On 16.07.2025 23:14, Jason Andryuk wrote: > Untargetable domains are currently hidden from the control domain - > e.g. xl list will not show them. getdomaininfo fails on the > !is_hypercall_target() check in XSM_TARGET. Add control domain to the > XSM_XS_PRIV check so it can pass.
This feels like a pretty gross abuse of XS_PRIV. It once again supports my take that the level of granularity you want will require Flask. Or of course you could also come up with a new access control mechanism, much lighter-weight than Flask, but still not dummy nor SILO. As per my reply to an earlier patch - whether it is okay to prevent e.g. "xl list" to see all domains is questionable as well. I'm not seeing "interference" there. > --- a/xen/include/xsm/dummy.h > +++ b/xen/include/xsm/dummy.h > @@ -87,7 +87,8 @@ static always_inline int xsm_default_action( > fallthrough; > case XSM_XS_PRIV: > if ( action == XSM_XS_PRIV && > - evaluate_nospec(is_xenstore_domain(src)) ) > + (evaluate_nospec(is_xenstore_domain(src)) || > + is_control_domain(src)) ) Like in patch 2 (in is_priv_domain()), I think this wants collapsing the two evaluate_nospec() into a single one. Jan
