From nobody Sun May  3 14:21:17 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=quarantine dis=none)  header.from=suse.com
ARC-Seal: i=1; a=rsa-sha256; t=1776931759; cv=none;
	d=zohomail.com; s=zohoarc;
	b=f/bV8tsEpoGp/NEtxkiF1ViicK7OT065PHN32gENvv+KoYGBEuTfwpsR9ytn4oIGZTzsjS2Dmlsdx74no1Z+OdVdHBfJSAkl7uA+F3PsRugFUvMY1CdUh+lhh7L0332U8bsy4UKhBdGnMgXv5H+9d8eJRkoBlmbCWWI0QKhPVtg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1776931759;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=7U7QJ030xhKjZghEjJ0m4/ia2XnyEiFESLJvHSV1fHs=;
	b=hPiQirShdUMOTtIi2FhiN5fekMrmx0XLDFs+c4g4aBH5mdnVSqIRd0dL3IZVKWvQ/Os9wtagToex9CrOWWMRZPPRGix3r4tP3DtV3sKWmaIBYzbhOakf9JMfXhv/cEsOWJmAql5B5zZo4yv7+plmXYpEbCzX2ngPmIywFQ5LiL4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jgross@suse.com> (p=quarantine dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1776931759916303.26641991576935;
 Thu, 23 Apr 2026 01:09:19 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1291707.1570554 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7G-0005mr-8S; Thu, 23 Apr 2026 08:08:54 +0000
Received: by outflank-mailman (output) from mailman id 1291707.1570554;
 Thu, 23 Apr 2026 08:08:54 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7G-0005mi-5n; Thu, 23 Apr 2026 08:08:54 +0000
Received: by outflank-mailman (input) for mailman id 1291707;
 Thu, 23 Apr 2026 08:08:52 +0000
Received: from mx.expurgate.net ([195.190.135.10])
 by lists.xenproject.org with esmtp (Exim 4.92)
 (envelope-from <jgross@suse.com>) id 1wFp7E-0005mQ-Mh
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 08:08:52 +0000
Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with
 esmtp
 id 1wFp7E-000vM8-3G
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 10:08:52 +0200
Received: from [10.42.69.9] (helo=localhost)
 by localhost with ESMTP (eXpurgate MTA 0.9.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d389-bab6-0a2a0a5309dd-0a2a450988ea-22
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:08:52 +0200
Received: from [195.135.223.131] (helo=smtp-out2.suse.de)
 by tlsNG-bad1c0.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d393-2497-0a2a45090019-c387df83acb4-3
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:08:51 +0200
Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-out2.suse.de (Postfix) with ESMTPS id A4EA85BD52;
 Thu, 23 Apr 2026 08:08:49 +0000 (UTC)
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 6A9E8593A3;
 Thu, 23 Apr 2026 08:08:49 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
 by imap1.dmz-prg2.suse.org with ESMTPSA id DIPtGJHT6Wn6XQAAD6G6ig
 (envelope-from <jgross@suse.com>); Thu, 23 Apr 2026 08:08:49 +0000
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Authentication-Results: eu.smtp.expurgate.cloud;
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References";
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931729;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=7U7QJ030xhKjZghEjJ0m4/ia2XnyEiFESLJvHSV1fHs=;
	b=sNjPuSxWVfwXjBuoUfhrRbuwtRg2anglf4C/npN7NYezjmxdIlQYR5qc4YCMIVaTsWtIBk
	dnULHiwqF1X1elyFd8bA8anBEYrwmJTUkmPf+43V23U53USanBMT0KUY0zZP2mnssHLN+v
	v5mFTj7soRGwNmYFqFFmhkDfEwzdALo=
Authentication-Results: smtp-out2.suse.de;
	none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931729;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=7U7QJ030xhKjZghEjJ0m4/ia2XnyEiFESLJvHSV1fHs=;
	b=sNjPuSxWVfwXjBuoUfhrRbuwtRg2anglf4C/npN7NYezjmxdIlQYR5qc4YCMIVaTsWtIBk
	dnULHiwqF1X1elyFd8bA8anBEYrwmJTUkmPf+43V23U53USanBMT0KUY0zZP2mnssHLN+v
	v5mFTj7soRGwNmYFqFFmhkDfEwzdALo=
From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: dmukhin@ford.com,
	Juergen Gross <jgross@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Anthony PERARD <anthony.perard@vates.tech>,
	Michal Orzel <michal.orzel@amd.com>,
	Jan Beulich <jbeulich@suse.com>,
	Julien Grall <julien@xen.org>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: [PATCH 1/4] xen/public: introduce DOMID_ANY
Date: Thu, 23 Apr 2026 10:08:37 +0200
Message-ID: <20260423080840.530547-2-jgross@suse.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260423080840.530547-1-jgross@suse.com>
References: <20260423080840.530547-1-jgross@suse.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Spamd-Result: default: False [-2.80 / 50.00];
	BAYES_HAM(-3.00)[99.99%];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	MID_CONTAINS_FROM(1.00)[];
	R_MISSING_CHARSET(0.50)[];
	NEURAL_HAM_SHORT(-0.20)[-1.000];
	MIME_GOOD(-0.10)[text/plain];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	FROM_HAS_DN(0.00)[];
	MIME_TRACE(0.00)[0:+];
	DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:mid,suse.com:email,imap1.dmz-prg2.suse.org:helo];
	FUZZY_RATELIMITED(0.00)[rspamd.com];
	RCPT_COUNT_SEVEN(0.00)[10];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_SIGNED(0.00)[suse.com:s=susede1];
	TO_DN_SOME(0.00)[];
	RCVD_TLS_ALL(0.00)[]
X-Spam-Flag: NO
X-Spam-Score: -2.80
X-Spam-Level: 
X-purgate-ID: tlsNG-bad1c0/1776931732-48AAEA53-03F03C49/0/0
X-purgate-type: clean
X-purgate-size: 1192
X-ZohoMail-DKIM: pass (identity @suse.com)
X-ZM-MESSAGEID: 1776931763580154100
Content-Type: text/plain; charset="utf-8"

Add DOMID_ANY to xen/include/public/xen.h meant to be a wildcard for
domids.

Signed-off-by: Denis Mukhin <dmukhin@ford.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
---
This is based on Denis Mukhin's patch "xen/domain: introduce DOMID_ANY".
As my series is another use case for DOMID_ANY and it is a backport
candidate, I've split out the definition of DOMID_ANY from Denis'
patch in order to make progress for my series.
---
 xen/include/public/xen.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h
index b12fd10e63..f35a6f21f0 100644
--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -608,6 +608,13 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
 /* DOMID_INVALID is used to identify pages with unknown owner. */
 #define DOMID_INVALID        xen_mk_uint(0x7FF4)
=20
+/*
+ * DOMID_ANY is used to signal no specific domain ID requested.
+ * Handler should pick a valid ID, or handle it as a broadcast value
+ * depending on the context.
+ */
+#define DOMID_ANY            xen_mk_uint(0x7FF5)
+
 /* Idle domain. */
 #define DOMID_IDLE           xen_mk_uint(0x7FFF)
=20
--=20
2.53.0
From nobody Sun May  3 14:21:17 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=quarantine dis=none)  header.from=suse.com
ARC-Seal: i=1; a=rsa-sha256; t=1776931765; cv=none;
	d=zohomail.com; s=zohoarc;
	b=X2CBJWdlD2/f/FCPFTZX77maZKiPMnvHOgnwvUSRl1pfTFH1Pwc3r4gr6Mq0B0qS1qS/R3GHVl8iObkE2VLRc3q6YCkWQG495XFBG22kFgD/0jFv2epecz4Oacugoow7QC5dgzdJgz2vhCN1aHJxctYECZdnuZ70Jz+1398qUD8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1776931765;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=CPBzawWX2g0dpZag7OUw1T+x+kMtwYFiewTeIGA7K/o=;
	b=f2eZbebjTaW3uPtVHeMQVwPI1LOnmoqjUSiW6fKZL0t6jKBA8YA5lZjvLqVov8S+JS+WlqymdPBgjn78U3LEE1uUXHlMws6vKydMw7tesH3nVWwV+SPZ3JuDDueicj085Ik4rCvnT6HqWNo2QMUBMHf+5I7xrAChtzmOxFgNi4s=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jgross@suse.com> (p=quarantine dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1776931765030841.5532857527855;
 Thu, 23 Apr 2026 01:09:25 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1291708.1570564 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7M-00063G-Gm; Thu, 23 Apr 2026 08:09:00 +0000
Received: by outflank-mailman (output) from mailman id 1291708.1570564;
 Thu, 23 Apr 2026 08:09:00 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7M-000637-DB; Thu, 23 Apr 2026 08:09:00 +0000
Received: by outflank-mailman (input) for mailman id 1291708;
 Thu, 23 Apr 2026 08:08:58 +0000
Received: from mx.expurgate.net ([195.190.135.10])
 by lists.xenproject.org with esmtp (Exim 4.92)
 (envelope-from <jgross@suse.com>) id 1wFp7K-00061r-NF
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 08:08:58 +0000
Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with
 esmtp
 id 1wFp7K-000vLh-3W
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 10:08:58 +0200
Received: from [10.42.69.5] (helo=localhost)
 by localhost with ESMTP (eXpurgate MTA 0.9.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d38e-e002-0a2a0a5209dd-0a2a4505da76-38
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:08:58 +0200
Received: from [195.135.223.131] (helo=smtp-out2.suse.de)
 by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d399-aaa8-0a2a45050019-c387df83d8fc-3
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:08:57 +0200
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [IPv6:2a07:de40:b281:104:10:150:64:97])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-out2.suse.de (Postfix) with ESMTPS id 1F3E75BCFD;
 Thu, 23 Apr 2026 08:08:55 +0000 (UTC)
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id EED32593A3;
 Thu, 23 Apr 2026 08:08:54 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
 by imap1.dmz-prg2.suse.org with ESMTPSA id 35k3OZbT6WkAXgAAD6G6ig
 (envelope-from <jgross@suse.com>); Thu, 23 Apr 2026 08:08:54 +0000
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Authentication-Results: eu.smtp.expurgate.cloud;
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References";
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931736;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=CPBzawWX2g0dpZag7OUw1T+x+kMtwYFiewTeIGA7K/o=;
	b=bht6oFQjCvijEG82j7+TrxXWjGaD7mp+mdMIov/n+lxBL47Za6FGF+G2DeJv0kc4g1hXwU
	wIsx39JIy7PnXyx7dAOoAdc/R2Gs0H6lbb1yIgmnItARlIpJZX5NNHGyP2RDZSSe+JPPIf
	j+3ek9l4qkwpkJUpmuULoeQIIxxPaxs=
Authentication-Results: smtp-out2.suse.de;
	dkim=pass header.d=suse.com header.s=susede1 header.b=Qkirx6S0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931735;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=CPBzawWX2g0dpZag7OUw1T+x+kMtwYFiewTeIGA7K/o=;
	b=Qkirx6S0tb+jXp7zMwAk9P/B47ZppVQUjk5pHDIFa9gOKi1rchok6xyGUPpYPhuDy78tbV
	EIUtUhdqBmCNSBKa9H5blHujl0jRkqUC/DJoc7CKeWBGTlmFUH4ydEY4IDyjnrqvkPbE3P
	D7hQrwWx+chtG36WrLnCufWz2C69nIo=
From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: dmukhin@ford.com,
	Juergen Gross <jgross@suse.com>,
	Anthony PERARD <anthony.perard@vates.tech>,
	Julien Grall <julien@xen.org>
Subject: [PATCH 2/4] tools/xenstored: add support for "all domains" node
 permission
Date: Thu, 23 Apr 2026 10:08:38 +0200
Message-ID: <20260423080840.530547-3-jgross@suse.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260423080840.530547-1-jgross@suse.com>
References: <20260423080840.530547-1-jgross@suse.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Action: no action
X-Rspamd-Server: rspamd2.dmz-prg2.suse.org
X-Spamd-Result: default: False [-3.01 / 50.00];
	BAYES_HAM(-3.00)[100.00%];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	MID_CONTAINS_FROM(1.00)[];
	R_MISSING_CHARSET(0.50)[];
	R_DKIM_ALLOW(-0.20)[suse.com:s=susede1];
	NEURAL_HAM_SHORT(-0.20)[-1.000];
	MIME_GOOD(-0.10)[text/plain];
	MX_GOOD(-0.01)[];
	ARC_NA(0.00)[];
	RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	RCVD_COUNT_TWO(0.00)[2];
	MIME_TRACE(0.00)[0:+];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	TO_DN_SOME(0.00)[];
	FUZZY_RATELIMITED(0.00)[rspamd.com];
	RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:106:10:150:64:167:received];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:dkim,suse.com:mid,suse.com:email,imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns];
	RCVD_TLS_ALL(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	RCPT_COUNT_FIVE(0.00)[5];
	DKIM_SIGNED(0.00)[suse.com:s=susede1];
	DKIM_TRACE(0.00)[suse.com:+]
X-Rspamd-Queue-Id: 1F3E75BCFD
X-Spam-Flag: NO
X-Spam-Score: -3.01
X-Spam-Level: 
X-purgate-ID: tlsNG-c201ff/1776931737-E9BA4443-AAF74673/0/0
X-purgate-type: clean
X-purgate-size: 5892
X-ZohoMail-DKIM: pass (identity @suse.com) (identity @suse.com)
X-ZM-MESSAGEID: 1776931767238154100
Content-Type: text/plain; charset="utf-8"

Add support for using DOMID_ANY in node permissions to indicate that
all domains are allowed to access the node.

Add a new feature bit for indicating the support of DOMID_ANY.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
---
 docs/man/xl.cfg.5.pod.in        |  4 ++++
 tools/xenstored/core.c          | 19 ++++++++++++++-----
 tools/xenstored/domain.c        | 16 ++++++++++++++--
 tools/xenstored/domain.h        |  3 ++-
 xen/include/public/io/xs_wire.h |  2 ++
 5 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
index 2f77016ecf..d34951edb9 100644
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -746,6 +746,10 @@ Xenstore supports to set watches with a limited depth =
(depth 0 matches
 only the watched node, depth 1 matches the node and its direct children,
 etc.).
=20
+=3Ditem B<0x00000008>
+
+Xenstore supports the B<all domains> node access permission.
+
 =3Dback
=20
 The features supported by the running Xenstore instance can be retrieved
diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index f92fca6e9e..5a621f53ba 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -882,6 +882,16 @@ static int write_node(struct connection *conn, struct =
node *node,
 	return ret;
 }
=20
+/* Check one node permission to match a connection. */
+static bool perm_allows_conn(const struct connection *conn,
+			     const struct xs_permissions *p)
+{
+	if (p->id =3D=3D conn->id || (conn->target && p->id =3D=3D conn->target->=
id))
+		return true;
+
+	return p->id =3D=3D DOMID_ANY;
+}
+
 unsigned int perm_for_conn(struct connection *conn,
 			   const struct node_perms *perms)
 {
@@ -889,14 +899,13 @@ unsigned int perm_for_conn(struct connection *conn,
 	unsigned int mask =3D XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER;
=20
 	/* Owners and tools get it all... */
-	if (!domain_is_unprivileged(conn) || perms->p[0].id =3D=3D conn->id
-                || (conn->target && perms->p[0].id =3D=3D conn->target->id=
))
+	if (!domain_is_unprivileged(conn) ||
+	    perm_allows_conn(conn, perms->p))
 		return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
=20
 	for (i =3D 1; i < perms->num; i++)
 		if (!(perms->p[i].perms & XS_PERM_IGNORE) &&
-		    (perms->p[i].id =3D=3D conn->id ||
-		     (conn->target && perms->p[i].id =3D=3D conn->target->id)))
+		    perm_allows_conn(conn, perms->p + i))
 			return perms->p[i].perms & mask;
=20
 	return perms->p[0].perms & mask;
@@ -1832,7 +1841,7 @@ static int do_set_perms(const void *ctx, struct conne=
ction *conn,
 	if (!xenstore_strings_to_perms(perms.p, perms.num, permstr))
 		return errno;
=20
-	if (domain_alloc_permrefs(&perms))
+	if (domain_alloc_permrefs(conn, &perms))
 		return ENOMEM;
 	if (perms.p[0].perms & XS_PERM_IGNORE)
 		return ENOENT;
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index 00875d6b5c..0bd2a1891a 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -44,7 +44,8 @@
 #endif
=20
 #define XENSTORE_FEATURES	(XENSTORE_SERVER_FEATURE_ERROR |	\
-				 XENSTORE_SERVER_FEATURE_WATCHDEPTH)
+				 XENSTORE_SERVER_FEATURE_WATCHDEPTH |	\
+				 XENSTORE_SERVER_FEATURE_DOMID_ANY)
=20
 static xenmanage_handle *xm_handle;
 xengnttab_handle **xgt_handle;
@@ -1754,8 +1755,12 @@ static bool chk_domain_generation(unsigned int domid=
, uint64_t gen)
  * Allocate all missing struct domain referenced by a permission set.
  * Any permission entries for not existing domains will be marked to be
  * ignored.
+ * An DOMID_ANY entry will be marked to be ignored, if the writing
+ * domain doesn't have the XENSTORE_SERVER_FEATURE_DOMID_ANY enabled. Note
+ * that Xen tools will never set DOMID_ANY for a guest owned node.
  */
-int domain_alloc_permrefs(struct node_perms *perms)
+int domain_alloc_permrefs(const struct connection *conn,
+			  struct node_perms *perms)
 {
 	unsigned int i, domid;
 	struct domain *d;
@@ -1763,6 +1768,12 @@ int domain_alloc_permrefs(struct node_perms *perms)
=20
 	for (i =3D 0; i < perms->num; i++) {
 		domid =3D perms->p[i].id;
+		if (domid =3D=3D DOMID_ANY) {
+			if (!(conn->domain->features &
+			      XENSTORE_SERVER_FEATURE_DOMID_ANY))
+				perms->p[i].perms |=3D XS_PERM_IGNORE;
+			continue;
+		}
 		d =3D find_domain_struct(domid);
 		if (!d) {
 			if (xenmanage_get_domain_info(xm_handle, domid, NULL,
@@ -1788,6 +1799,7 @@ int domain_adjust_node_perms(struct node *node)
=20
 	for (i =3D 1; i < node->hdr.num_perms; i++) {
 		if ((perms[i].perms & XS_PERM_IGNORE) ||
+		    perms[i].id =3D=3D DOMID_ANY ||
 		    chk_domain_generation(perms[i].id, node->hdr.generation))
 			continue;
=20
diff --git a/tools/xenstored/domain.h b/tools/xenstored/domain.h
index b1cfb5cd82..7dad4849a0 100644
--- a/tools/xenstored/domain.h
+++ b/tools/xenstored/domain.h
@@ -116,7 +116,8 @@ const char *get_implicit_path(const struct connection *=
conn);
  */
 int domain_adjust_node_perms(struct node *node);
=20
-int domain_alloc_permrefs(struct node_perms *perms);
+int domain_alloc_permrefs(const struct connection *conn,
+			  struct node_perms *perms);
=20
 /* Quota manipulation */
 int domain_nbentry_inc(struct connection *conn, unsigned int domid);
diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wir=
e.h
index 2e763bc877..d6533a8452 100644
--- a/xen/include/public/io/xs_wire.h
+++ b/xen/include/public/io/xs_wire.h
@@ -126,6 +126,8 @@ struct xenstore_domain_interface {
 #define XENSTORE_SERVER_FEATURE_ERROR        2
 /* The XS_WATCH command can be used with a <depth> parameter */
 #define XENSTORE_SERVER_FEATURE_WATCHDEPTH   4
+/* The capability to use DOMID_ANY for node permissions */
+#define XENSTORE_SERVER_FEATURE_DOMID_ANY    8
=20
 /* Valid values for the connection field */
 #define XENSTORE_CONNECTED 0 /* the steady-state */
--=20
2.53.0
From nobody Sun May  3 14:21:17 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=quarantine dis=none)  header.from=suse.com
ARC-Seal: i=1; a=rsa-sha256; t=1776931782; cv=none;
	d=zohomail.com; s=zohoarc;
	b=jPwqERAahWZxfJGwbI34hWsK2UH7ZVbW59Zu/iSfdRphE7i9fcNcJNzdp1Obi/GCnqLxH+pq8pguRvaj79CpZQsIGCOcnOEDYSV7T6S6bcM7Ocv2BE0i+NropC8OMqntNIQp2jTGun//2KMwCKGy2ijcS0cpFStIoKd+4p6SQUQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1776931782;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=mye3eCQVSlEbkJEnkWGbsqAfuNKV6b0HpEvbptC1tVQ=;
	b=Gxoa/Xv2/8CxrwcCVe9ie6tVLY9A0vg0CVcWNoo2qSUQ41m5S+OTlaoykrAaZ1qL+p044fTsGdieMg9v9G/CbTu0yIGZiPC+bpuNf4EytHBDblPsjvUXWonc26creKzLTV2CD9ND9lom+63DzUqBqD4TKKVdpz/SYO6Z8cUeWj4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jgross@suse.com> (p=quarantine dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1776931782225896.8958946393736;
 Thu, 23 Apr 2026 01:09:42 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1291716.1570581 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7V-0006eB-37; Thu, 23 Apr 2026 08:09:09 +0000
Received: by outflank-mailman (output) from mailman id 1291716.1570581;
 Thu, 23 Apr 2026 08:09:09 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7U-0006e0-Uv; Thu, 23 Apr 2026 08:09:08 +0000
Received: by outflank-mailman (input) for mailman id 1291716;
 Thu, 23 Apr 2026 08:09:07 +0000
Received: from mx.expurgate.net ([195.190.135.10])
 by lists.xenproject.org with esmtp (Exim 4.92)
 (envelope-from <jgross@suse.com>) id 1wFp7T-0006Ny-Ol
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 08:09:07 +0000
Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with
 esmtp
 id 1wFp7T-009pmL-5G
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 10:09:07 +0200
Received: from [10.42.69.9] (helo=localhost)
 by localhost with ESMTP (eXpurgate MTA 0.9.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d39e-2eae-0a2a0a5409dd-0a2a4509aeac-16
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:09:07 +0200
Received: from [195.135.223.130] (helo=smtp-out1.suse.de)
 by tlsNG-bad1c0.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d3a2-2497-0a2a45090019-c387df82c062-3
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:09:07 +0200
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [IPv6:2a07:de40:b281:104:10:150:64:97])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-out1.suse.de (Postfix) with ESMTPS id 9617E6A81E;
 Thu, 23 Apr 2026 08:09:00 +0000 (UTC)
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 6EF76593A3;
 Thu, 23 Apr 2026 08:09:00 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
 by imap1.dmz-prg2.suse.org with ESMTPSA id r7kHGpzT6WkEXgAAD6G6ig
 (envelope-from <jgross@suse.com>); Thu, 23 Apr 2026 08:09:00 +0000
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Authentication-Results: eu.smtp.expurgate.cloud;
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References";
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931741;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=mye3eCQVSlEbkJEnkWGbsqAfuNKV6b0HpEvbptC1tVQ=;
	b=sPZf6KqqJRs24isDTQ3Kms4qAjjRhGoIKm66ukA1cIV1y945/3NRA2RegytzyEVa9AQLuD
	FP0D0BomlwISbMcjxjjIXLVllHLi3lcs3GIFIeyIzdeerDPIR+46fB8fWFlU3ciME2ASqt
	AuzhPVG3swBKXn6zCZFHFdUpe05mjE0=
Authentication-Results: smtp-out1.suse.de;
	dkim=pass header.d=suse.com header.s=susede1 header.b=AgfXxE44
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931740;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=mye3eCQVSlEbkJEnkWGbsqAfuNKV6b0HpEvbptC1tVQ=;
	b=AgfXxE44EPVmap4ZnIVWJtN9LpKEhQY9msq5nMBi1S9lBSMXtQBiigKT45Y5QpJDKvQFhM
	tKI0BRllurFsX1ml8neyfELHMKsl+9wJk9GM56MwN0LIklNoQhTa4WdpfUXgy8qMN8RwZL
	P2Uxz4krBpnib2eAupPqs2A36OL7wjc=
From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: dmukhin@ford.com,
	Juergen Gross <jgross@suse.com>,
	Julien Grall <julien@xen.org>,
	Anthony PERARD <anthony.perard@vates.tech>
Subject: [PATCH 3/4] tools/xenstored: allow @releaseDomain watch for all
 domains
Date: Thu, 23 Apr 2026 10:08:39 +0200
Message-ID: <20260423080840.530547-4-jgross@suse.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260423080840.530547-1-jgross@suse.com>
References: <20260423080840.530547-1-jgross@suse.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Action: no action
X-Rspamd-Server: rspamd2.dmz-prg2.suse.org
X-Spamd-Result: default: False [-3.01 / 50.00];
	BAYES_HAM(-3.00)[100.00%];
	MID_CONTAINS_FROM(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	R_MISSING_CHARSET(0.50)[];
	R_DKIM_ALLOW(-0.20)[suse.com:s=susede1];
	NEURAL_HAM_SHORT(-0.20)[-1.000];
	MIME_GOOD(-0.10)[text/plain];
	MX_GOOD(-0.01)[];
	MIME_TRACE(0.00)[0:+];
	FUZZY_RATELIMITED(0.00)[rspamd.com];
	DKIM_SIGNED(0.00)[suse.com:s=susede1];
	TO_DN_SOME(0.00)[];
	RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	ARC_NA(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:106:10:150:64:167:received];
	FROM_EQ_ENVFROM(0.00)[];
	MAILSPIKE_FAIL(0.00)[2a07:de40:b281:104:10:150:64:97:query timed out];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	DKIM_TRACE(0.00)[suse.com:+];
	RCPT_COUNT_FIVE(0.00)[5];
	DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.com:dkim,suse.com:mid,suse.com:email]
X-Rspamd-Queue-Id: 9617E6A81E
X-Spam-Flag: NO
X-Spam-Score: -3.01
X-Spam-Level: 
X-purgate-ID: tlsNG-bad1c0/1776931747-492B2A53-5C4844DD/0/0
X-purgate-type: clean
X-purgate-size: 2636
X-ZohoMail-DKIM: pass (identity @suse.com) (identity @suse.com)
X-ZM-MESSAGEID: 1776931783668154100
Content-Type: text/plain; charset="utf-8"

Currently the @releaseDomain watch is allowed for dom0 only. This is
problematic for guests which want to give other domains access to
Xenstore entries, as they have no simple way to tell when such a
domain is stopped.

Allow @releaseDomain to be usable by all domains as the default.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
---
 tools/xenstored/core.c | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index 5a621f53ba..421f227ff1 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -2279,19 +2279,19 @@ struct connection *get_connection_by_id(unsigned in=
t conn_id)
 }
=20
 /* We create initial nodes manually. */
-static void manual_node(const char *name, const char *child)
+static void manual_node_perms(const char *name, const char *child,
+			      struct xs_permissions *perms,
+			      unsigned int n_perms)
 {
 	struct node *node;
-	struct xs_permissions perms =3D { .id =3D priv_domid,
-					.perms =3D XS_PERM_NONE };
=20
 	node =3D talloc_zero(NULL, struct node);
 	if (!node)
 		barf_perror("Could not allocate initial node %s", name);
=20
 	node->name =3D name;
-	node->perms =3D &perms;
-	node->hdr.num_perms =3D 1;
+	node->perms =3D perms;
+	node->hdr.num_perms =3D n_perms;
 	node->children =3D (char *)child;
 	if (child)
 		node->hdr.childlen =3D strlen(child) + 1;
@@ -2301,6 +2301,14 @@ static void manual_node(const char *name, const char=
 *child)
 	talloc_free(node);
 }
=20
+static void manual_node(const char *name, const char *child)
+{
+	struct xs_permissions perms =3D { .id =3D priv_domid,
+					.perms =3D XS_PERM_NONE };
+
+	manual_node_perms(name, child, &perms, 1);
+}
+
 static unsigned int hash_from_key_fn(const void *k)
 {
 	const char *str =3D k;
@@ -2320,6 +2328,11 @@ static int keys_equal_fn(const void *key1, const voi=
d *key2)
=20
 void setup_structure(bool live_update)
 {
+	struct xs_permissions perms[] =3D {
+		{ .id =3D priv_domid,	.perms =3D XS_PERM_NONE },
+		{ .id =3D DOMID_ANY,	.perms =3D XS_PERM_READ },
+	};
+
 	nodes =3D create_hashtable(NULL, "nodes", hash_from_key_fn, keys_equal_fn,
 				 HASHTABLE_FREE_KEY | HASHTABLE_FREE_VALUE);
 	if (!nodes)
@@ -2331,7 +2344,8 @@ void setup_structure(bool live_update)
 		manual_node("/", "tool");
 		manual_node("/tool", "xenstored");
 		manual_node("/tool/xenstored", NULL);
-		manual_node("@releaseDomain", NULL);
+		manual_node_perms("@releaseDomain", NULL,
+				  perms, ARRAY_SIZE(perms));
 		manual_node("@introduceDomain", NULL);
 		domain_nbentry_fix(priv_domid, 5);
 	}
--=20
2.53.0
From nobody Sun May  3 14:21:17 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=quarantine dis=none)  header.from=suse.com
ARC-Seal: i=1; a=rsa-sha256; t=1776931774; cv=none;
	d=zohomail.com; s=zohoarc;
	b=eFPkFE1NM3mRmP6VhJDFoO2Bab9YkjF8o9PcCHDHkvkYAh1aGHn1t8xs4dh7mX5x81ZNV6MibAv+3lbrtTjzeBM+xFIBRVphxU1SNgemOZXxPH6duBw/uRyCoi2GsaieLmupSHrU1nJoIgL/A4k6fFnZ6IURsf8W+1bsOVH4M0U=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1776931774;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=UsqG9+X/SlnL7BdCX9NqfxTSD27zTpZHRZjBmI+WZ58=;
	b=N96AmajVPEEDBejibKMq0yyb0JTQxP+oCOnwRR41mxt4MR1/YRVa2HIwPiD8OMqUqrs5/wZDE/zQxaFaW3T/ZiGmwH7uL9c2t854D/G9kbr5t7BAosEex+wEY4NUiw28s79qN7JS6mtQl5l8VcBqPTJWCLw+HUcKMqSPtJIBgIw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jgross@suse.com> (p=quarantine dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1776931774648503.8504385281317;
 Thu, 23 Apr 2026 01:09:34 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1291715.1570573 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7T-0006OJ-Sd; Thu, 23 Apr 2026 08:09:07 +0000
Received: by outflank-mailman (output) from mailman id 1291715.1570573;
 Thu, 23 Apr 2026 08:09:07 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1wFp7T-0006O3-OA; Thu, 23 Apr 2026 08:09:07 +0000
Received: by outflank-mailman (input) for mailman id 1291715;
 Thu, 23 Apr 2026 08:09:07 +0000
Received: from mx.expurgate.net ([195.190.135.10])
 by lists.xenproject.org with esmtp (Exim 4.92)
 (envelope-from <jgross@suse.com>) id 1wFp7T-0006NT-8D
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 08:09:07 +0000
Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with
 esmtp
 id 1wFp7S-000vQl-KM
 for xen-devel@lists.xenproject.org; Thu, 23 Apr 2026 10:09:06 +0200
Received: from [10.42.69.6] (helo=localhost)
 by localhost with ESMTP (eXpurgate MTA 0.9.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d39c-e002-0a2a0a5209dd-0a2a450688f4-28
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:09:06 +0200
Received: from [195.135.223.131] (helo=smtp-out2.suse.de)
 by tlsNG-16d1c6.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1)
 (envelope-from <jgross@suse.com>)
 id 69e9d3a2-7371-0a2a45060019-c387df83b19c-3
 for <xen-devel@lists.xenproject.org>; Thu, 23 Apr 2026 10:09:06 +0200
Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-out2.suse.de (Postfix) with ESMTPS id 0B3A95BCFD;
 Thu, 23 Apr 2026 08:09:06 +0000 (UTC)
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id DC22C593B0;
 Thu, 23 Apr 2026 08:09:05 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
 by imap1.dmz-prg2.suse.org with ESMTPSA id BK6qNKHT6WkJXgAAD6G6ig
 (envelope-from <jgross@suse.com>); Thu, 23 Apr 2026 08:09:05 +0000
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Authentication-Results: eu.smtp.expurgate.cloud;
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References";
 dkim=pass header.s=susede1 header.d=suse.com header.i="@suse.com"
 header.h="From:Date:Message-ID:To:Cc:MIME-Version:Content-Transfer-Encoding:In-Reply-To:References"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931746;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=UsqG9+X/SlnL7BdCX9NqfxTSD27zTpZHRZjBmI+WZ58=;
	b=sOcM2DmO3hCcSkkSOQqMDHZYE7hbZLXGjCFTeAxkZHtd2fSEBs7jJH1udglCJDU4Xc1oEf
	bRFKKGOf8H7wUjbiLqbNGg2lyNFRyMFDwZTfpc7g+EEmdsP+y0Hf2gbpJy8OYnFhhxOT+Z
	VLReKxDQvom9d3+23Tx3fShk69h33+o=
Authentication-Results: smtp-out2.suse.de;
	none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1776931746;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=UsqG9+X/SlnL7BdCX9NqfxTSD27zTpZHRZjBmI+WZ58=;
	b=sOcM2DmO3hCcSkkSOQqMDHZYE7hbZLXGjCFTeAxkZHtd2fSEBs7jJH1udglCJDU4Xc1oEf
	bRFKKGOf8H7wUjbiLqbNGg2lyNFRyMFDwZTfpc7g+EEmdsP+y0Hf2gbpJy8OYnFhhxOT+Z
	VLReKxDQvom9d3+23Tx3fShk69h33+o=
From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: dmukhin@ford.com,
	Juergen Gross <jgross@suse.com>,
	Julien Grall <julien@xen.org>,
	Anthony PERARD <anthony.perard@vates.tech>
Subject: [PATCH 4/4] tools/xenstored: remove permissions related to dead
 domain
Date: Thu, 23 Apr 2026 10:08:40 +0200
Message-ID: <20260423080840.530547-5-jgross@suse.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260423080840.530547-1-jgross@suse.com>
References: <20260423080840.530547-1-jgross@suse.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Spamd-Result: default: False [-2.80 / 50.00];
	BAYES_HAM(-3.00)[100.00%];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	MID_CONTAINS_FROM(1.00)[];
	R_MISSING_CHARSET(0.50)[];
	NEURAL_HAM_SHORT(-0.20)[-1.000];
	MIME_GOOD(-0.10)[text/plain];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	TO_DN_SOME(0.00)[];
	DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:mid,suse.com:email,imap1.dmz-prg2.suse.org:helo];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FUZZY_RATELIMITED(0.00)[rspamd.com];
	DKIM_SIGNED(0.00)[suse.com:s=susede1];
	RCPT_COUNT_FIVE(0.00)[5];
	RCVD_TLS_ALL(0.00)[]
X-Spam-Flag: NO
X-Spam-Score: -2.80
X-Spam-Level: 
X-purgate-ID: tlsNG-16d1c6/1776931746-50767D75-5A35755B/0/0
X-purgate-type: clean
X-purgate-size: 3648
X-ZohoMail-DKIM: pass (identity @suse.com)
X-ZM-MESSAGEID: 1776931775529154100
Content-Type: text/plain; charset="utf-8"

Wit unprivileged domains now capable to use the @releaseDomain watch,
there is no reason not to remove any node permissions which relate to
a domain which has been removed.

This resolves a complex scenario where a new domain could inherit the
permissions of an old one with the same domid.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
---
 tools/xenstored/domain.c | 61 ++++++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 25 deletions(-)

diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index 0bd2a1891a..6fbb5c061a 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -569,24 +569,10 @@ static int domain_tree_remove_sub(const void *ctx, st=
ruct connection *conn,
 				  struct node *node, void *arg)
 {
 	struct domain *domain =3D arg;
-	int ret =3D WALK_TREE_OK;
-
-	if (node->perms[0].id !=3D domain->domid)
-		return WALK_TREE_OK;
+	bool node_changed =3D false;
+	unsigned int i;
=20
-	if (keep_orphans) {
-		domain_nbentry_dec(NULL, domain->domid);
-		node->perms[0].id =3D priv_domid;
-		node->acc.memory =3D 0;
-		domain_nbentry_inc(NULL, priv_domid);
-		if (write_node_raw(NULL, node->name, node, NODE_MODIFY, true)) {
-			/* That's unfortunate. We only can try to continue. */
-			syslog(LOG_ERR,
-			       "error when moving orphaned node %s to dom0\n",
-			       node->name);
-		} else
-			trace("orphaned node %s moved to dom0\n", node->name);
-	} else {
+	if (node->perms[0].id =3D=3D domain->domid && !keep_orphans) {
 		if (rm_node(NULL, ctx, node->name)) {
 			/* That's unfortunate. We only can try to continue. */
 			syslog(LOG_ERR,
@@ -596,10 +582,38 @@ static int domain_tree_remove_sub(const void *ctx, st=
ruct connection *conn,
 			trace("orphaned node %s deleted\n", node->name);
=20
 		/* Skip children in all cases in order to avoid more errors. */
-		ret =3D WALK_TREE_SKIP_CHILDREN;
+		return WALK_TREE_SKIP_CHILDREN;
 	}
=20
-	return domain->acc_val[ACC_NODES] ? ret : WALK_TREE_SUCCESS_STOP;
+	if (node->perms[0].id =3D=3D domain->domid) {
+		domain_nbentry_dec(NULL, domain->domid);
+		node->perms[0].id =3D priv_domid;
+		node->acc.memory =3D 0;
+		domain_nbentry_inc(NULL, priv_domid);
+		trace("moving orphaned node %s to dom0\n", node->name);
+		node_changed =3D true;
+	}
+
+	for (i =3D 1; i < node->hdr.num_perms; i++) {
+		if (node->perms[i].id !=3D domain->domid)
+			continue;
+		memmove(node->perms + i, node->perms + i + 1,
+			sizeof(*node->perms) * (node->hdr.num_perms - i - 1));
+		node->hdr.num_perms--;
+		i--;
+		node_changed =3D true;
+	}
+
+	if (node_changed) {
+		if (write_node_raw(NULL, node->name, node, NODE_MODIFY, true)) {
+			/* That's unfortunate. We only can try to continue. */
+			syslog(LOG_ERR,
+			       "error when writing modified node %s\n",
+			       node->name);
+		}
+	}
+
+	return WALK_TREE_OK;
 }
=20
 static void domain_tree_remove(struct domain *domain)
@@ -607,12 +621,9 @@ static void domain_tree_remove(struct domain *domain)
 	int ret;
 	struct walk_funcs walkfuncs =3D { .enter =3D domain_tree_remove_sub };
=20
-	if (domain->acc_val[ACC_NODES]) {
-		ret =3D walk_node_tree(domain, NULL, "/", &walkfuncs, domain);
-		if (ret =3D=3D WALK_TREE_ERROR_STOP)
-			syslog(LOG_ERR,
-			       "error when looking for orphaned nodes\n");
-	}
+	ret =3D walk_node_tree(domain, NULL, "/", &walkfuncs, domain);
+	if (ret =3D=3D WALK_TREE_ERROR_STOP)
+		syslog(LOG_ERR, "error when looking for orphaned nodes\n");
=20
 	walk_node_tree(domain, NULL, "@releaseDomain", &walkfuncs, domain);
 	walk_node_tree(domain, NULL, "@introduceDomain", &walkfuncs, domain);
--=20
2.53.0