkKrl6Im4sa6/WXB5FUpqT/cHdfJpSS3jp0XlNSl4iU1uUz0OQacUo3kdpjJLgQsEJA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kyhtrEgN/86GbNM11t50VscGXDc5FGGZ+7VUFVnd9Dzt/KxEl1yGz79hFBxSTsz44R+1tdxC7TTyFLQ/ygO5QR0M0arlOS5QZvoPw+od0Dd+CqdlX13OdcTwAndQtJoyod3Htp/6eeuOmSJ2WQKk/ARjybJy4QiLsrnMOJx2vtEG5/0U1BFnI6begVUySo0waM95J6KQ5UT2yrsaFwQnal/XFnM5dOs/guvPmMGbRx5SZfRTP7hVP/nhPgKq8Xa2F3ur5e8QDfC7YR/TiGtOk2nqCwh8wAqoS8ZRfRWyLuV+M6l+H2HAFkC2TKYIxCLj44WZXmP55FOTmeA/WWJG0A==
Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
Cc: <dmukhin@xxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>
Delivery-date: Mon, 27 Apr 2026 22:00:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2026-04-23 04:08, Juergen Gross wrote:

Add support for using DOMID_ANY in node permissions to indicate that
all domains are allowed to access the node.

Add a new feature bit for indicating the support of DOMID_ANY.

Signed-off-by: Juergen Gross <jgross@xxxxxxxx>

@@ -1754,8 +1755,12 @@ static bool chk_domain_generation(unsigned int domid, 
uint64_t gen)
   * Allocate all missing struct domain referenced by a permission set.
   * Any permission entries for not existing domains will be marked to be
   * ignored.
+ * An DOMID_ANY entry will be marked to be ignored, if the writing


a/An/A/

+ * domain doesn't have the XENSTORE_SERVER_FEATURE_DOMID_ANY enabled. Note
+ * that Xen tools will never set DOMID_ANY for a guest owned node.

I'm not sure about stating "Xen tools will never" here since it maychange in the future, and will not be updated. Maybe "Note that Xentools don't currently set DOMID_ANY for a guest owned node, and theyaren't expected in the future."? But maybe just drop it since I'm notseeing much value.


Reviewed-by: Jason Andryuk <jason.andryuk@xxxxxxx>

Thanks,
Jason

Follow-Ups:
- Re: [PATCH 2/4] tools/xenstored: add support for "all domains" node permission
  - From: Jürgen Groß

References:
- [PATCH 0/4] tools/xenstore: fix issue related to XSA-417
  - From: Juergen Gross
- [PATCH 2/4] tools/xenstored: add support for "all domains" node permission
  - From: Juergen Gross

Prev by Date: Re: [PATCH 1/4] xen/public: introduce DOMID_ANY
Next by Date: Re: [PATCH 3/4] tools/xenstored: allow @releaseDomain watch for all domains
Previous by thread: [PATCH 2/4] tools/xenstored: add support for "all domains" node permission
Next by thread: Re: [PATCH 2/4] tools/xenstored: add support for "all domains" node permission
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.