[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
On 28.03.2022 22:36, Daniel P. Smith wrote: > During domain construction under dom0less and hyperlaunch it is necessary to > allocate at least the event channel for xenstore and potentially the event > channel for the core console. When dom0less and hyperlaunch are doing their > construction logic they are executing under the idle domain context. The idle > domain is not a privileged domain, it is not the target domain, and as a > result > under the current default XSM policy is not allowed to allocate the event > channel. I appreciate the change is only needed there right now, but it feels inconsistent. _If_ it is to remain that way, at least a comment needs to be put in xsm_evtchn_unbound() making clear why this is a special case, and hence clarifying to people what the approximate conditions are to have such also put elsewhere. But imo it would be better to make the adjustment right in xsm_default_action(), without touching event_channel.c at all. Iirc altering xsm_default_action() was discussed before, but I don't recall particular reasons speaking against that approach. > This patch only addresses the event channel situation by adjust the default > XSM > policy for xsm_evtchn_unbound to explicitly allow system domains to be able to > make the allocation call. Indeed I'm having trouble seeing how your change would work for SILO mode, albeit Stefano having tested this would make me assume he did so in SILO mode, as that's the default on Arm iirc. Afaict silo_mode_dom_check() should return false in the described situation. Similarly I don't see how things would work transparently with a Flask policy in place. Regardless of you mentioning the restriction, I think this wants resolving before the patch can go in. Jan
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |