[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 0/5] Grant table for console, xenstore pages

  • To: "Diego Ongaro" <diego.ongaro@xxxxxxxxxx>
  • From: "Derek Murray" <Derek.Murray@xxxxxxxxxxxx>
  • Date: Mon, 14 Jul 2008 15:55:08 +0100
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 14 Jul 2008 07:55:32 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to :mime-version:content-type:content-transfer-encoding :content-disposition:references:x-google-sender-auth; b=Eao1hAFG0dNBOq4AR1EOYMcnc4TxlXd39j4fxc1RRWko/pegmef88YT9NUsXMXvtR6 dK/PTJaSZLvAKq3bgmJ+R8YR4Hb+MZPV2NgqtzKPmUQinlJX2ezmINk6nynT9ntY7bZm hUv/GfX8lcjKec95ZB4wybjvWrblpUlc6Pnzk=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
On Mon, Jul 14, 2008 at 3:37 PM, Diego Ongaro <diego.ongaro@xxxxxxxxxx> wrote:
> Derek Murray wrote:
>> I imagine you've already ready seen this, but the thread beginning
>> here has some historical context:
>>
>> http://lists.xensource.com/archives/html/xense-devel/2007-05/msg00004.html
>
> No, I didn't know about that thread. It's disappointing to see that I've
> duplicated your efforts in patches 1-3 of my series.

On the contrary, I think this is a much nicer approach - especially as
it doesn't require any modifications to the hypervisor. Therefore I
think it will be a better fit for the mainline repository.

> Did you ever finish polishing those patches? Based on the discussion,
> there were just a couple things left to clean up.

If I remember correctly, I did do some more work on those patches to
make the use of gntdev optional, but I don't think they were ready for
prime-time. I'll look them out and send them to you off list, in case
they might be of any use.

>>> I'm working on moving xenstored into a dedicated, unprivileged domain.
>
> Have you also worked on this, Derek? I wouldn't want to keep working on
> something you've already done...

I haven't worked on this myself, but I vaguely recall hearing of
efforts to disaggregate XenStore - I don't think any of these are
publicly available. Is the main aim of this work to enhance security
or performance? If the former, how do you plan to launch the XenStore
domain? From Dom0, or using another mechanism?

My personal inclination is to enhance Xen so that the tools no longer
run as root (a conventional Unix-based privilege separation), which
provides a low-cost improvement in Dom0 security. This would build on
your patches to use gntdev for console and XenStore access, and use
modifications to gntdev that allow non-root users to map certain
explicitly-specified grants. This would provide a route to
disaggregating all necessarily-trusted functionality on systems that
would benefit from it (i.e. IOMMU-equipped systems). If you'd like, we
could discuss this approach further.

Regards,

Derek Murray.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.