[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/2] xsm: create idle domain privieged and demote after setup
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Thu, 21 Apr 2022 11:20:33 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x38M4jTtVVsfp07hlSV44EN3P+EHzSj2fmdtntSAjNg=; b=SVpbeZGOnBa+2jkXfllrtBr/AcOiUT+RZ3u/hBTM3FKiLR90WAyINwQpU1JCXSmKVym5F75qARki1lYxfZjvR7SSPtc2JXn8q+qDj8fyXBkolFhXYc/x8Kd3bjCEw/XvI7wKp8xOiIEz/iqPLmrYLK01i/QusDJxajTFXEUjosBICqPoqw21Y2ZXuZkaSOtYq2S5ynBKHc56zQT80szDCmysFVSjYdLge9L2CRGMVAcM2arqoOO8MzyufPr04aTs4uI8DiohTxrh/5subXZFvX6BIUjyZhb86dWKwORDux+2TDzTx1l08wSek1UWxar4oFcY0EwT8IaayMu4bWRGlA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c+3lVtzf7IqLaaTm4kwnC9dtcgVU14reUl5FMuB2RBTy3p3Gqxyi43xCbkWZvh+TcpDJEC6BDq6nhdY4csTNC0OT+r/FK3cHt7PE+9uokVJEuc6KGHg2lG6LLu1VO+lCh0gItNb8JHhnEJT3p2DB4cZJkfhGx8XC2dN1UFqpmazptogE7NZ8UlqfiXK/EyZ53dDCZ7793ynskDSBI7c+OEWaFa9Zv8oOjOLzR6A0rvcS+5CnbZ9dAt6ptxatgf1NMd25YBp0XRapEu/UXxjtjS7wSMup7SXeMVScehCpphA5Bfeav8vKAu4Id4+zqEdKNBgTr/keZtT1C5eB/mkCIw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Thu, 21 Apr 2022 09:20:48 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 21.04.2022 00:28, Daniel P. Smith wrote:
> There are now instances where internal hypervisor logic needs to make resource
> allocation calls that are protectd by XSM checks. The internal hypervisor
> logic
> is represented a number of system domains which by designed are represented by
> non-privileged struct domain instances. To enable these logic blocks to
> function correctly but in a controlled manner, this commit changes the idle
> domain to be created as a privileged domain under the default policy, which is
> inherited by the SILO policy, and demoted before transitioning to running. A
> new XSM hook, xsm_transition_running, is introduced to allow each XSM policy
> type to demote the idle domain appropriately for that policy type.
>
> For flask a stub is added to ensure that flask policy system will function
> correctly with this patch until flask is extended with support for starting
> the
> idle domain privileged and properly demoting it on the call to
> xsm_transtion_running.
>
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Looks okay to me, but I'm not sure in how far agreement was reached on
taking this route. Just one nit:
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -101,6 +101,18 @@ static always_inline int xsm_default_action(
> }
> }
>
> +static XSM_INLINE void cf_check xsm_transition_running(void)
> +{
> + struct domain *d = current->domain;
> +
> + if ( d->domain_id != DOMID_IDLE )
> + panic("xsm_transition_running should only be called by idle
> domain\n");
> +
> + d->is_privileged = false;
> +
> + return;
> +}
Please omit such return statements.
Jan
|