On 06.03.25 23:03, Jason Andryuk wrote:
With split hardware and control domains, each domain should be privileged with respect to xenstore. When adding domains to xenstore, look at their privilege and add them to xenstored as appropriate. dom0_domid is used for the hardware domain, and priv_domid is used for a control domain.Only one of each is allowed for now. Signed-off-by: Jason Andryuk <jason.andr...@amd.com> --- tools/xenstored/domain.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c index 64c8fd0cc3..f2394cd6e9 100644 --- a/tools/xenstored/domain.c +++ b/tools/xenstored/domain.c @@ -795,6 +795,20 @@ static struct domain *find_or_alloc_existing_domain(unsigned int domid) return domain; }+static void domain_set_privileged(struct domain *domain)+{ + xc_domaininfo_t dominfo; + + if ( !get_domain_info(domain->domid, &dominfo) ) + return; + + if ( dominfo.flags & XEN_DOMINF_priv ) + priv_domid = domain->domid; + + if ( dominfo.flags & XEN_DOMINF_hardware ) + dom0_domid = domain->domid; +}
Please no use of libxenctrl. I have worked hard to eliminate the usage in order to enable a xenstore-stubdom being used across Xen versions (C Xenstore is relying on stable hypercalls only now). You need to add the needed flags to the rather new stable domctl XEN_DOMCTL_get_domain_state and to libxenmanage.
+
static int new_domain(struct domain *domain, int port, bool restore)
{
int rc;
@@ -831,6 +845,8 @@ static int new_domain(struct domain *domain, int port, bool
restore)
domain->conn->domain = domain;
domain->conn->id = domain->domid;
+ domain_set_privileged(domain);
The name implies you are changing the domain to be privileged, but this is done conditionally only. Maybe name the function domain_apply_privileges()? Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
