This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH, v2] add privileged/unprivileged kernel feature i

To: "Ian Campbell" <Ian.Campbell@xxxxxxxxxxxxx>, "Keir Fraser" <keir@xxxxxxx>
Subject: Re: [Xen-devel] [PATCH, v2] add privileged/unprivileged kernel feature indication
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Thu, 21 Jul 2011 10:03:49 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 21 Jul 2011 02:16:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CA4DA82C.2F9DE%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <CA4DA6F3.2F9C9%keir@xxxxxxx> <CA4DA82C.2F9DE%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
>>> On 21.07.11 at 10:55, Keir Fraser <keir@xxxxxxx> wrote:
> On 21/07/2011 09:50, "Keir Fraser" <keir@xxxxxxx> wrote:
>> On 21/07/2011 09:16, "Jan Beulich" <JBeulich@xxxxxxxxxx> wrote:
>>>> You say it is a Linux notion that dom0 implies domU but I am not aware
>>>> of any PV OS which supports dom0 that doesn't also support domU, do you
>>>> have specific examples of OSes which are dom0-only?
>>> No, I'm not aware of any existing ones, but I also wasn't in favor of
>>> the move to imply unprivileged capabilities when Linux is configured
>>> as privileged guest (iirc this wasn't the case from the very beginning).
>>> And again, imo an interface like the hypervisor's shouldn't dictate any
>>> kind of policy on the guest OSes.
>> My own issue with the unprivileged flag is that I'm not clear what it
>> actually means. When would you *not* set it? I mean it looks in the Linux
>> side you set it unconditionally right now. What's the point? Why not remove
>> the flag and introduce it when we have good reason and can attach meaningful
>> semantics to it?
> A further killing blow: the hypervisor patch defined unprivileged as !dom0.
> Well, there are many different capabilities and devices that a domU may be
> granted. You might be passing through a VGA adaptor and SRIOV NIC and run
> out of ramdisk for example, in which case the domU might quite validly have
> no PV frontend devices.
> Another thing, given that privileged is quite a broad term, I wonder whether
> the 'privileged' feature should be called something else? Like
> 'dom0_interface'? It would be a more precise definition maybe? Passing
> through devices to a domU could be termed a privilege after all, for
> example.

I agree that if we're going to go with just a single flag, then renaming it
the way you suggest certainly makes sense.


Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>