On 16.07.2025 23:14, Jason Andryuk wrote:
> Add a new create domain flag to indicate if a domain can be the target
> of hypercalls. By default all domains can be targetted - subject to any
> other permission checks.
I think terminology needs clarifying here: What exactly does "targeted"
mean? Is that e.g. also intended to cover
XENMEM_{current,maximum}_reservation, which "target" a particular domain,
when at the same time they don't interfere with the targeted domain in
any way?
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -91,12 +91,16 @@ static always_inline int xsm_default_action(
> return 0;
> fallthrough;
> case XSM_DM_PRIV:
> + if ( target && !is_hypercall_target(target) )
> + return -EPERM;
> if ( is_dm_domain(src) )
> return 0;
> if ( target && evaluate_nospec(src->target == target) )
> return 0;
> fallthrough;
> case XSM_PRIV:
> + if ( target && !is_hypercall_target(target) )
> + return -EPERM;
Hmm, for TARGET, XS_PRIV, and DM_PRIV we're now doing the same check
twice.
Jan
> if ( is_control_domain(src) )
> return 0;
> return -EPERM;
