[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM

To: "dgdegra@xxxxxxxxxxxxx" <dgdegra@xxxxxxxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Thu, 14 Jun 2018 14:01:16 -0700 (PDT)
Cc: "artem_mygaiev@xxxxxxxx" <artem_mygaiev@xxxxxxxx>, Stefano Stabellini <stefanos@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "andrii_anisov@xxxxxxxx" <andrii_anisov@xxxxxxxx>, "George.Dunlap@xxxxxxxxxxxxx" <George.Dunlap@xxxxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "ian.jackson@xxxxxxxxxxxxx" <ian.jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, 'Julien Grall' <julien.grall@xxxxxxx>, "tim@xxxxxxx" <tim@xxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, "wei.liu2@xxxxxxxxxx" <wei.liu2@xxxxxxxxxx>
Delivery-date: Thu, 14 Jun 2018 21:01:31 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, 14 Jun 2018, DeGraaf, Daniel G wrote:
> -----Original Message-----
> > On 13/06/18 23:15, Stefano Stabellini wrote:
> > > This is very useful when starting multiple domains from Xen without
> > > xenstore access. It will allow them to print out to the Xen console.
> > >
> > > Signed-off-by: Stefano Stabellini <stefanos@xxxxxxxxxx>
> > > CC: andrew.cooper3@xxxxxxxxxx
> > > CC: George.Dunlap@xxxxxxxxxxxxx
> > > CC: ian.jackson@xxxxxxxxxxxxx
> > > CC: jbeulich@xxxxxxxx
> > > CC: konrad.wilk@xxxxxxxxxx
> > > CC: tim@xxxxxxx
> > > CC: wei.liu2@xxxxxxxxxx
> > > CC: dgdegra@xxxxxxxxxxxxx
> > > ---
> > > If there is a better way to do this with XSM, please advise.
> > 
> > We definitely need to keep the XSM around to avoid opening a hole. We also 
> > don't want all the domain to access the console.
> > 
> > Looking at the implementation, any domain with is_privileged will be able 
> > to access the console. IHMO, I don't think we should set
> > that for DomU created by Xen.
> > 
> > So I would suggest to introduce a new variable is_console and to tell 
> > whether a domain can access the console. xsm_console_io(...)
> > would then need to be updated accordingly.
> 
> There is an existing CONFIG_VERBOSE_DEBUG option which, among other things, 
> allows console output from any domain.  The console output part of that 
> (which is just the #ifdef in include/xsm/dummy.h) could be moved to another 
> CONFIG or ORed with an ARM flag. This would apply to all domains; if that's 
> not what you want, you'll need to add a flag (like Julien suggested) or use 
> XSM.
> 
> If XSM is enabled, guest hypervisor console output is controlled by the 
> guest_writeconsole boolean in the default policy 
> (tools/flask/policy/modules/guest_features.te) which defaults to allowing it.

I think the best user experience would be:
- do not to require XSM to be enabled
- do not to allow all domains to use the Xen console, only the ones started
  from Xen
- domUs started from Xen should not be is_privileged

Indeed, the best approach would be be to add a new is_console option.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- Re: [Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
  - From: DeGraaf, Daniel G

Prev by Date: Re: [Xen-devel] [PATCH RFC 00/15] dom0less step1: boot multiple domains from device tree
Next by Date: Re: [Xen-devel] [PATCH RFC 02/15] xen/arm: move a few guest related #defines to public/arch-arm.h
Previous by thread: Re: [Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
Next by thread: [Xen-devel] [PATCH] compiler: add a sizeof_field() macro
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.