Expose a domain's capabilities - control, hardware or xenstore - through
stable get domain state hypercall.

The xenstore domain can use this information to assign appropriate
permissions on connections.

Repurpose the 16bit pad field for this purpose.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
 xen/common/domain.c         | 8 +++++++-
 xen/include/public/domctl.h | 7 +++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/xen/common/domain.c b/xen/common/domain.c
index c347de4335..8b0151a8f7 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -195,6 +195,12 @@ static void set_domain_state_info(struct xen_domctl_get_domain_state *info,
         info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DYING;
     if ( d->is_dying == DOMDYING_dead )
         info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DEAD;
+    if ( is_control_domain(d) )
+        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL;
+    if ( is_hardware_domain(d) )
+        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE;
+    if ( is_xenstore_domain(d) )
+        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE;
     info->unique_id = d->unique_id;
 }
 
@@ -205,7 +211,7 @@ int get_domain_state(struct xen_domctl_get_domain_state *info, struct domain *d,
     int rc = -ENOENT;
     struct domain *hdl;
 
-    if ( info->pad0 || info->pad1 )
+    if ( info->pad0 )
         return -EINVAL;
 
     if ( d )
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index f1f6f96bc2..879343b21d 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -1269,8 +1269,11 @@ struct xen_domctl_get_domain_state {
 #define XEN_DOMCTL_GETDOMSTATE_STATE_SHUTDOWN  0x0002  /* Shutdown finished. */
 #define XEN_DOMCTL_GETDOMSTATE_STATE_DYING     0x0004  /* Domain dying. */
 #define XEN_DOMCTL_GETDOMSTATE_STATE_DEAD      0x0008  /* Domain dead. */
-    uint16_t pad0;           /* Must be 0 on input, returned as 0. */
-    uint32_t pad1;           /* Must be 0 on input, returned as 0. */
+    uint16_t caps;           /* Must be 0 on input, returned as 0. */
+#define XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL     0x0001  /* Control domain. */
+#define XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE    0x0002  /* Hardware domain. */
+#define XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE    0x0004  /* Xenstore domain. */
+    uint32_t pad0;           /* Must be 0 on input, returned as 0. */
     uint64_t unique_id;      /* Unique domain identifier. */
 };
 
-- 
2.50.0

On 16.07.25 23:14, Jason Andryuk wrote:
> Expose a domain's capabilities - control, hardware or xenstore - through
> stable get domain state hypercall.
> 
> The xenstore domain can use this information to assign appropriate
> permissions on connections.
> 
> Repurpose the 16bit pad field for this purpose.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
> ---
>   xen/common/domain.c         | 8 +++++++-
>   xen/include/public/domctl.h | 7 +++++--
>   2 files changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/xen/common/domain.c b/xen/common/domain.c
> index c347de4335..8b0151a8f7 100644
> --- a/xen/common/domain.c
> +++ b/xen/common/domain.c
> @@ -195,6 +195,12 @@ static void set_domain_state_info(struct xen_domctl_get_domain_state *info,
>           info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DYING;
>       if ( d->is_dying == DOMDYING_dead )
>           info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DEAD;
> +    if ( is_control_domain(d) )
> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL;
> +    if ( is_hardware_domain(d) )
> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE;
> +    if ( is_xenstore_domain(d) )
> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE;
>       info->unique_id = d->unique_id;
>   }
>   
> @@ -205,7 +211,7 @@ int get_domain_state(struct xen_domctl_get_domain_state *info, struct domain *d,
>       int rc = -ENOENT;
>       struct domain *hdl;
>   
> -    if ( info->pad0 || info->pad1 )
> +    if ( info->pad0 )
>           return -EINVAL;
>   
>       if ( d )
> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
> index f1f6f96bc2..879343b21d 100644
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -1269,8 +1269,11 @@ struct xen_domctl_get_domain_state {
>   #define XEN_DOMCTL_GETDOMSTATE_STATE_SHUTDOWN  0x0002  /* Shutdown finished. */
>   #define XEN_DOMCTL_GETDOMSTATE_STATE_DYING     0x0004  /* Domain dying. */
>   #define XEN_DOMCTL_GETDOMSTATE_STATE_DEAD      0x0008  /* Domain dead. */
> -    uint16_t pad0;           /* Must be 0 on input, returned as 0. */
> -    uint32_t pad1;           /* Must be 0 on input, returned as 0. */
> +    uint16_t caps;           /* Must be 0 on input, returned as 0. */

I'd drop the "returned as 0" in the comment. :-)

With that fixed:

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen

On 2025-07-17 02:24, Juergen Gross wrote:
> On 16.07.25 23:14, Jason Andryuk wrote:
>> Expose a domain's capabilities - control, hardware or xenstore - through
>> stable get domain state hypercall.
>>
>> The xenstore domain can use this information to assign appropriate
>> permissions on connections.
>>
>> Repurpose the 16bit pad field for this purpose.
>>
>> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
>> ---
>>   xen/common/domain.c         | 8 +++++++-
>>   xen/include/public/domctl.h | 7 +++++--
>>   2 files changed, 12 insertions(+), 3 deletions(-)
>>
>> diff --git a/xen/common/domain.c b/xen/common/domain.c
>> index c347de4335..8b0151a8f7 100644
>> --- a/xen/common/domain.c
>> +++ b/xen/common/domain.c
>> @@ -195,6 +195,12 @@ static void set_domain_state_info(struct 
>> xen_domctl_get_domain_state *info,
>>           info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DYING;
>>       if ( d->is_dying == DOMDYING_dead )
>>           info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DEAD;

I'll add:

+
+    info->caps = 0

here, to ensure all the caps bits start off cleared.

>> +    if ( is_control_domain(d) )
>> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL;
>> +    if ( is_hardware_domain(d) )
>> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE;
>> +    if ( is_xenstore_domain(d) )
>> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE;
>>       info->unique_id = d->unique_id;
>>   }

>> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
>> index f1f6f96bc2..879343b21d 100644
>> --- a/xen/include/public/domctl.h
>> +++ b/xen/include/public/domctl.h
>> @@ -1269,8 +1269,11 @@ struct xen_domctl_get_domain_state {
>>   #define XEN_DOMCTL_GETDOMSTATE_STATE_SHUTDOWN  0x0002  /* Shutdown 
>> finished. */
>>   #define XEN_DOMCTL_GETDOMSTATE_STATE_DYING     0x0004  /* Domain 
>> dying. */
>>   #define XEN_DOMCTL_GETDOMSTATE_STATE_DEAD      0x0008  /* Domain 
>> dead. */
>> -    uint16_t pad0;           /* Must be 0 on input, returned as 0. */
>> -    uint32_t pad1;           /* Must be 0 on input, returned as 0. */
>> +    uint16_t caps;           /* Must be 0 on input, returned as 0. */
> 
> I'd drop the "returned as 0" in the comment. :-)

:)

I'll drop the whole comment since the input value is not checked.

> With that fixed:
> 
> Reviewed-by: Juergen Gross <jgross@suse.com>

Does this stand with the above changes?

Thanks,
Jason

On 17.07.25 22:16, Jason Andryuk wrote:
> On 2025-07-17 02:24, Juergen Gross wrote:
>> On 16.07.25 23:14, Jason Andryuk wrote:
>>> Expose a domain's capabilities - control, hardware or xenstore - through
>>> stable get domain state hypercall.
>>>
>>> The xenstore domain can use this information to assign appropriate
>>> permissions on connections.
>>>
>>> Repurpose the 16bit pad field for this purpose.
>>>
>>> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
>>> ---
>>>   xen/common/domain.c         | 8 +++++++-
>>>   xen/include/public/domctl.h | 7 +++++--
>>>   2 files changed, 12 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/xen/common/domain.c b/xen/common/domain.c
>>> index c347de4335..8b0151a8f7 100644
>>> --- a/xen/common/domain.c
>>> +++ b/xen/common/domain.c
>>> @@ -195,6 +195,12 @@ static void set_domain_state_info(struct 
>>> xen_domctl_get_domain_state *info,
>>>           info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DYING;
>>>       if ( d->is_dying == DOMDYING_dead )
>>>           info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DEAD;
> 
> I'll add:
> 
> +
> +    info->caps = 0
> 
> here, to ensure all the caps bits start off cleared.
> 
>>> +    if ( is_control_domain(d) )
>>> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL;
>>> +    if ( is_hardware_domain(d) )
>>> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE;
>>> +    if ( is_xenstore_domain(d) )
>>> +        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE;
>>>       info->unique_id = d->unique_id;
>>>   }
> 
>>> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
>>> index f1f6f96bc2..879343b21d 100644
>>> --- a/xen/include/public/domctl.h
>>> +++ b/xen/include/public/domctl.h
>>> @@ -1269,8 +1269,11 @@ struct xen_domctl_get_domain_state {
>>>   #define XEN_DOMCTL_GETDOMSTATE_STATE_SHUTDOWN  0x0002  /* Shutdown 
>>> finished. */
>>>   #define XEN_DOMCTL_GETDOMSTATE_STATE_DYING     0x0004  /* Domain dying. */
>>>   #define XEN_DOMCTL_GETDOMSTATE_STATE_DEAD      0x0008  /* Domain dead. */
>>> -    uint16_t pad0;           /* Must be 0 on input, returned as 0. */
>>> -    uint32_t pad1;           /* Must be 0 on input, returned as 0. */
>>> +    uint16_t caps;           /* Must be 0 on input, returned as 0. */
>>
>> I'd drop the "returned as 0" in the comment. :-)
> 
> :)
> 
> I'll drop the whole comment since the input value is not checked.
> 
>> With that fixed:
>>
>> Reviewed-by: Juergen Gross <jgross@suse.com>
> 
> Does this stand with the above changes?

Yes, it does.


Juergen