[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 6/6] gnttab: allow disabling grant table per-domain

  • To: Julien Grall <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 15 Oct 2021 13:51:09 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UJObJvrHkBBtUo8kY0zE7JBZu0xKJo5GoGPZmP9A/+Q=; b=jK0IoDNrDt+MXSU/A/pqr6Sxyh/2tjRGLvdY+6x+CaXghEXxDLlUEat398aSAB63FsLbniO+tHIT14BZ7h7HkpwYuFDAmEHgMdM+revwNEo+sQFIhwowdVxQidJzaLKdlqKZpV3YW9sY6PhzeTBqLbwleWsUgZBBzHS9CDKkD+So/RbKhgW65W/581b4dHkUVgcYDUwXD4YkACz9zcriJ4Q0atwoTxcQebPf76GX+ZcxTdetwrhWyWz7wNm5LWyzu4jCHeboEqPJd/uBAGMOZuko1rKJfNMy5g8/uqQuiKq9VpgAr6DIndVFGgVsHw+riZM+983uKkyNDhEh7P5bow==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jIlEh5BY5vIjkM2Gx7bk2mEsXqALR+/THJtpb/xXQEJjHeXX/IF0VB0YNClUaTsudkcjgNmvPadioC3WTae3Rt+1GGlZf8wfDf2esqjpgAvDwLbG7vDS59yzqKzMbd3S+yV1H/p7bLT4EoEtr0hbszCPvTa0jfaZfZbYIClCHXwFUqICQtvFOryrXrE14ypb4Cy9GX75afO6uT5DbOs0/sXeQYt4fQsnmw6OOdNCbsUErXJROTFw+8DIkaufyNt7BwrmvKiegrQyFgv+CStppmBdzn6zbiLy9zWKq7njkbyi9+8zWJVvpa67OH5pg2L7DUYyjCJ884+OlsrVZgdh/w==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 15 Oct 2021 11:51:22 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22.09.2021 11:19, Julien Grall wrote:
> On 22/09/2021 13:21, Roger Pau Monne wrote:
>> --- a/docs/man/xl.cfg.5.pod.in
>> +++ b/docs/man/xl.cfg.5.pod.in
>> @@ -583,8 +583,8 @@ L<xl.conf(5)>.
>>   =item B<max_grant_version=NUMBER>
>>   Specify the maximum grant table version the domain is allowed to use. 
>> Current
>> -supported versions are 1 and 2. The default value is settable via
>> -L<xl.conf(5)>.
>> +supported versions are 1 and 2. Setting to 0 disables the grant table for 
>> the
>> +domain. The default value is settable via L<xl.conf(5)>.
> Technically, the version only applies to format of the table for 
> granting page. The mapping itself is version agnostic. So this feels a 
> bit wrong to use max_grant_version to not allocate d->grant_table.
> I also can see use-cases where we may want to allow a domain to grant 
> page but not map grant (for instance, a further hardening of XSA-380). 

Or the other way around: A typical Dom0 may not have a need to grant
anything, but will likely want to be able to map grants.

Nevertheless I think an overall "no grant operations at all" switch
is good; both of the sub-aspects already have controls.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.