From nobody Fri Oct 31 03:56:58 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1749600045; cv=pass; d=zohomail.com; s=zohoarc; b=U+N5y++YzafV2nTn2ON1JR+sBYf33XchVd0DGyH58UtmpLkdq0tzcpSNBNc3my+qgMBnZczDEoua2zKUz/3NH7nSZywrHYnZd8qSWtS110Z5fKSx/g5bXn9UbqtmnRdpRaDSXEQujP+q3OGEcuTGzAhbfSFHcPnt2DzDs6IG57E= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1749600045; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=AtLW9DfF81MIMkOe9MoiU7sblleifJc7acw0muGW3+o=; b=YCANOx/8EZ1ALQSwltB2VOsmfwWIRM6YU1NudCQ4qyVMCIM6FldSzDvFRa3G2vpFnkRCB5Mv71PoKpGIs7HlETnyogMtaFJalgFJIfcvworGwvwcA9FM1soRRZmrP4WVa2D7NoHjX15izlmTf0/X9zmh/g8yUlxom14WkSzAFFo= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1749600045536959.538497392626; Tue, 10 Jun 2025 17:00:45 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1011226.1389591 (Exim 4.92) (envelope-from ) id 1uP8tN-0005i5-4y; Wed, 11 Jun 2025 00:00:33 +0000 Received: by outflank-mailman (output) from mailman id 1011226.1389591; Wed, 11 Jun 2025 00:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8tN-0005hy-20; Wed, 11 Jun 2025 00:00:33 +0000 Received: by outflank-mailman (input) for mailman id 1011226; Wed, 11 Jun 2025 00:00:32 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8tM-0005ZD-CL for xen-devel@lists.xenproject.org; Wed, 11 Jun 2025 00:00:32 +0000 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on20630.outbound.protection.outlook.com [2a01:111:f403:2412::630]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 1533f5d4-4657-11f0-a307-13f23c93f187; Wed, 11 Jun 2025 02:00:29 +0200 (CEST) Received: from MW2PR16CA0042.namprd16.prod.outlook.com (2603:10b6:907:1::19) by MW4PR12MB7430.namprd12.prod.outlook.com (2603:10b6:303:224::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8835.18; Wed, 11 Jun 2025 00:00:25 +0000 Received: from SJ5PEPF000001E8.namprd05.prod.outlook.com (2603:10b6:907:1:cafe::4f) by MW2PR16CA0042.outlook.office365.com (2603:10b6:907:1::19) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8792.19 via Frontend Transport; Wed, 11 Jun 2025 00:00:25 +0000 Received: from SATLEXMB03.amd.com (165.204.84.17) by SJ5PEPF000001E8.mail.protection.outlook.com (10.167.242.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8835.15 via Frontend Transport; Wed, 11 Jun 2025 00:00:24 +0000 Received: from SATLEXMB05.amd.com (10.181.40.146) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Jun 2025 19:00:15 -0500 Received: from SATLEXMB03.amd.com (10.181.40.144) by SATLEXMB05.amd.com (10.181.40.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Jun 2025 19:00:15 -0500 Received: from fedora.mshome.net (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server id 15.1.2507.39 via Frontend Transport; Tue, 10 Jun 2025 19:00:14 -0500 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 1533f5d4-4657-11f0-a307-13f23c93f187 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VxW8BtPYNZZBeuxhMJlXMiN2rhdm8J1hS+nxn/Ybnd7QXPmurJzSE4haHEQKYeGT0IjqtYkM0K8R0nAdG93xfwICv/2q5lNL/Nf4tabS30KlpI4SSM+Z8cNj0afwsfdP2mJtxer1j6+z2jcoxNa6C+irPcRxoZLOBmUOurHSwyTsLAbEp/qvrhN/z/3HFEml4asaH5JS3lRMAzzV0NjwnCZKwpGC1G7nR4ODDQIXt9t47guB0GIQ/K1V0cVVF8mFl3c2e5XXAQqTKvZcQBX0kwjfPYaDx05b+EHKi3/qVf3hks3am+GvZUdvRcIIiQ+kHG1mi+d1jbkNP6r49kknaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AtLW9DfF81MIMkOe9MoiU7sblleifJc7acw0muGW3+o=; b=ycXKq5eEMA8FWIO2QRsllpGhyQzlG8r3JLCyBjPdVNxbGzueNtdDTMU0u9YC3SK0jhx9hxd4nxZITwKTjUQ0nXLxL3hOlgpFXFULOlMqBJJoS9Oqf6jnvXYgHWxvl2OUyK2CymRBleCI08ua8LdDLJQLpXKfFIdjrlvxugSCEQ7v9VEXGARWyVtpGgvyaWrVRRaiJTBR9GmvJu1iyQzuimuWRkJHkf4i8y5QI6Di/Sb7RcB7R6ahQgMk0g4pxC2I/PbtBH34uSzlk/q3Rp4dB3SeJx8iAgK9ToyFpQxdimYtuLnFJfFJDo3zJU0eqP+96ERNT1g70yn6ZlIr3gXGJQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AtLW9DfF81MIMkOe9MoiU7sblleifJc7acw0muGW3+o=; b=DWCYRxJl56KmNL9ARjPdrAMjc157OQ2U00HQbgcieRvw74zpZ1EbRvhIxvNkIIPtwacATUVFAZYw8T6S38LVakj4O8lTSE0TNb8wammV1LP0ReY0hrWZIv1kEgXOJ8uxXldCpOifi1+kGyxWyKrZGO3NtNQyT82bvff5x1euU3g= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C From: Jason Andryuk To: CC: Jason Andryuk , Stefano Stabellini , Julien Grall , Bertrand Marquis , Michal Orzel , "Volodymyr Babchuk" , Andrew Cooper , Anthony PERARD , "Jan Beulich" , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" Subject: [PATCH 1/4] xen/xsm: Add XSM_HW_PRIV Date: Tue, 10 Jun 2025 18:57:34 -0400 Message-ID: <20250610225737.469690-2-jason.andryuk@amd.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250610225737.469690-1-jason.andryuk@amd.com> References: <20250610225737.469690-1-jason.andryuk@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: None (SATLEXMB05.amd.com: jason.andryuk@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001E8:EE_|MW4PR12MB7430:EE_ X-MS-Office365-Filtering-Correlation-Id: b027ab8e-e1c2-47de-e602-08dda87af718 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?pjRruIJrD93vBuZuEEkvlfSH21C8CBjDotMGlRGK7Uq239WWLSqJkNWHuaSf?= =?us-ascii?Q?jHqjgaacK0IAKftyEAAcmJ57QyTHwdeFofF7uRohJrPNtObVU9U1n3aqVZ79?= =?us-ascii?Q?fVusq7tx9bN+Eqrz+KbbPx5dCCjy665TMh8/AodDvJhejswtGp32sRwqmS20?= =?us-ascii?Q?XD0Dnwu9p4qrNke1qoEO42JTrxXV9SPuoe7t+40uUJwVwq42cB6UI764impy?= =?us-ascii?Q?nPNHJ4h26gnZsddQTdmgJB4ZlLvLURuEfGYrlQ9PNlmVL7WLDwis7B1RhayJ?= =?us-ascii?Q?UCEmQCCO9spb4BE9bngpTznd0fmZ0i4UkmvUWKpbJAToNkEQsTtmwrbEdaMp?= =?us-ascii?Q?B2iJ2JbqXOdGFI1gdkbjDoyh4b+W/RcQXT0Poj9Vy79pSklFxbs+3mQ4nEXY?= =?us-ascii?Q?NWqPRwaSW1U2yywJHE0bZbdu9GL6VeqYBOo3+Eix2lCm6zrB5OZLu/7S8JJg?= =?us-ascii?Q?YOdYEYYO/B03FKOfP+jUzdgM9CxPCjhUODOtLUjl88EPtdago10+TKn9rkhs?= =?us-ascii?Q?tJ//qEbBGOVp9qYSEnIfgBA6KHX1+h2Fx9KYHrt7HDgEOcLU8f+Z0PcTamMZ?= =?us-ascii?Q?BfdjRu/ePaeuY48RIJQSwvrWkj8G+0Yp7p1LLuZMlrSKbg8OwnpXA6sc0BA8?= =?us-ascii?Q?Sp7cbfiXtN9rR1I6ai5/J7fryQ2a23oalpt2pIBdZHF7cAe8nQv5qKrC4BOH?= =?us-ascii?Q?q2V1IlhJ04QumtJLb+7oNqJS0rxshd5n4xvG4wszmxmpuPuyKOmN0GnR6wOw?= =?us-ascii?Q?UyhAO4Xxg8OJVx9vVUL40tDQKUQ8Ut/3Alte5DjYKb0mtbnZSxZ/RNJ2O8xR?= =?us-ascii?Q?GYKTHFyfKcUxDH/WINFjM3JkaUlvAgvF4H+cZ2xNQBAte2W9kgQNwTp7TZM0?= =?us-ascii?Q?Qu8OXDFK5Hv6cO6XIwWZNEGgJy1JVJZZyp+rdMP0IKcrE92i/TUtoMi6CtMz?= =?us-ascii?Q?RlOY3VfUoE/f7a0gMS5fb+0hBhmUJOuqv5UKKS1XwE4t9iYY4CJXsnohVRjd?= =?us-ascii?Q?Zui2+Mc7O0FEgw3hfPR4+h0uHpNYRAMGC5tbon+38SIocZgUAtb/boJjyNN9?= =?us-ascii?Q?N5wt1ChWQnuAV/BOEjp3Ws0IhLbmHtfx2y9nnlAGYHMI7sa+jo7i2qzupeh2?= =?us-ascii?Q?JcIjntomPBCDXhbWYXStBSTSEDcg7U9d3V7OVCSS1gve8ZsE0jT9RKEm93Pi?= =?us-ascii?Q?MRoPno4kqMVczvb8iO9XdQm7e4peWHWbClBx4e5qn74kzE1EeUeQhOd78df6?= =?us-ascii?Q?C30lri+TjL6blpfahOE5uh/VPaylWIhoBvz2tTi2RSFcY9M/1U9SblOGmfdU?= =?us-ascii?Q?XkGShJ5xSaPdpoL4KYl2OFs4HcRbC2QGE8+V0x6PZuU2PEHiievRvCSqoON5?= =?us-ascii?Q?CCLe6IPwo50ljyP/heHAWy+LJaZqHYrnq5sO8VXNFZB7yDtGzWNvMMzTqj6V?= =?us-ascii?Q?nLgD53VGOvWbtwNJFin8EtZMOXPEm0/s0hRcDoEXLRPKCfVk64W9R/5/0IlJ?= =?us-ascii?Q?axRPk2+aga0rOLShh2vxFDjbEKLaFaq9hyoc?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jun 2025 00:00:24.0138 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b027ab8e-e1c2-47de-e602-08dda87af718 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001E8.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7430 X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1749600047494116600 Content-Type: text/plain; charset="utf-8" Xen includes disctinct concepts of a control domain (privileged) and a hardware domain, but there is only a single XSM_PRIV check. For dom0 this is not an issue as they are one and the same. With hyperlaunch and its build capabilities, a non-privileged hwdom and a privileged control domain should be possible. Today the hwdom fails the XSM_PRIV checks for hardware-related hooks which it should be allowed access to. Introduce XSM_HW_PRIV, and use it to mark many of the physdev_op and platform_op. The hwdom is allowed access for XSM_HW_PRIV. Make XSM_HW_PRIV a new privilege level that is given to the hardware domain, but is not exclusive. The control domain can still execute XSM_HW_PRIV commands. This is a little questionable since it's unclear how the control domain can meaningfully execute them. But this approach is chosen to maintain the increasing privileges and keep control domain fully privileged. Testing was performed with hardware+xenstore capabilities for dom0 and a control dom3 booted from hyperlaunch. The additional xenstore permissions allowed hwdom+xenstore XSM_XS_PRIV which are necesary for xenstore. A traditional dom0 will be both privileged and hardware domain, so it continues to have all accesses. Why not XSM:Flask? XSM:Flask is fine grain, and this aims to allow coarse grain. domUs are still domUs. If capabilities are meant to be a first class citizen, they should be usable by the default XSM policy. Signed-off-by: Jason Andryuk --- xen/arch/arm/platform_hypercall.c | 2 +- xen/arch/x86/msi.c | 2 +- xen/arch/x86/physdev.c | 12 ++++++------ xen/arch/x86/platform_hypercall.c | 2 +- xen/drivers/passthrough/pci.c | 5 +++-- xen/drivers/pci/physdev.c | 2 +- xen/include/xsm/dummy.h | 20 ++++++++++++-------- xen/include/xsm/xsm.h | 1 + 8 files changed, 26 insertions(+), 20 deletions(-) diff --git a/xen/arch/arm/platform_hypercall.c b/xen/arch/arm/platform_hype= rcall.c index ac55622426..a84596ae3a 100644 --- a/xen/arch/arm/platform_hypercall.c +++ b/xen/arch/arm/platform_hypercall.c @@ -35,7 +35,7 @@ long do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_o= p_t) u_xenpf_op) if ( d =3D=3D NULL ) return -ESRCH; =20 - ret =3D xsm_platform_op(XSM_PRIV, op->cmd); + ret =3D xsm_platform_op(XSM_HW_PRIV, op->cmd); if ( ret ) return ret; =20 diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 5389bc0867..30801d980c 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1360,7 +1360,7 @@ int pci_restore_msi_state(struct pci_dev *pdev) if ( !use_msi ) return -EOPNOTSUPP; =20 - ret =3D xsm_resource_setup_pci(XSM_PRIV, + ret =3D xsm_resource_setup_pci(XSM_HW_PRIV, (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn); if ( ret ) diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 4dfa1c0191..ce1ba41fa3 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -358,7 +358,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) ret =3D -EFAULT; if ( copy_from_guest(&apic, arg, 1) !=3D 0 ) break; - ret =3D xsm_apic(XSM_PRIV, currd, cmd); + ret =3D xsm_apic(XSM_HW_PRIV, currd, cmd); if ( ret ) break; ret =3D ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.valu= e); @@ -372,7 +372,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) ret =3D -EFAULT; if ( copy_from_guest(&apic, arg, 1) !=3D 0 ) break; - ret =3D xsm_apic(XSM_PRIV, currd, cmd); + ret =3D xsm_apic(XSM_HW_PRIV, currd, cmd); if ( ret ) break; ret =3D ioapic_guest_write(apic.apic_physbase, apic.reg, apic.valu= e); @@ -388,7 +388,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) =20 /* Use the APIC check since this dummy hypercall should still only * be called by the domain with access to program the ioapic */ - ret =3D xsm_apic(XSM_PRIV, currd, cmd); + ret =3D xsm_apic(XSM_HW_PRIV, currd, cmd); if ( ret ) break; =20 @@ -490,7 +490,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) if ( copy_from_guest(&dev, arg, 1) ) ret =3D -EFAULT; else - ret =3D xsm_resource_setup_pci(XSM_PRIV, + ret =3D xsm_resource_setup_pci(XSM_HW_PRIV, (dev.seg << 16) | (dev.bus << 8) | dev.devfn) ?: pci_prepare_msix(dev.seg, dev.bus, dev.devfn, @@ -501,7 +501,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) case PHYSDEVOP_pci_mmcfg_reserved: { struct physdev_pci_mmcfg_reserved info; =20 - ret =3D xsm_resource_setup_misc(XSM_PRIV); + ret =3D xsm_resource_setup_misc(XSM_HW_PRIV); if ( ret ) break; =20 @@ -567,7 +567,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) if ( setup_gsi.gsi < 0 || setup_gsi.gsi >=3D nr_irqs_gsi ) break; =20 - ret =3D xsm_resource_setup_gsi(XSM_PRIV, setup_gsi.gsi); + ret =3D xsm_resource_setup_gsi(XSM_HW_PRIV, setup_gsi.gsi); if ( ret ) break; =20 diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hype= rcall.c index 90abd3197f..8efb4ad05f 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -228,7 +228,7 @@ ret_t do_platform_op( if ( op->interface_version !=3D XENPF_INTERFACE_VERSION ) return -EACCES; =20 - ret =3D xsm_platform_op(XSM_PRIV, op->cmd); + ret =3D xsm_platform_op(XSM_HW_PRIV, op->cmd); if ( ret ) return ret; =20 diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 3edcfa8a04..9de7f0d358 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -672,7 +672,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, else type =3D "device"; =20 - ret =3D xsm_resource_plug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | dev= fn); + ret =3D xsm_resource_plug_pci(XSM_HW_PRIV, (seg << 16) | (bus << 8) | = devfn); if ( ret ) return ret; =20 @@ -824,7 +824,8 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn) struct pci_dev *pdev; int ret; =20 - ret =3D xsm_resource_unplug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | d= evfn); + ret =3D xsm_resource_unplug_pci(XSM_HW_PRIV, + (seg << 16) | (bus << 8) | devfn); if ( ret ) return ret; =20 diff --git a/xen/drivers/pci/physdev.c b/xen/drivers/pci/physdev.c index 0161a85e1e..c223611dfb 100644 --- a/xen/drivers/pci/physdev.c +++ b/xen/drivers/pci/physdev.c @@ -86,7 +86,7 @@ ret_t pci_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void= ) arg) dev_reset.dev.bus, dev_reset.dev.devfn); =20 - ret =3D xsm_resource_setup_pci(XSM_PRIV, sbdf.sbdf); + ret =3D xsm_resource_setup_pci(XSM_HW_PRIV, sbdf.sbdf); if ( ret ) break; =20 diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 9227205fcd..d8df3f66c4 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -94,6 +94,10 @@ static always_inline int xsm_default_action( if ( target && evaluate_nospec(src->target =3D=3D target) ) return 0; fallthrough; + case XSM_HW_PRIV: + if ( action =3D=3D XSM_HW_PRIV && is_hardware_domain(src) ) + return 0; + fallthrough; case XSM_PRIV: if ( is_control_domain(src) ) return 0; @@ -275,7 +279,7 @@ static XSM_INLINE int cf_check xsm_console_io( if ( cmd =3D=3D CONSOLEIO_write ) return xsm_default_action(XSM_HOOK, d, NULL); #endif - return xsm_default_action(XSM_PRIV, d, NULL); + return xsm_default_action(XSM_HW_PRIV, d, NULL); } =20 static XSM_INLINE int cf_check xsm_profile( @@ -455,33 +459,33 @@ static XSM_INLINE int cf_check xsm_resource_unplug_co= re(XSM_DEFAULT_VOID) static XSM_INLINE int cf_check xsm_resource_plug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_unplug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_setup_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_setup_gsi(XSM_DEFAULT_ARG int = gsi) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_setup_misc(XSM_DEFAULT_VOID) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 @@ -673,7 +677,7 @@ static XSM_INLINE int cf_check xsm_mem_sharing(XSM_DEFA= ULT_ARG struct domain *d) =20 static XSM_INLINE int cf_check xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 @@ -701,7 +705,7 @@ static XSM_INLINE int cf_check xsm_mem_sharing_op( static XSM_INLINE int cf_check xsm_apic( XSM_DEFAULT_ARG struct domain *d, int cmd) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, d, NULL); } =20 diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 24acc16125..264db4d8ee 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -36,6 +36,7 @@ enum xsm_default { XSM_DM_PRIV, /* Device model can perform on its target domain */ XSM_TARGET, /* Can perform on self or your target domain */ XSM_PRIV, /* Privileged - normally restricted to dom0 */ + XSM_HW_PRIV, /* Hardware Privileged - normally restricted to dom0/hwd= om */ XSM_XS_PRIV, /* Xenstore domain - can do some privileged operations */ XSM_OTHER /* Something more complex */ }; --=20 2.49.0 From nobody Fri Oct 31 03:56:58 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1749600058; cv=pass; d=zohomail.com; s=zohoarc; b=edUaaQVBijtVLJ9OyGyJ2+HSAMw+OCFbsayvuKbcmcJV5DbqRzoR4/9cbaLS9mcpG4gwBDBZy1q51TUXSGzkwsWyLQWknX+JKwnZkfpMpAH86ympLq3qogXWm5lz2jL609e8N5QafVOd97nya8bTrNsC93vcwhgw42nh5SEJ57k= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1749600058; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ts3RTY6TOei3qYAavMrJU+OXq8P7HWjtk/s03Gzv3uE=; b=gnJHSQDgxG8kgu+y/YcanuCvaiBlnI3nyDiR6MpOya8IwSr/1U5XW4pC7hJaPJv8vOYn5Jlqcz9Ayr39rSd8G9DmLbi8N01BQFwZcgfefBdRUowDBnuQdLjdJFxTFuEuG4V12j99BkNFxR63PyCgIARmwRK3xacTQnvIrdWQxCg= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1749600058649983.717759442043; Tue, 10 Jun 2025 17:00:58 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1011232.1389612 (Exim 4.92) (envelope-from ) id 1uP8ta-0006UL-P1; Wed, 11 Jun 2025 00:00:46 +0000 Received: by outflank-mailman (output) from mailman id 1011232.1389612; Wed, 11 Jun 2025 00:00:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8ta-0006U9-Lk; Wed, 11 Jun 2025 00:00:46 +0000 Received: by outflank-mailman (input) for mailman id 1011232; Wed, 11 Jun 2025 00:00:45 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8tZ-0005ZD-Fw for xen-devel@lists.xenproject.org; Wed, 11 Jun 2025 00:00:45 +0000 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on20616.outbound.protection.outlook.com [2a01:111:f403:2415::616]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 1e73f5f3-4657-11f0-a307-13f23c93f187; Wed, 11 Jun 2025 02:00:44 +0200 (CEST) Received: from SJ0PR13CA0221.namprd13.prod.outlook.com (2603:10b6:a03:2c1::16) by IA1PR12MB9531.namprd12.prod.outlook.com (2603:10b6:208:596::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8792.34; Wed, 11 Jun 2025 00:00:39 +0000 Received: from SJ5PEPF000001EE.namprd05.prod.outlook.com (2603:10b6:a03:2c1:cafe::ab) by SJ0PR13CA0221.outlook.office365.com (2603:10b6:a03:2c1::16) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8835.19 via Frontend Transport; Wed, 11 Jun 2025 00:00:39 +0000 Received: from SATLEXMB03.amd.com (165.204.84.17) by SJ5PEPF000001EE.mail.protection.outlook.com (10.167.242.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8835.15 via Frontend Transport; Wed, 11 Jun 2025 00:00:38 +0000 Received: from SATLEXMB03.amd.com (10.181.40.144) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Jun 2025 19:00:18 -0500 Received: from fedora.mshome.net (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server id 15.1.2507.39 via Frontend Transport; Tue, 10 Jun 2025 19:00:18 -0500 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 1e73f5f3-4657-11f0-a307-13f23c93f187 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JUgn2NKGswK0DwIFzbwxeWx0LRxNBJBigN7jGE+AQ/4+JCwnczdM3MsdZIurnXb0Aik2z7Gp1Nam1A3TcD48792Rewf5l3K0GtQdjjYfmqEdPfyAfF3wpuzknNsgmUwk8Tezwg7CU9NyMIc29+r+TGopVvw/pyrpFxS0h6lhfm6ilheHbZ89+sUWPGe9SvX9mX6wtqJcJRjuS2hOn8TfWMpwSXD2xzJ7h+nBPhOM4tujR0ARRu3BkxTQ3dJ4Gmp6TmXu5ZxEuwOEHwViPUCtDIo6dX4WAi0Tof3J7xm3pDS5m/LPgXZaa++Z1KDSRWBj8bmqsHngyZJ0t3DwWdo05Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ts3RTY6TOei3qYAavMrJU+OXq8P7HWjtk/s03Gzv3uE=; b=OdkVbd/KUZAU2i+D8PRHzvoHJjnfvFYBezC8OS8SSo68neJSjSWw25v3CTDE7IGGS6PuO9RFCYUJ4aA4i74KWFqlkdy7WLeMnk2wRZunad4TeR/lVrpgOPhj4A8ihT9h9QjZp0yK0Op9zliawNv61zn0/l12TZPk4gSkElPZ1vXSy/9wDyfh4f+5XmOv3vxQ8Lx9vRdwC/to7RYEfwDcQQw7GON299Vopm3oMfdpJqJGkozwBZ3sJl9eCImASLu/nZFl9EQx6TIncBoNuKj6Vv8vqI0ulClPd/0YMEJh8+tCbpVhlcfFdBE+5vwMr05t4rWAjU5jUJ8Uk6hwdAC85g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ts3RTY6TOei3qYAavMrJU+OXq8P7HWjtk/s03Gzv3uE=; b=qbb/I+Ln/dDM0ZY22vvVEVxguSuZHuekGsUfJ7xF4TEzPPbTK7y/XssSELs46alWPzS3pe/SGUtRDfrzMGeh6JJJutz/MTePrHVoRGZK8wrF5FuyJVUQg9FPn0mVfwEq06o1B/Gt3zTGs0HjsuuP5HgPS+RuF7QgzypZftVL2VA= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C From: Jason Andryuk To: CC: Jason Andryuk , "Daniel P. Smith" Subject: [PATCH 2/4] xsm/silo: Support hwdom/control domains Date: Tue, 10 Jun 2025 18:57:35 -0400 Message-ID: <20250610225737.469690-3-jason.andryuk@amd.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250610225737.469690-1-jason.andryuk@amd.com> References: <20250610225737.469690-1-jason.andryuk@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: None (SATLEXMB03.amd.com: jason.andryuk@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001EE:EE_|IA1PR12MB9531:EE_ X-MS-Office365-Filtering-Correlation-Id: dbf7e91d-6e07-4c88-c748-08dda87affe2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?uhBRqAIp2Y8z/xynMDZSmGg/FQSCEpqfjMoYyZLywLhidGeqzlVB+1DXKEtS?= =?us-ascii?Q?phDRQF5lX/8O6gvQ5ZgPWK/uyQby6b83nCDDFfkXkjTGXvvtI2OY2LeLUq3V?= =?us-ascii?Q?vAm6IqvsC8Pdvzu0smXZYAlx1im+WfsdoeEtIDueEBrXonYoot4l2ibmhoPa?= =?us-ascii?Q?YcT+yWVwuNdaVkHdFa+FOPrCEfC9tIY0oLofyeLiYOemP0WVpktJy3yKkuba?= =?us-ascii?Q?KiI0YpikYUIhr+o6v86G0ijQRPq3cT0CiGoK3wm9RnxG75LAbHGKH8ImAmXo?= =?us-ascii?Q?duU2FLsRoHCgN2TomeO0SCEyoGQa4lkuwVBANnw0sSf5S4apXw7t9MIfHLjV?= =?us-ascii?Q?/dCUybSEJM/L3FJLuVrSl06tbtN2MtS2YOWx1V0ia/Kx5jFFABEykdmRjSeh?= =?us-ascii?Q?bo1pomZ1KGzC4PboQHbvnY5v1WF2gp+0CQV+rVpQJFc4jzTujfsd/h7RoBVR?= =?us-ascii?Q?lXhvFjFIkTiqcM/W+j32WTTpIHiV3rWsEtnXNIOFb0HY1wVft95SPj4sE+8n?= =?us-ascii?Q?2FOG/rD/ODbaqKBG5qjRBcDoviOwGJGKtWuSz6/RECuvbBeuFz+/HImzNKAM?= =?us-ascii?Q?H9nrXl9e36e4uN1AHOA7xP6zPSkS7l+WUOmjFHxe7EJZ67oo6DOBEzpzSTdv?= =?us-ascii?Q?PjcW9ez8cxKCaW8g9oro3AmuHW1zvi9FmK7AvsF/GJwyNhFDLc5b2fGhIxAI?= =?us-ascii?Q?gBrvrDtoff7d7Lo3RKmK7bwlPXm1e775rnQRKSl2V7V6sQJqQodraTjHsdzD?= =?us-ascii?Q?9/cjAtUrB3gvPMQuXxSL7NHO5sWBvJYrDKSi50Y0wX/Nv8pwb/7Rz5hjM8nX?= =?us-ascii?Q?IclDAVppc/WCb3F7iz9SMrhNDKq+18EthBQSGUkggMWWopdqsCnKmNq2d/Iw?= =?us-ascii?Q?laKydHkwayBhzYoaBHwX8s5i7nEji51latsGLDWk2lOHI0ZcU89id6fA9UUB?= =?us-ascii?Q?TV5fI4DTAfoZ3esrL5zY/OGO9AbGgMTCYqGOhUlLyMEDz5HJGsm4egZeu+lZ?= =?us-ascii?Q?rK+ZN4TMlHeL/wBCv1UNaSG35sY/fSWeoSl8TV1dBSEUxto2/k3oYZxPHlqD?= =?us-ascii?Q?noPkJ3znt80P7JaV5QvIb8OhHpgYJYalmpJSSpl5adyyN7L6KJQmr5+3ZWEf?= =?us-ascii?Q?Csm88v8/ld18mJezt5C0Yq4CXr6jXxRotxAMxQ5susRA5w06aQO4qXIDqKpj?= =?us-ascii?Q?pIfvTlfhJ35mrBLpULgpVz/C3E/jLoFftben+aAfO2eVEFSyIC6lYDFfuoMS?= =?us-ascii?Q?4qbB3/d8ddDfwiE9L4IyGc/C9zPnC1zqCbaiheEohFe0GqplJvivqwfKKhCV?= =?us-ascii?Q?ew6VsRGyPnVs1VMFkjhzGwba9XwkNaPUrDdkgkrtMBMO3WesIr+SPwF+raSw?= =?us-ascii?Q?/krwklAsHMvjKuntzsMt/5N8B/w3fP9/0kbNsvD092rADqlyv2u1Q4a2ZLrf?= =?us-ascii?Q?zxXXZKJUXTJVEnt0h7xWk7olc+vMCbU149CgTFKzS9T33FpkeBCe7yL/0gIm?= =?us-ascii?Q?93FURbUsLclKSPFSqKmW6fJuMjPU9g6e245x?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jun 2025 00:00:38.7944 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dbf7e91d-6e07-4c88-c748-08dda87affe2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001EE.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB9531 X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1749600059455116600 Content-Type: text/plain; charset="utf-8" In a disaggregated environment, dom0 is split into Control, Hardware, and Xenstore domains, along with domUs. The is_control_domain() check is not sufficient to handle all these cases. Add is_priv_domain() to support allowing for the various domains. The purpose of SILO mode is to prevent domUs from interacting with each other. But dom0 was allowed to communicate with domUs to provide services. As the disaggregation of dom0, Control, Hardware and Xenstore are all service domains that need to communicate with other domains. To provide xenstore connections, the Xenstore domain must be allowed to connect via grants and event channels. Xenstore domain must also be allowed to connect to Control and Hardware to provide xenstore to them. Hardware domain will provide PV devices to domains, so it must be allowed to connect to domains. That leaves Control. Xenstore and Hardware would already allow access to Control, so it can obtain services that way. Control should be "privileged", which would mean it can make the connections. But with Xenstore and Hardware providing their services to domUs, there may not be a reason to allow Control to use grants or event channels with domUs. Still, Control is privileged, so it should be allowed to do something if it chooses. Establishing a grant, or event channel requires action on both sides, so allow for the possibility. This does open up an argo wildcard ring from domUs, FWIW. This silo check is for grants, event channels and argo. The dummy policy handles other calls, so Hardware is prevented from foreign mapping Control's memory with that. Signed-off-by: Jason Andryuk --- v2: Add xenstore domain Expand commit message Remove always_inline --- xen/xsm/silo.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index b89b364287..db48705674 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -20,6 +20,12 @@ #define XSM_NO_WRAPPERS #include =20 +static bool is_priv_domain(const struct domain *d) +{ + return is_xenstore_domain(d) || is_hardware_domain(d) || + is_control_domain(d); +} + /* * Check if inter-domain communication is allowed. * Return true when pass check. @@ -29,8 +35,8 @@ static bool silo_mode_dom_check(const struct domain *ldom, { const struct domain *currd =3D current->domain; =20 - return (is_control_domain(currd) || is_control_domain(ldom) || - is_control_domain(rdom) || ldom =3D=3D rdom); + return (is_priv_domain(currd) || is_priv_domain(ldom) || + is_priv_domain(rdom) || ldom =3D=3D rdom); } =20 static int cf_check silo_evtchn_unbound( --=20 2.49.0 From nobody Fri Oct 31 03:56:58 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1749600055; cv=pass; d=zohomail.com; s=zohoarc; b=DRbKTkDdaxwT8huU6y8WCwj1ight81VnpnrtVNCAbCAFRVAa5NcolN2hOELWITWn4CLDvSHdvePYRFU8uk+L3a3soij6WuQ2wTz0BLn2aTkYpfQhofxoAxiAtzhGWOY89hVBaqjlI5ovEauOgh2tWZlL1StwXid5kMUI9t9VtHU= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1749600055; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=zdLqkA4EvLX02tBUyJKyjGQgzohmrtGsAZgJTfe1LLw=; b=aVaZyFK8Fsgzt9nkDI+ZTQL6yYYtAi2YUC30myLgVqr+VWmovhY+1Ht0vyrLi5jNqX8NyGQLgSqQIKp2X0DmZmM6gvDaNDkCjHpxdeD3HU/5BYGh/9L9HVp/Jtwvcj9dyKazMMSAChMX/U/3qOahqCbmfcCUz0jBOeD+XBCwUFE= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1749600055741397.50108532204024; Tue, 10 Jun 2025 17:00:55 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1011227.1389602 (Exim 4.92) (envelope-from ) id 1uP8tR-000612-HF; Wed, 11 Jun 2025 00:00:37 +0000 Received: by outflank-mailman (output) from mailman id 1011227.1389602; Wed, 11 Jun 2025 00:00:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8tR-00060q-Cw; Wed, 11 Jun 2025 00:00:37 +0000 Received: by outflank-mailman (input) for mailman id 1011227; Wed, 11 Jun 2025 00:00:35 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8tP-0005ZD-Lo for xen-devel@lists.xenproject.org; Wed, 11 Jun 2025 00:00:35 +0000 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on20609.outbound.protection.outlook.com [2a01:111:f403:2417::609]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 157a6155-4657-11f0-a307-13f23c93f187; Wed, 11 Jun 2025 02:00:29 +0200 (CEST) Received: from PH3PEPF000040AB.namprd05.prod.outlook.com (2603:10b6:518:1::4d) by SN7PR12MB7249.namprd12.prod.outlook.com (2603:10b6:806:2a9::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8792.34; Wed, 11 Jun 2025 00:00:23 +0000 Received: from SJ1PEPF000026C8.namprd04.prod.outlook.com (2a01:111:f403:c902::15) by PH3PEPF000040AB.outlook.office365.com (2603:1036:903:49::3) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8835.17 via Frontend Transport; Wed, 11 Jun 2025 00:00:23 +0000 Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000026C8.mail.protection.outlook.com (10.167.244.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8835.15 via Frontend Transport; Wed, 11 Jun 2025 00:00:22 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Jun 2025 19:00:22 -0500 Received: from SATLEXMB03.amd.com (10.181.40.144) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Jun 2025 19:00:22 -0500 Received: from fedora.mshome.net (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server id 15.1.2507.39 via Frontend Transport; Tue, 10 Jun 2025 19:00:21 -0500 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 157a6155-4657-11f0-a307-13f23c93f187 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qzXkmbVAl45AEJBMkdvFzbiFERSXIQid7KmoW7WEahhwrfBu9O6NEmcUdmrC4aCNLSosqJz0EYqgTuSEgkZOqJa3kI5r6daYwir+UExsFctKiHm+3UvGoB69t8hFtzrNuJzKA9klvFbSvnVJG2BzfUY7uara5um5duk1mgAoB1D7lDttbr4MLU+NEu4Tz6qSIFI3WWWiWVIsy3Xtbu1d5sehBCV7EgEZyJqqB7NPrUNe0QrOkX/B1HhsAGv2KyP3ypdsfecCDBHkBESXWQHVEvKYMrT3ylqx32r3BUyWDkHGXJOxopUEX1Noz7GSz28CHfdlGwrn9YYEC6RMoC0Kbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zdLqkA4EvLX02tBUyJKyjGQgzohmrtGsAZgJTfe1LLw=; b=DZtloHoxG9sT1lfDWr7nw3GyMME/vxm9f17Kk/CpmyHcKHwOel3zR3RbLhAwpiJcRKyv2qmUXlVOmiXO+MUZrR8+52M7SYmbQPMeHY1/hoMicEjxNL2ScEFxKqzIDtZRWtZWBk7SZ/hh/TRbPztt0Uwf9cIUM8J4uUYXq4kXF9wwE4IjGbB3y02ldyecAHDKMFJmk6v8Aj0B4wibhukkpxyejqpXrwVKoWNNGE2kXXfdH86sZuSiIef0IscLt9+JNmjLi5In+SD3dPNZSRXiGzs/I920bPsIcKK9b4IzAoGVb3AXZCqc2cehy2vc+onZytqd3mGWYu0uDWU4tiB5RQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zdLqkA4EvLX02tBUyJKyjGQgzohmrtGsAZgJTfe1LLw=; b=q+fPyQes+m3+HQBY4T698VsdJp26wr1oxnsvvFB+qYElukenyRjz+bC0pnCvqznTv6D8YZ0zCyg4XbnWIeYbbpMJfSebqrFQQY6W6MBT1N1ZEkJRxbUlvstMT0AjVf4xldLd0exjyzdqwarvINLQ8KD6lRZXM8NJAQ3+0Flbpvs= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Jason Andryuk To: CC: Jason Andryuk , Christian Lindig , David Scott , Anthony PERARD , Andrew Cooper , Michal Orzel , Jan Beulich , "Julien Grall" , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , Bertrand Marquis , Volodymyr Babchuk , "Daniel P. Smith" Subject: [PATCH 3/4] xen: Add DOMAIN_CAPS_DEVICE_MODEL & XEN_DOMCTL_CDF_device_model Date: Tue, 10 Jun 2025 18:57:36 -0400 Message-ID: <20250610225737.469690-4-jason.andryuk@amd.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250610225737.469690-1-jason.andryuk@amd.com> References: <20250610225737.469690-1-jason.andryuk@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000026C8:EE_|SN7PR12MB7249:EE_ X-MS-Office365-Filtering-Correlation-Id: b829edcd-9a12-44f3-621c-08dda87af660 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?7d/lOFBrlRJ7S/hjSF48bWBwuLmsIQ+c03Wgri238ZvUMguOchGFnllEpWqY?= =?us-ascii?Q?YfiastXJDukhrq9Y4viXDyPn0fPeVXzlJOdS/LxgiXSvs1ZVbhWaVNLOhsWg?= =?us-ascii?Q?xfQJAir+e3493/CGGlHoj8IagtoY7PailaTaodPsq1xXkSAGZ9AKihJveCOu?= =?us-ascii?Q?U3JyKZuvRBjCyAF9D8eitRyHJC98Y7D9pg63s7QdUGOOGTNPpl3b3JwSHLoC?= =?us-ascii?Q?GZzXH+S9FMcMLbNTHSlTRFIloH/pz9q1PHNNRr0YPMSoFiX5GXPMeOQ32hiE?= =?us-ascii?Q?8RpHsPUVyUJHR7Ur5YIUzlhKc7MK/TlVlC8c/9jXLwUH4bUmrA9UkulbOYp9?= =?us-ascii?Q?ERCLS+2jK+c0lQdkzdfXjCGjqV2GrOcWfsYVOerJAsDLdiK2r2inbKFr4zkc?= =?us-ascii?Q?t+L6Zmb2fmGFkTF7HvhihYJyHq5GFGM3+7/WLeixOPYT6qs1pey9c7Gn2zmC?= =?us-ascii?Q?Iz4A1wch6B8BFAUxXEnzzFDcs6zvYmQ5eWOoK90IJkRmLNcPFeH5Nfb3F+/M?= =?us-ascii?Q?9i1cQcMWzfKUUXGsq3H/nSxj4HtkN17IhLpD4uP9Y7NOAez8zwAzLq7VIr8K?= =?us-ascii?Q?5RN3X0bK5l93x1YQ+3AHQCyC8u1bggMEo8QAJ+bUItuWiQTndVgJGKgq1Ubk?= =?us-ascii?Q?mQ6IRaTXMEdsFqq0tl7TskWBprD3vt4uceskpsdGcuKLMr0bOCTEKGUv4/9e?= =?us-ascii?Q?uE/VuPs6qwimMcu3DRqunxlTeDkd44qimxEx2T+oeNWA+PfkrRzoeC0SnBbh?= =?us-ascii?Q?jiJOxySsa0eqKfO54X9/mzqG7/WN+X2nwo/42kCxPg00MDD+5a3AsrF4Q7Kr?= =?us-ascii?Q?hPNzOeVgVyKwACGP79D7MyTmFyNGk9mYliowKSB9QMBtC+lmqawrxx82m91F?= =?us-ascii?Q?Zrn2DLLYJlGuYTgFOKXmvsKL6pGGbrXxW8sLPYzmE7Y9RrnqPph0z4C0yw5Z?= =?us-ascii?Q?Dxq4HlhMHQ/+UelxUbem7WXOCPQ3TMMpXuvTAY6Lio1mMwjn7Y22nXRLsdXa?= =?us-ascii?Q?NpkYcZVGYu3s2C+NwSuXGx9OnSIOTle+EJ8jj/vNLBAluZNcTTIEKTZxQczU?= =?us-ascii?Q?fBpgkJyBmw4VPHzT9tjwsE4QWwuvvkKm0pRAmD2GnVru2ix+T0C9en8tTQKP?= =?us-ascii?Q?PzU+GDk7Fj1HqQoxBte0kWWvcFI9a/oEF8QNnZLzNvutkpkAQ5Wrpz9k8Xyr?= =?us-ascii?Q?UQVWd7FDMv/LRMEQvCv3UKs3+WizZBxZ4L+PBsP+NK9rSSqVHQNvMQM9UqTW?= =?us-ascii?Q?Xsy7TA2jXJoFJalq4beD4mwjO5B98ruQplkTqlh6+E7oWyRs6sCHKDy7PWj/?= =?us-ascii?Q?YeasOyaL7PzD6quJKY7I8BSvCjls9rTwbdoZFz5MEdvJgAyrQBjIH+qgEb6h?= =?us-ascii?Q?V0lYJKmtq35RLaDRpbJtBhNzbYNAYhO8aF7Tf2aCDq6hrTMFCQO5S/FIzMfg?= =?us-ascii?Q?8SxHctPxkbmX5lE9R7MOMp1TVbeAqzeJW+X/n7S5JvZkquWf+hWMQBTJLzqV?= =?us-ascii?Q?XxGRBgmGcdYhxyXwdjJ3cXAnhs4rR8ZlUUw2?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jun 2025 00:00:22.8192 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b829edcd-9a12-44f3-621c-08dda87af660 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000026C8.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7249 X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1749600057566116600 Content-Type: text/plain; charset="utf-8" To add more flexibility in system configuration add the new DOMAIN_CAPS_DEVICE_MODEL flag and XEN_DOMCTL_CDF_device_model. Thie new flag corresponds to allowing XSM_DM_PRIV for the domain. This will enable running device model emulators (QEMU) from the assigne domain for multiple target domains. Stubdoms assign target allowing the stubdom to serve as the device model for a single domain. This new flag allows the single domain to provide emulators for multiple guests. The specific scenario is a disaggregated system with the hardware domain providing device models for muitple guest domains. The OCaml code needs the flag added in as well. Signed-off-by: Jason Andryuk Acked-by: Christian Lindig --- tools/ocaml/libs/xc/xenctrl.ml | 1 + tools/ocaml/libs/xc/xenctrl.mli | 1 + xen/arch/arm/domain.c | 3 ++- xen/common/device-tree/dom0less-build.c | 3 +++ xen/common/domain.c | 3 ++- xen/include/public/bootfdt.h | 12 ++++++++++-- xen/include/public/domctl.h | 4 +++- xen/include/xen/sched.h | 9 +++++++++ xen/include/xsm/dummy.h | 2 ++ 9 files changed, 33 insertions(+), 5 deletions(-) diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml index 2690f9a923..ef0c5dca2a 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml @@ -70,6 +70,7 @@ type domain_create_flag =3D | CDF_IOMMU | CDF_NESTED_VIRT | CDF_VPMU + | CDF_DEVICE_MODEL =20 type domain_create_iommu_opts =3D | IOMMU_NO_SHAREPT diff --git a/tools/ocaml/libs/xc/xenctrl.mli b/tools/ocaml/libs/xc/xenctrl.= mli index febbe1f6ae..c0156fa5c6 100644 --- a/tools/ocaml/libs/xc/xenctrl.mli +++ b/tools/ocaml/libs/xc/xenctrl.mli @@ -63,6 +63,7 @@ type domain_create_flag =3D | CDF_IOMMU | CDF_NESTED_VIRT | CDF_VPMU + | CDF_DEVICE_MODEL =20 type domain_create_iommu_opts =3D | IOMMU_NO_SHAREPT diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 45aeb8bddc..12fda0762f 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -612,7 +612,8 @@ int arch_sanitise_domain_config(struct xen_domctl_creat= edomain *config) unsigned int max_vcpus; unsigned int flags_required =3D (XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_h= ap); unsigned int flags_optional =3D (XEN_DOMCTL_CDF_iommu | XEN_DOMCTL_CDF= _vpmu | - XEN_DOMCTL_CDF_xs_domain ); + XEN_DOMCTL_CDF_xs_domain | + XEN_DOMCTL_CDF_device_model); unsigned int sve_vl_bits =3D sve_decode_vl(config->arch.sve_vl); =20 if ( (config->flags & ~flags_optional) !=3D flags_required ) diff --git a/xen/common/device-tree/dom0less-build.c b/xen/common/device-tr= ee/dom0less-build.c index 3d503c6973..993ff32f5e 100644 --- a/xen/common/device-tree/dom0less-build.c +++ b/xen/common/device-tree/dom0less-build.c @@ -884,6 +884,9 @@ void __init create_domUs(void) d_cfg.flags |=3D XEN_DOMCTL_CDF_xs_domain; d_cfg.max_evtchn_port =3D -1; } + + if ( val & DOMAIN_CAPS_DEVICE_MODEL ) + d_cfg.flags |=3D XEN_DOMCTL_CDF_device_model; } =20 if ( dt_find_property(node, "xen,static-mem", NULL) ) diff --git a/xen/common/domain.c b/xen/common/domain.c index 153cd75340..ab2c8f864d 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -721,7 +721,8 @@ static int sanitise_domain_config(struct xen_domctl_cre= atedomain *config) ~(XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap | XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off | XEN_DOMCTL_CDF_xs_domain | XEN_DOMCTL_CDF_iommu | - XEN_DOMCTL_CDF_nested_virt | XEN_DOMCTL_CDF_vpmu) ) + XEN_DOMCTL_CDF_nested_virt | XEN_DOMCTL_CDF_vpmu | + XEN_DOMCTL_CDF_device_model) ) { dprintk(XENLOG_INFO, "Unknown CDF flags %#x\n", config->flags); return -EINVAL; diff --git a/xen/include/public/bootfdt.h b/xen/include/public/bootfdt.h index 86c46b42a9..c6b5afc76a 100644 --- a/xen/include/public/bootfdt.h +++ b/xen/include/public/bootfdt.h @@ -25,7 +25,15 @@ #define DOMAIN_CAPS_HARDWARE (1U << 1) /* Xenstore domain. */ #define DOMAIN_CAPS_XENSTORE (1U << 2) -#define DOMAIN_CAPS_MASK (DOMAIN_CAPS_CONTROL | DOMAIN_CAPS_HARDWARE |= \ - DOMAIN_CAPS_XENSTORE) +/* + * Device model capability allows the use of the dm_op hypercalls to provi= de + * the device model emulation (run QEMU) for other domains. This is a + * subset of the Control capability which can be granted to the + * Hardware domain for running QEMU. + */ +#define DOMAIN_CAPS_DEVICE_MODEL (1U << 3) + +#define DOMAIN_CAPS_MASK (DOMAIN_CAPS_CONTROL | DOMAIN_CAPS_HARDWARE = | \ + DOMAIN_CAPS_XENSTORE | DOMAIN_CAPS_DEVICE_MO= DEL ) =20 #endif /* __XEN_PUBLIC_BOOTFDT_H__ */ diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h index 5b2063eed9..2280489be2 100644 --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -66,9 +66,11 @@ struct xen_domctl_createdomain { #define XEN_DOMCTL_CDF_nested_virt (1U << _XEN_DOMCTL_CDF_nested_virt) /* Should we expose the vPMU to the guest? */ #define XEN_DOMCTL_CDF_vpmu (1U << 7) +/* Allow domain to provide device model for multiple other domains */ +#define XEN_DOMCTL_CDF_device_model (1U << 8) =20 /* Max XEN_DOMCTL_CDF_* constant. Used for ABI checking. */ -#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_vpmu +#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_device_model =20 uint32_t flags; =20 diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index fe53d4fab7..9863603d93 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -1148,6 +1148,15 @@ static always_inline bool is_control_domain(const st= ruct domain *d) return evaluate_nospec(d->is_privileged); } =20 +/* This check is for functionality specific to a device model domain */ +static always_inline bool is_dm_domain(const struct domain *d) +{ + if ( IS_ENABLED(CONFIG_PV_SHIM_EXCLUSIVE) ) + return false; + + return evaluate_nospec(d->options & XEN_DOMCTL_CDF_device_model); +} + #define VM_ASSIST(d, t) (test_bit(VMASST_TYPE_ ## t, &(d)->vm_assist)) =20 static always_inline bool is_pv_domain(const struct domain *d) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index d8df3f66c4..477fadaefd 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -91,6 +91,8 @@ static always_inline int xsm_default_action( return 0; fallthrough; case XSM_DM_PRIV: + if ( is_dm_domain(src) ) + return 0; if ( target && evaluate_nospec(src->target =3D=3D target) ) return 0; fallthrough; --=20 2.49.0 From nobody Fri Oct 31 03:56:58 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1749600070; cv=pass; d=zohomail.com; s=zohoarc; b=niQFqQM7NLVejSAojmFHtIRezudaLxO4JT0Y4rRDOKxFylHhNyu15YDM4FXeDnydr0y916IJZ9XrYieA1HLb/8Q3YL24dAuiKIiQBLJ9p1BMV63gsUOkwkwoYGnrJVyTNvXRcPMwgjEPq4EehEEQQLa26Q/mvAAleIObB1k0+YA= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1749600070; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2iazIvehT3EXJi3bBAC4f/lbNizm3XVxsCKUkoYsOvY=; b=bA2k7rD/GqWSGsaqNRAasxj00/pVltNdOyS8Fo8JoUxJtigZYp7//qf3sEGewZFwmRjVQXbbJ0oe11FeKlKREWfkVuKLh3fRdNqI+/Azst7RI10SA5JXk5VFKHvP/XCoKTzbVC8SCZNbDmgKlEYU1hmFv8xSkAFvUaFAYpVsxJE= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1749600070586576.5113531607127; Tue, 10 Jun 2025 17:01:10 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1011234.1389622 (Exim 4.92) (envelope-from ) id 1uP8tf-0006oM-0S; Wed, 11 Jun 2025 00:00:51 +0000 Received: by outflank-mailman (output) from mailman id 1011234.1389622; Wed, 11 Jun 2025 00:00:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8te-0006oB-SZ; Wed, 11 Jun 2025 00:00:50 +0000 Received: by outflank-mailman (input) for mailman id 1011234; Wed, 11 Jun 2025 00:00:49 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uP8td-0005ZD-1k for xen-devel@lists.xenproject.org; Wed, 11 Jun 2025 00:00:49 +0000 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on20621.outbound.protection.outlook.com [2a01:111:f403:2416::621]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 1fd17c52-4657-11f0-a307-13f23c93f187; Wed, 11 Jun 2025 02:00:48 +0200 (CEST) Received: from MW2PR16CA0049.namprd16.prod.outlook.com (2603:10b6:907:1::26) by IA1PR12MB6187.namprd12.prod.outlook.com (2603:10b6:208:3e5::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8792.38; Wed, 11 Jun 2025 00:00:41 +0000 Received: from SJ5PEPF000001E8.namprd05.prod.outlook.com (2603:10b6:907:1:cafe::e3) by MW2PR16CA0049.outlook.office365.com (2603:10b6:907:1::26) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8769.18 via Frontend Transport; Wed, 11 Jun 2025 00:00:39 +0000 Received: from SATLEXMB03.amd.com (165.204.84.17) by SJ5PEPF000001E8.mail.protection.outlook.com (10.167.242.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8835.15 via Frontend Transport; Wed, 11 Jun 2025 00:00:39 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Jun 2025 19:00:25 -0500 Received: from SATLEXMB03.amd.com (10.181.40.144) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Jun 2025 19:00:24 -0500 Received: from fedora.mshome.net (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server id 15.1.2507.39 via Frontend Transport; Tue, 10 Jun 2025 19:00:24 -0500 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 1fd17c52-4657-11f0-a307-13f23c93f187 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=K0a8s21PwKTVpvvTscnReOu/9sepoRKx5Br+pK0Nh5f5Y9Wl4jKYdpV2hGC0iePFa1zPQdo4F/6RCc6RrBU0J8SEzkj8J03aPzY+imS0BfAji/66ze7P9WcV2omke9MzBIum3NlfoC+vwt5FoThXBJUAme5GBUog+oBgYo+DIxkp7BPCjJ3VD7j6fVPWOonCzX1gaGc84O92oWhW2w+DnZLHB/TRQSFwCfyn4tD7l4rLpb3vIpuESCWmONK0i4c316dIUbEiX/kUBGV8uoaZmmJz4mR/W4Nw1vquyY8sxnnysqIJpg6Ho4qBT+g8njI9Ipf/Qqcv0Ie65j4hzUziQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2iazIvehT3EXJi3bBAC4f/lbNizm3XVxsCKUkoYsOvY=; b=Lw4nxIkQRq3S+77ni6pVXuweG5H+FoqpG2GC0LPI/Po0EYLmn7AbORARNvCN9oKS0XeQuFfV3nAP5S/LzEMBvNbBsKZY/tUYniScggdV/LBQ453Sce+n6gRLXrbC7fuLa/t32YHt0uuE31p6eMx9pgg8uz4RqmcCzWJi5B3TQA4a/Om18/klYc/47EHfZSm7dNMGsfhr/fgJKnujKhFr8HbXvKGF46uois4SFZZtFGIVzTJD3/crzRjhx9nhStWdSjdaQdt4rh7D+QARQL7gZQgJFwsU685+nUr7EsT2/of5ho+ZqTdVl+YX76tWdvjXSk7lTx7LXdBycydqVoJkkg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2iazIvehT3EXJi3bBAC4f/lbNizm3XVxsCKUkoYsOvY=; b=KyCTKYJEtjyLrZx0OW6JNll8zPFzMm3maViYqIEH7tqHcWfLCwdAPDlO3XKjTCVGcAApBJhUxaaYHckwaWYe5N5kw3Q+/IzR7GE1izZei3SU2LEqm755hmsNzyt5818Efl9nixUu88X3HfCjRJByynw05h1Zu0mD9fT9AJmF2y0= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C From: Jason Andryuk To: CC: Jason Andryuk , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , "Julien Grall" , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" Subject: [PATCH 4/4] xsm/dummy: Allow hwdom SYSCTL_readconsole/physinfo Date: Tue, 10 Jun 2025 18:57:37 -0400 Message-ID: <20250610225737.469690-5-jason.andryuk@amd.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250610225737.469690-1-jason.andryuk@amd.com> References: <20250610225737.469690-1-jason.andryuk@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001E8:EE_|IA1PR12MB6187:EE_ X-MS-Office365-Filtering-Correlation-Id: 30f70a3c-2007-424c-494e-08dda87b003e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?kPy9SYMKtzxT7GrxfpM/gIiUAnu2S8104ZFi9Whre7HMTCfc/KDawdrpOB9a?= =?us-ascii?Q?/kr3lLYNNIxPO/RYNNSOZcP21miksCE81KCPxF+C247tXaT+AfOeXstRfb9h?= =?us-ascii?Q?PzMs5OrKyPqUt/ryHVteOgrs4zfDf4+qodLkfYp1EOIi7nV32VvOjx8hNx7P?= =?us-ascii?Q?iqQ+jHfO9RABN8QzFaPGb5sRHOcKt7sdLx9HZ8QhSoh7koMUWSMnIdKyWQdP?= =?us-ascii?Q?uamOR3g4/+br4PCyjpBiaQ25QoXoIFoEvapdW2CF8euy6g880RGAL1pQ3Aq3?= =?us-ascii?Q?Czki/WuN6cJlFfz4PYFBiwIwnptlFL6Y5IxXdohzFjH9UAZ4mX9kk0CRNikE?= =?us-ascii?Q?MxglqcMdogc7DuEa5pP76qaRwPnrxAML5jQCGXp4URfl7IhLZrcORq3nDmUx?= =?us-ascii?Q?DHx5aVgWQC/vcfrJzkbAOPjf/LRt0puET2Q1s8kmttwQG+mxg8hNYl3VB8HN?= =?us-ascii?Q?jxmFzbXZ9Mdih4ilOYSamra5SToFDXZ94F9Xni7oU4Pbd7H+TlgNbQP+pCbN?= =?us-ascii?Q?90Gf1CnOe1486BUJEbYdSbjTdaFQLfMrcM2GCRo/vbpsLQwsdzQNmDTONmuw?= =?us-ascii?Q?vy092FyojByX6TpnwNbWhW8tAKVXaj4MBNtjIBN5ZKZAz5gVS4n1hTYjWlyR?= =?us-ascii?Q?uTR3v81gwoGSCIOusvRvwLzFFS1meFtq1H6iE0DWtuPq1kYL3oiuCzkvlUPL?= =?us-ascii?Q?T0yy5bj9mnrA+eKXiDR9L5zDJwINQyw10WA9RMiifYQKkhdfqDzAAJVdfVat?= =?us-ascii?Q?X+QXFt9EOkwzKmTjuFOJR6RtRVtndK65kdUThfz0KWPtITClFQe4UkUnJ19U?= =?us-ascii?Q?t8eIZkjydz4rouW56vkjNXBnnUmDBVUtQ3IQAGE4lRG+8NHdKq0Y7HUbzkPw?= =?us-ascii?Q?E/J5Dp9S4kAo2kCetV7wFnaaQxiWsRpVQwuVhdFWLj2dQDRjCZqVENBGT+yZ?= =?us-ascii?Q?em2+/FlDbwTKeNjEpyVXjNnPHf78yN15UbeOBprUdNPGDaLCqGr65aQ3rwny?= =?us-ascii?Q?yl2E6WmtRQXIcEFcKzAlISPo8uPSL6EK5MB4AHN8k66vDrHxSxR51ROt/RUD?= =?us-ascii?Q?ekeM8WiY64ngEnrsk+kKdxzZsxkkn3dpk+SUD/WMJMqQvuCJNEaVM/uL+UP1?= =?us-ascii?Q?3hsbAQtx/vwJg60KK4vDlT+RU2gafXX5wL/YADFRLWB3MQhp8KkhnN9YPok6?= =?us-ascii?Q?eygtc78LPVdDqg7icgE1Q/9v7HWQDKrlt0KXpm+AqkyX9JbKfLfAJYYXKPGI?= =?us-ascii?Q?I5hW4ob82KC1/1/jPP/hyzFIL5KAInIcBXfciqU9U6pvpoJDppjziasrH11q?= =?us-ascii?Q?8twjJaQYGcM8Uc4dG3+BQLRtJh5AYzVk1xYidGc+9ieFFTj6T7sIvmKCBpxI?= =?us-ascii?Q?yZthFUgvqhqHZlaO3oUOXqtg9BG14hNaYPYr1+N0hSi7kAuzR5ukksftWzUh?= =?us-ascii?Q?di9MhVgnZRB/nUJPONm8TqbdPg8VrJK42k+kHP0ExCXXGIN3KSbkE29SmZKE?= =?us-ascii?Q?V+wXEV9H+Qh9KPdfP1f2O+yjEPBHrib15lLS?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jun 2025 00:00:39.3734 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 30f70a3c-2007-424c-494e-08dda87b003e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001E8.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6187 X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1749600071498116600 Content-Type: text/plain; charset="utf-8" Allow the hwdom to access the console, and to access physical information about the system. xenconsoled can read Xen's dmesg. If it's in hwdom, then that permission would be required. SYSCTL_physinfo is mainly to silence xl messages: $ xl list libxl: error: libxl_utils.c:818:libxl_cpu_bitmap_alloc: failed to retrieve = the maximum number of cpus Signed-off-by: Jason Andryuk --- This is not strictly needed. --- xen/common/sysctl.c | 2 +- xen/include/xsm/dummy.h | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index c2d99ae12e..89d5176f4d 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -42,7 +42,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sys= ctl) if ( op->interface_version !=3D XEN_SYSCTL_INTERFACE_VERSION ) return -EACCES; =20 - ret =3D xsm_sysctl(XSM_PRIV, op->cmd); + ret =3D xsm_sysctl(XSM_OTHER, op->cmd); if ( ret ) return ret; =20 diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 477fadaefd..5e806dc241 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -188,8 +188,18 @@ static XSM_INLINE int cf_check xsm_domctl( =20 static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + XSM_ASSERT_ACTION(XSM_OTHER); + switch ( cmd ) + { + case XEN_SYSCTL_readconsole: + return xsm_default_action(XSM_HW_PRIV, current->domain, NULL); + case XEN_SYSCTL_physinfo: + if ( is_hardware_domain(current->domain) ) + return xsm_default_action(XSM_HW_PRIV, current->domain, NULL); + fallthrough; + default: + return xsm_default_action(XSM_PRIV, current->domain, NULL); + } } =20 static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t cl= ear) --=20 2.49.0