[PATCH v5 00/11] xenstored patches from split hardware control

[PATCH v5 00/11] xenstored patches from split hardware control

[Jason Andryuk]

This is a subset of patches focusing on xenstored changes from my split
hardware control domain series.

It should address the stubdom breakage from the previous series.
stubdom was tested in gitlab-ci - xl list shows Domain-0 and Xenstore.

"tools/xenstored: Use priv_domid for manual nodes and permission" is an
interesting result of looking to rename some internal variables to
better align their purpose.

Any review or guidance on the approach is appreciated.

Jason Andryuk (11):
  xen: Add capabilities to get_domain_state
  tools/manage: Expose domain capabilities
  public/io: xs_wire: Include event channel in interface page
  xen/dom0less: store xenstore event channel in page
  tools/xenstored: Read event channel from xenstored page
  tools/xenstored: Add get_domain_evtchn() to find evtchn
  tools/xenstored: Auto-introduce domains
  tools/xenstored: Use priv_domid for manual nodes and permission
  tools/xenstored: Rename dom0_domid to store_domid
  tools/xenstored: Remove stubdom special casing
  tools/xenstored: Remove hardcoded implicit path

 tools/include/xenmanage.h               |  14 ++-
 tools/libs/manage/core.c                |  21 +++-
 tools/xenstored/core.c                  |  17 +--
 tools/xenstored/core.h                  |   8 +-
 tools/xenstored/domain.c                | 133 ++++++++++++++++++------
 tools/xenstored/domain.h                |   2 +-
 tools/xenstored/minios.c                |  21 +++-
 tools/xenstored/posix.c                 |  18 +++-
 xen/common/device-tree/dom0less-build.c |   7 ++
 xen/common/domain.c                     |  10 +-
 xen/include/public/domctl.h             |   7 +-
 xen/include/public/io/xs_wire.h         |   7 ++
 12 files changed, 202 insertions(+), 63 deletions(-)

-- 
2.50.1

[PATCH v5 01/11] xen: Add capabilities to get_domain_state

[Jason Andryuk]

Expose a domain's capabilities - control, hardware or xenstore - through
stable get domain state hypercall.

The xenstore domain can use this information to assign appropriate
permissions on connections.

Repurpose the 16bit pad field for this purpose.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@amd.com>
---
v3:
Add Stefano's R-b

v2:
Init info->caps = 0
Remove stale comment on caps field
Add Juergen's R-b
---
 xen/common/domain.c         | 10 +++++++++-
 xen/include/public/domctl.h |  7 +++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 303c338ef2..3c65cca5b0 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -195,6 +195,14 @@ static void set_domain_state_info(struct xen_domctl_get_domain_state *info,
         info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DYING;
     if ( d->is_dying == DOMDYING_dead )
         info->state |= XEN_DOMCTL_GETDOMSTATE_STATE_DEAD;
+
+    info->caps = 0;
+    if ( is_control_domain(d) )
+        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL;
+    if ( is_hardware_domain(d) )
+        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE;
+    if ( is_xenstore_domain(d) )
+        info->caps |= XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE;
     info->unique_id = d->unique_id;
 }
 
@@ -205,7 +213,7 @@ int get_domain_state(struct xen_domctl_get_domain_state *info, struct domain *d,
     int rc = -ENOENT;
     struct domain *hdl;
 
-    if ( info->pad0 || info->pad1 )
+    if ( info->pad0 )
         return -EINVAL;
 
     if ( d )
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index a69dd96084..0c75d9d27f 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -1265,8 +1265,11 @@ struct xen_domctl_get_domain_state {
 #define XEN_DOMCTL_GETDOMSTATE_STATE_SHUTDOWN  0x0002  /* Shutdown finished. */
 #define XEN_DOMCTL_GETDOMSTATE_STATE_DYING     0x0004  /* Domain dying. */
 #define XEN_DOMCTL_GETDOMSTATE_STATE_DEAD      0x0008  /* Domain dead. */
-    uint16_t pad0;           /* Must be 0 on input, returned as 0. */
-    uint32_t pad1;           /* Must be 0 on input, returned as 0. */
+    uint16_t caps;
+#define XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL     0x0001  /* Control domain. */
+#define XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE    0x0002  /* Hardware domain. */
+#define XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE    0x0004  /* Xenstore domain. */
+    uint32_t pad0;           /* Must be 0 on input, returned as 0. */
     uint64_t unique_id;      /* Unique domain identifier. */
 };
 
-- 
2.50.1

[PATCH v5 02/11] tools/manage: Expose domain capabilities

[Jason Andryuk]

Add an additional "caps" argument to the libxenmanage functions to
obtain a domains capabilities - control, hardware, and xenstore.

Update the xenstored callers at the same time.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
---
v2:
Add Juergen's R-b
---
 tools/include/xenmanage.h | 14 ++++++++++++--
 tools/libs/manage/core.c  | 21 +++++++++++++++++----
 tools/xenstored/domain.c  |  8 ++++----
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/tools/include/xenmanage.h b/tools/include/xenmanage.h
index 956b7a0a44..6fc0d9fe24 100644
--- a/tools/include/xenmanage.h
+++ b/tools/include/xenmanage.h
@@ -45,6 +45,12 @@ int xenmanage_close(xenmanage_handle *hdl);
 #define XENMANAGE_GETDOMSTATE_STATE_DYING     0x0004  /* Domain dying. */
 #define XENMANAGE_GETDOMSTATE_STATE_DEAD      0x0008  /* Domain dead. */
 
+/* Control Domain capability. */
+#define XENMANAGE_GETDOMSTATE_CAP_CONTROL     0x0001
+/* Hardware Domain capability. */
+#define XENMANAGE_GETDOMSTATE_CAP_HARDWARE    0x0002
+/* Xenstore Domain capability. */
+#define XENMANAGE_GETDOMSTATE_CAP_XENSTORE    0x0004
 /*
  * Return state information of an existing domain.
  *
@@ -59,7 +65,8 @@ int xenmanage_close(xenmanage_handle *hdl);
  * Return value: 0 if information was stored, -1 else (errno is set)
  */
 int xenmanage_get_domain_info(xenmanage_handle *hdl, unsigned int domid,
-                              unsigned int *state, uint64_t *unique_id);
+                              unsigned int *state, unsigned int *caps,
+                              uint64_t *unique_id);
 
 /*
  * Return information of a domain having changed state recently.
@@ -73,12 +80,15 @@ int xenmanage_get_domain_info(xenmanage_handle *hdl, unsigned int domid,
  *   domid:     where to store the domid of the domain (not NULL)
  *   state:     where to store the state (XENMANAGE_GETDOMSTATE_STATE_ flags,
  *              nothing stored if NULL)
+ *   caps:      where to store the capabilities (XENMANAGE_GETDOMSTATE_CAP_
+ *              flags, nothing stored if NULL)
  *   unique_id: where to store the unique id of the domain (nothing stored if
  *              NULL)
  * Return value: 0 if information was stored, -1 else (errno is set)
  */
 int xenmanage_poll_changed_domain(xenmanage_handle *hdl, unsigned int *domid,
-                                  unsigned int *state, uint64_t *unique_id);
+                                  unsigned int *state, unsigned int *caps,
+                                  uint64_t *unique_id);
 #endif /* XENMANAGE_H */
 
 /*
diff --git a/tools/libs/manage/core.c b/tools/libs/manage/core.c
index 8fb421df41..2fabdecaab 100644
--- a/tools/libs/manage/core.c
+++ b/tools/libs/manage/core.c
@@ -92,6 +92,7 @@ static int xenmanage_do_domctl_get_domain_state(xenmanage_handle *hdl,
                                                 unsigned int domid_in,
                                                 unsigned int *domid_out,
                                                 unsigned int *state,
+                                                unsigned int *caps,
                                                 uint64_t *unique_id)
 {
     struct xen_domctl *buf;
@@ -130,6 +131,16 @@ static int xenmanage_do_domctl_get_domain_state(xenmanage_handle *hdl,
             if ( st->state & XEN_DOMCTL_GETDOMSTATE_STATE_DEAD )
                 *state |= XENMANAGE_GETDOMSTATE_STATE_DEAD;
         }
+        if ( caps )
+        {
+            *caps = 0;
+            if ( st->caps & XEN_DOMCTL_GETDOMSTATE_CAP_CONTROL )
+                *caps |= XENMANAGE_GETDOMSTATE_CAP_CONTROL;
+            if ( st->caps & XEN_DOMCTL_GETDOMSTATE_CAP_HARDWARE )
+                *caps |= XENMANAGE_GETDOMSTATE_CAP_HARDWARE;
+            if ( st->caps & XEN_DOMCTL_GETDOMSTATE_CAP_XENSTORE )
+                *caps |= XENMANAGE_GETDOMSTATE_CAP_XENSTORE;
+        }
         if ( unique_id )
             *unique_id = st->unique_id;
     }
@@ -142,7 +153,8 @@ static int xenmanage_do_domctl_get_domain_state(xenmanage_handle *hdl,
 }
 
 int xenmanage_get_domain_info(xenmanage_handle *hdl, unsigned int domid,
-                              unsigned int *state, uint64_t *unique_id)
+                              unsigned int *state, unsigned int *caps,
+                              uint64_t *unique_id)
 {
     if ( !hdl || domid >= DOMID_FIRST_RESERVED )
     {
@@ -150,12 +162,13 @@ int xenmanage_get_domain_info(xenmanage_handle *hdl, unsigned int domid,
         return -1;
     }
 
-    return xenmanage_do_domctl_get_domain_state(hdl, domid, NULL, state,
+    return xenmanage_do_domctl_get_domain_state(hdl, domid, NULL, state, caps,
                                                 unique_id);
 }
 
 int xenmanage_poll_changed_domain(xenmanage_handle *hdl, unsigned int *domid,
-                                  unsigned int *state, uint64_t *unique_id)
+                                  unsigned int *state, unsigned int *caps,
+                                  uint64_t *unique_id)
 {
     if ( !hdl || !domid )
     {
@@ -164,5 +177,5 @@ int xenmanage_poll_changed_domain(xenmanage_handle *hdl, unsigned int *domid,
     }
 
     return xenmanage_do_domctl_get_domain_state(hdl, DOMID_INVALID, domid,
-                                                state, unique_id);
+                                                state, caps, unique_id);
 }
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index e1d5e8d614..f119d714ac 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -667,7 +667,7 @@ static int check_domain(const void *k, void *v, void *arg)
 	unsigned int state;
 	uint64_t unique_id;
 
-	if (xenmanage_get_domain_info(xm_handle, domain->domid, &state,
+	if (xenmanage_get_domain_info(xm_handle, domain->domid, &state, NULL,
 				      &unique_id)) {
 		unique_id = 0;
 		state = 0;
@@ -700,7 +700,7 @@ static void do_check_domains(void)
 	struct domain *domain;
 	bool notify = false;
 
-	while (!xenmanage_poll_changed_domain(xm_handle, &domid, &state,
+	while (!xenmanage_poll_changed_domain(xm_handle, &domid, &state, NULL,
 					      &unique_id)) {
 		domain = find_domain_struct(domid);
 		if (domain)
@@ -829,7 +829,7 @@ static struct domain *find_or_alloc_existing_domain(unsigned int domid)
 	domain = find_domain_struct(domid);
 	if (!domain || !domain->unique_id)
 		dom_valid = !xenmanage_get_domain_info(xm_handle, domid,
-						       NULL, &unique_id);
+						       NULL, NULL, &unique_id);
 
 	if (dom_valid) {
 		if (!domain)
@@ -1377,7 +1377,7 @@ int domain_alloc_permrefs(struct node_perms *perms)
 		domid = perms->p[i].id;
 		d = find_domain_struct(domid);
 		if (!d) {
-			if (xenmanage_get_domain_info(xm_handle, domid,
+			if (xenmanage_get_domain_info(xm_handle, domid, NULL,
 						      NULL, &unique_id))
 				perms->p[i].perms |= XS_PERM_IGNORE;
 			else if (!alloc_domain(NULL, domid, unique_id))
-- 
2.50.1

[PATCH v5 03/11] public/io: xs_wire: Include event channel in interface page

[Jason Andryuk]

Include the event channel in struct xenstore_domain_interface.  This way
the toolstack or xen can communicate the event channel to xenstored in
memory xenstored already needs to access.

xenstored maps the grant with the well known GNTTAB_RESERVED_XENSTORE
index, so no further information is needed.

Suggested-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
---
v2:
s/domU/domain/ in comment
Add Juergen's R-b
---
 xen/include/public/io/xs_wire.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h
index e92a87a07b..d2e2b8b9eb 100644
--- a/xen/include/public/io/xs_wire.h
+++ b/xen/include/public/io/xs_wire.h
@@ -110,6 +110,7 @@ struct xenstore_domain_interface {
     uint32_t server_features; /* Bitmap of features supported by the server */
     uint32_t connection;
     uint32_t error;
+    uint32_t evtchn_port;
 };
 
 /* Violating this is very bad.  See docs/misc/xenstore.txt. */
@@ -134,6 +135,12 @@ struct xenstore_domain_interface {
 #define XENSTORE_ERROR_RINGIDX 2 /* Invalid ring index */
 #define XENSTORE_ERROR_PROTO   3 /* Protocol violation (payload too long) */
 
+/*
+ * The evtchn_port field is the domain's event channel for xenstored to signal.
+ * It is filled in by Xen for dom0less/Hyperlaunch domains.  It is only used
+ * when non-zero.  Otherwise the event channel from XS_INTRODUCE is used.
+ */
+
 #endif /* _XS_WIRE_H */
 
 /*
-- 
2.50.1

[PATCH v5 04/11] xen/dom0less: store xenstore event channel in page

[Jason Andryuk]

Write the associated event channel into the xenstore page so xenstored
can read it.  xenstored can map the grant by the reserved grant table
entry, and then read out the event channel and bind it.  This eliminates
the need for an additional mechanism to discover the event channel.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
This is ARM-only for the time being.  A common function to write to
guest physical address will be needed.
---
 xen/common/device-tree/dom0less-build.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xen/common/device-tree/dom0less-build.c b/xen/common/device-tree/dom0less-build.c
index 6bb038111d..a96089d9bb 100644
--- a/xen/common/device-tree/dom0less-build.c
+++ b/xen/common/device-tree/dom0less-build.c
@@ -26,6 +26,7 @@
 #include <public/event_channel.h>
 #include <public/io/xs_wire.h>
 
+#include <asm/guest_access.h>
 #include <asm/setup.h>
 
 #include <xen/static-memory.h>
@@ -120,8 +121,14 @@ static void __init initialize_domU_xenstore(void)
 
         if ( gfn != XENSTORE_PFN_LATE_ALLOC && IS_ENABLED(CONFIG_GRANT_TABLE) )
         {
+            evtchn_port_t port = d->arch.hvm.params[HVM_PARAM_STORE_EVTCHN];
+            paddr_t evtchn_gaddr = gfn_to_gaddr(_gfn(gfn)) +
+                offsetof(struct xenstore_domain_interface, evtchn_port);
+
             ASSERT(gfn < UINT32_MAX);
             gnttab_seed_entry(d, GNTTAB_RESERVED_XENSTORE, xs_domid, gfn);
+            access_guest_memory_by_gpa(d, evtchn_gaddr, &port, sizeof(port),
+                                       true /* is_write */);
         }
     }
 }
-- 
2.50.1

[PATCH v5 05/11] tools/xenstored: Read event channel from xenstored page

[Jason Andryuk]

Make introduce_domain() use an event channel from the the xenstore page.
It is only used if non-zero.  Otherwise the passed in event channel port
is used.

The is useful for a xenstored stubdom to configure domains autonomously.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
---
v4:
R-b Juergen

v2:
Remove iface_port variable.
---
 tools/xenstored/domain.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index f119d714ac..1241f8c73e 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -1024,6 +1024,10 @@ static struct domain *introduce_domain(const void *ctx,
 		interface = map_interface(domid);
 		if (!interface && !restore)
 			return NULL;
+
+		if (interface->evtchn_port)
+			port = interface->evtchn_port;
+
 		if (new_domain(domain, port, restore)) {
 			rc = errno;
 			if (interface)
-- 
2.50.1

[PATCH v5 06/11] tools/xenstored: Add get_domain_evtchn() to find evtchn

[Jason Andryuk]

Add helpers to lookup the event channel for a domid.  This hides some
of the differences between dom0 and stubdom xenstored.  Each version
defines its own.

It highlights the different meanings between get_xenbus_evtchn() in a
stubdom, where it looks up dom0's event channel, and dom0, where it
looks up the local event channel.

get_domain_evtchn() replaces get_xenbus_evtchn(), and
get_xenbus_evtchn() is removed from minios.c as it is inlined in the new
function.

The default return 0 will be fine as any other auto-introduced domain
will needs the event channel populated in the grant.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
v5:
Split get_domain_evtchn() in minios.c and posix.c versions
s/dom0/stubdom/
---
 tools/xenstored/core.h   |  2 +-
 tools/xenstored/domain.c |  9 +++++++--
 tools/xenstored/minios.c | 17 +++++++++++++++--
 tools/xenstored/posix.c  | 16 +++++++++++++++-
 4 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/tools/xenstored/core.h b/tools/xenstored/core.h
index 1ba9592d16..877b1e1103 100644
--- a/tools/xenstored/core.h
+++ b/tools/xenstored/core.h
@@ -394,7 +394,7 @@ static inline bool domain_is_unprivileged(const struct connection *conn)
 }
 
 /* Return the event channel used by xenbus. */
-evtchn_port_t get_xenbus_evtchn(void);
+evtchn_port_t get_domain_evtchn(unsigned int domid);
 void early_init(bool live_update, bool dofork, const char *pidfile);
 void late_init(bool live_update);
 
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index 1241f8c73e..71ab7aaad3 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -1256,7 +1256,7 @@ void dom0_init(void)
 	evtchn_port_t port;
 	struct domain *dom0;
 
-	port = get_xenbus_evtchn();
+	port = get_domain_evtchn(xenbus_master_domid());
 	if (port == -1)
 		barf_perror("Failed to initialize dom0 port");
 
@@ -1271,11 +1271,16 @@ void stubdom_init(void)
 {
 #ifdef __MINIOS__
 	struct domain *stubdom;
+	evtchn_port_t port;
 
 	if (stub_domid < 0)
 		return;
 
-	stubdom = introduce_domain(NULL, stub_domid, xenbus_evtchn, false);
+	port = get_domain_evtchn(stub_domid);
+	if (port == -1)
+		barf_perror("Failed to initialize stubdom port");
+
+	stubdom = introduce_domain(NULL, stub_domid, port, false);
 	if (!stubdom)
 		barf_perror("Failed to initialize stubdom");
 
diff --git a/tools/xenstored/minios.c b/tools/xenstored/minios.c
index a229954cf4..a86edbd5c8 100644
--- a/tools/xenstored/minios.c
+++ b/tools/xenstored/minios.c
@@ -41,9 +41,22 @@ struct connection *add_socket_connection(int fd)
 	barf("socket based connection without sockets");
 }
 
-evtchn_port_t get_xenbus_evtchn(void)
+/*
+ * minios stubdom looks up dom0's event channel from the command line
+ * (--event).  The stubdom's own event channel is returned directly.
+ *
+ * Any other existing domains from dom0less/Hyperlaunch will have
+ * the event channel in the xenstore page, so lookup here isn't necessary.
+ * --event would not be set, so it would default to 0.
+ */
+evtchn_port_t get_domain_evtchn(unsigned int domid)
 {
-	return dom0_event;
+	if (domid == stub_domid)
+		return xenbus_evtchn;
+	else if (domid == priv_domid)
+		return dom0_event;
+
+	return 0;
 }
 
 void *xenbus_map(void)
diff --git a/tools/xenstored/posix.c b/tools/xenstored/posix.c
index 6037d739d0..d850dc0da9 100644
--- a/tools/xenstored/posix.c
+++ b/tools/xenstored/posix.c
@@ -139,7 +139,7 @@ void unmap_xenbus(void *interface)
 	munmap(interface, getpagesize());
 }
 
-evtchn_port_t get_xenbus_evtchn(void)
+static evtchn_port_t get_xenbus_evtchn(void)
 {
 	int fd;
 	int rc;
@@ -166,6 +166,20 @@ evtchn_port_t get_xenbus_evtchn(void)
 	return port;
 }
 
+/*
+ * dom0 xenstored uses get_xenbus_evtchn() to lookup with XENSTORED_PORT_DEV.
+ *
+ * Any other existing domains from dom0less/Hyperlaunch will have
+ * the event channel in the xenstore page, so lookup here isn't necessary.
+ */
+evtchn_port_t get_domain_evtchn(unsigned int domid)
+{
+	if (domid == xenbus_master_domid())
+		return get_xenbus_evtchn();
+
+	return 0;
+}
+
 void *xenbus_map(void)
 {
 	int fd;
-- 
2.50.1

[PATCH v5 07/11] tools/xenstored: Auto-introduce domains

[Jason Andryuk]

Replace dom0_init() with init_domains() which uses libxenmanage to
iterate through all existing domains, storing them in a list.  The xenstore
domain is introduced first, and then all the other domains are
introduced.  The xenstore domain needs to be introduced first to setup
structures needed for firing watches.

dom0_domid is updated with the xenstore domain, since it really
indicates the local domain.

priv_domid is set to the control domain.  This makes it limited to a
single domain.

These features let xenstore automatically connect any existing domains,
which means it doesn't need to be done manually from init-dom0less.

For a legacy dom0, the result should be unchanged.

For a late xenstore stubdom it should also be the same, but priv_domid
would be set automatically to control domain (which default to 0
normally).

Always signal the event channel for initial domains.  This gets dom0 (a
local xenstored domain) to connect.

Also always write XENSTORE_CONNECTED since we know we are connected at
this point.

To support ARM dom0less domains with xen,enhanced = "no-xenstore" a
failed introduce_domain() becomes non-fatal.  Normally,
HVM_PARAM_STORE_EVTCHN is used to identify .

priv_domid from the command line is used, or the first control domain is
used.

dom0_domid will set to the last xenstore found.  This will handle dom0
or dom0less, where only 1 xenstore domain can exist, or stubdom, where
dom0 and dom1 exist, and we want to take the stubdom.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
v5:
Add init_domain() helper and call for dom0_domid first outside loop.
Fix HVM_PARAM_STORE_EVTCHN typo
Only take first priv_domid and respect command line setting
Take last dom0_domid
Set priv_domid & dom0_domid default values - bail if both unset
Use talloc_realloc
Remove domain_conn_reset()
---
 tools/xenstored/core.c   |   6 +--
 tools/xenstored/domain.c | 100 ++++++++++++++++++++++++++++++---------
 tools/xenstored/domain.h |   2 +-
 3 files changed, 82 insertions(+), 26 deletions(-)

diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index 37e4dd5a5b..dbf3548a8e 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -2564,9 +2564,9 @@ static struct option options[] = {
 #endif
 	{ NULL, 0, NULL, 0 } };
 
-int dom0_domid = 0;
+int dom0_domid = DOMID_INVALID;
 int dom0_event = 0;
-int priv_domid = 0;
+int priv_domid = DOMID_INVALID;
 domid_t stub_domid = DOMID_INVALID;
 
 static unsigned int get_optval_uint(const char *arg)
@@ -2757,7 +2757,7 @@ int main(int argc, char *argv[])
 	/* Listen to hypervisor. */
 	if (!live_update) {
 		domain_init(-1);
-		dom0_init();
+		init_domains();
 	}
 
 	/* redirect to /dev/null now we're ready to accept connections */
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index 71ab7aaad3..5e53fe8736 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -1251,41 +1251,97 @@ const char *get_implicit_path(const struct connection *conn)
 	return conn->domain->path;
 }
 
-void dom0_init(void)
+static bool init_domain(unsigned int domid)
 {
 	evtchn_port_t port;
-	struct domain *dom0;
+	struct domain *domain;
 
-	port = get_domain_evtchn(xenbus_master_domid());
+	port = get_domain_evtchn(domid);
 	if (port == -1)
-		barf_perror("Failed to initialize dom0 port");
+		barf_perror("Failed to initialize dom%u port", domid);
 
-	dom0 = introduce_domain(NULL, xenbus_master_domid(), port, false);
-	if (!dom0)
-		barf_perror("Failed to initialize dom0");
+	domain = introduce_domain(NULL, domid, port, false);
+	if (!domain) {
+		xprintf("Could not initialize dom%u", domid);
+		return false;
+	}
 
-	xenevtchn_notify(xce_handle, dom0->port);
-}
+	if (domain->interface)
+		domain->interface->connection = XENSTORE_CONNECTED;
 
-void stubdom_init(void)
+	xenevtchn_notify(xce_handle, domain->port);
+
+	return true;
+}
+void init_domains(void)
 {
-#ifdef __MINIOS__
-	struct domain *stubdom;
-	evtchn_port_t port;
+	unsigned int *domids = NULL;
+	unsigned int nr_domids = 0;
+	unsigned int domid;
+	unsigned int state;
+	unsigned int caps;
+	uint64_t unique_id;
+	int introduce_count = 0;
 
-	if (stub_domid < 0)
-		return;
+	while (!xenmanage_poll_changed_domain(xm_handle, &domid, &state, &caps,
+					      &unique_id)) {
+		nr_domids++;
+		domids = talloc_realloc(NULL, domids, unsigned int, nr_domids);
+		if (!domids)
+			barf_perror("Failed to reallocate domids");
+
+		domids[nr_domids - 1] = domid;
+
+		if (caps & XENMANAGE_GETDOMSTATE_CAP_CONTROL) {
+			/*
+			 * Only update with first found - otherwise use command
+			 * line.
+			 */
+			if (priv_domid == DOMID_INVALID)
+				priv_domid = domid;
+		}
 
-	port = get_domain_evtchn(stub_domid);
-	if (port == -1)
-		barf_perror("Failed to initialize stubdom port");
+		if (caps & XENMANAGE_GETDOMSTATE_CAP_XENSTORE) {
+			/*
+			 * Update with last found.  dom0 or dom0less will only
+			 * have 1 domain.  stubdom there will be dom0 and dom1,
+			 * so this will take the second for stubdom.
+			 */
+			dom0_domid = domid;
+		}
+	}
+
+	if (dom0_domid == DOMID_INVALID)
+		dom0_domid = priv_domid;
 
-	stubdom = introduce_domain(NULL, stub_domid, port, false);
-	if (!stubdom)
-		barf_perror("Failed to initialize stubdom");
+	if (dom0_domid == DOMID_INVALID)
+		barf("Could not determine xenstore domid\n");
 
-	xenevtchn_notify(xce_handle, stubdom->port);
+	/*
+	 * Local domid must be first to setup structures for firing the special
+	 * watches.
+	 */
+	if (init_domain(dom0_domid))
+		introduce_count++;
+
+	for (unsigned int i = 0; i < nr_domids; i++) {
+		domid = domids[i];
+		if (domid == dom0_domid)
+			continue;
 
+		if (init_domain(domid))
+			introduce_count++;
+	}
+
+	talloc_free(domids);
+
+	if (introduce_count == 0)
+		barf("Did not initialize any domains");
+}
+
+void stubdom_init(void)
+{
+#ifdef __MINIOS__
 	mount_9pfs();
 #endif
 }
diff --git a/tools/xenstored/domain.h b/tools/xenstored/domain.h
index 844ac11510..6a78f06935 100644
--- a/tools/xenstored/domain.h
+++ b/tools/xenstored/domain.h
@@ -84,7 +84,7 @@ int do_reset_watches(const void *ctx, struct connection *conn,
 
 void domain_early_init(void);
 void domain_init(int evtfd);
-void dom0_init(void);
+void init_domains(void);
 void stubdom_init(void);
 void domain_deinit(void);
 void ignore_connection(struct connection *conn, unsigned int err);
-- 
2.50.1

[PATCH v5 08/11] tools/xenstored: Use priv_domid for manual nodes and permission

[Jason Andryuk]

Usually, priv_domid == dom0_domid == 0, and that is what is expected.
If we rename s/dom0_domid/store_domid/, it seems more likely we want to
actually have the priv_domid as the owner.

That leads to follow on changes to ensure that the priv_domid is created
first.

If priv_domid is unset, set to dom0_domid to have a functional
xenstored.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
Held off R-b Juergen because of priv_domid setting

v5:
Add unset priv_domid setting
Additional change for continue check inside the loop
---
 tools/xenstored/core.c   |  4 ++--
 tools/xenstored/domain.c | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index dbf3548a8e..098958f611 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -2266,7 +2266,7 @@ struct connection *get_connection_by_id(unsigned int conn_id)
 static void manual_node(const char *name, const char *child)
 {
 	struct node *node;
-	struct xs_permissions perms = { .id = dom0_domid,
+	struct xs_permissions perms = { .id = priv_domid,
 					.perms = XS_PERM_NONE };
 
 	node = talloc_zero(NULL, struct node);
@@ -2317,7 +2317,7 @@ void setup_structure(bool live_update)
 		manual_node("/tool/xenstored", NULL);
 		manual_node("@releaseDomain", NULL);
 		manual_node("@introduceDomain", NULL);
-		domain_nbentry_fix(dom0_domid, 5, true);
+		domain_nbentry_fix(priv_domid, 5, true);
 	}
 }
 
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index 5e53fe8736..94cbe81ca5 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -1014,7 +1014,7 @@ static struct domain *introduce_domain(const void *ctx,
 	struct domain *domain;
 	int rc;
 	struct xenstore_domain_interface *interface;
-	bool is_master_domain = (domid == xenbus_master_domid());
+	bool is_priv_domain = (domid == priv_domid);
 
 	domain = find_or_alloc_domain(ctx, domid);
 	if (!domain)
@@ -1037,13 +1037,13 @@ static struct domain *introduce_domain(const void *ctx,
 		}
 		domain->interface = interface;
 
-		if (is_master_domain)
+		if (is_priv_domain)
 			setup_structure(restore);
 
 		/* Now domain belongs to its connection. */
 		talloc_steal(domain->conn, domain);
 
-		if (!is_master_domain && !restore)
+		if (!is_priv_domain && !restore)
 			fire_special_watches("@introduceDomain");
 	} else {
 		/* Use XS_INTRODUCE for recreating the xenbus event-channel. */
@@ -1311,22 +1311,22 @@ void init_domains(void)
 		}
 	}
 
-	if (dom0_domid == DOMID_INVALID)
-		dom0_domid = priv_domid;
+	if (priv_domid == DOMID_INVALID)
+		priv_domid = dom0_domid;
 
-	if (dom0_domid == DOMID_INVALID)
+	if (priv_domid == DOMID_INVALID)
 		barf("Could not determine xenstore domid\n");
 
 	/*
 	 * Local domid must be first to setup structures for firing the special
 	 * watches.
 	 */
-	if (init_domain(dom0_domid))
+	if (init_domain(priv_domid))
 		introduce_count++;
 
 	for (unsigned int i = 0; i < nr_domids; i++) {
 		domid = domids[i];
-		if (domid == dom0_domid)
+		if (domid == priv_domid)
 			continue;
 
 		if (init_domain(domid))
-- 
2.50.1

[PATCH v5 09/11] tools/xenstored: Rename dom0_domid to store_domid

[Jason Andryuk]

The dom0_domid variable is misnamed and conflates purposes.  If we have
xenstored running in a Linux domain that is not dom0, this variable
controls the lookup of /proc/xen/xsd_kva and the event channel.

Rename to store_domid to better show its purpose.

One implication of this change is that the xenstore domain is not
privileged by virtue of considering store_domid as privileged.

domain_is_unprivileged() removes the dom0_domid/store_domid check, so
xenstore domain is no longer considered privileged.

onearg_domain() is updated to return EINVAL for store_domid or priv_domid
to maintain the ability to call XS_RESUME.

xenbus_master_domid() is removed with store_domid being used instead.

Add a description of the -m/--master-domid options while
doing this.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
v5:
Remove xenbus_master_domid()
domain_is_unprivileged() drop dom0/store_domid.
XS_RESUME/onearg_domain() check store_domid || priv_domid
---
 tools/xenstored/core.c   |  9 ++++++---
 tools/xenstored/core.h   |  6 ++----
 tools/xenstored/domain.c | 10 +++++-----
 tools/xenstored/posix.c  |  4 ++--
 4 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index 098958f611..f407bec4b9 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -2536,7 +2536,10 @@ static void usage(void)
 "                          allowed timeout candidates are:\n"
 "                          watch-event: time a watch-event is kept pending\n"
 "  -K, --keep-orphans      don't delete nodes owned by a domain when the\n"
-"                          domain is deleted (this is a security risk!)\n");
+"                          domain is deleted (this is a security risk!)\n"
+"  -m, --master-domid      specify the domid of the domain where xenstored\n"
+"                          is running.  defaults to 0\n"
+);
 }
 
 
@@ -2564,7 +2567,7 @@ static struct option options[] = {
 #endif
 	{ NULL, 0, NULL, 0 } };
 
-int dom0_domid = DOMID_INVALID;
+int store_domid = DOMID_INVALID;
 int dom0_event = 0;
 int priv_domid = DOMID_INVALID;
 domid_t stub_domid = DOMID_INVALID;
@@ -2733,7 +2736,7 @@ int main(int argc, char *argv[])
 			dom0_event = get_optval_uint(optarg);
 			break;
 		case 'm':
-			dom0_domid = get_optval_uint(optarg);
+			store_domid = get_optval_uint(optarg);
 			break;
 		case 'p':
 			priv_domid = get_optval_uint(optarg);
diff --git a/tools/xenstored/core.h b/tools/xenstored/core.h
index 877b1e1103..949b812f90 100644
--- a/tools/xenstored/core.h
+++ b/tools/xenstored/core.h
@@ -364,7 +364,7 @@ do {						\
 		trace("tdb: " __VA_ARGS__);	\
 } while (0)
 
-extern int dom0_domid;
+extern int store_domid;
 extern int dom0_event;
 extern int priv_domid;
 extern domid_t stub_domid;
@@ -381,11 +381,9 @@ uint64_t get_now_msec(void);
 void *xenbus_map(void);
 void unmap_xenbus(void *interface);
 
-static inline int xenbus_master_domid(void) { return dom0_domid; }
-
 static inline bool domid_is_unprivileged(unsigned int domid)
 {
-	return domid != dom0_domid && domid != priv_domid;
+	return domid != priv_domid;
 }
 
 static inline bool domain_is_unprivileged(const struct connection *conn)
diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index 94cbe81ca5..2f79db26df 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -503,7 +503,7 @@ static const struct interface_funcs domain_funcs = {
 
 static void *map_interface(domid_t domid)
 {
-	if (domid == xenbus_master_domid())
+	if (domid == store_domid)
 		return xenbus_map();
 
 #ifdef __MINIOS__
@@ -518,7 +518,7 @@ static void *map_interface(domid_t domid)
 
 static void unmap_interface(domid_t domid, void *interface)
 {
-	if (domid == xenbus_master_domid())
+	if (domid == store_domid)
 		unmap_xenbus(interface);
 	else if (domid != stub_domid)
 		xengnttab_unmap(*xgt_handle, interface, 1);
@@ -1144,7 +1144,7 @@ static struct domain *onearg_domain(struct connection *conn,
 		return ERR_PTR(-EINVAL);
 
 	domid = atoi(domid_str);
-	if (domid == dom0_domid)
+	if (domid == store_domid || domid == priv_domid)
 		return ERR_PTR(-EINVAL);
 
 	return find_connected_domain(domid);
@@ -1307,12 +1307,12 @@ void init_domains(void)
 			 * have 1 domain.  stubdom there will be dom0 and dom1,
 			 * so this will take the second for stubdom.
 			 */
-			dom0_domid = domid;
+			store_domid = domid;
 		}
 	}
 
 	if (priv_domid == DOMID_INVALID)
-		priv_domid = dom0_domid;
+		priv_domid = store_domid;
 
 	if (priv_domid == DOMID_INVALID)
 		barf("Could not determine xenstore domid\n");
diff --git a/tools/xenstored/posix.c b/tools/xenstored/posix.c
index d850dc0da9..e8bb975115 100644
--- a/tools/xenstored/posix.c
+++ b/tools/xenstored/posix.c
@@ -174,7 +174,7 @@ static evtchn_port_t get_xenbus_evtchn(void)
  */
 evtchn_port_t get_domain_evtchn(unsigned int domid)
 {
-	if (domid == xenbus_master_domid())
+	if (domid == store_domid)
 		return get_xenbus_evtchn();
 
 	return 0;
@@ -280,7 +280,7 @@ static void accept_connection(int sock)
 	conn = new_connection(&socket_funcs);
 	if (conn) {
 		conn->fd = fd;
-		conn->id = dom0_domid;
+		conn->id = store_domid;
 	} else
 		close(fd);
 }
-- 
2.50.1

[PATCH v5 10/11] tools/xenstored: Remove stubdom special casing

[Jason Andryuk]

posix.c and minios.c implement the same named functions serving slightly
different purposes.

For xenbus_map()
posix.c maps the local /dev/xen/xsd_kva
minios.c maps dom0 via grant and there is open coding for stub_domid in
map_interface.

Change xenbus_map() to map the local domain's interface.  The default
grant table mapping is performed otherwise.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
v5:
Re-order later
---
 tools/xenstored/domain.c | 5 -----
 tools/xenstored/minios.c | 4 +---
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index 2f79db26df..be8dd19eb8 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -506,11 +506,6 @@ static void *map_interface(domid_t domid)
 	if (domid == store_domid)
 		return xenbus_map();
 
-#ifdef __MINIOS__
-	if (domid == stub_domid)
-		return xenstore_buf;
-#endif
-
 	return xengnttab_map_grant_ref(*xgt_handle, domid,
 				       GNTTAB_RESERVED_XENSTORE,
 				       PROT_READ|PROT_WRITE);
diff --git a/tools/xenstored/minios.c b/tools/xenstored/minios.c
index a86edbd5c8..54230796b5 100644
--- a/tools/xenstored/minios.c
+++ b/tools/xenstored/minios.c
@@ -61,13 +61,11 @@ evtchn_port_t get_domain_evtchn(unsigned int domid)
 
 void *xenbus_map(void)
 {
-	return xengnttab_map_grant_ref(*xgt_handle, xenbus_master_domid(),
-			GNTTAB_RESERVED_XENSTORE, PROT_READ|PROT_WRITE);
+	return xenstore_buf;
 }
 
 void unmap_xenbus(void *interface)
 {
-	xengnttab_unmap(*xgt_handle, interface, 1);
 }
 
 void early_init(bool live_update, bool dofork, const char *pidfile)
-- 
2.50.1

[PATCH v5 11/11] tools/xenstored: Remove hardcoded implicit path

[Jason Andryuk]

Update get_implicit_path to return the correct value for a non-dom0
xenstored domain.

Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
---
v5:
R-b: Juergen
---
 tools/xenstored/domain.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
index be8dd19eb8..d083dfb65e 100644
--- a/tools/xenstored/domain.c
+++ b/tools/xenstored/domain.c
@@ -1238,11 +1238,13 @@ static int close_xgt_handle(void *_handle)
 	return 0;
 }
 
+static char store_domain_path[] = "/local/domain/65535";
+
 /* Returns the implicit path of a connection (only domains have this) */
 const char *get_implicit_path(const struct connection *conn)
 {
 	if (!conn->domain)
-		return "/local/domain/0";
+		return store_domain_path;
 	return conn->domain->path;
 }
 
@@ -1312,6 +1314,9 @@ void init_domains(void)
 	if (priv_domid == DOMID_INVALID)
 		barf("Could not determine xenstore domid\n");
 
+	snprintf(store_domain_path, sizeof(store_domain_path),
+		 "/local/domain/%u", store_domid);
+
 	/*
 	 * Local domid must be first to setup structures for firing the special
 	 * watches.
-- 
2.50.1

Re: [PATCH v5 06/11] tools/xenstored: Add get_domain_evtchn() to find evtchn

[Jürgen Groß]

[-- Attachment #1.1.1: Type: text/plain, Size: 795 bytes --]

On 26.07.25 01:58, Jason Andryuk wrote:
> Add helpers to lookup the event channel for a domid.  This hides some
> of the differences between dom0 and stubdom xenstored.  Each version
> defines its own.
> 
> It highlights the different meanings between get_xenbus_evtchn() in a
> stubdom, where it looks up dom0's event channel, and dom0, where it
> looks up the local event channel.
> 
> get_domain_evtchn() replaces get_xenbus_evtchn(), and
> get_xenbus_evtchn() is removed from minios.c as it is inlined in the new
> function.
> 
> The default return 0 will be fine as any other auto-introduced domain
> will needs the event channel populated in the grant.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3743 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

Re: [PATCH v5 07/11] tools/xenstored: Auto-introduce domains

[Jürgen Groß]

[-- Attachment #1.1.1: Type: text/plain, Size: 1747 bytes --]

On 26.07.25 01:58, Jason Andryuk wrote:
> Replace dom0_init() with init_domains() which uses libxenmanage to
> iterate through all existing domains, storing them in a list.  The xenstore
> domain is introduced first, and then all the other domains are
> introduced.  The xenstore domain needs to be introduced first to setup
> structures needed for firing watches.
> 
> dom0_domid is updated with the xenstore domain, since it really
> indicates the local domain.
> 
> priv_domid is set to the control domain.  This makes it limited to a
> single domain.
> 
> These features let xenstore automatically connect any existing domains,
> which means it doesn't need to be done manually from init-dom0less.
> 
> For a legacy dom0, the result should be unchanged.
> 
> For a late xenstore stubdom it should also be the same, but priv_domid
> would be set automatically to control domain (which default to 0
> normally).
> 
> Always signal the event channel for initial domains.  This gets dom0 (a
> local xenstored domain) to connect.
> 
> Also always write XENSTORE_CONNECTED since we know we are connected at
> this point.
> 
> To support ARM dom0less domains with xen,enhanced = "no-xenstore" a
> failed introduce_domain() becomes non-fatal.  Normally,
> HVM_PARAM_STORE_EVTCHN is used to identify .
> 
> priv_domid from the command line is used, or the first control domain is
> used.
> 
> dom0_domid will set to the last xenstore found.  This will handle dom0
> or dom0less, where only 1 xenstore domain can exist, or stubdom, where
> dom0 and dom1 exist, and we want to take the stubdom.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3743 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

Re: [PATCH v5 08/11] tools/xenstored: Use priv_domid for manual nodes and permission

[Jürgen Groß]

[-- Attachment #1.1.1: Type: text/plain, Size: 530 bytes --]

On 26.07.25 01:58, Jason Andryuk wrote:
> Usually, priv_domid == dom0_domid == 0, and that is what is expected.
> If we rename s/dom0_domid/store_domid/, it seems more likely we want to
> actually have the priv_domid as the owner.
> 
> That leads to follow on changes to ensure that the priv_domid is created
> first.
> 
> If priv_domid is unset, set to dom0_domid to have a functional
> xenstored.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3743 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

Re: [PATCH v5 08/11] tools/xenstored: Use priv_domid for manual nodes and permission

[Jürgen Groß]

[-- Attachment #1.1.1: Type: text/plain, Size: 3262 bytes --]

On 26.07.25 01:58, Jason Andryuk wrote:
> Usually, priv_domid == dom0_domid == 0, and that is what is expected.
> If we rename s/dom0_domid/store_domid/, it seems more likely we want to
> actually have the priv_domid as the owner.
> 
> That leads to follow on changes to ensure that the priv_domid is created
> first.
> 
> If priv_domid is unset, set to dom0_domid to have a functional
> xenstored.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
> ---
> Held off R-b Juergen because of priv_domid setting
> 
> v5:
> Add unset priv_domid setting
> Additional change for continue check inside the loop
> ---
>   tools/xenstored/core.c   |  4 ++--
>   tools/xenstored/domain.c | 16 ++++++++--------
>   2 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
> index dbf3548a8e..098958f611 100644
> --- a/tools/xenstored/core.c
> +++ b/tools/xenstored/core.c
> @@ -2266,7 +2266,7 @@ struct connection *get_connection_by_id(unsigned int conn_id)
>   static void manual_node(const char *name, const char *child)
>   {
>   	struct node *node;
> -	struct xs_permissions perms = { .id = dom0_domid,
> +	struct xs_permissions perms = { .id = priv_domid,
>   					.perms = XS_PERM_NONE };
>   
>   	node = talloc_zero(NULL, struct node);
> @@ -2317,7 +2317,7 @@ void setup_structure(bool live_update)
>   		manual_node("/tool/xenstored", NULL);
>   		manual_node("@releaseDomain", NULL);
>   		manual_node("@introduceDomain", NULL);
> -		domain_nbentry_fix(dom0_domid, 5, true);
> +		domain_nbentry_fix(priv_domid, 5, true);
>   	}
>   }
>   
> diff --git a/tools/xenstored/domain.c b/tools/xenstored/domain.c
> index 5e53fe8736..94cbe81ca5 100644
> --- a/tools/xenstored/domain.c
> +++ b/tools/xenstored/domain.c
> @@ -1014,7 +1014,7 @@ static struct domain *introduce_domain(const void *ctx,
>   	struct domain *domain;
>   	int rc;
>   	struct xenstore_domain_interface *interface;
> -	bool is_master_domain = (domid == xenbus_master_domid());
> +	bool is_priv_domain = (domid == priv_domid);
>   
>   	domain = find_or_alloc_domain(ctx, domid);
>   	if (!domain)
> @@ -1037,13 +1037,13 @@ static struct domain *introduce_domain(const void *ctx,
>   		}
>   		domain->interface = interface;
>   
> -		if (is_master_domain)
> +		if (is_priv_domain)
>   			setup_structure(restore);
>   
>   		/* Now domain belongs to its connection. */
>   		talloc_steal(domain->conn, domain);
>   
> -		if (!is_master_domain && !restore)
> +		if (!is_priv_domain && !restore)
>   			fire_special_watches("@introduceDomain");
>   	} else {
>   		/* Use XS_INTRODUCE for recreating the xenbus event-channel. */
> @@ -1311,22 +1311,22 @@ void init_domains(void)
>   		}
>   	}
>   
> -	if (dom0_domid == DOMID_INVALID)
> -		dom0_domid = priv_domid;
> +	if (priv_domid == DOMID_INVALID)
> +		priv_domid = dom0_domid;
>   
> -	if (dom0_domid == DOMID_INVALID)
> +	if (priv_domid == DOMID_INVALID)
>   		barf("Could not determine xenstore domid\n");
>   
>   	/*
>   	 * Local domid must be first to setup structures for firing the special

Oh, just saw it now:

s/Local/Privileged/

With that My R-b: stands.


Juergen

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3743 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

Re: [PATCH v5 09/11] tools/xenstored: Rename dom0_domid to store_domid

[Jürgen Groß]

[-- Attachment #1.1.1: Type: text/plain, Size: 986 bytes --]

On 26.07.25 01:58, Jason Andryuk wrote:
> The dom0_domid variable is misnamed and conflates purposes.  If we have
> xenstored running in a Linux domain that is not dom0, this variable
> controls the lookup of /proc/xen/xsd_kva and the event channel.
> 
> Rename to store_domid to better show its purpose.
> 
> One implication of this change is that the xenstore domain is not
> privileged by virtue of considering store_domid as privileged.
> 
> domain_is_unprivileged() removes the dom0_domid/store_domid check, so
> xenstore domain is no longer considered privileged.
> 
> onearg_domain() is updated to return EINVAL for store_domid or priv_domid
> to maintain the ability to call XS_RESUME.
> 
> xenbus_master_domid() is removed with store_domid being used instead.
> 
> Add a description of the -m/--master-domid options while
> doing this.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3743 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

Re: [PATCH v5 10/11] tools/xenstored: Remove stubdom special casing

[Jürgen Groß]

[-- Attachment #1.1.1: Type: text/plain, Size: 545 bytes --]

On 26.07.25 01:58, Jason Andryuk wrote:
> posix.c and minios.c implement the same named functions serving slightly
> different purposes.
> 
> For xenbus_map()
> posix.c maps the local /dev/xen/xsd_kva
> minios.c maps dom0 via grant and there is open coding for stub_domid in
> map_interface.
> 
> Change xenbus_map() to map the local domain's interface.  The default
> grant table mapping is performed otherwise.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3743 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

Re: [PATCH v5 02/11] tools/manage: Expose domain capabilities

[Anthony PERARD]

On Fri, Jul 25, 2025 at 07:58:49PM -0400, Jason Andryuk wrote:
> Add an additional "caps" argument to the libxenmanage functions to
> obtain a domains capabilities - control, hardware, and xenstore.
> 
> Update the xenstored callers at the same time.
> 
> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
> Reviewed-by: Juergen Gross <jgross@suse.com>

Acked-by: Anthony PERARD <anthony.perard@vates.tech>

Thanks,

-- 
Anthony PERARD

Re: [PATCH v5 00/11] xenstored patches from split hardware control

[Jan Beulich]

On 26.07.2025 01:58, Jason Andryuk wrote:
> This is a subset of patches focusing on xenstored changes from my split
> hardware control domain series.
> 
> It should address the stubdom breakage from the previous series.
> stubdom was tested in gitlab-ci - xl list shows Domain-0 and Xenstore.
> 
> "tools/xenstored: Use priv_domid for manual nodes and permission" is an
> interesting result of looking to rename some internal variables to
> better align their purpose.
> 
> Any review or guidance on the approach is appreciated.
> 
> Jason Andryuk (11):
>   xen: Add capabilities to get_domain_state
>   tools/manage: Expose domain capabilities
>   public/io: xs_wire: Include event channel in interface page
>   xen/dom0less: store xenstore event channel in page
>   tools/xenstored: Read event channel from xenstored page
>   tools/xenstored: Add get_domain_evtchn() to find evtchn
>   tools/xenstored: Auto-introduce domains
>   tools/xenstored: Use priv_domid for manual nodes and permission
>   tools/xenstored: Rename dom0_domid to store_domid
>   tools/xenstored: Remove stubdom special casing
>   tools/xenstored: Remove hardcoded implicit path

To allow more of this to go in, you'll need to chase an ack for patch 4.
Of course you could also indicate if committing any later changes ahead
of patch 4 would be possible / sensible.

Jan

Re: [PATCH v5 00/11] xenstored patches from split hardware control

[Jason Andryuk]

On 2025-08-26 11:53, Jan Beulich wrote:
> On 26.07.2025 01:58, Jason Andryuk wrote:
>> This is a subset of patches focusing on xenstored changes from my split
>> hardware control domain series.
>>
>> It should address the stubdom breakage from the previous series.
>> stubdom was tested in gitlab-ci - xl list shows Domain-0 and Xenstore.
>>
>> "tools/xenstored: Use priv_domid for manual nodes and permission" is an
>> interesting result of looking to rename some internal variables to
>> better align their purpose.
>>
>> Any review or guidance on the approach is appreciated.
>>
>> Jason Andryuk (11):
>>    xen: Add capabilities to get_domain_state
>>    tools/manage: Expose domain capabilities
>>    public/io: xs_wire: Include event channel in interface page
>>    xen/dom0less: store xenstore event channel in page
>>    tools/xenstored: Read event channel from xenstored page
>>    tools/xenstored: Add get_domain_evtchn() to find evtchn
>>    tools/xenstored: Auto-introduce domains
>>    tools/xenstored: Use priv_domid for manual nodes and permission
>>    tools/xenstored: Rename dom0_domid to store_domid
>>    tools/xenstored: Remove stubdom special casing
>>    tools/xenstored: Remove hardcoded implicit path
> 
> To allow more of this to go in, you'll need to chase an ack for patch 4.
> Of course you could also indicate if committing any later changes ahead
> of patch 4 would be possible / sensible.

I re-posted the xenstored changes separately and they have gone in, 
thanks.  Yes, I need to follow up on patch 4.

Thanks,
Jason