[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg

To: Ian Jackson <iwj@xxxxxxxxxxxxxx>
From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
Date: Wed, 28 Jul 2021 13:19:00 +0100
Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, "Scott Davis" <scottwd@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Scott Davis" <scott.davis@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Nick Rosbrook <rosbrookn@xxxxxxxxxxxx>, "Juergen Gross" <jgross@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "Daniel P . Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 28 Jul 2021 12:19:21 +0000
Ironport-hdrordr: A9a23:sBxFU6hNRWQOzwfM6Rg9xyrZ3XBQXuIji2hC6mlwRA09TySZ// rOoB0+726StN93YgBHpTngAtjlfZqyz/JICOUqUotKGTOWwVdAT7sSiLcKoQeQeBEWn9Q1vc wLHpSWSueAb2SS5fyKmDVQeOxB/DDoys6Vuds=
Ironport-sdr: +1BSTEMfOJOh84y3okYcLvjUO7ZiLqed2gpZtIzK1djXYE/glqva69hYvdnjjxzs8N/yKUw2OR 2zAm1OnyayJX7DPRMG3vFf2zuNRIOIRFqofpgeRe3gRsUPz1UILNmNO/aTROdBSfSfMNBUUYC7 yP264vibYucyE7qHZHZXTQ3GmHLc+U3gZ/uCFXYn4A5Is9HHZA7a2T7elxNj9ItF+Dxf8wJiKJ mZmCIwDf4fWNgPP+FLk2LE/G5HodbIu41303fxLGe8FgSzmLSqc87/7MRsNAMaMdOMLTsUC5la uhwXjBgcgNaNQMeB0KT8pQUu
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Jul 27, 2021 at 02:32:22PM +0100, Ian Jackson wrote:
> Marek Marczykowski-Górecki writes ("Re: [XEN PATCH] tools/xl: Add 
> device_model_stubdomain_init_seclabel option to xl.cfg"):
> > On Mon, Jul 26, 2021 at 09:07:03AM -0400, Jason Andryuk wrote:
> > > Sort of relatedly, is stubdom unpaused before the guest gets
> > > relabeled?  Quickly looking, I think stubdom is unpaused.  I would
> > > think you want them both relabeled before either is unpaused.  If the
> > > stubdom starts with the exec_label, but it sees the guest with the
> > > init_label, it may get an unexpected denial?  On the other hand,
> > > delayed unpausing of stubdom would slow down booting.
> > 
> > Some parts of the stubdomain setup are done after it's unpaused (but
> > before the guest is unpaused). Especially, PCI devices are hot-plugged
> > only when QEMU is already running (not sure why).
> 
> I think the PCI hotplug involves interaction with QEMU, and providing
> only hotplug simplifies the code in libxl.  Anthony, do I have that
> righgt ?

I think interaction with QEMU is needed to find out the new address of
the PCI device in cases none were asked for. And have a single
implementation in libxl is certainly better.
But even if QEMU is running, I think we can still call it cold-plugged,
when it's done before emulation is supposed to have started.

Cheers,

-- 
Anthony PERARD

Follow-Ups:
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Scott Davis

References:
- [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Scott Davis
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Jason Andryuk
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Marek Marczykowski-Górecki
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Ian Jackson

Prev by Date: Re: [PATCH] xen/lib: Fix strcmp() and strncmp()
Next by Date: [PATCH 00/13] x86/Hyper-V: Add Hyper-V Isolation VM support
Previous by thread: Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
Next by thread: Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.