[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 10/12] tools/xenstored: Rename dom0_domid to store_domid

  • To: Jason Andryuk <jason.andryuk@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Jürgen Groß <jgross@xxxxxxxx>
  • Date: Fri, 25 Jul 2025 09:30:29 +0200
  • Autocrypt: addr=jgross@xxxxxxxx; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNH0p1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT7CwHkEEwECACMFAlOMcK8CGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCw3p3WKL8TL8eZB/9G0juS/kDY9LhEXseh mE9U+iA1VsLhgDqVbsOtZ/S14LRFHczNd/Lqkn7souCSoyWsBs3/wO+OjPvxf7m+Ef+sMtr0 G5lCWEWa9wa0IXx5HRPW/ScL+e4AVUbL7rurYMfwCzco+7TfjhMEOkC+va5gzi1KrErgNRHH kg3PhlnRY0Udyqx++UYkAsN4TQuEhNN32MvN0Np3WlBJOgKcuXpIElmMM5f1BBzJSKBkW0Jc Wy3h2Wy912vHKpPV/Xv7ZwVJ27v7KcuZcErtptDevAljxJtE7aJG6WiBzm+v9EswyWxwMCIO RoVBYuiocc51872tRGywc03xaQydB+9R7BHPzsBNBFOMcBYBCADLMfoA44MwGOB9YT1V4KCy vAfd7E0BTfaAurbG+Olacciz3yd09QOmejFZC6AnoykydyvTFLAWYcSCdISMr88COmmCbJzn sHAogjexXiif6ANUUlHpjxlHCCcELmZUzomNDnEOTxZFeWMTFF9Rf2k2F0Tl4E5kmsNGgtSa aMO0rNZoOEiD/7UfPP3dfh8JCQ1VtUUsQtT1sxos8Eb/HmriJhnaTZ7Hp3jtgTVkV0ybpgFg w6WMaRkrBh17mV0z2ajjmabB7SJxcouSkR0hcpNl4oM74d2/VqoW4BxxxOD1FcNCObCELfIS auZx+XT6s+CE7Qi/c44ibBMR7hyjdzWbABEBAAHCwF8EGAECAAkFAlOMcBYCGwwACgkQsN6d 1ii/Ey9D+Af/WFr3q+bg/8v5tCknCtn92d5lyYTBNt7xgWzDZX8G6/pngzKyWfedArllp0Pn fgIXtMNV+3t8Li1Tg843EXkP7+2+CQ98MB8XvvPLYAfW8nNDV85TyVgWlldNcgdv7nn1Sq8g HwB2BHdIAkYce3hEoDQXt/mKlgEGsLpzJcnLKimtPXQQy9TxUaLBe9PInPd+Ohix0XOlY+Uk QFEx50Ki3rSDl2Zt2tnkNYKUCvTJq7jvOlaPd6d/W0tZqpyy7KVay+K4aMobDsodB3dvEAs6 ScCnh03dDAFgIq5nsB11j3KPKdVoPlfucX2c7kGNH+LUMbzqV6beIENfNexkOfxHfw==
  • Cc: Julien Grall <julien@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Fri, 25 Jul 2025 07:30:41 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 25.07.25 04:28, Jason Andryuk wrote:

The dom0_domid variable is misnamed and conflates purposes.  If we have
xenstored running in a Linux domain that is not dom0, this variable
controls the lookup of /proc/xen/xsd_kva and the event channel.

One implication of this change is that the xenstore domain is not
privileged by virtue of considering store_domid as privileged.

Rename to store_domid to better show its purpose.

No functional change.

Add a description of the -m/--master-domid options while
doing this.

Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
---
  tools/xenstored/core.c   | 9 ++++++---
  tools/xenstored/core.h   | 6 +++---
  tools/xenstored/domain.c | 8 ++++----
  tools/xenstored/posix.c  | 2 +-
  4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index 19edd75bc3..981907ec28 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -2536,7 +2536,10 @@ static void usage(void)
  "                          allowed timeout candidates are:\n"
  "                          watch-event: time a watch-event is kept pending\n"
  "  -K, --keep-orphans      don't delete nodes owned by a domain when the\n"
-"                          domain is deleted (this is a security risk!)\n");
+"                          domain is deleted (this is a security risk!)\n"
+"  -m, --master-domid      specify the domid of the domain where xenstored\n"
+"                          is running.  defaults to 0\n"
+);
  }
@@ -2564,7 +2567,7 @@ static struct option options[] = { 
  #endif
        { NULL, 0, NULL, 0 } };
-int dom0_domid = 0; 
+int store_domid = 0;
  int dom0_event = 0;
  int priv_domid = 0;
  domid_t stub_domid = DOMID_INVALID;
@@ -2733,7 +2736,7 @@ int main(int argc, char *argv[])
                        dom0_event = get_optval_uint(optarg);
                        break;
                case 'm':
-                       dom0_domid = get_optval_uint(optarg);
+                       store_domid = get_optval_uint(optarg);
                        break;
                case 'p':
                        priv_domid = get_optval_uint(optarg);
diff --git a/tools/xenstored/core.h b/tools/xenstored/core.h
index 1ba9592d16..d44cca8454 100644
--- a/tools/xenstored/core.h
+++ b/tools/xenstored/core.h
@@ -364,7 +364,7 @@ do {                                                \
                trace("tdb: " __VA_ARGS__);   \
  } while (0)
-extern int dom0_domid; 
+extern int store_domid;
  extern int dom0_event;
  extern int priv_domid;
  extern domid_t stub_domid;
@@ -381,11 +381,11 @@ uint64_t get_now_msec(void);
  void *xenbus_map(void);
  void unmap_xenbus(void *interface);
-static inline int xenbus_master_domid(void) { return dom0_domid; } 
+static inline int xenbus_master_domid(void) { return store_domid; }


Maybe just drop xenbus_master_domid() and replace its use cases with
store_domid directly?
static inline bool domid_is_unprivileged(unsigned int domid) 
  {
-       return domid != dom0_domid && domid != priv_domid;
+       return domid != store_domid && domid != priv_domid;


I'd say drop the test for store_domid here. I don't think it is
appropriate to give xenstore-stubdom special rights.


  }
static inline bool domain_is_unprivileged(const struct connection *conn) 
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index dbeacaa93e..d9144e97a1 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -1139,7 +1139,7 @@ static struct domain *onearg_domain(struct connection 
*conn,
                return ERR_PTR(-EINVAL);
domid = atoi(domid_str); 
-       if (domid == dom0_domid)
+       if (domid == store_domid)


And here I'm not sure we want to allow to priv_domid.

There will be noone left who could call XS_RESUME if we'd allow
priv_domid to be released. store_domid needs to be kept excluded, too,
of course.


                return ERR_PTR(-EINVAL);
return find_connected_domain(domid); 
@@ -1267,7 +1267,7 @@ evtchn_port_t get_domain_evtchn(domid_t domid)
                return get_xenbus_evtchn();
        }
  #else
-       if (domid == xenbus_master_domid()) {
+       if (domid == store_domid) {
                return get_xenbus_evtchn();


And now this is correct. :-)


        }
  #endif
@@ -1295,13 +1295,13 @@ void init_domains(void)
                domids[nr_domids - 1] = domid;
if (caps & XENMANAGE_GETDOMSTATE_CAP_XENSTORE) { 
-                       dom0_domid = domid;
+                       store_domid = domid;
                }
if (caps & XENMANAGE_GETDOMSTATE_CAP_CONTROL) { 
                        memmove(&domids[1], domids, (nr_domids - 1) * 
sizeof(*domids));
                        /*
-                        * Local domid must be first to setup structures for
+                        * priv domid must be first to setup structures for
                         * firing the special watches.
                         */
                        domids[0] = domid;
diff --git a/tools/xenstored/posix.c b/tools/xenstored/posix.c
index 6037d739d0..d0622dc05f 100644
--- a/tools/xenstored/posix.c
+++ b/tools/xenstored/posix.c
@@ -266,7 +266,7 @@ static void accept_connection(int sock)
        conn = new_connection(&socket_funcs);
        if (conn) {
                conn->fd = fd;
-               conn->id = dom0_domid;
+               conn->id = store_domid;
        } else
                close(fd);
  }



Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.