[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Jason Andryuk <jandryuk@xxxxxxxxx>
Date: Wed, 30 Mar 2022 08:30:19 -0400
Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Scott Davis <scott.davis@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 30 Mar 2022 12:30:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Mar 30, 2022 at 2:30 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
> On 29.03.2022 20:57, Daniel P. Smith wrote:
> > On 3/29/22 02:43, Jan Beulich wrote:
> >> Similarly I don't see how things would work transparently with a
> >> Flask policy in place. Regardless of you mentioning the restriction,
> >> I think this wants resolving before the patch can go in.
> >
> > To enable the equivalent in flask would require no hypervisor code
> > changes. Instead that would be handled by adding the necessary rules to
> > the appropriate flask policy file(s).
>
> Of course this can be dealt with by adjusting policy file(s), but until
> people do so they'd end up with a perceived regression and/or unexplained
> difference in behavior from running in dummy (or SILO, once also taken
> care of) mode.

This need to change the Flask policy is the crux of my dislike for
making Xen-internal operations go through XSM checks.  It is wrong,
IMO, to require the separate policy to grant xen_t permissions for
proper operation.  I prefer restructuring the code so Xen itself
doesn't have to go through XSM checks since that way Xen itself always
runs properly regardless of the policy.

This is more based on unmap_domain_pirq having an XSM check for an
internal operation.  dom0less, hyperlaunch, & Live Update may all be
niche use cases where requiring a policy change is reasonable.

Regards,
Jason

Follow-Ups:
- Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
  - From: Daniel P. Smith

References:
- [RFC PATCH 0/1] allow system domains to allocate event channels
  - From: Daniel P. Smith
- [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
  - From: Daniel P. Smith
- Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
  - From: Jan Beulich
- Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
  - From: Daniel P. Smith
- Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
  - From: Jan Beulich

Prev by Date: Re: [PATCH v2 1/3] x86/mem_sharing: option to enforce fork starting with empty p2m
Next by Date: Re: [PATCH v2 2/2] xen: Populate xen.lds.h and make use of its macros
Previous by thread: Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
Next by thread: Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.