[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hardware domain and control domain separation

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Jason Andryuk <jason.andryuk@xxxxxxx>
  • Date: Thu, 26 Jun 2025 17:18:21 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gG9SC/bbvUjsp3Sqt+FjZ4EKyg2m1ayJDhBQ3M3nfpE=; b=U2rHQA1cVcXENcwDZNj7uj15MTzSptq2oZdZSd9+dimHoitI5oxy07ekc/7OUOxTMS+SDipkOgL8tamHOkTKm2cjUV1Avfd9hWox+dJCtDIbIRDNF3vK9b8JmDUQGRJbHb76JmoeGNNUfk6YqQZF9V9IWPL+3MBkZKb3umBeY1yho2iddlkLOTariQhy50OW+JgpOUGePt6mbV+NbVH/H0Zf8xiHlvX/FkeygynSg1+v/zC5L/2LwEkQwi3h4KUzHfWSkwaGxtfwpts3FuQcBZCbiwOtaUwwgbCEmcCAOV+FwPpGYINeQ6fEvYwZww/3aKbtxmqFgHeRGnDTYuhPhw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=icWI1a5JOUG8T4Tr/Ibk+ModEVr7yFpjSXy1wb2L4Q1Lodil74PEsR4TZFB43Da80gXNPXl2GmkzOR6UQ8yucuFMctP1dvvG4cxEHXk5sMcARbEnVC4ZAUpetQoetiJxhdlzxN/l6o6nUv2HZLZ0X5h+UPiKXefnNj+MEt1EkAtl1xRNc5q67rusjXoRL6qN4AEuzJa7A42vcfwJU0AeIg0lnXAll70WUysZzOtY+GuvXHp7wcc3/IqJsO570fuk3mxvdBlUn1EeitVS8kSwd7LA6Y1FEOHrFYPu2Kfz7LdV3sBUpZrAUXA0fGvCZh6L0hg7/YZWFpozRs/ieJb3Iw==
  • Cc: Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, <ayankuma@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <demiobenour@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Thu, 26 Jun 2025 21:18:48 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-06-25 01:32, Jan Beulich wrote:

On 24.06.2025 22:14, Jason Andryuk wrote:

On 2025-06-24 01:25, Jan Beulich wrote:

On 24.06.2025 00:51, Stefano Stabellini wrote:

On Mon, 23 Jun 2025, Demi Marie Obenour wrote:

On 6/23/25 11:44, Jan Beulich wrote:

On 21.06.2025 02:41, Stefano Stabellini wrote:
Also a more fundamental question I was wondering about: If Control had
full privilege, nothing else in the system ought to be able to interfere
with it. Yet then how does that domain communicate with the outside
world? It can't have PV or Virtio drivers after all. And even if its
sole communication channel was a UART, Hardware would likely be able to
interfere.


There are well-established methods for implementing domain-to-domain
communication that are free from interference, such as using carefully
defined rings on static shared memory. I believe one of these techniques
involves placing the indexes on separate pages and mapping them
read-only from one of the two domains.


How's that going to help with the backend refusing service, which I view
as one "method" of interference? Or else, what exactly does "interference"
mean in this context? (More generally, I think it is necessary to very
clearly define terminology used. Without such, words can easily mean
different things to different people.)


Yes, there are different kids of interference.  We are concerned about a domain blocking 
another domain.  The main example is an ioreq blocking a vCPU.  The blocked domain 
is unable to recover on its own.


On which insns an ioreq server may kick in can be well known. A kernel
can therefore, in principle, come with recovery code, just like it can ...
The case I am thinking of is QEMU providing a virtio device to a domain. The domain has to write to a MMIO area in a BAR to notify QEMU. From my understanding, that vCPU is blocked in Xen until QEMU responds to the ioreq. I don't see how any recovery code is possible, but I may be missing something. 

Regards,
Jason

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.