[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

To: "George Dunlap" <george.dunlap@xxxxxxxxxx>, "Ian Jackson" <ian.jackson@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 22 Jun 2017 04:58:34 -0600
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Daniel de Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Thu, 22 Jun 2017 10:58:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 22.06.17 at 11:58, <ian.jackson@xxxxxxxxxxxxx> wrote:
> George Dunlap writes ("Re: [PATCH] passthrough: give 
> XEN_DOMCTL_test_assign_device more sane semantics"):
>> I suggest we ask the toolstack maintainers what kind of a function they
>> think would be most useful, and then we can implement that.
>> 
>> So, Wei and Ian (and Daniel if you're around):
> 
> After having reread the thread I still don't understand why Jan thinks
> the ignored argument is a problem per so.  Ignored arguments are often
> provided to ease future expansion (whether there is an ABI stability
> guarantee or not).
> 
> In this case I think that the domid is not passed to the XSM check is
> simply a bug.  I don't know if that can be fixed easily.

Well, the patch does that already, just that now the argument is
being ignored in flask. I'd leave that to someone else (Daniel?) to
implement.

>> Option 2: Pass the domain to the XSM callback, enabling XSM / Flask
>> policies that can forbid specific devices from being assigned to
>> specific guests.
> 
> Is there any possible downside to this ?

As soon as flask wouldn't ignore it anymore, there would be the risk
of things currently working with a given XSM policy to stop working.
Much depends on how consistent the test-assign and assign checks
are (going to be) performed.

>> Any preferences?
> 
> See above.  George's arguments make much more sense to me than Jan's,
> in this thread.

Fine with me. Now as well as on past instances of looking at this,
it simply didn't occur to me that the operation could be intended
to work in the way George described. And in the end the patch
will end up smaller with that alternative model. One last question
then is whether retaining the original semantics with some special
domain ID (DOMID_INVALID at present) is of any use.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: George Dunlap

References:
- [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: George Dunlap
- Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: George Dunlap
- Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: George Dunlap
- Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH v7 18/36] x86/efi: Update EFI pagetable creation to work with SME
Next by Date: Re: [Xen-devel] [PATCH v7 19/36] x86/mm: Add support to access boot related data in the clear
Previous by thread: Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
Next by thread: Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.