diff mbox series

[19/23] xsm/dummy: Allow sysctls to both hardware and control

Message ID 20250306220343.203047-20-jason.andryuk@amd.com (mailing list archive)
State New
Headers show
Series ARM split hardware and control domains | expand

Commit Message

Jason Andryuk March 6, 2025, 10:03 p.m. UTC
xl queries SYSCTL_physinfo for the physical cpus:
domU:~# xl list
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number of cpus
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number of cpus
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number of cpus
Name                    ID   Mem VCPUs        State   Time(s)
Domain-0                 0   800     1     r-----     130.0
dom0less-1               1   400     1     r-----     130.3
dom0less-2               2   800     1     r-----     130.3

Hardware and control are both privileged.  Allow them both access to
sysctls so they have insight into the running system.  This is coarse
grained permissions for the dummy policy.

Now the only sysctl denied to a control domain is readconsole.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
Could just allow physinfo to control as an alternative.  There could be
follow on sysctls needed in that case.
---
 xen/include/xsm/dummy.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index f4656bd179..ea8b2fd6ee 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -194,9 +194,10 @@  static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd)
     case XEN_SYSCTL_getdomaininfolist:
         return xsm_default_action(XSM_XS_PRIV, current->domain, NULL);
     case XEN_SYSCTL_readconsole:
-    case XEN_SYSCTL_physinfo:
         return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
     default:
+        if ( is_hardware_domain(current->domain) )
+            return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
         return xsm_default_action(XSM_PRIV, current->domain, NULL);
     }
 }