[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 6/6] gnttab: allow disabling grant table per-domain
- To: Julien Grall <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Fri, 15 Oct 2021 13:51:09 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UJObJvrHkBBtUo8kY0zE7JBZu0xKJo5GoGPZmP9A/+Q=; b=jK0IoDNrDt+MXSU/A/pqr6Sxyh/2tjRGLvdY+6x+CaXghEXxDLlUEat398aSAB63FsLbniO+tHIT14BZ7h7HkpwYuFDAmEHgMdM+revwNEo+sQFIhwowdVxQidJzaLKdlqKZpV3YW9sY6PhzeTBqLbwleWsUgZBBzHS9CDKkD+So/RbKhgW65W/581b4dHkUVgcYDUwXD4YkACz9zcriJ4Q0atwoTxcQebPf76GX+ZcxTdetwrhWyWz7wNm5LWyzu4jCHeboEqPJd/uBAGMOZuko1rKJfNMy5g8/uqQuiKq9VpgAr6DIndVFGgVsHw+riZM+983uKkyNDhEh7P5bow==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jIlEh5BY5vIjkM2Gx7bk2mEsXqALR+/THJtpb/xXQEJjHeXX/IF0VB0YNClUaTsudkcjgNmvPadioC3WTae3Rt+1GGlZf8wfDf2esqjpgAvDwLbG7vDS59yzqKzMbd3S+yV1H/p7bLT4EoEtr0hbszCPvTa0jfaZfZbYIClCHXwFUqICQtvFOryrXrE14ypb4Cy9GX75afO6uT5DbOs0/sXeQYt4fQsnmw6OOdNCbsUErXJROTFw+8DIkaufyNt7BwrmvKiegrQyFgv+CStppmBdzn6zbiLy9zWKq7njkbyi9+8zWJVvpa67OH5pg2L7DUYyjCJ884+OlsrVZgdh/w==
- Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
- Cc: Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Fri, 15 Oct 2021 11:51:22 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 22.09.2021 11:19, Julien Grall wrote:
> On 22/09/2021 13:21, Roger Pau Monne wrote:
>> --- a/docs/man/xl.cfg.5.pod.in
>> +++ b/docs/man/xl.cfg.5.pod.in
>> @@ -583,8 +583,8 @@ L<xl.conf(5)>.
>> =item B<max_grant_version=NUMBER>
>>
>> Specify the maximum grant table version the domain is allowed to use.
>> Current
>> -supported versions are 1 and 2. The default value is settable via
>> -L<xl.conf(5)>.
>> +supported versions are 1 and 2. Setting to 0 disables the grant table for
>> the
>> +domain. The default value is settable via L<xl.conf(5)>.
>
> Technically, the version only applies to format of the table for
> granting page. The mapping itself is version agnostic. So this feels a
> bit wrong to use max_grant_version to not allocate d->grant_table.
>
> I also can see use-cases where we may want to allow a domain to grant
> page but not map grant (for instance, a further hardening of XSA-380).
Or the other way around: A typical Dom0 may not have a need to grant
anything, but will likely want to be able to map grants.
Nevertheless I think an overall "no grant operations at all" switch
is good; both of the sub-aspects already have controls.
Jan
|
