[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 09/12] tools/xenstored: Use priv_domid for manual nodes and permission

  • To: Jürgen Groß <jgross@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jason Andryuk <jason.andryuk@xxxxxxx>
  • Date: Fri, 25 Jul 2025 19:57:58 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uPXVbfSwka69glAD0hYqwW6qJ1KLgb/fkdetEq9vaT0=; b=wghYLcNPcsbxjQ+k86VCmsmhLMmA09jnSAcrZ1SunTRWYgIbGMZa3npbKs0qm/IzhA4CFl/BgDUR+pKe5j6Ck+BVx9RxKgznvQG78dYCRA2/WDqAb2E4eUoHSEyfio881dmwEKFJQ2kurLIkkMIGzes5Jw7Pheru/3AtluS8SZLldodnPVrrpfvcf4wI1LtSLWmrfSQR0ri1mrkslp92VmiOmSzRX+Nqh9C8nQZG6vK9L/2Avs1ogu/EQAIhx9iGbeJCu5nxmm2Wks9/WnSiKNXF3RDXLHaV7DK9jbHz6/JCU/sy87OvOdXKXEXXwqGOxOb0btFvr/mjKFhDAKK/oA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Qu+rTCkuc1Fo2obHrpNZcKyGe54t9Q81R2U7y8YWtxSe4q3qT3N9ika9MewCPWibh7lM1+/BTLoGHR14bLlhjZaD2/jUKFOgkDsnXiCRA77trMx/szUrL6cchs11OdyLSbsbRoSOZKEgfOYiVqT7C0sezrGaDZKOosdnoJaCtGZsLj/iSjYD66eY1/zcyG29KUuluiSf9MExfebQkhJoPa3PTwbjV69HP+P3pwg2WgjD9gwqM5jltHuBaA7oPSBCM45peAOFyMDKs+EzCssASPcoXFiSpVhk+Dl0bj5OYesYb2NG3A/FBAuqaDgse6sAEmoHb4JU2s2UrhMDoj5vAQ==
  • Cc: Julien Grall <julien@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Fri, 25 Jul 2025 23:58:35 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-07-25 03:24, Jürgen Groß wrote:

On 25.07.25 04:28, Jason Andryuk wrote:

Usually, priv_domid == dom0_domid == 0, and that is what is expected.
If we rename s/dom0_domid/store_domid/, it seems more likely we want to
actually have the priv_domid as the owner.


Yes, I agree.



That leads to follow on changes to ensure that the priv_domid is created
first.

Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
---
Will this blow up if priv_domid doesn't exist?


That won't be a problem. The problematic case will be when priv_domid is
never changed due to no doamin having the CONTROL cap, and some random
other domU happens to have domid 0.

So maybe priv_domid should be initialized statically to e.g. DOMID_IDLE,
as with your init_domains() loop a "normal" dom0 will always have the
CONTROL cap and thus will result in priv_domid being set.


There is existing use of DOMID_INVALID, so I'll use that


Same applies probably to store_domid, but that should be set to priv_domid
after init_domains() in case no domain had the XENSTORE cap.

If both aren't detected it should be fine to bail out early.
For our use cases, we want the possibility to run xenstored without a control domain. In that case, I think it would make sense to set priv_domid = store_domid to get xenstored to run. 



Maybe it would be better to just create these as store_domid.


No, reasoning see above. And xenstore-stubdom accesses to Xenstore nodes
via the "normal" interfaces shouldn't need any special privileges.

Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
Thanks, but I held off applying with the priv_domid = store_domid assignment. (Well dom0_domid since it's before the rename). 

Regards,
Jason

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.