Xen project Mailing List

Re: [PATCH v9 1/3] xsm: create idle domain privileged and demote after setup

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 30 Jun 2022 10:10:26 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1656598353; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=j8joM4+E+WUJ6OrZpzbtO/GPRIcptxzBks4vfrc1hEg=; b=LsK0vSANe+1js72lexBa6sYWvVYzZ9tWULgW+mcbScyqaQRh0MSMNPM0ixD8G+dFHtFrMscqCQiktRmdXPxllyvV13QELm9Rcr5ccBnSUv4Ch4m7tC8aI6kerlbYRBxnwNUq2uZkEq9oLIowipQ8CX9UXwxdIAkEu8mRImk8qYg=

Arc-seal: i=1; a=rsa-sha256; t=1656598353; cv=none; d=zohomail.com; s=zohoarc; b=igP5pbu1ys8J5ghzmGq2c8dwV6JMoo/gG3IxyyAFRp8s2HU7mtrvDZzDox00vjVF9oXi4R262oNihHJmiPVduJYrx3wTgA0yTMbecoAt2lPmYLxFZriAUG3dXQR35Tc0QaSsrMrkBYuI/dch5aRLe0MHfxOFdoFCzBQ0N/JeCC4=

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, christopher.clark@xxxxxxxxxx, Luca Fancellu <luca.fancellu@xxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Thu, 30 Jun 2022 14:12:43 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 6/30/22 05:24, Roger Pau Monné wrote: > On Wed, Jun 29, 2022 at 10:21:08PM -0400, Daniel P. Smith wrote: >> There are new capabilities, dom0less and hyperlaunch, that introduce internal >> hypervisor logic, which needs to make resource allocation calls that are >> protected by XSM access checks. The need for these resource allocations are >> necessary for dom0less and hyperlaunch when they are constructing the initial >> domain(s). This creates an issue as a subset of the hypervisor code is >> executed under a system domain, the idle domain, that is represented by a >> per-CPU non-privileged struct domain. To enable these new capabilities to >> function correctly but in a controlled manner, this commit changes the idle >> system domain to be created as a privileged domain under the default policy >> and >> demoted before transitioning to running. A new XSM hook, >> xsm_set_system_active(), is introduced to allow each XSM policy type to >> demote >> the idle domain appropriately for that policy type. In the case of SILO, it >> inherits the default policy's hook for xsm_set_system_active(). >> >> For flask, a stub is added to ensure that flask policy system will function >> correctly with this patch until flask is extended with support for starting >> the >> idle domain privileged and properly demoting it on the call to >> xsm_set_system_active(). >> >> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> >> Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx> >> Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx> >> Acked-by: Julien Grall <jgrall@xxxxxxxxxx> # arm >> Reviewed-by: Rahul Singh <rahul.singh@xxxxxxx> >> Tested-by: Rahul Singh <rahul.singh@xxxxxxx> > > LGTM: > > Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > Thanks, Roger. Thank you.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.