[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RFC 0/6] Hyperlaunch domain roles and capabilities

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 1 Aug 2023 16:20:00 -0400
Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921219; h=Content-Transfer-Encoding:Cc:Date:From:MIME-Version:Message-ID:Subject:To; bh=ko9U8cGQhnmgoATzcdLjAMLp8cggi3FR/MqknwYUGjw=; b=XLDon0Q6hOidpC6DAmlQx5CG79Cc5StFCEvKiwXux0Fdk1Gli/nWneU4mOqG6z1l1R1n6bei2zfiwf/dMIV/F5B1Gw+lVqfjWBZGIhOxzL5ZOyPfo7W4mQvTI+vMxlGu6vBipb+2Lx67/HHjxrYmhvb1Mwgl0XRnLQF0UqpJk4g=
Arc-seal: i=1; a=rsa-sha256; t=1690921219; cv=none; d=zohomail.com; s=zohoarc; b=E413ofvZPo9ecp1I5vBmTYsC5yIJ9vgdigDQfffgzj1GXG4fTxzJG+sU3eGcyeLzqgHdLOETjpd/7i27BlzU6X+FZN1XeZ2dat1euy4Ktdvnf1lGUxUoxE5No9vBk4AvB5MBKpi7BqhgKGOK/kf+CbSXDOvseZF0ugU1XZAc794=
Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxx>
Delivered-to: dpsmith@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 01 Aug 2023 20:20:38 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

A goal of the hyperlaunch effort was to solidify the concept of the different
types of domains the hypervisor has some notion around. The initial approach
was to formalize these types as roles enforced through the XSM framework. In
this RFC, a simpler approach is taken to lay a foundation of domain roles and
assignable capabilities.

The approach in this series is to collapse the relevant bools in struct domain
into a pair of bit flag entries that represent roles and capabilities that a
domain is assigned.

Daniel P. Smith (6):
  dom0: replace explict zero checks
  roles: provide abstraction for the possible domain roles
  roles: add a role for xenstore domain
  capabilities: introduce console io as a domain capability
  capabilities: add dom0 cpu faulting disable
  capabilities: convert attach debugger into a capability

 xen/arch/arm/domain_build.c     |  6 ++-
 xen/arch/x86/cpu-policy.c       |  2 +-
 xen/arch/x86/cpu/common.c       | 82 ++++++++++++++++-----------------
 xen/arch/x86/hvm/svm/svm.c      |  8 ++--
 xen/arch/x86/hvm/vmx/realmode.c |  2 +-
 xen/arch/x86/hvm/vmx/vmcs.c     |  2 +-
 xen/arch/x86/hvm/vmx/vmx.c      | 10 ++--
 xen/arch/x86/setup.c            |  6 +++
 xen/arch/x86/traps.c            |  6 ++-
 xen/common/domain.c             | 21 +++++++--
 xen/common/domctl.c             |  6 ++-
 xen/common/sched/arinc653.c     |  2 +-
 xen/common/sched/core.c         |  4 +-
 xen/include/xen/sched.h         | 58 +++++++++++++++++++----
 xen/include/xsm/dummy.h         |  6 +--
 xen/xsm/flask/hooks.c           | 12 ++---
 16 files changed, 150 insertions(+), 83 deletions(-)

-- 
2.20.1

Follow-Ups:
- [RFC 6/6] capabilities: convert attach debugger into a capability
  - From: Daniel P. Smith
- [RFC 5/6] capabilities: add dom0 cpu faulting disable
  - From: Daniel P. Smith
- [RFC 4/6] capabilities: introduce console io as a domain capability
  - From: Daniel P. Smith
- [RFC 3/6] roles: add a role for xenstore domain
  - From: Daniel P. Smith
- [RFC 2/6] roles: provide abstraction for the possible domain roles
  - From: Daniel P. Smith
- [RFC 1/6] dom0: replace explict zero checks
  - From: Daniel P. Smith

Prev by Date: Re: [PATCH RESEND v9 33/36] KVM: VMX: Add VMX_DO_FRED_EVENT_IRQOFF for IRQ/NMI handling
Next by Date: [RFC 1/6] dom0: replace explict zero checks
Previous by thread: Re: [PATCH 4/5] xen/ppc: Parse device tree for OPAL node on PowerNV
Next by thread: [RFC 1/6] dom0: replace explict zero checks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.