[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0 of 4] Add commands to automatically prep devices for pass-through

On 09/05/12 12:59, Ian Campbell wrote:
Right, however it is strictly speaking a new feature which is not
mentioned on the TODO list and has not previously been posted (AFAIK,
please correct me if not) and we are currently supposed to be in feature
freeze (and have been for several weeks, if not a month).

IIRC this functionality was mooted when the pci permissive patch was
being done as something which would be a 4.3 feature.
We need to decide if we want to make an exception for this new feature
or not. Although I'm sure this feature is very nice and handy, we've
lived without it for years and people seem to be able to use the
existing scheme.
My recollection was that I did "moot" the functionailty basically a day or two after the official feature freeze; my impression from those discussions was that we wouldn't add the feature to the list, but that it was reasonable to ask for an exception at such time as I actually had the patches. (Quite possible that my understanding is wrong there.) Unfortunately due to other priorities, I didn't manage to actually start working on them until the end of last week.

Maybe part of the issue is how they're being presented. My original plan was to add options to libxl_pci_{add,remove} do the rebinding, which would have looked less like a new feature and more like an improvement. This version actually introduces new functions, so it looks much more like a "new feature", even though the functionality is the same, and arguably having a separate step is less of a risk of someone tripping over something.

Of course everyone thinks their pet feature is incredibly important. :-) But we are planning on making a public push on some of the security features of Xen this summer, which will hopefully mean a lot of people investigate the idea of using pci pass-through functionality for network driver domains. The problem with saying "people seem to be able to use the existing scheme" is that you only see those who have gone through it and succeeded; you don't see how many took at look at the instructions and said, "That sounds too complicated/dangerous for me." It would be a shame if we tooted Xen's horn about security, got an extra several thousand people to look into it, and then had half of them go away because of something simple like this. I think that's my main concern.

We could of course make the HOWTOs easier to follow even without including this functionality; including Anthony's (very useful) rebinding script would certainly be a lot better than having everyone manually doing the sysfs stuff. But not nearly as good as having the commands in-tree.

If we decide not to take the new functions, can I propose that we at least take the one that renames "pci-device-list-assignable", so we won't have to rename it / deal with compatibility issues when these are implemented for 4.3?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.