On 16.07.2025 23:14, Jason Andryuk wrote: > The Control domain is denied access to an untargetable domain. However > init-dom0less wants to read the xenstore event channel HVM param to > determine if xenstore should be set up. > > This is a read operation, so it is not modifying the domain. Special > case the HVMOP_get_param operation for is_control_domain(). It is done > in xsm_hvm_param() because xsm_default_action() is too complicated. > HVMOP_get_param should be allowed for a domain itself (XSM_TARGET) and > its device model - src->target or is_dm_domain(). It should otherwise > be denied for untargetable domains. xsm_default_action() doesn't have > sufficient information to identify the particular operation, so put it > in xsm_hvm_param(). > > Signed-off-by: Jason Andryuk <jason.andr...@amd.com> > --- > It's messy, but I couldn't think of a better way.
Fits well with my remarks on earlier patches. The granularity you want simply can't be had this way, unless you use such undesirable "overrides". Jan
