|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v4 00/32] tools: enable xenstore-stubdom to use 9pfs
On 05.02.24 11:55, Julien Grall wrote: Hi Juergen, On 05/02/2024 10:49, Juergen Gross wrote:This series is adding 9pfs support to Xenstore-stubdom, enabling it to do logging to a dom0 directory. This is a prerequisite for the final goal to add live update support to Xenstore-stubdom, as it enables the stubdom to store its state in a dom0 file. The 9pfs backend is a new daemon written from scratch. Using a dedicated 9pfs daemon has several advantages: - it is using much less resources than a full blown qemu process - it can serve multiple guests (the idea is to use it for other infrastructure domains, like qemu-stubdom or driver domains, too) - it is designed to support several security enhancements, like limiting the number of files for a guest, or limiting the allocated file system space - it doesn't support file links (neither hard nor soft links) or referencing parent directories via "..", minimizing the risk that a guest can "escape" from its home directory Note that for now the daemon only contains the minimal needed functionality to do logging from Xenstore-stubdom. I didn't want to add all the 9pfs commands and security add-ons in the beginning, in order to avoid needless efforts in case the idea of the daemon is being rejected. Changes in V4: - patch 2 of V3 was applied - added support of reading directories - addressed review comments Changes in V3: - new patches 1, 23-25 - addressed review comments Changes in V2: - support of multiple rings per device - xenlogd->xen-9pfsd rename - addressed review comments - fixed some bugs Juergen Gross (32): tools: add access macros for unaligned data tools: add a new xen logging daemon tools/xen-9pfsd: connect to frontend tools/xen-9pfsd: add transport layer tools/xen-9pfsd: add 9pfs response generation support tools/xen-9pfsd: add 9pfs version request support tools/xen-9pfsd: add 9pfs attach request support tools/xen-9pfsd: add 9pfs walk request support tools/xen-9pfsd: add 9pfs open request support tools/xen-9pfsd: add 9pfs clunk request support tools/xen-9pfsd: add 9pfs create request support tools/xen-9pfsd: add 9pfs stat request support tools/xen-9pfsd: add 9pfs write request support tools/xen-9pfsd: add 9pfs read request support tools/libs/light: add backend type for 9pfs PV devices tools/xl: support new 9pfs backend xen_9pfsd tools/helpers: allocate xenstore event channel for xenstore stubdom tools/xenstored: rename xenbus_evtchn() stubdom: extend xenstore stubdom configs tools: add 9pfs device to xenstore-stubdom tools/xenstored: add early_init() function tools/xenstored: move systemd handling to posix.c tools/xenstored: move all log-pipe handling into posix.c tools/xenstored: move all socket handling into posix.c tools/xenstored: get own domid in stubdom case tools/xenstored: rework ring page (un)map functions tools/xenstored: split domain_init() tools/xenstored: map stubdom interface tools/xenstored: mount 9pfs device in stubdom tools/xenstored: add helpers for filename handling tools/xenstored: support complete log capabilities in stubdom tools/xenstored: have a single do_control_memreport()I haven't checked what's the state of the 9PFS patches. Can part of the xenstored changes be committed without the 9PFS changes? The following patches can go in without the 9pfs daemon: tools/helpers: allocate xenstore event channel for xenstore stubdom tools/xenstored: rename xenbus_evtchn() stubdom: extend xenstore stubdom configs tools/xenstored: add early_init() function tools/xenstored: move systemd handling to posix.c tools/xenstored: move all log-pipe handling into posix.c tools/xenstored: move all socket handling into posix.c tools/xenstored: get own domid in stubdom case tools/xenstored: rework ring page (un)map functions tools/xenstored: split domain_init() tools/xenstored: map stubdom interface Juergen
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |