[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] tools/xl: Add stubdomain_cpus_mirror_guest option to xl.cfg



This adds a boolean flag to the xl domain configuration syntax for
causing a guest's CPU allocations to be mirrored to its associated
device-model stubdomain. If enabled, the stubdomain will use the same
VCPU count, CPU pool, and CPU affinities as the guest. Otherwise, the
default allocations (one VCPU scheduled on pool 0) will be used. It is
intended for use with Linux-based stubdomains.

In Xen deployments that make use of static CPU allocation, enabling this
would enhance workload isolation for guests that make heavy use of
emulated devices. It would also help prevent a malicious stubdomain from
mounting side-channel attacks against a dom0 running on the same cores.

Signed-off-by: Scott Davis <scott.davis@xxxxxxxxxx>
---
 docs/man/xl.cfg.5.pod.in             |  8 ++++++++
 tools/golang/xenlight/helpers.gen.go |  6 ++++++
 tools/golang/xenlight/types.gen.go   |  1 +
 tools/include/libxl.h                |  9 +++++++++
 tools/libs/light/libxl_create.c      |  2 ++
 tools/libs/light/libxl_dm.c          | 20 +++++++++++++++++++-
 tools/libs/light/libxl_types.idl     |  1 +
 tools/xl/xl_parse.c                  |  2 ++
 8 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
index 4b1e3028d2..03dbdb9788 100644
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -2733,6 +2733,14 @@ toolstack domain. The binary provided here MUST be 
consistent with the
 B<device_model_version> which you have specified. You should not normally need
 to specify this option.
 
+=item B<stubdomain_cpus_mirror_guest=BOOLEAN>
+
+Turns on or off mirroring of a guest's CPU allocations to its device-model
+stubdomain. If enabled, the stubdomain will use the same VCPU count, CPU pool,
+and CPU affinities as its associated guest. Disabled (0) by default, in which
+case the stubdomain will have one VCPU and be scheduled on pool 0. Intended for
+use with Linux-based stubdomains.
+
 =item B<stubdomain_kernel="PATH">
 
 Override the path to the kernel image used as device-model stubdomain.
diff --git a/tools/golang/xenlight/helpers.gen.go 
b/tools/golang/xenlight/helpers.gen.go
index bfc1e7f312..42a98e79bf 100644
--- a/tools/golang/xenlight/helpers.gen.go
+++ b/tools/golang/xenlight/helpers.gen.go
@@ -1016,6 +1016,9 @@ x.DeviceModelVersion = 
DeviceModelVersion(xc.device_model_version)
 if err := x.DeviceModelStubdomain.fromC(&xc.device_model_stubdomain);err != 
nil {
 return fmt.Errorf("converting field DeviceModelStubdomain: %v", err)
 }
+if err := 
x.StubdomainCpusMirrorGuest.fromC(&xc.stubdomain_cpus_mirror_guest);err != nil {
+return fmt.Errorf("converting field StubdomainCpusMirrorGuest: %v", err)
+}
 x.StubdomainMemkb = uint64(xc.stubdomain_memkb)
 x.StubdomainKernel = C.GoString(xc.stubdomain_kernel)
 x.StubdomainCmdline = C.GoString(xc.stubdomain_cmdline)
@@ -1342,6 +1345,9 @@ xc.device_model_version = 
C.libxl_device_model_version(x.DeviceModelVersion)
 if err := x.DeviceModelStubdomain.toC(&xc.device_model_stubdomain); err != nil 
{
 return fmt.Errorf("converting field DeviceModelStubdomain: %v", err)
 }
+if err := x.StubdomainCpusMirrorGuest.toC(&xc.stubdomain_cpus_mirror_guest); 
err != nil {
+return fmt.Errorf("converting field StubdomainCpusMirrorGuest: %v", err)
+}
 xc.stubdomain_memkb = C.uint64_t(x.StubdomainMemkb)
 if x.StubdomainKernel != "" {
 xc.stubdomain_kernel = C.CString(x.StubdomainKernel)}
diff --git a/tools/golang/xenlight/types.gen.go 
b/tools/golang/xenlight/types.gen.go
index 09a3bb67e2..53bd54b740 100644
--- a/tools/golang/xenlight/types.gen.go
+++ b/tools/golang/xenlight/types.gen.go
@@ -481,6 +481,7 @@ MaxGrantFrames uint32
 MaxMaptrackFrames uint32
 DeviceModelVersion DeviceModelVersion
 DeviceModelStubdomain Defbool
+StubdomainCpusMirrorGuest Defbool
 StubdomainMemkb uint64
 StubdomainKernel string
 StubdomainCmdline string
diff --git a/tools/include/libxl.h b/tools/include/libxl.h
index b9ba16d698..d5b30d4f37 100644
--- a/tools/include/libxl.h
+++ b/tools/include/libxl.h
@@ -1042,6 +1042,15 @@ typedef struct libxl__ctx libxl_ctx;
  */
 #define LIBXL_HAVE_BUILDINFO_DEVICE_MODEL_STUBDOMAIN 1
 
+/*
+ * LIBXL_HAVE_BUILDINFO_DEVICE_MODEL_STUBDOMAIN_CPU_MIRRORING
+ *
+ * If this is defined, then the libxl_domain_build_info structure will contain
+ * the 'stubdomain_cpus_mirror_guest' boolean to enable the mirroring of a
+ * guest's CPU allocations to its associated device-model stubdomain.
+ */
+#define LIBXL_HAVE_BUILDINFO_DEVICE_MODEL_STUBDOMAIN_CPU_MIRRORING 1
+
 /*
  * LIBXL_HAVE_DEVICE_CHANNEL
  *
diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c
index e356b2106d..d1cc05a3d5 100644
--- a/tools/libs/light/libxl_create.c
+++ b/tools/libs/light/libxl_create.c
@@ -204,6 +204,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc,
         }
     }
 
+    libxl_defbool_setdefault(&b_info->stubdomain_cpus_mirror_guest, false);
+
     if (!b_info->max_vcpus)
         b_info->max_vcpus = 1;
     if (!b_info->avail_vcpus.size) {
diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c
index 9d93056b5c..062957f093 100644
--- a/tools/libs/light/libxl_dm.c
+++ b/tools/libs/light/libxl_dm.c
@@ -2312,8 +2312,26 @@ void libxl__spawn_stub_dm(libxl__egc *egc, 
libxl__stub_dm_spawn_state *sdss)
     libxl_domain_build_info_init(&dm_config->b_info);
     libxl_domain_build_info_init_type(&dm_config->b_info, 
LIBXL_DOMAIN_TYPE_PV);
 
+    if (libxl_defbool_val(guest_config->b_info.stubdomain_cpus_mirror_guest)) {
+        /* Copy CPU config from guest */
+        dm_config->c_info.pool_name = guest_config->c_info.pool_name;
+        dm_config->b_info.max_vcpus = guest_config->b_info.max_vcpus;
+        dm_config->b_info.avail_vcpus = guest_config->b_info.avail_vcpus;
+        dm_config->b_info.nodemap = guest_config->b_info.nodemap;
+        dm_config->b_info.num_vcpu_hard_affinity =
+            guest_config->b_info.num_vcpu_hard_affinity;
+        dm_config->b_info.vcpu_hard_affinity =
+            guest_config->b_info.vcpu_hard_affinity;
+        dm_config->b_info.num_vcpu_soft_affinity =
+            guest_config->b_info.num_vcpu_soft_affinity;
+        dm_config->b_info.vcpu_soft_affinity =
+            guest_config->b_info.vcpu_soft_affinity;
+        libxl_defbool_set(&dm_config->b_info.numa_placement, false);
+    } else {
+        dm_config->b_info.max_vcpus = 1;
+    }
+
     dm_config->b_info.shadow_memkb = 0;
-    dm_config->b_info.max_vcpus = 1;
     dm_config->b_info.max_memkb = guest_config->b_info.stubdomain_memkb;
     dm_config->b_info.max_memkb += guest_config->b_info.video_memkb;
     dm_config->b_info.target_memkb = dm_config->b_info.max_memkb;
diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl
index 3f9fff653a..6f18e5be07 100644
--- a/tools/libs/light/libxl_types.idl
+++ b/tools/libs/light/libxl_types.idl
@@ -521,6 +521,7 @@ libxl_domain_build_info = Struct("domain_build_info",[
     
     ("device_model_version", libxl_device_model_version),
     ("device_model_stubdomain", libxl_defbool),
+    ("stubdomain_cpus_mirror_guest", libxl_defbool),
     ("stubdomain_memkb",   MemKB),
     ("stubdomain_kernel",  string),
     ("stubdomain_cmdline", string),
diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c
index 17dddb4cd5..84f67835c3 100644
--- a/tools/xl/xl_parse.c
+++ b/tools/xl/xl_parse.c
@@ -2531,6 +2531,8 @@ skip_usbdev:
     xlu_cfg_replace_string(config, "device_model_user",
                            &b_info->device_model_user, 0);
 
+    xlu_cfg_get_defbool (config, "stubdomain_cpus_mirror_guest",
+                         &b_info->stubdomain_cpus_mirror_guest, 0);
     xlu_cfg_replace_string (config, "stubdomain_kernel",
                             &b_info->stubdomain_kernel, 0);
     xlu_cfg_replace_string (config, "stubdomain_cmdline",
-- 
2.25.1




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.