[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [RFC] expose additional data via sysfs



From: Doug Goldstein <cardoe@xxxxxxxxxx>

This patch is to start a discussion around exposing additional
information via sysfs to the guest to steer us away from xenfs
(/proc/xen) which is advertised as deprecated. Currently the initscripts
that Xen has check /proc/xen/capabilities for "control_d" and there is
no real way to do this via sysfs today. This patch is not meant to be
committed (I never even compiled it) but more as a discussion starter
for what we want to have exposed. Some thoughts are the ability to
express if:
- dom0 services should be started
  - xenstored
  - populate xenstore nodes
  - start other domains
  - disk backend
  - xenconsoled
- can this domain start other domains
- is this a late hardware domain
- express L0 vs L1 dom0

I should note its important to me to consider the security implications
of adding these as well. e.g. Not adding information that can be used to
guess the configuration and environment of the hypervisor from an
attacker controlled domain. The negative (the lack of information) about
the system could also have other security implications.
---
 drivers/xen/sys-hypervisor.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/drivers/xen/sys-hypervisor.c b/drivers/xen/sys-hypervisor.c
index 9d314bba7c4e..9b3833ea103d 100644
--- a/drivers/xen/sys-hypervisor.c
+++ b/drivers/xen/sys-hypervisor.c
@@ -383,6 +383,22 @@ static ssize_t buildid_show(struct hyp_sysfs_attr *attr, 
char *buffer)
 
 HYPERVISOR_ATTR_RO(buildid);
 
+static ssize_t init_domain_show(struct hyp_sysfs_attr *attr, char *buffer)
+
+{
+       return sprintf(buffer, "%d", xen_start_info->flags & SIF_INITDOMAIN);
+}
+
+HYPERVISOR_ATTR_RO(init_domain);
+
+static ssize_t privileged_domain_show(struct hyp_sysfs_attr *attr, char 
*buffer)
+
+{
+       return sprintf(buffer, "%d", xen_start_info->flags & SIF_PRIVILEGED);
+}
+
+HYPERVISOR_ATTR_RO(privileged_domain);
+
 static struct attribute *xen_properties_attrs[] = {
        &capabilities_attr.attr,
        &changeset_attr.attr,
@@ -390,6 +406,8 @@ static struct attribute *xen_properties_attrs[] = {
        &pagesize_attr.attr,
        &features_attr.attr,
        &buildid_attr.attr,
+       &init_domain_attr.attr,
+       &privileged_domain_attr.attr,
        NULL
 };
 
-- 
2.15.2 (Apple Git-101.1)


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.