[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH] tools/xl: Add stubdomain_cpus_mirror_guest option to xl.cfg
This adds a boolean flag to the xl domain configuration syntax for causing a guest's CPU allocations to be mirrored to its associated device-model stubdomain. If enabled, the stubdomain will use the same VCPU count, CPU pool, and CPU affinities as the guest. Otherwise, the default allocations (one VCPU scheduled on pool 0) will be used. It is intended for use with Linux-based stubdomains. In Xen deployments that make use of static CPU allocation, enabling this would enhance workload isolation for guests that make heavy use of emulated devices. It would also help prevent a malicious stubdomain from mounting side-channel attacks against a dom0 running on the same cores. Signed-off-by: Scott Davis <scott.davis@xxxxxxxxxx> --- docs/man/xl.cfg.5.pod.in | 8 ++++++++ tools/golang/xenlight/helpers.gen.go | 6 ++++++ tools/golang/xenlight/types.gen.go | 1 + tools/include/libxl.h | 9 +++++++++ tools/libs/light/libxl_create.c | 2 ++ tools/libs/light/libxl_dm.c | 20 +++++++++++++++++++- tools/libs/light/libxl_types.idl | 1 + tools/xl/xl_parse.c | 2 ++ 8 files changed, 48 insertions(+), 1 deletion(-) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index 4b1e3028d2..03dbdb9788 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -2733,6 +2733,14 @@ toolstack domain. The binary provided here MUST be consistent with the B<device_model_version> which you have specified. You should not normally need to specify this option. +=item B<stubdomain_cpus_mirror_guest=BOOLEAN> + +Turns on or off mirroring of a guest's CPU allocations to its device-model +stubdomain. If enabled, the stubdomain will use the same VCPU count, CPU pool, +and CPU affinities as its associated guest. Disabled (0) by default, in which +case the stubdomain will have one VCPU and be scheduled on pool 0. Intended for +use with Linux-based stubdomains. + =item B<stubdomain_kernel="PATH"> Override the path to the kernel image used as device-model stubdomain. diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index bfc1e7f312..42a98e79bf 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -1016,6 +1016,9 @@ x.DeviceModelVersion = DeviceModelVersion(xc.device_model_version) if err := x.DeviceModelStubdomain.fromC(&xc.device_model_stubdomain);err != nil { return fmt.Errorf("converting field DeviceModelStubdomain: %v", err) } +if err := x.StubdomainCpusMirrorGuest.fromC(&xc.stubdomain_cpus_mirror_guest);err != nil { +return fmt.Errorf("converting field StubdomainCpusMirrorGuest: %v", err) +} x.StubdomainMemkb = uint64(xc.stubdomain_memkb) x.StubdomainKernel = C.GoString(xc.stubdomain_kernel) x.StubdomainCmdline = C.GoString(xc.stubdomain_cmdline) @@ -1342,6 +1345,9 @@ xc.device_model_version = C.libxl_device_model_version(x.DeviceModelVersion) if err := x.DeviceModelStubdomain.toC(&xc.device_model_stubdomain); err != nil { return fmt.Errorf("converting field DeviceModelStubdomain: %v", err) } +if err := x.StubdomainCpusMirrorGuest.toC(&xc.stubdomain_cpus_mirror_guest); err != nil { +return fmt.Errorf("converting field StubdomainCpusMirrorGuest: %v", err) +} xc.stubdomain_memkb = C.uint64_t(x.StubdomainMemkb) if x.StubdomainKernel != "" { xc.stubdomain_kernel = C.CString(x.StubdomainKernel)} diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index 09a3bb67e2..53bd54b740 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -481,6 +481,7 @@ MaxGrantFrames uint32 MaxMaptrackFrames uint32 DeviceModelVersion DeviceModelVersion DeviceModelStubdomain Defbool +StubdomainCpusMirrorGuest Defbool StubdomainMemkb uint64 StubdomainKernel string StubdomainCmdline string diff --git a/tools/include/libxl.h b/tools/include/libxl.h index b9ba16d698..d5b30d4f37 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -1042,6 +1042,15 @@ typedef struct libxl__ctx libxl_ctx; */ #define LIBXL_HAVE_BUILDINFO_DEVICE_MODEL_STUBDOMAIN 1 +/* + * LIBXL_HAVE_BUILDINFO_DEVICE_MODEL_STUBDOMAIN_CPU_MIRRORING + * + * If this is defined, then the libxl_domain_build_info structure will contain + * the 'stubdomain_cpus_mirror_guest' boolean to enable the mirroring of a + * guest's CPU allocations to its associated device-model stubdomain. + */ +#define LIBXL_HAVE_BUILDINFO_DEVICE_MODEL_STUBDOMAIN_CPU_MIRRORING 1 + /* * LIBXL_HAVE_DEVICE_CHANNEL * diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index e356b2106d..d1cc05a3d5 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -204,6 +204,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, } } + libxl_defbool_setdefault(&b_info->stubdomain_cpus_mirror_guest, false); + if (!b_info->max_vcpus) b_info->max_vcpus = 1; if (!b_info->avail_vcpus.size) { diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 9d93056b5c..062957f093 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -2312,8 +2312,26 @@ void libxl__spawn_stub_dm(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) libxl_domain_build_info_init(&dm_config->b_info); libxl_domain_build_info_init_type(&dm_config->b_info, LIBXL_DOMAIN_TYPE_PV); + if (libxl_defbool_val(guest_config->b_info.stubdomain_cpus_mirror_guest)) { + /* Copy CPU config from guest */ + dm_config->c_info.pool_name = guest_config->c_info.pool_name; + dm_config->b_info.max_vcpus = guest_config->b_info.max_vcpus; + dm_config->b_info.avail_vcpus = guest_config->b_info.avail_vcpus; + dm_config->b_info.nodemap = guest_config->b_info.nodemap; + dm_config->b_info.num_vcpu_hard_affinity = + guest_config->b_info.num_vcpu_hard_affinity; + dm_config->b_info.vcpu_hard_affinity = + guest_config->b_info.vcpu_hard_affinity; + dm_config->b_info.num_vcpu_soft_affinity = + guest_config->b_info.num_vcpu_soft_affinity; + dm_config->b_info.vcpu_soft_affinity = + guest_config->b_info.vcpu_soft_affinity; + libxl_defbool_set(&dm_config->b_info.numa_placement, false); + } else { + dm_config->b_info.max_vcpus = 1; + } + dm_config->b_info.shadow_memkb = 0; - dm_config->b_info.max_vcpus = 1; dm_config->b_info.max_memkb = guest_config->b_info.stubdomain_memkb; dm_config->b_info.max_memkb += guest_config->b_info.video_memkb; dm_config->b_info.target_memkb = dm_config->b_info.max_memkb; diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 3f9fff653a..6f18e5be07 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -521,6 +521,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ ("device_model_version", libxl_device_model_version), ("device_model_stubdomain", libxl_defbool), + ("stubdomain_cpus_mirror_guest", libxl_defbool), ("stubdomain_memkb", MemKB), ("stubdomain_kernel", string), ("stubdomain_cmdline", string), diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 17dddb4cd5..84f67835c3 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -2531,6 +2531,8 @@ skip_usbdev: xlu_cfg_replace_string(config, "device_model_user", &b_info->device_model_user, 0); + xlu_cfg_get_defbool (config, "stubdomain_cpus_mirror_guest", + &b_info->stubdomain_cpus_mirror_guest, 0); xlu_cfg_replace_string (config, "stubdomain_kernel", &b_info->stubdomain_kernel, 0); xlu_cfg_replace_string (config, "stubdomain_cmdline", -- 2.25.1
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |