On 14.05.2021 22:54, Daniel P. Smith wrote:
> --- a/xen/xsm/silo.c
> +++ b/xen/xsm/silo.c
> @@ -17,9 +17,11 @@
> * You should have received a copy of the GNU General Public License along
> with
> * this program; If not, see <http://www.gnu.org/licenses/>.
> */
> -#define XSM_NO_WRAPPERS
> -#include <xsm/dummy.h>
>
> +#include <xsm/xsm.h>
> +#include <xsm/roles.h>
> +
> +#define SILO_ALLOWED_ROLES ( XSM_DOM_SUPER | XSM_DEV_BACK )
Assuming XSM_DEV_BACK means (or at least may also mean) a backend outside
of Dom0 serving another domain's frontend, ...
> @@ -29,8 +31,10 @@ static bool silo_mode_dom_check(const struct domain *ldom,
> {
> const struct domain *currd = current->domain;
>
> - return (is_control_domain(currd) || is_control_domain(ldom) ||
> - is_control_domain(rdom) || ldom == rdom);
> + return ( currd->xsm_roles & SILO_ALLOWED_ROLES ||
> + ldom->xsm_roles & SILO_ALLOWED_ROLES ||
> + rdom->xsm_roles & SILO_ALLOWED_ROLES ||
> + ldom == rdom );
... I don't think this is an appropriate conversion. Aiui a backend in
a driver domain is out of reach for a domain in SILO mode.
Jan
