xl queries SYSCTL_physinfo for the physical cpus:
domU:~# xl list
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number of cpus
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number of cpus
libxl: error: libxl_utils.c:817:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number of cpus
Name                    ID   Mem VCPUs        State   Time(s)
Domain-0                 0   800     1     r-----     130.0
dom0less-1               1   400     1     r-----     130.3
dom0less-2               2   800     1     r-----     130.3

Hardware and control are both privileged.  Allow them both access to
sysctls so they have insight into the running system.  This is coarse
grained permissions for the dummy policy.

Now the only sysctl denied to a control domain is readconsole.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
Could just allow physinfo to control as an alternative.  There could be
follow on sysctls needed in that case.
---
 xen/include/xsm/dummy.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index f4656bd179..ea8b2fd6ee 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -194,9 +194,10 @@ static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd)
     case XEN_SYSCTL_getdomaininfolist:
         return xsm_default_action(XSM_XS_PRIV, current->domain, NULL);
     case XEN_SYSCTL_readconsole:
-    case XEN_SYSCTL_physinfo:
         return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
     default:
+        if ( is_hardware_domain(current->domain) )
+            return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
         return xsm_default_action(XSM_PRIV, current->domain, NULL);
     }
 }
-- 
2.48.1