[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.16 v6] gnttab: allow setting max version per-domain



Roger Pau Monne writes ("[PATCH for-4.16 v6] gnttab: allow setting max version 
per-domain"):
> Introduce a new domain create field so that toolstack can specify the
> maximum grant table version usable by the domain. This is plumbed into
> xl and settable by the user as max_grant_version.
> 
> Previously this was only settable on a per host basis using the
> gnttab command line option.
> 
> Note the version is specified using 4 bits, which leaves room to
> specify up to grant table version 15. Given that we only have 2 grant
> table versions right now, and a new version is unlikely in the near
> future using 4 bits seems more than enough.
> 
> xenstored stubdomains are limited to grant table v1 because the
> current MiniOS code used to build them only has support for grants v1.
> There are existing limits set for xenstored stubdomains at creation
> time that already match the defaults in MiniOS.
> 
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> ---
> This needs to be applied on top of Andrew's:
> 
> xen: Report grant table v1/v2 capabilities to the toolstack
> https://lore.kernel.org/xen-devel/20211029173813.23002-1-andrew.cooper3@xxxxxxxxxx/

Tools:

Reviewed-by: Ian Jackson <iwj@xxxxxxxxxxxxxx>

> NB: the stubdom max grant version is cloned from the domain one. Not
> sure whether long term we might want to use different options for the
> stubdom and the domain. In any case the attack surface will always be
> max(stubdom, domain), so maybe it's just pointless to allow more fine
> grained settings.

^ I think maybe this should go into a comment or commit message or
something, not just a tail note ?

Ian.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.