[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg

On Tue, Jul 27, 2021 at 02:32:22PM +0100, Ian Jackson wrote:
> Marek Marczykowski-Górecki writes ("Re: [XEN PATCH] tools/xl: Add 
> device_model_stubdomain_init_seclabel option to xl.cfg"):
> > On Mon, Jul 26, 2021 at 09:07:03AM -0400, Jason Andryuk wrote:
> > > Sort of relatedly, is stubdom unpaused before the guest gets
> > > relabeled?  Quickly looking, I think stubdom is unpaused.  I would
> > > think you want them both relabeled before either is unpaused.  If the
> > > stubdom starts with the exec_label, but it sees the guest with the
> > > init_label, it may get an unexpected denial?  On the other hand,
> > > delayed unpausing of stubdom would slow down booting.
> > 
> > Some parts of the stubdomain setup are done after it's unpaused (but
> > before the guest is unpaused). Especially, PCI devices are hot-plugged
> > only when QEMU is already running (not sure why).
> I think the PCI hotplug involves interaction with QEMU, and providing
> only hotplug simplifies the code in libxl.  Anthony, do I have that
> righgt ?

I think interaction with QEMU is needed to find out the new address of
the PCI device in cases none were asked for. And have a single
implementation in libxl is certainly better.
But even if QEMU is running, I think we can still call it cold-plugged,
when it's done before emulation is supposed to have started.


Anthony PERARD



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.