[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/3] xen/dmop: Strip __XEN_TOOLS__ header guard from public API

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 5 Mar 2021 15:13:51 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ldD+TyTEd99yUtDPEHFx8m5z8iF8Yx1GfMg+4PNhkW8=; b=YudHY85hs0spFb0gyOnY6p1gtc8lf5e/cLjkcMwRAAU3a5QUYvxdsHfQBY+6qjIh29wF++AY2nn4qjnNxXeewy2WpQ/bHryzAmlwNai9AiQd9ZRh+G8zyK6WK87+2zquL5jOECsj3iB6ONXEhizizvby9RdelIEQgPhgfDo8IVmme2llFezn8JT0HySTpBY2NRE35gcLCiexAT4Bfa0NkpIShLp7T3dv7NaKg/Lze2McJZitichgTn/z0ZMRz0TiEw2QKUrrDIWaHmQtiWaIgnZtuOkL1IaCMbK/PfE+ldhjI3ef7SrR6ByQV1Z1pKH86BOxIz9HpCT5vvmFFf+nOg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FdDlREy+sVpmMlACqfUCsHjP58AHtQ4CklybXIohWl0MH2FJFMJhZwjXpTXirsVlcM61SsttxydKf+BISKhjowug27O/2sMIYwAgJUyU0LIxiL288e1D0PuZea+sL6Fc5Gi5cXH5qcZUVQ8tiD4Kf0XLt72jLjTUdTZiuVH5hhGtZa9+XoaMh0VZliBumTLfmSaukUfP/rvvKGtZ/jtdS4X5YStUrbQuImsZ3a/69AXZ4NnYre2KrCYPnqJfUVGU4XrYgdAuOjJGdFHmUlPl4YweVpd5btPNHQPauPYFqNjkGYf3MrXb0HYcy+WsA1tzU9gnpASBZtYKgrKgZ9K84g==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 05 Mar 2021 15:14:55 +0000
  • Ironport-sdr: 0r+i9otqIxmqKs7lpg1fwv2ZyeO44K8Lla0Q17SAAEoWrCsIcNIrGPWOHJlhKymDuEssN6nyUL Q4UmAVv9ghcf0NfsADJknT7h7DVELUJs2MgjLOMgX2wPMUuLK/BSOLt9vRxO4aZlWo67aRjKn2 L+D/mL3Re1r904HXgs9/usCRliu+jQ3r9XmNSvbbgUN8Oil9Ae6qHTXTYhj8MWqWEfpVAhO3xT YtYwp9ghy6jHRdkBbQyiEywHVcKelObKymfXi5VCACY9IoJTZAbOdygcvxfbohfzOBmy8rI5L5 eFI=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 05/03/2021 14:21, Jan Beulich wrote:
> On 05.03.2021 15:18, Jan Beulich wrote:
>> On 05.03.2021 15:12, Andrew Cooper wrote:
>>> On 05/03/2021 13:53, Jan Beulich wrote:
>>>> On 05.03.2021 13:49, Andrew Cooper wrote:
>>>>> Exactly as with c/s f40e1c52e4, this is inappropriate for a stable 
>>>>> library.
>>>>>
>>>>> That change actually broke the build with:
>>>>>
>>>>>   include/xendevicemodel.h:52:5: error: unknown type name 'ioservid_t'
>>>>>        ioservid_t *id);
>>>>>        ^
>>>>>
>>>>> as libxendevicemodel.h now uses a type it can't see a typedef for.  
>>>>> However,
>>>>> nothing noticed because the header.chk logic is also broken (fixed
>>>>> subsequently).
>>>> While I agree up to here, ...
>>>>
>>>>> Strip the guard from the public header, and remove compensation from
>>>>> devicemodel's private.h
>>>> ... I'm unconvinced that entirely dropping the guard from the
>>>> public header is wanted (or needed): We use these to make clear
>>>> that in particular kernels aren't supposed to make use of the
>>>> enclosed entities. If a type needs exposing, it (and only it)
>>>> wants moving ou of the guarded region imo.
>>> DMOP was invented specifically so a kernel module (i915, for Intel
>>> gVT-g) was independent of the domctl ABI version.
>>>
>>> Improving the life of dom0 userspace was an intended consequence, but
>>> not the driving force behind the change.
>> This is news to me - so far it had been my understanding that it
>> was introduced to have a way for the kernel to audit and hand on
>> requests to the hypervisor without needing to know all the inner
>> details. I wasn't even aware a kernel module was using any of
>> these.
> And indeed, quote from docs/designs/dmop.markdown:
>
> "The aim of DMOP is to prevent a compromised device model from
>  compromising domains other than the one it is providing emulation
>  for (which is therefore likely already compromised)."
>
> And it goes on discussing only the purpose that I've been aware
> of.

The use in the dom0 kernel wasn't kept secret in the slightest.  It was
discussed on at the time, and at dev summits.

But upstream tends to only remember/care about the bits which pertain
directly to upstream, and the design particulars of the DMOP ABI were
specifically for userspace.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.