[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/6] gnttab: add per-domain controls


  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • From: Edwin Torok <edvin.torok@xxxxxxxxxx>
  • Date: Mon, 20 Sep 2021 08:24:45 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fx1zSfA1R220O/aaGUHyRpJ2+0Ro7oxjPjSBnJ41RiE=; b=B7A0TQ7AW/3ybR6xSJe6oao2dPkMAQSS3pGXk8PsUAjz+b6Qf0d3PD2YbORB84mWnv5sMlmQiZQ2nYzUPs8J89k8m9HJ99XFZQSiGw1LiUAZItmFHxZTqo/wNFwd5iu2s4If3sjfrsCHTup3zJEeRu1kzNQUQ9Z1PpzLLMR6frBc67/95th4c3oEbHYpW/7QpgyBNYLrG2fHrxTmeE+BnbF14MZFQQ/A4obNwWf49GtsKTbFGOPW+TvC3vaXmATuJOeHXszdFR5Q4iCuagCl4iD1PumlUKOABfvKBQ1ZeH0DEstOpSSFfWc7P08KfrP5LXS/HD4hU+1+4RlxrnGP1w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JCSPu50Gd8fJzEvK3P4ebEVZcl5nUUp/nRAWOZh09WDjLxb8q3qJzx01/C2Tar3gvoxSR+YwWM3q8d1Il6+eRsemVtp8T4nRnoQkayjjtPHYmBGu9hqqwC0XrANMO8aSpX0LL4hwN+tB6lsM6V80Y1uX4NyihlRRTTo3kOTFV2TONxkXxNGAo9WSBoloRJZY/JxWBZeON1v/xxzTVc/72GxVCeUjvFQKdWC7SKaDZqtqCNk8hk0NhhehCCaPaIJE1r4iAJbR5v3E1wV8sR6oRrpBKh5TvRil+GcWRnHh6mW0PiAl9F9MUYAsrlv70Qxn4g0JAciq51cJqHy90OOSZA==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Christian Lindig <christian.lindig@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Ian Jackson" <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Mon, 20 Sep 2021 08:24:55 +0000
  • Ironport-data: A9a23:jHKsZq53RdxtHyaDSARvKgxRtJbAchMFZxGqfqrLsTDasY5as4F+v jRKXWqFafmNZGOnKt1+Povn/RtSsJGGz9cwGgFt+S1gHi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuV3zyIQUBUjclkfJKlYAL/En03FVIMpBsJ00o5wrZo2NYw2LBVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Zz tdhh7m2VB8SJJLPisI+az4bAR5uIvgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALIcX1PYVZpnZ6yjLxBvc6W5HTBa7N4Le02R9t3ZkXTaqEP aL1bxJPTS/dekQICGwHAYA4jOyQqlr1dhNx/Qf9Sa0fvDGIkV0ZPKLWGNjaYNuRXu1Og12V4 GnB+gzRGQoGPdaSzT6E9HOEheLVmy7/HoUIG9WQyPluh1GCw30JPzcfX1C7vPqRh1a3XpRUL El80iYns6Ua7kGgSdj5GRqirxasvAMYWtdWO/037keK0KW8yweGBEAUQzhZctskucQqAzsw2 Tehj97vQDBirrCRYXac7auP6yO/PzAPKm0PbjNCShEKi/HhqowuihPETv54DbW4yNbyHFnY3 DSivCU4wbIJgqY2O76TpA6dxWj2/96QE1Bztl6/sn+ZAh1RYoyJVamu9EDg98lDPqC6dn7Cr kcUhJ3LhAwRNq1hhBBhUc1UQurwt63UYWWG6bJ8N8J+rGX2ohZPaagVuWsndRkzaq7obBe0O Be7hO9H2HNE0JJGh4dMaoStAowByaH6HLwJvdiFM4ITPvCdmOKBlRyChHJ8PUi2yyDAcollY P93lPpA6l5AUsxaIMKeHbt17FPS7nlWKZnvqXXHI/OPiuD2WZJoYe1dbAvmgh4RtfvZyOkqz zqvH5TTkEgOOAEPSgLW7ZQSPTg3wYsTXMutw/G7gtWre1I8cEl4Uqe56ep4J+RNwvQE/s+Vr yrVchIJlzLCaYjvdFzihoZLM+i0A/6SbBsTYEQRALpf8yJyOdrwtPhPKcRfkHtO3LUL8MOYh sItIq2oKv9OVi7G63Iaa5z8p5ZlbxOlmUSFOC/NXdT1V8cIq9Xh9oC2cw3x2jMJCybr58Iyr 6f5jlHQQIYZRhQkB8HTMar9w1S0tHkbueRzQ0qXfYUDJBSyqNBne37rk/s6A8AQMhGflDGU4 BmbXEUDru7Xro5rrNSQ3fKYr52kGvdVF1ZBGzWJ9q6/MCTXpzLxwYJJXOuSUyraUWf4pPera elPlqmuO/wbhlda9YF7Fu8zn6454tLuoZ5czxhlQyqXPwj6VOs4LyDfj8dVt6BLyrtIgieMW xqCqotAJLGEGML5C1pNdgArWfuOiKMPkT7I4PVrfEijvH1r/KCKWFl5NgWXjHAPN6N8NY4oz LtzuMMS7ADj2BMmPszf03JR/mWIaHcBT78mptcRB4qy0lgnzVRLYJr9DC7q4c7QN4UQYxdye jLE1rDfg7l8x1bZdythHHfA6uNRmJAStU0Y11QFPVmIxoLIi/JfMMe9KtjrotC5Fil67t8=
  • Ironport-hdrordr: A9a23:6lvD/6rbQAQqatjWlNMJSWsaV5txLNV00zEX/kB9WHVpm5Oj+P xGzc526farslsssSkb6K290KnpewK4yXbsibNhfItKLzOWxFdAS7sSrbcKogeQVREWk9Qy6U 4OSdkGNDSdNykYsS++2njDLz9C+qjFzEnLv5an854Fd2gDAMsAjzuRSDzraXGeLDM2WKbRf6 Dsgvav0gDQH0j/Gf7LYUXtMdKzxeHjpdbDW1orFhQn4A6BgXeD87jhCSWV2R8YTndm3aoi2X KtqX262oyT99WAjjPM3W7a6Jpb3PH7zMFYOcCKgs8Jbh3xlweTYph7UbHqhkFxnAjv0idvrD D/mWZnAy1B0QKJQohzm2q05+DU6kdo15Yl8y7CvZKsm72ieNtwMbs/uWsQSGqm16NnhqAh7E sD5RPoi7NHSRzHhyjz/N7OSlVjkVe1u2MrlaoJg2VYSpZ2Us4dkWSOlHklYavoMRiKo7zPKt MeRv00JcwmBm+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNBKVs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaNKAg3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu4ljDlhCy/TBrZ/QQFm+oXwV4rmdSsQkc7vmsq yISeFr6tfYXB7TJbo=
  • Ironport-sdr: 9LOx6gyPRIdLbue+VS7SBouuWKLAVP7GXXwr0y3/FRxvi+lQdoNPPHpxycfyNAnjaBZiEztiRg I8p95plcfsM6eb3oI+Q4xW7JA8FMCtbh8M3pibb42Gc8OxrNrtxDV25NQyh32A17r3UL7nsemE 7lm43I88Bi90FF7plx9Ov8my4FHcYwb8NncjQhYwo5ItVGAHHyI2sF8dcdwkXUpjS4zZXDujXN iNMkWsV8Y1u6b8A9371DUxUxthyfdveTm8WfQciXAsSyj9zw+JUsvrynaCry6UndAbV/eBmpE9 xLFp1dJnC3LUcOmTOXj5PNCO
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHXq9s0IM3OAQqHo06+ALWIm01YaauoZEqAgAQlp4CAABBIgA==
  • Thread-topic: [PATCH 0/6] gnttab: add per-domain controls


> On 20 Sep 2021, at 08:26, Roger Pau Monne <roger.pau@xxxxxxxxxx> wrote:
> 
> On Fri, Sep 17, 2021 at 06:06:42PM +0200, Christian Lindig wrote:
>> 
>> 
>>> On 17 Sep 2021, at 16:46, Roger Pau Monne <roger.pau@xxxxxxxxxx> wrote:
>>> 
>>> Hello,
>>> 
>>> The first two patches of this series allows setting the preisoutly host
>>> wide command line `gnttab` option on a per domain basis. That means
>>> selecting the max allowed grant table version and whether transitive
>>> grants are allowed.
>>> 
>>> The last 4 patches attempt to implement support for creating guests
>>> without grant table support at all. This requires some changes to
>>> xenstore in order to map shared ring using foreign memory instead of
>>> grant table.
>>> 
>>> Note that patch 5 will break the save format for xenstore records, and
>>> should not be applied.
>> 
>> Has this relevance for the format used by oxenstored?
> 
> I'm no expert on oxenstored, but I think it has always mapped the
> shared ring as foreign memory, and hence no changes are needed there.
> AFAICT it also stores the mfn on the save format, so I think this is
> all fine.
> 
> Should have mentioned it on the cover letter.
>  


There is a patch series from last year to make oxenstored use gnttab instead of 
map_foreign_range.
https://patchwork.kernel.org/project/xen-devel/cover/cover.1598548832.git.edvin.torok@xxxxxxxxxx/
This got lost/forgotten amid all the oxenstored XSA work.

Later on I discovered and fixed some bugs in it, and is part of this refreshed 
patch series (part of which got committed, part of which didn't):
https://patchwork.kernel.org/project/xen-devel/list/?series=480623
https://github.com/edwintorok/xen/pull/2

I think the current status is:
* there was an objection that the commit vendoring the external dependencies 
for the unit tests was too big, and should be replaced by just an opam and 
lockfile telling 'opam' or 'opam monorepo' where to download it from
* I've discovered some bugs while testing this code together with other code, 
and need to retest with just this code alone to check that the bug was not in 
this code


As for the save format, that is part of this patch series too, and we don't 
store the mfn anymore. Do we need to go back to storing the mfn?

What do I need to change here? The reason to move away from foreign memory was 
that we could avoid relying on xenctrl for that function (and thus having one 
less unstable interface to link to). If we need to conditionally use foreign 
memory mapping then we're back to using unstable interfaces, unless there is a 
stable interface equivalent to mapping foreign pages?
I see there is a libs/foreignmemory (it has no OCaml bindings though). If we 
wrote OCaml bindings would the API/ABI of libs/foreignmemory be stable?
In which case we should probably replace the commit introducing the use of 
gnttab with the one using foreignmemory and always use foreignmemory instead of 
gnttab libs.

What do you think?

Best regards,
--Edwin






 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.