Xen project Mailing List

Re: [PATCH v2 1/2] xsm: create idle domain privieged and demote after setup

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 21 Apr 2022 09:05:12 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650546360; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=3LnXM9dW4GS8TCA+EPE0xJooNdtkTKgPxEbjJ/TcOyg=; b=WnuigCRO15jxKDJF8sMVJdyivSAuMVcnLlic2hxEjtManonS9eJmPTuEiWYEj79X0HSLASwFDPh63mzh27zjpmUOYJC5ZZ2Sqwh45fL0YPGE9NDtfHeco73g8lxAKkTOYk7djWA40THqr8pROKcpRWaAAXF2Zaj/fC1u/EZxK0g=

Arc-seal: i=1; a=rsa-sha256; t=1650546360; cv=none; d=zohomail.com; s=zohoarc; b=iNR309RMOVWsH9WkQTG/IwOQEQdD978RWan+qjaSqprr2tqsdFdboxVDRp48J48uhZk03KcvOgBdpRV1epRRoew0Cl0EMVC41WppY0Ok5Te5RJmDZFDAnXAFuFfdl0kdWT4qsO50sownRahffl63R9u66Qs8NYEn/0B91npHC7s=

Cc: scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 21 Apr 2022 13:06:17 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 4/21/22 05:20, Jan Beulich wrote: > On 21.04.2022 00:28, Daniel P. Smith wrote: >> There are now instances where internal hypervisor logic needs to make >> resource >> allocation calls that are protectd by XSM checks. The internal hypervisor >> logic >> is represented a number of system domains which by designed are represented >> by >> non-privileged struct domain instances. To enable these logic blocks to >> function correctly but in a controlled manner, this commit changes the idle >> domain to be created as a privileged domain under the default policy, which >> is >> inherited by the SILO policy, and demoted before transitioning to running. A >> new XSM hook, xsm_transition_running, is introduced to allow each XSM policy >> type to demote the idle domain appropriately for that policy type. >> >> For flask a stub is added to ensure that flask policy system will function >> correctly with this patch until flask is extended with support for starting >> the >> idle domain privileged and properly demoting it on the call to >> xsm_transtion_running. >> >> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> > > Looks okay to me, but I'm not sure in how far agreement was reached on > taking this route. Just one nit: Thank you. As for the approach, Jason suggested it and Roger stated that if this approach was adopted it would resolve his concerns over __init. If you have a concern with this approach, please let me know so I can ensure it is addressed to the best of my ability. >> --- a/xen/include/xsm/dummy.h >> +++ b/xen/include/xsm/dummy.h >> @@ -101,6 +101,18 @@ static always_inline int xsm_default_action( >> } >> } >> >> +static XSM_INLINE void cf_check xsm_transition_running(void) >> +{ >> + struct domain *d = current->domain; >> + >> + if ( d->domain_id != DOMID_IDLE ) >> + panic("xsm_transition_running should only be called by idle >> domain\n"); >> + >> + d->is_privileged = false; >> + >> + return; >> +} > > Please omit such return statements. Ack. v/r, dps

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.