[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v8 1/2] xsm: create idle domain privileged and demote after setup


  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 31 May 2022 17:24:38 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GoBP46remYpKdGDxjL5PUvGN+MnUbVlVnLxc2Kbq3sM=; b=asAWeqV2dX995abquAxFXIwHTTFYEBoqszVo8JCYfi/Em3B91jmqc9dYAnDRFFzVYoAcuJaYCLCAMZ+q8NnR/MYOegz7/EmeS/7X5PSalMxVF1IgF+fID9De338ciPdyzz0EeheyyiBQEDvEmdEXkmVG5IwcyDqyLekMyjTTFzVyL0JC6rzl8frCJULfj3MPheTjMhyP1gRoK4Dx8EicqIHu0WO05m2g2D9he4/yVDJomgaDhwBk+2Q/PwcNjkhunthUGAqw6gToo5NC3/3YEYZFDwOMjjVOTOKLSIyp9zbcetiTj0Q+2s6gx5TogeDp8q4EgJ2TQuzJ/W9jzmrCmA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mcb/hifkokMXg8BHNIvhJK2sREnlxKq6tXIktUOKVuCpPXTmcywQrFHLHJ6PdxyuwQtZ1wha9AaNkWJG8A7/JG4HqdVIlN26E4R0V0hn3r+f1EWqYkj1DJOS7j5QcO6csmzfXU1mvNhxUACNdxSxfX/hlaY0wqtySzHrvifOI5dxbOaK0RiNNhqiFCjFNaazkZy9MYK0uRwITJAVKJ74tpXiY+9SonKP/VXV0WBUMM8tDWYfq1NYDZWnO+dCX5n6cyavsAhaQWVFkxXI4803dxlFALF5VP/637p9ql2ADIXv+GngQNZIEz4WQ82m9nEmSNJnc1wGo+gTXdvKvAcpdA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Luca Fancellu <luca.fancellu@xxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Tue, 31 May 2022 15:24:53 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31.05.2022 17:19, Daniel P. Smith wrote:
> 
> On 5/31/22 11:16, Jan Beulich wrote:
>> On 31.05.2022 16:56, Daniel P. Smith wrote:
>>> There are new capabilities, dom0less and hyperlaunch, that introduce 
>>> internal
>>> hypervisor logic, which needs to make resource allocation calls that are
>>> protected by XSM access checks. The need for these resource allocations are
>>> necessary for dom0less and hyperlaunch when they are constructing the 
>>> initial
>>> domain(s).  This creates an issue as a subset of the hypervisor code is
>>> executed under a system domain, the idle domain, that is represented by a
>>> per-CPU non-privileged struct domain. To enable these new capabilities to
>>> function correctly but in a controlled manner, this commit changes the idle
>>> system domain to be created as a privileged domain under the default policy 
>>> and
>>> demoted before transitioning to running. A new XSM hook,
>>> xsm_set_system_active(), is introduced to allow each XSM policy type to 
>>> demote
>>> the idle domain appropriately for that policy type. In the case of SILO, it
>>> inherits the default policy's hook for xsm_set_system_active().
>>>
>>> For flask, a stub is added to ensure that flask policy system will function
>>> correctly with this patch until flask is extended with support for starting 
>>> the
>>> idle domain privileged and properly demoting it on the call to
>>> xsm_set_system_active().
>>>
>>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>>> Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>
>>> Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>
>>> Acked-by: Julien Grall <jgrall@xxxxxxxxxx> # arm
>>
>> Hmm, here and on patch 2 you've lost Rahul's R-b and T-b, afaict.
> 
> erg, you are right, my apologies. Would you like me to respin as v9 to
> get it in there, so it is not lost?

Not sure; much depends on who would commit this if this ends up being
the final version. (If you re-send, I'd suggest v8.1 rather than v9.)

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.