[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM



On Thu, 14 Jun 2018, DeGraaf, Daniel G wrote:
> -----Original Message-----
> > On 13/06/18 23:15, Stefano Stabellini wrote:
> > > This is very useful when starting multiple domains from Xen without
> > > xenstore access. It will allow them to print out to the Xen console.
> > >
> > > Signed-off-by: Stefano Stabellini <stefanos@xxxxxxxxxx>
> > > CC: andrew.cooper3@xxxxxxxxxx
> > > CC: George.Dunlap@xxxxxxxxxxxxx
> > > CC: ian.jackson@xxxxxxxxxxxxx
> > > CC: jbeulich@xxxxxxxx
> > > CC: konrad.wilk@xxxxxxxxxx
> > > CC: tim@xxxxxxx
> > > CC: wei.liu2@xxxxxxxxxx
> > > CC: dgdegra@xxxxxxxxxxxxx
> > > ---
> > > If there is a better way to do this with XSM, please advise.
> > 
> > We definitely need to keep the XSM around to avoid opening a hole. We also 
> > don't want all the domain to access the console.
> > 
> > Looking at the implementation, any domain with is_privileged will be able 
> > to access the console. IHMO, I don't think we should set
> > that for DomU created by Xen.
> > 
> > So I would suggest to introduce a new variable is_console and to tell 
> > whether a domain can access the console. xsm_console_io(...)
> > would then need to be updated accordingly.
> 
> There is an existing CONFIG_VERBOSE_DEBUG option which, among other things, 
> allows console output from any domain.  The console output part of that 
> (which is just the #ifdef in include/xsm/dummy.h) could be moved to another 
> CONFIG or ORed with an ARM flag. This would apply to all domains; if that's 
> not what you want, you'll need to add a flag (like Julien suggested) or use 
> XSM.
> 
> If XSM is enabled, guest hypervisor console output is controlled by the 
> guest_writeconsole boolean in the default policy 
> (tools/flask/policy/modules/guest_features.te) which defaults to allowing it.

I think the best user experience would be:
- do not to require XSM to be enabled
- do not to allow all domains to use the Xen console, only the ones started
  from Xen
- domUs started from Xen should not be is_privileged

Indeed, the best approach would be be to add a new is_console option.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.