1. Patchew
  2. Xen
  3. [PATCH v4 00/12] xenstored patches from split hardware control
  4. View patch

[PATCH v4 10/12] tools/xenstored: Rename dom0_domid to store_domid

Jason Andryuk posted 12 patches 3 months, 1 week ago
There is a newer version of this series
[PATCH v4 10/12] tools/xenstored: Rename dom0_domid to store_domid
Posted by Jason Andryuk 3 months, 1 week ago 
The dom0_domid variable is misnamed and conflates purposes.  If we have
xenstored running in a Linux domain that is not dom0, this variable
controls the lookup of /proc/xen/xsd_kva and the event channel.

One implication of this change is that the xenstore domain is not
privileged by virtue of considering store_domid as privileged.

Rename to store_domid to better show its purpose.

No functional change.

Add a description of the -m/--master-domid options while
doing this.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
 tools/xenstored/core.c   | 9 ++++++---
 tools/xenstored/core.h   | 6 +++---
 tools/xenstored/domain.c | 8 ++++----
 tools/xenstored/posix.c  | 2 +-
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index 19edd75bc3..981907ec28 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -2536,7 +2536,10 @@ static void usage(void)
 "                          allowed timeout candidates are:\n"
 "                          watch-event: time a watch-event is kept pending\n"
 "  -K, --keep-orphans      don't delete nodes owned by a domain when the\n"
-"                          domain is deleted (this is a security risk!)\n");
+"                          domain is deleted (this is a security risk!)\n"
+"  -m, --master-domid      specify the domid of the domain where xenstored\n"
+"                          is running.  defaults to 0\n"
+);
 }
 
 
@@ -2564,7 +2567,7 @@ static struct option options[] = {
 #endif
 	{ NULL, 0, NULL, 0 } };
 
-int dom0_domid = 0;
+int store_domid = 0;
 int dom0_event = 0;
 int priv_domid = 0;
 domid_t stub_domid = DOMID_INVALID;
@@ -2733,7 +2736,7 @@ int main(int argc, char *argv[])
 			dom0_event = get_optval_uint(optarg);
 			break;
 		case 'm':
-			dom0_domid = get_optval_uint(optarg);
+			store_domid = get_optval_uint(optarg);
 			break;
 		case 'p':
 			priv_domid = get_optval_uint(optarg);
diff --git a/tools/xenstored/core.h b/tools/xenstored/core.h
index 1ba9592d16..d44cca8454 100644
--- a/tools/xenstored/core.h
+++ b/tools/xenstored/core.h
@@ -364,7 +364,7 @@ do {						\
 		trace("tdb: " __VA_ARGS__);	\
 } while (0)
 
-extern int dom0_domid;
+extern int store_domid;
 extern int dom0_event;
 extern int priv_domid;
 extern domid_t stub_domid;
@@ -381,11 +381,11 @@ uint64_t get_now_msec(void);
 void *xenbus_map(void);
 void unmap_xenbus(void *interface);
 
-static inline int xenbus_master_domid(void) { return dom0_domid; }
+static inline int xenbus_master_domid(void) { return store_domid; }
 
 static inline bool domid_is_unprivileged(unsigned int domid)
 {
-	return domid != dom0_domid && domid != priv_domid;
+	return domid != store_domid && domid != priv_domid;
 }
 
 static inline bool domain_is_unprivileged(const struct connection *conn)
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index dbeacaa93e..d9144e97a1 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -1139,7 +1139,7 @@ static struct domain *onearg_domain(struct connection *conn,
 		return ERR_PTR(-EINVAL);
 
 	domid = atoi(domid_str);
-	if (domid == dom0_domid)
+	if (domid == store_domid)
 		return ERR_PTR(-EINVAL);
 
 	return find_connected_domain(domid);
@@ -1267,7 +1267,7 @@ evtchn_port_t get_domain_evtchn(domid_t domid)
 		return get_xenbus_evtchn();
 	}
 #else
-	if (domid == xenbus_master_domid()) {
+	if (domid == store_domid) {
 		return get_xenbus_evtchn();
 	}
 #endif
@@ -1295,13 +1295,13 @@ void init_domains(void)
 		domids[nr_domids - 1] = domid;
 
 		if (caps & XENMANAGE_GETDOMSTATE_CAP_XENSTORE) {
-			dom0_domid = domid;
+			store_domid = domid;
 		}
 
 		if (caps & XENMANAGE_GETDOMSTATE_CAP_CONTROL) {
 			memmove(&domids[1], domids, (nr_domids - 1) * sizeof(*domids));
 			/*
-			 * Local domid must be first to setup structures for
+			 * priv domid must be first to setup structures for
 			 * firing the special watches.
 			 */
 			domids[0] = domid;
diff --git a/tools/xenstored/posix.c b/tools/xenstored/posix.c
index 6037d739d0..d0622dc05f 100644
--- a/tools/xenstored/posix.c
+++ b/tools/xenstored/posix.c
@@ -266,7 +266,7 @@ static void accept_connection(int sock)
 	conn = new_connection(&socket_funcs);
 	if (conn) {
 		conn->fd = fd;
-		conn->id = dom0_domid;
+		conn->id = store_domid;
 	} else
 		close(fd);
 }
-- 
2.50.1
Re: [PATCH v4 10/12] tools/xenstored: Rename dom0_domid to store_domid
Posted by Jürgen Groß 3 months, 1 week ago 
On 25.07.25 04:28, Jason Andryuk wrote:
> The dom0_domid variable is misnamed and conflates purposes.  If we have
> xenstored running in a Linux domain that is not dom0, this variable
> controls the lookup of /proc/xen/xsd_kva and the event channel.
> 
> One implication of this change is that the xenstore domain is not
> privileged by virtue of considering store_domid as privileged.
> 
> Rename to store_domid to better show its purpose.
> 
> No functional change.
> 
> Add a description of the -m/--master-domid options while
> doing this.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
> ---
>   tools/xenstored/core.c   | 9 ++++++---
>   tools/xenstored/core.h   | 6 +++---
>   tools/xenstored/domain.c | 8 ++++----
>   tools/xenstored/posix.c  | 2 +-
>   4 files changed, 14 insertions(+), 11 deletions(-)
> 
> diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
> index 19edd75bc3..981907ec28 100644
> --- a/tools/xenstored/core.c
> +++ b/tools/xenstored/core.c
> @@ -2536,7 +2536,10 @@ static void usage(void)
>   "                          allowed timeout candidates are:\n"
>   "                          watch-event: time a watch-event is kept pending\n"
>   "  -K, --keep-orphans      don't delete nodes owned by a domain when the\n"
> -"                          domain is deleted (this is a security risk!)\n");
> +"                          domain is deleted (this is a security risk!)\n"
> +"  -m, --master-domid      specify the domid of the domain where xenstored\n"
> +"                          is running.  defaults to 0\n"
> +);
>   }
>   
>   
> @@ -2564,7 +2567,7 @@ static struct option options[] = {
>   #endif
>   	{ NULL, 0, NULL, 0 } };
>   
> -int dom0_domid = 0;
> +int store_domid = 0;
>   int dom0_event = 0;
>   int priv_domid = 0;
>   domid_t stub_domid = DOMID_INVALID;
> @@ -2733,7 +2736,7 @@ int main(int argc, char *argv[])
>   			dom0_event = get_optval_uint(optarg);
>   			break;
>   		case 'm':
> -			dom0_domid = get_optval_uint(optarg);
> +			store_domid = get_optval_uint(optarg);
>   			break;
>   		case 'p':
>   			priv_domid = get_optval_uint(optarg);
> diff --git a/tools/xenstored/core.h b/tools/xenstored/core.h
> index 1ba9592d16..d44cca8454 100644
> --- a/tools/xenstored/core.h
> +++ b/tools/xenstored/core.h
> @@ -364,7 +364,7 @@ do {						\
>   		trace("tdb: " __VA_ARGS__);	\
>   } while (0)
>   
> -extern int dom0_domid;
> +extern int store_domid;
>   extern int dom0_event;
>   extern int priv_domid;
>   extern domid_t stub_domid;
> @@ -381,11 +381,11 @@ uint64_t get_now_msec(void);
>   void *xenbus_map(void);
>   void unmap_xenbus(void *interface);
>   
> -static inline int xenbus_master_domid(void) { return dom0_domid; }
> +static inline int xenbus_master_domid(void) { return store_domid; }

Maybe just drop xenbus_master_domid() and replace its use cases with
store_domid directly?

>   
>   static inline bool domid_is_unprivileged(unsigned int domid)
>   {
> -	return domid != dom0_domid && domid != priv_domid;
> +	return domid != store_domid && domid != priv_domid;

I'd say drop the test for store_domid here. I don't think it is
appropriate to give xenstore-stubdom special rights.

>   }
>   
>   static inline bool domain_is_unprivileged(const struct connection *conn)
> diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
> index dbeacaa93e..d9144e97a1 100644
> --- a/tools/xenstored/domain.c
> +++ b/tools/xenstored/domain.c
> @@ -1139,7 +1139,7 @@ static struct domain *onearg_domain(struct connection *conn,
>   		return ERR_PTR(-EINVAL);
>   
>   	domid = atoi(domid_str);
> -	if (domid == dom0_domid)
> +	if (domid == store_domid)

And here I'm not sure we want to allow to priv_domid.

There will be noone left who could call XS_RESUME if we'd allow
priv_domid to be released. store_domid needs to be kept excluded, too,
of course.

>   		return ERR_PTR(-EINVAL);
>   
>   	return find_connected_domain(domid);
> @@ -1267,7 +1267,7 @@ evtchn_port_t get_domain_evtchn(domid_t domid)
>   		return get_xenbus_evtchn();
>   	}
>   #else
> -	if (domid == xenbus_master_domid()) {
> +	if (domid == store_domid) {
>   		return get_xenbus_evtchn();

And now this is correct. :-)

>   	}
>   #endif
> @@ -1295,13 +1295,13 @@ void init_domains(void)
>   		domids[nr_domids - 1] = domid;
>   
>   		if (caps & XENMANAGE_GETDOMSTATE_CAP_XENSTORE) {
> -			dom0_domid = domid;
> +			store_domid = domid;
>   		}
>   
>   		if (caps & XENMANAGE_GETDOMSTATE_CAP_CONTROL) {
>   			memmove(&domids[1], domids, (nr_domids - 1) * sizeof(*domids));
>   			/*
> -			 * Local domid must be first to setup structures for
> +			 * priv domid must be first to setup structures for
>   			 * firing the special watches.
>   			 */
>   			domids[0] = domid;
> diff --git a/tools/xenstored/posix.c b/tools/xenstored/posix.c
> index 6037d739d0..d0622dc05f 100644
> --- a/tools/xenstored/posix.c
> +++ b/tools/xenstored/posix.c
> @@ -266,7 +266,7 @@ static void accept_connection(int sock)
>   	conn = new_connection(&socket_funcs);
>   	if (conn) {
>   		conn->fd = fd;
> -		conn->id = dom0_domid;
> +		conn->id = store_domid;
>   	} else
>   		close(fd);
>   }


Juergen

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.