To hyperlaunch xenstore, we want it to automatically introduce all
domains it finds while initializing.  To do that, change xsm_sysctl to
allow XS_PRIV to call XEN_SYSCTL_getdomaininfolist.

Xenstore can already call XEN_DOMCTL_getdomaininfo for the same
information, but it requires knowing the domid.
XEN_SYSCTL_getdomaininfolist eliminates the need to guess domains.

init-dom0less also calls XEN_SYSCTL_getdomaininfolist to determine
running domains to initalize.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
 xen/common/sysctl.c     |  2 +-
 xen/include/xsm/dummy.h | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index c2d99ae12e..89d5176f4d 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -42,7 +42,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
     if ( op->interface_version != XEN_SYSCTL_INTERFACE_VERSION )
         return -EACCES;
 
-    ret = xsm_sysctl(XSM_PRIV, op->cmd);
+    ret = xsm_sysctl(XSM_OTHER, op->cmd);
     if ( ret )
         return ret;
 
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 6a2fc33c3b..f2d6662a9d 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -181,8 +181,14 @@ static XSM_INLINE int cf_check xsm_domctl(
 
 static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd)
 {
-    XSM_ASSERT_ACTION(XSM_PRIV);
-    return xsm_default_action(action, current->domain, NULL);
+    XSM_ASSERT_ACTION(XSM_OTHER);
+    switch ( cmd )
+    {
+    case XEN_SYSCTL_getdomaininfolist:
+        return xsm_default_action(XSM_XS_PRIV, current->domain, NULL);
+    default:
+        return xsm_default_action(XSM_PRIV, current->domain, NULL);
+    }
 }
 
 static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear)
-- 
2.48.1

On 06.03.2025 23:03, Jason Andryuk wrote:
> To hyperlaunch xenstore, we want it to automatically introduce all
> domains it finds while initializing.  To do that, change xsm_sysctl to
> allow XS_PRIV to call XEN_SYSCTL_getdomaininfolist.
> 
> Xenstore can already call XEN_DOMCTL_getdomaininfo for the same
> information, but it requires knowing the domid.
> XEN_SYSCTL_getdomaininfolist eliminates the need to guess domains.

Yet then - is it a good idea to make such changes here for the sake of a
new feature? If existing Xenstore was enhanced to use this, I'd find it
easier to accept the change. Otherwise can't the hyperlaunched Xenstore
behave like the "normal" one, not needing the change here to be made?

Jan

On 2025-03-17 10:13, Jan Beulich wrote:
> On 06.03.2025 23:03, Jason Andryuk wrote:
>> To hyperlaunch xenstore, we want it to automatically introduce all
>> domains it finds while initializing.  To do that, change xsm_sysctl to
>> allow XS_PRIV to call XEN_SYSCTL_getdomaininfolist.
>>
>> Xenstore can already call XEN_DOMCTL_getdomaininfo for the same
>> information, but it requires knowing the domid.
>> XEN_SYSCTL_getdomaininfolist eliminates the need to guess domains.
> 
> Yet then - is it a good idea to make such changes here for the sake of a
> new feature? If existing Xenstore was enhanced to use this, I'd find it
> easier to accept the change. Otherwise can't the hyperlaunched Xenstore
> behave like the "normal" one, not needing the change here to be made?

Sorry, the description is a lacking.  It was originally written for 
xenstore stubdom, but I pulled it over for this dom0less work.   With a 
combined xenstore & hardware domain, and running init-dom0less, it was a 
needed permission.

In light of Juergen's libxenmanage work, this may not longer by 
applicable for xenstore stubdom.  And I'll re-evaluate with dom0less 
side re-work.

Thanks,
Jason