[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 07/17] xsm/dummy: Allow HVMOP_get_param for control domain

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jason Andryuk <jason.andryuk@xxxxxxx>
  • Date: Wed, 16 Jul 2025 17:14:54 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DXR0t+pBKl3PsI0yc4pZiF7K0QaYfE7hIDcuE/EBq/M=; b=bExf+k2UNxAoX9bA4d+EI3ezksy8ur1QfJcsCceu5fHLutHj2VnxKQRvzUbEtFE0i83ELsp7Q8NWSHtsGsv2J/wLuMXFtvT5wHpL7JkQAI30a/wtNoLv5hxM8Te/GIIOmn1sOtySvmAU7GN1b/e+7nbgTTaVKVBh9vG0Arl57OaZMukRkWZHGtMYOWWnsTw0EOjMKgMjgh67VD64+PVwb2dLkxy6BoBU23JH7msQ60tw4JIiK36G3wMm9jIAnUqfoOma6wzozGsQlwq6Fr6m5RProfX88S7mDBHEp/pOVsUmxvX5WLxToKRWB1YYelIqZreTS1fG47ODBGMAUKzZdw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oApQOS1w7G4m1Xk9M4e5iaxjCX1S5w/0u5ss/FcjCq7PriDs+GE8XXdd1XvWWJKqlWxa6ZTr/0S0b/LZEr2CDSax8Wv8ZlwJBcqTuIIEr1DbYFG7/EboXToGm+rDpyounPjTm0utO9YrcyndNWI5yQrjrK2fGSMmWzOe81D4YgZ9tMA7DmqzwlkZlw4DUZ5qks090IMXMyRITTKcQ2H1aXXixxDchNqxIIWeUjJZALd+ePlYqTDH2kLwGXlRwXFvUlmWUclxl8H46Bkk7H99hjhmLXCBwKIfi3BbrTF6/eZxneBVWP1CRkxM6lleqpoR0N1GINK+H2VMVBF71aE+kA==
  • Cc: Jason Andryuk <jason.andryuk@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 16 Jul 2025 21:22:35 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
The Control domain is denied access to an untargetable domain.  However
init-dom0less wants to read the xenstore event channel HVM param to
determine if xenstore should be set up.

This is a read operation, so it is not modifying the domain.  Special
case the HVMOP_get_param operation for is_control_domain().  It is done
in xsm_hvm_param() because xsm_default_action() is too complicated.
HVMOP_get_param should be allowed for a domain itself (XSM_TARGET) and
its device model - src->target or is_dm_domain().  It should otherwise
be denied for untargetable domains.  xsm_default_action() doesn't have
sufficient information to identify the particular operation, so put it
in xsm_hvm_param().

Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
---
It's messy, but I couldn't think of a better way.
---
 xen/include/xsm/dummy.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 4d7b1d61eb..896ebee631 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -621,7 +621,10 @@ static XSM_INLINE int cf_check xsm_hvm_param(
     XSM_DEFAULT_ARG struct domain *d, unsigned long op)
 {
     XSM_ASSERT_ACTION(XSM_TARGET);
-    return xsm_default_action(action, current->domain, d);
+    /* Special case to allow init-dom0less to read HVM params. */
+    if ( op == HVMOP_get_param && is_control_domain(current->domain) )
+        return 0;
+    return xsm_default_action(XSM_TARGET, current->domain, d);
 }
 
 static XSM_INLINE int cf_check xsm_hvm_param_altp2mhvm(
-- 
2.50.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.