[16/23] xsm/dummy: Allow hwdom xen_version

Message ID	20250306220343.203047-17-jason.andryuk@amd.com (mailing list archive)
State	New
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C From: Jason Andryuk <jason.andryuk@amd.com> To: <xen-devel@lists.xenproject.org> CC: Jason Andryuk <jason.andryuk@amd.com>, "Daniel P. Smith" <dpsmith@apertussolutions.com> Subject: [PATCH 16/23] xsm/dummy: Allow hwdom xen_version Date: Thu, 6 Mar 2025 17:03:36 -0500 Message-ID: <20250306220343.203047-17-jason.andryuk@amd.com> In-Reply-To: <20250306220343.203047-1-jason.andryuk@amd.com> References: <20250306220343.203047-1-jason.andryuk@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	ARM split hardware and control domains \| expand [00/23] ARM split hardware and control domains [01/23] xen: introduce hardware domain create flag [02/23] xen/arm: Factor out construct_hwdom() [03/23] xen/arm: dom0less hwdom construction [04/23] xen/arm: dom0less use domid 0 for hwdom [05/23] xen/arm: Add capabilities to dom0less [06/23] xen/domctl: Expose privileged and hardware capabilities [07/23] tools/libxl: Expose hardware and privileged flags [08/23] xen/arm: dom0less seed xenstore grant table entry [09/23] tools/init-dom0less: Only seed legacy xenstore grants [10/23] xen/arm: dom0less delay xenstore initialization [11/23] tools/xenstored: Automatically set dom0_domid and priv_domid [12/23] tools/xl: Print domain capabilities with verbose [13/23] xsm/dummy: Allow XS_PRIV XEN_SYSCTL_getdomaininfolist [14/23] xsm/dummy: Allow XS_PRIV to call get_hvm_param [15/23] xen/xsm: Add XSM_HW_PRIV [16/23] xsm/dummy: Allow hwdom xen_version [17/23] xsm/dummy: Allow hwdom more - except targeting control [18/23] xsm/dummy: Allow hwdom SYSCTL_readconsole/physinfo [19/23] xsm/dummy: Allow sysctls to both hardware and control [20/23] xsm/silo: Support hwdom/control domains [21/23] automation/dom0less-arm64: Use double quotes [22/23] automation: Add arm64 hardware/control split test [23/23] DO NOT COMMIT: automation: updated imagebuilder

Message ID

20250306220343.203047-17-jason.andryuk@amd.com (mailing list archive)

State

New

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C
From: Jason Andryuk <jason.andryuk@amd.com>
To: <xen-devel@lists.xenproject.org>
CC: Jason Andryuk <jason.andryuk@amd.com>, "Daniel P. Smith"
	<dpsmith@apertussolutions.com>
Subject: [PATCH 16/23] xsm/dummy: Allow hwdom xen_version
Date: Thu, 6 Mar 2025 17:03:36 -0500
Message-ID: <20250306220343.203047-17-jason.andryuk@amd.com>
In-Reply-To: <20250306220343.203047-1-jason.andryuk@amd.com>
References: <20250306220343.203047-1-jason.andryuk@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2025 22:04:07.7574
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 953713ad-696f-410a-1e8e-08dd5cfad136
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN3PEPF0000B36D.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB8499

Series

ARM split hardware and control domains | expand

Commit Message

Jason Andryuk March 6, 2025, 10:03 p.m. UTC

Running xl queries XENVER_commandline and XENVER_build_id.  The hardware
domain should have access to the command line.  The hardware domain is
at least semi-trusted - just allow it access to all the xen_version
info.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
 xen/include/xsm/dummy.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 4536ee5dad..9e6bc0ed12 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -859,6 +859,8 @@  static XSM_INLINE int cf_check xsm_xen_version(XSM_DEFAULT_ARG uint32_t op)
         /* These MUST always be accessible to any guest by default. */
         return xsm_default_action(XSM_HOOK, current->domain, NULL);
     default:
+        if ( is_hardware_domain(current->domain) )
+            return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
         return xsm_default_action(XSM_PRIV, current->domain, NULL);
     }
 }

[16/23] xsm/dummy: Allow hwdom xen_version

Commit Message

Patch