With a split hardware and control domain, the control domain may still
want and xenstore access. Currently this relies on init-dom0less to
seed the grants. This is problematic since we don't want hardware
domain to be able to map the control domain's resources. Instead have
the hypervisor see the grant table entry. The grant is then accessible
as normal.
This is also useful with a xenstore stubdom to setup the xenbus page
much earlier.
This works with C xenstored. OCaml xenstored does not use grants and
would fail to foreign map the page.
Signed-off-by: Jason Andryuk <jason.andr...@amd.com>
---
xen/arch/arm/dom0less-build.c | 9 +++++++++
xen/common/grant_table.c | 10 ++++++++++
xen/include/xen/grant_table.h | 8 ++++++++
3 files changed, 27 insertions(+)
diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c
index 068bf99294..f1d5bbb097 100644
--- a/xen/arch/arm/dom0less-build.c
+++ b/xen/arch/arm/dom0less-build.c
@@ -21,6 +21,8 @@
#include <asm/static-memory.h>
#include <asm/static-shmem.h>
+static domid_t __initdata xs_domid = DOMID_INVALID;
+
bool __init is_dom0less_mode(void)
{
struct bootmodules *mods = &bootinfo.modules;
@@ -753,6 +755,10 @@ static int __init alloc_xenstore_page(struct domain *d)
interface->connection = XENSTORE_RECONNECT;
unmap_domain_page(interface);
+ if ( xs_domid != DOMID_INVALID )
+ gnttab_seed_entry(d, GNTTAB_RESERVED_XENSTORE, xs_domid,
+ gfn_x(gfn), GTF_permit_access);
+
return 0;
}
@@ -1173,6 +1179,9 @@ void __init create_domUs(void)
if ( rc )
panic("Could not set up domain %s (rc = %d)\n",
dt_node_name(node), rc);
+
+ if ( d_cfg.flags & XEN_DOMCTL_CDF_xs_domain )
+ xs_domid = d->domain_id;
}
}
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 6c77867f8c..ba93cdcbca 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -4346,6 +4346,16 @@ static void gnttab_usage_print(struct domain *rd)
printk("no active grant table entries\n");
}
+void gnttab_seed_entry(struct domain *d, int idx, domid_t be_domid,
+ uint64_t frame, unsigned int flags)
+{
+ struct grant_table *gt = d->grant_table;
+
+ shared_entry_v1(gt, idx).flags = flags;
+ shared_entry_v1(gt, idx).domid = be_domid;
+ shared_entry_v1(gt, idx).frame = frame;
+}
+
static void cf_check gnttab_usage_print_all(unsigned char key)
{
struct domain *d;
diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h
index 50edfecfb6..63150fa497 100644
--- a/xen/include/xen/grant_table.h
+++ b/xen/include/xen/grant_table.h
@@ -45,6 +45,10 @@ void grant_table_destroy(
struct domain *d);
void grant_table_init_vcpu(struct vcpu *v);
+/* Seed a gnttab entry for Hyperlaunch/dom0less. */
+void gnttab_seed_entry(struct domain *d, int idx, domid_t be_domid,
+ uint64_t frame, unsigned int flags);
+
/*
* Check if domain has active grants and log first 10 of them.
*/
@@ -85,6 +89,10 @@ static inline void grant_table_destroy(struct domain *d) {}
static inline void grant_table_init_vcpu(struct vcpu *v) {}
+static inline void gnttab_seed_entry(struct domain *d, int idx,
+ domid_t be_domid, uint64_t frame,
+ unsigned int flags) {}
+
static inline void grant_table_warn_active_grants(struct domain *d) {}
static inline int gnttab_release_mappings(struct domain *d) { return 0; }
--
2.48.1
