On 2025-03-17 10:18, Jan Beulich wrote:
On 06.03.2025 23:03, Jason Andryuk wrote:
This is useful for a combined hardware/xenstore domain that will run
init-dom0less and xenstored. init-dom0less calls xc_hvm_param_get() to
retrieve the xenstore event channel and pfn to configure xenstore for a
guest. With a hypervisor-allocated event channel and page, the
set_hvm_param is not needed, and the normal domid permissions will allow
xenstored to connect.
Similarly, a hyperlaunch-ed xenstore stubdom needs to read a domain's
xenstore event channel out of hvm_param.
This allows reading but not modifying the guest, so allow the permission.
Signed-off-by: Jason Andryuk <jason.andr...@amd.com>
Since this is exposing the entire param space to Xenstore, what I'm missing
is a security discussion for existing as well as potential future params.
There could well be some that better wouldn't be available for Xenstrore to
fetch.
I can't speak for future parameters, but existing HVM_PARAMs didn't seem
sensitive to me. The safest choice is to just pass the index to
xsm_hvm_param() and allow just HVM_PARAM_STORE_EVTCHN (and
HVM_PARAM_STORE_PFN) for the xenstore domain.
This works for ARM and x86 HVM/PVH. PV doesn't have a way to determine
a domain's event channel port, FWICT.
Regards,
Jason
