[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 0/6] gnttab: add per-domain controls


  • To: Julien Grall <julien@xxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 22 Sep 2021 11:39:39 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=r8QtknsmFgI2Z4VWUMIkPMcE5YErKEETJsYi0arvGUg=; b=L6oq8zmw4XFnZg6xoIh75xLUqRWNYolnBHVNNxBK77W+jI1yElEau52qflKY1LpJd/3mmqxfc8uqwOYuO5zcgvgdKS/N2/clR8zhSN6RuSKrROEp3kFkBfvuznd2IkpxV2kJ1msxcmsP7PVIxQDkoy3yMXGwpYRFXio498AxSO2sHnxJdkI+A2snJCTa1aUO+73ji3Q1Qswno9uM3kasw82lFGz/P+cUecfcxbBE7ebG5IRwFqTEvc3VRglY6W24i/xs/SGlNS4OvHmKxyzcSCd4TqZP5IFdPI8dVX9AJ38RkpRW012UeCXz3rElNzGwkB+018+lF3Nog0enBu8Nwg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RP2W6kWAGwDLtfe5vJF91gcaRT7AKb5l1C8/7czTI7wl9NzLjItF9mUkhc1fTWxQ732tgXymhrrVlGrPojatXuwdPHDpvwKxH5Gb5f9baZViFJEfbvXFJmIKYx+feoPX/3lQ4C6asnBCEnx9TYZc78PFADk33l6INY2WBZUg8QH4t9Wo7DIKmpxnDGLZvzrTzOw5hD6CuAHq+cszW0BOoXohaqWojfp0M90/QTySzN7+jTlTlQn2GBicBOwzn1Ek2toVyEQiFnx+sNKcLVadVLKpgTr9LqDfQDCcdDru3mD3LCnKufNN1T/xz0p7NFjfV90ERMR+oAqDCTjCzxd1NQ==
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, "Wei Liu" <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Christian Lindig" <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Wed, 22 Sep 2021 09:39:53 +0000
  • Ironport-data: A9a23:loEdNK3q2uuTYofJwPbD5UN2kn2cJEfYwER7XKvMYLTBsI5bp2cFm mdJXWnUaf+CM2b8edhyPIqz8k0A68fQmNExSFA9pC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkS5PE3oHJ9RGQ74nRLlbHILOCan0ZqTNMEn970EoywbRh2OaEvPDia++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFMZH4rHomjLmOQf2VhNrXSq 9Avbl2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/TrS+NbPqsTbZIhhUlrZzqhsdtQ8 8hJksGKTQ4oJbLCg9gbTDNEKnQrVUFG0OevzXmXtMWSywvNcmf2wuUoB0YzVWEa0r8pWycUr 6VecW1TKEDY7w616OvTpu1EnMMsIdOtJIoCknph0SvYHbAtRpWrr6DiuIIBhGph3Jwm8fD2R swEKgpQaAz7YhR3JmgQBbwimdermSyqG9FfgA3M/vdmi4TJ9yRz36LqK8H9YcGRSINemUPwj nnd423zDxUeNdqe4TmI6HShgqnIhyyTcLwVELq05/t7mmq5z2YYCAAVfVajqPz/gUm7M/pTI lIZ0jAjpq8z8AqsVNaVdx+yrWOAvxUcc8FNCOB84waIooLE7gDcCmUaQzppbN09qNRwVTEsz kWOnd7iGXpoqrL9YXCA8raZqxuiNC5TKnUNDQcbSSMV7t+lp5s85jrOUdRLAKOzlsfyGzz73 3aNtidWulkIpZdVjePhpwmB2m/y4MiSJuIo2unJdkyuzzhkYKn4XYih6EPE4+18KpmzUmDU6 RDohPOiAPAy4YClzXLWGrxdQu3xvp5pIxWH3gU+RMBJGyCFvif5JNEOumkWyFJBb55cEQIFd nM/ru+4CHV7B3KscaY/SIa4Ec1CIUPIRIm9C6y8gjajZPFMmO67EMNGPhX4M4PFyhFEfUQD1 XCzK53EMJriIf47pAdavs9EuVPR+szb+V4/uLihl0j3uVZhWJJlYehcawbfBgzIxIiFvB/U4 75iCid+8D0GCLeWSnCOqeY7dAlWRVBmVcGeg5EGLYarf1s5cFzN/teMmNvNjaQ+xP8L/goJl 1ngMnJlJK3X3yyfdVrSNSA9N9sCn/9X9BoGAMDlBn7xs1ALaoez9qYPMZwxeLgs7ut4yvBoC fICfq297j5nEVwrIhwRMsvwqpJMbhOuiV7cNiapemFnLZVhWxbI6pnveQ62rHsCCS++tM0fp by811yEHcpfFlo6VMuGOuiyy16RvGQGnL4gVUX/PdQOKl7n95JnKnKtg6Zvcd0MMxjK2hCTy x2SXUUDveDIroJsqIvJiKmIop2HCex7GkYGTWDX4azvbXvR/3a5wJ8GW+GNJGiPWGTx8aSkR ONU0/Cjb6FXwAcU69JxSu85w7g/6t3jo65h4j5lRHibPU62Dr5AI2Wd2ZUdvKN62bIE6xC9X ViC+4cGNOzRat/lClMYOCEscv+HiaMPgjDX4Pk4fBf66Stw8ObVWEleJUDR2ilULb8zO4I52 +Yx/sUR7lXn2BYtN9+HiAFS9niNcSNcA/l26MlCDd+5kBcvx3FDfYfYW33/75y4YtlRNlUnf 22Pj63YirUAnkfPfhLfz5QWMTaxUXjWhC138Q==
  • Ironport-hdrordr: A9a23:WGP6AK81V2atH8K48Tluk+FFdb1zdoMgy1knxilNoENuHPBwxv rAoB1E73PJYVYqOE3Jmbi7Sc+9qFfnhONICOgqTM2ftWzd2VdAQ7sSiLcKrweQfxEWs9QtqZ uIEJIOeeEYb2IK9foSiTPQe71LrajlgcLY9ds2jU0dNj2CA5sQkTuRYTzra3GeKjM2YqbQQ/ Gnl7V6TnebCDkqR/X+IkNAc/nIptXNmp6jSRkaByQ/4A3LqT+z8rb1HzWRwx9bClp0sPgf2F mAtza8yrSosvm9xBOZ/2jP765OkN+k7tdYHsSDhuUcNz2poAe1Y4ZKXaGEoVkO0a2SwWdvtO OJjwYrPsx15X+UVmapoSH10w2l6zoq42+K8y7RvVLT5ejCAB4qActIgoxUNjHD7VA7gd162K VXm0qEqpt+F3r77WTAzumNcysvulu/oHIkn+JWpWdYS5EiZLhYqpFa1F9JEa0HADnx5OkcYa hT5fnnlbRrmG6hHjXkVjEF+q3pYp1zJGbJfqE6gL3X79AM90oJiHfxx6Qk7z49HdwGOt95D0 mtCNUdqFh0dL5lUUtKPpZ2fSKGMB2/ffvyChPmHb3GLtBNB5ufke+83F0KjNvaD6DgiqFCwa j8bA==
  • Ironport-sdr: gNbAAjBzSZGq6moPtCGhU/hv+LACriVyTNtOFM0ork1gE+3JFazuSbT2p/W2C3/g+PRLELUcqc pWBtZWx9u5hJcM4enKBFdiJRkjoaG6uU4s7zV9WnEhxqvRofOFd3X9fs+DPpQK+AhKN/Ni3aOX f0EyMwKqDf2OBW9jSD1fNmJHfGFmZHe1KjWEaDp9unXrF4JHfMbIL8OOwnn3ysGvizo9U6WHCx 2MUTijz59gB6t/jvX4Ud6R4FjHcHks+y1C28uIGN00rQFOWcVMHByqOSq4cmV3/9v0MOGV145Q 35G1ovQixXNrx2cgUYnnbzDu
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Sep 22, 2021 at 01:57:02PM +0500, Julien Grall wrote:
> 
> 
> On 22/09/2021 13:21, Roger Pau Monne wrote:
> > Hello,
> 
> Hi Roger,
> 
> > First patch on the series is a trivial change to xenconsoled in order to
> > use xenforeignmemory stable library in order to map the shared console
> > ring instead of the unstable libxc interface. It's reviewed and ready to
> > go in.
> > 
> > Patches 2 and 3 allow setting the host wide command line `gnttab` option
> > on a per domain basis. That means selecting the max allowed grant table
> > version and whether transitive grants are allowed.
> > 
> > The last 3 patches attempt to implement support for creating guests
> > without a grant table. This requires some changes to xenstored in order
> > to partially support guests without a valid ring interface, as the lack
> > of grant table will prevent C xenstored from mapping the shared ring.
> > Note this is not an issue for Ocaml xenstored, as it still uses the
> > foreign memory interface to map the shared ring, and thus won't notice
> > the lack of grant table support on the domain.
> 
> I find a bit odd that the Xenstore support is conditional to whether grant
> table is available. Are you expecting domains with no grant table to have no
> PV drivers (including PV shutdown)?

I don't really expect much, as having guests without grant table is a
developer option right now, if someone wants to make use of them for
any reason it would need some thought.

The other option would be my first proposal to restore foreign mapping
of the xenstore ring on that case:

https://lore.kernel.org/xen-devel/20210917154625.89315-6-roger.pau@xxxxxxxxxx/

But it's also arguable that a guest not having a grant table should
also likely prevent foreign mapping attempts. Plus such foreign
mapping won't work from stubdomains.

I'm fine with dropping those patches if they turn out to be too
controversial, I think it's an interesting option to be able to
disable the grant table, but I don't have a full picture of how that
could be used in practice. Maybe others have and would be willing to
pick this up.

The xenstored patch is mostly so that I can boot guests without a
grant table using xl and test it's disabled using XTF.

Regards, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.