[20/23] xsm/silo: Support hwdom/control domains

Message ID	20250306220343.203047-21-jason.andryuk@amd.com (mailing list archive)
State	New
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C From: Jason Andryuk <jason.andryuk@amd.com> To: <xen-devel@lists.xenproject.org> CC: Jason Andryuk <jason.andryuk@amd.com>, "Daniel P. Smith" <dpsmith@apertussolutions.com> Subject: [PATCH 20/23] xsm/silo: Support hwdom/control domains Date: Thu, 6 Mar 2025 17:03:40 -0500 Message-ID: <20250306220343.203047-21-jason.andryuk@amd.com> In-Reply-To: <20250306220343.203047-1-jason.andryuk@amd.com> References: <20250306220343.203047-1-jason.andryuk@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Received-SPF: None (SATLEXMB03.amd.com: jason.andryuk@amd.com does not designate permitted sender hosts)
Series	ARM split hardware and control domains \| expand [00/23] ARM split hardware and control domains [01/23] xen: introduce hardware domain create flag [02/23] xen/arm: Factor out construct_hwdom() [03/23] xen/arm: dom0less hwdom construction [04/23] xen/arm: dom0less use domid 0 for hwdom [05/23] xen/arm: Add capabilities to dom0less [06/23] xen/domctl: Expose privileged and hardware capabilities [07/23] tools/libxl: Expose hardware and privileged flags [08/23] xen/arm: dom0less seed xenstore grant table entry [09/23] tools/init-dom0less: Only seed legacy xenstore grants [10/23] xen/arm: dom0less delay xenstore initialization [11/23] tools/xenstored: Automatically set dom0_domid and priv_domid [12/23] tools/xl: Print domain capabilities with verbose [13/23] xsm/dummy: Allow XS_PRIV XEN_SYSCTL_getdomaininfolist [14/23] xsm/dummy: Allow XS_PRIV to call get_hvm_param [15/23] xen/xsm: Add XSM_HW_PRIV [16/23] xsm/dummy: Allow hwdom xen_version [17/23] xsm/dummy: Allow hwdom more - except targeting control [18/23] xsm/dummy: Allow hwdom SYSCTL_readconsole/physinfo [19/23] xsm/dummy: Allow sysctls to both hardware and control [20/23] xsm/silo: Support hwdom/control domains [21/23] automation/dom0less-arm64: Use double quotes [22/23] automation: Add arm64 hardware/control split test [23/23] DO NOT COMMIT: automation: updated imagebuilder

Message ID

20250306220343.203047-21-jason.andryuk@amd.com (mailing list archive)

State

New

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C
From: Jason Andryuk <jason.andryuk@amd.com>
To: <xen-devel@lists.xenproject.org>
CC: Jason Andryuk <jason.andryuk@amd.com>, "Daniel P. Smith"
	<dpsmith@apertussolutions.com>
Subject: [PATCH 20/23] xsm/silo: Support hwdom/control domains
Date: Thu, 6 Mar 2025 17:03:40 -0500
Message-ID: <20250306220343.203047-21-jason.andryuk@amd.com>
In-Reply-To: <20250306220343.203047-1-jason.andryuk@amd.com>
References: <20250306220343.203047-1-jason.andryuk@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Received-SPF: None (SATLEXMB03.amd.com: jason.andryuk@amd.com does not
 designate permitted sender hosts)
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2025 22:04:12.3092
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 4c818c7f-bee5-4c31-ad47-08dd5cfad3ec
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN3PEPF0000B370.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PPF1D04084C7

Series

ARM split hardware and control domains | expand

Commit Message

Jason Andryuk March 6, 2025, 10:03 p.m. UTC

The is_control_domain() check is not sufficient for a split
hardware/control domain.  Add is_priv_domain() to support allowing for
either control or hardware.

Without this, a xenstore/hardware domain is unable to map a domU's
grants.

This silo check is for grants, events and argo.  The dummy policy
handles other calls, so hardware is prevented from foreign mapping
control's memory with that.

This would need to be expanded for a standalone Xenstore domain.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
 xen/xsm/silo.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c
index b89b364287..d5e1a554ea 100644
--- a/xen/xsm/silo.c
+++ b/xen/xsm/silo.c
@@ -20,6 +20,11 @@ 
 #define XSM_NO_WRAPPERS
 #include <xsm/dummy.h>
 
+static always_inline bool is_priv_domain(const struct domain *d)
+{
+    return is_control_domain(d) || is_hardware_domain(d);
+}
+
 /*
  * Check if inter-domain communication is allowed.
  * Return true when pass check.
@@ -29,8 +34,8 @@  static bool silo_mode_dom_check(const struct domain *ldom,
 {
     const struct domain *currd = current->domain;
 
-    return (is_control_domain(currd) || is_control_domain(ldom) ||
-            is_control_domain(rdom) || ldom == rdom);
+    return (is_priv_domain(currd) || is_priv_domain(ldom) ||
+            is_priv_domain(rdom) || ldom == rdom);
 }
 
 static int cf_check silo_evtchn_unbound(

[20/23] xsm/silo: Support hwdom/control domains

Commit Message

Patch