[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/7] xen: use domid check in is_hardware_domain
On Thu, 2014-03-27 at 07:52 -0400, Daniel De Graaf wrote: > Instead of checking is_privileged to determine if a domain should > control the hardware, check that the domain_id is equal to zero (which > is currently the only domain for which is_privileged is true). This > allows other places where domain_id is checked for zero to be replaced > with is_hardware_domain. > > The distinction between is_hardware_domain, is_control_domain, and > domain 0 is based on the following disaggregation model: > > Domain 0 bootstraps the system. It may remain to perform requested > builds of domains that need a minimal trust chain (i.e. vTPM domains). > Other than being built by the hypervisor, nothing is special about this > domain - although it may be useful to have is_control_domain() return > true depending on the toolstack it uses to build other domains. > > The hardware domain manages devices for PCI pass-through to driver > domains or can act as a driver domain itself, depending on the desired > degree of disaggregation. It is also the domain managing devices that > do not support pass-through: PCI configuration space access, parsing the > hardware ACPI tables and system power or machine check events. This is > the only domain where is_hardware_domain() is true. The return of > is_control_domain() may be false for this domain. > > The control domain manages other domains, controls guest launch and > shutdown, and manages resource constraints; is_control_domain() returns > true. The functionality guarded by is_control_domain may in the future > be adapted to use explicit hypercalls, eliminating the special treatment > of this domain. It may be reasonable to have multiple control domains > on a multi-tenant system. > > Guest domains and other service or driver domains are all treated > identically by the hypervisor; the security policy may further constrain > administrative actions on or communication between these domains. > > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> For the arm bits: Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |