[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XSM in osstest, grub config, outstanding patch

  • To: Ian Jackson <ian.jackson@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Doug Goldstein <cardoe@xxxxxxxxxx>
  • Date: Tue, 29 May 2018 00:29:36 -0500
  • Autocrypt: addr=cardoe@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEmwNgBCADDKsWn4Jm5zT1C0NmOEFkCtlkjM2iQ9Cbr5qHaZe4IHjI1pwQRztbW9Z/G b00B0Wixd78llqwlraE3aMKB8n4ArRMgUuM1QHRrVauflonIi6uGHlW2p0Bk9z/p3mRAm66m 73sjNGx54q8rTzy9YixzZhWUxe8MtkmCG6EtBCNBklfOTn7MDxD2YRM61X+u0PhqJ+8Ep6ty x05NohKRMZkUURMYbU/GpTZAMzEDv8NPamd/x8OQToP6nIHJGeoLvhQDDf8b+GbhBO2A56rw V5cHLmBFCsU5D1MfcyMdtFVrCWOG2yhc7eK3X5rPlbI8UGkBQ/iQTayDUT12Jzbi90fTABEB AAHNIkRvdWcgR29sZHN0ZWluIDxjYXJkb2VAY2FyZG9lLmNvbT7CwIAEEwEIACoCGwMFCwkI BwMFFQoJCAsFFgMCAQACHgECF4ACGQEFAlakMU4FCQ0CPnYACgkQbE5iBDHJmA1X4Af5Acvq FuPpJ0zqU5GjilLA6KiN/aQtBKYt5KISHEvZM3v5yzSpHdNBX6xcSlT8VRc7lPpYFRyhFe8B 8DaMV8F5Hb9Oof2pP41miTHyWiMv7pIkrho1Fj4tbSHq9+SH47/CAiGb2xhYg04s6WD32iDU Yx85C+zJJc6RqWuXhUnJ7OFWDnAv1Q5pH0iJzDLY8BGsT9VEx8QQ36XYqBNpPrgyxHm8OT1s H+pC0EhOkb0WWE+TFwo/ia5BkP91mpms2XiftMWuGALDjGJqiL3gGvFbMjTQ5IRmqghMFTCU /LOKVuTOtMKkamq6/Y2kFqTJSZwZkbgef+x6w2CSeb5lzSodlc7BTQRaG2QKARAA3tVEtfL0 VQNIPsB5/MC87gqorgkBwhq2HRoNFqn2bHYvfxAz88GKjvCT/pjUGQxzYfD00j4KGRoyZEpU UsGp5BwAwA0pS19KmnW/uTCMI3mRPxsNZoVHYViTylSaNrL4VnxX0a2UiLolQxkgIv5s3Y6b 7/kLupiXeqK9y4c7ctQqV/rSEWrpDb7J7RuiPp4FYCnSVWEgb8N1upU798ZSrNUAlUMNkyNo KYRVWP2n6TvpgaJDqBrXolSefYFVhqZ10iPoP45X+Bd3vb++641WJsHTQ1J39y7j25Seiwm/ gSLTYBqGgodcfmhV4jLGAageEfHTKqnrV9RlNAYeMnZxK/8Wtq9gJEXG43LgipAc946i96EY C+1CJ432BAnCo8su68FCP05+HHcz3Fmid4p4oSKsGsfWExX/CDl7nFB5ZD6noGoKyMQC3BpG pyp/7VJba5x+tuCRHKiEn4UgVIIhwU6u6DneF6H8+N7Jya5dieHENO1gCbfv3MT39d85PzvP GNY0xrx8tjqcvceC9fIBlrE+rluGNq91SWh82MaVZhYaMuJrvQEAU0y0uFwkjbGqfJGUKUay jBLje5Uxs49Aiku4nswJPMA9RkibfExj7IgRJ5ibHDKXXktVjvPRDS+C9riv6K8od3iRVFgg ejCxvZrLl6InSnzCgnCkS5GNwOcAEQEAAcLAfAQYAQgAJhYhBFO3ApyYdvZebquAPGxOYgQx yZgNBQJaG2QKAhsMBQkDwmcAAAoJEGxOYgQxyZgNz2wH/iCbJjzDZLRwNk8hINApbxiorsFX zahdZo8/9aDbSXz/cedD9vxkjbIgFR4CX79TkUH8tcA6i3D9c+IR7dApyA6gukBzjIAtQIDO c0Hh1aCorAODgmpz/0sgkWRu1TTrUp9RNGKUgWYtigF3pMIjG0IuaWz2LrgnbIY3spcXSIix 38j6HPHTx/d7LKcbyoSHJfyvPTBRHZ0hWmC52zoRP44oG2o1phs4uIj2F2nW4CmZQQeSoYmQ 2pvIgyLpqQrX7hVAgZFb6a1sso5HldsQTBxR7MUY+PiZ2d/63QqKKQC3h3DJ4BeNMhuB7ESP G0sFyeTdbb4dSxWLgoUu4Dj7Bkc=
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Wei Liu <wei.liu2@xxxxxxxxxx>
  • Delivery-date: Tue, 29 May 2018 05:29:49 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Openpgp: preference=signencrypt
On 5/17/18 10:09 AM, Ian Jackson wrote:
> Hi, I'm emailing you because I know you have an interest in XSM
> (and therefore in its testing in osstest).
> 
> osstest manages the booting of its test hosts using the
> distro-supplied bootloader arrangements for its dom0s.  For Debian
> that is update-grub.  Currently, osstest has a hacked-up local copy of
> the Xen bit of update-grub, /etc/grub.d/20_linux_xen.  This is in
> serious danger of diverging from upstream, which is quite bad.
> 
> I am intending to drop this file from osstest installs of Debian dom0s
> after stretch (ie, for Debian buster).  Currently all the deviations
> from upstream we have been carrying are fixed, except for one
> XSM-related change.
> 
> That change is in the one described in upstream bugtracker here:
>   https://savannah.gnu.org/bugs/?43420
> According to the osstest commit message for f12512e44919, this is not
> quite the same version as is being used by osstest.
> 
> This upstream bug is blocked because of unanswered questions about the
> naming and discovery of policy files.  According to Wei, we don't have
> a good story about how a user-supplied policy file ought to supplant
> the one which comes from the Xen build system.
> 
> Anyway, without this change, when osstest tries to set up XSM on
> Debian buster it will not find a bootloader entry with the right
> policy file.  It will then fail that test.
> 
> To avoid this in the most expedient way, it would be good to get a
> version of this fix into grub upstream before then.
> 
> Failing that, as I would be reluctant to continue to carry an
> ever-diverging piece of grub configuration, I think it would be
> necessary for there to at least be an upstream bug report with a ready
> (or nearly-ready) patch; in which case I could provide osstest with a
> copy of buster's 20_linux_xen file with that patch applied.
> 
> In any case, we will want something close to a ready-to-apply patch in
> the upstream bugtracker.
> 
> I am emailing you this now because I have just discovered it.  Happily
> this will give people plenty of time to debate the policy file naming
> issue.
> 
> Thanks,
> Ian.
> 

So I believe the path forward here was that we'd bake the "default" XSM
policy into Xen and the user could then override it by supplying one
with the current name. Ultimately the current Xen build system really
has no business installing this file. At Star Lab we had our policy in a
separate repo (in fact we had multiple policies as different packages
for different objectives). Last I looked OpenXT has their policy in an
external repo and packages it up separately from Xen. Marek can probably
answer as to how Qubes does it.

So the answer to me is no change has to happen to Grub but Xen should
change to just do the right thing and stop installing that file.

-- 
Doug Goldstein

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.