Xen project Mailing List

Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn

To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 29 Mar 2022 08:43:18 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sIY9Sm79ptr3vLtTUrIZ4GAkIm+kxQtGOibXJqwaKgI=; b=G9SY0n7vcfn1NjvTsG/DdPStdD6H8pPOs4t27yWZ4SX500FrWs/wyoBCQHXtTRGAJrU/gTFRVNkaN5pFKF8zIcP3RCFMCn6/Cu57/M3ZbuGQFSR/xL8v03ptTQ5vhGW+HCNpckTjOVrpRaxP3+SqIcHJy9qO4FWMhbrB9rLpdrpognAOeDXCxs9Vc7UiMibzvIKPvGHMD/AtTRZVXw3tnocaNdqFjlpT/pglrG8iVrn+rlxFUTpR82G/7Zoe8G8yq+ePJnoo8o0jOSiDZAtK7fsZ0HBUl13lh8CLKjPGZO7tvnpFj6tlPobO73K9A2I8Yb3t8S2g9TqiHsGa2yMFiQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b2JLyxZiqKftamtiTrhG/iHxxxvGAOnqbnXnYoHaZUISRr40qT1Fg9CWs0Aipm+ZLRYaD8HFlxme1/IGAZM0SF+r9WVw675eB6u8IXzT8JW4cFBNMVRR70Qi+Vn/TNP7UUG/EBr1O57IRk8hIVkrVhGEJmEyWlG2vMeXxan2Hdd2xUccICQzXJd8tUNRIjY54oz5h3k5jbI2IbJ4WVgv88pTDVVFK1aBoQ5dvSVITGMtGQZA/6E/KcYTbgkrlcy/fMKRPnzu2cX5h6aj1vxtGRR5kKwBIVhNL8P+cwQSViLENtylRNs8UB0b2/Xsic25dLrbWsRFtu9TA5JHmpSOkw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: scott.davis@xxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 29 Mar 2022 06:43:34 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 28.03.2022 22:36, Daniel P. Smith wrote: > During domain construction under dom0less and hyperlaunch it is necessary to > allocate at least the event channel for xenstore and potentially the event > channel for the core console. When dom0less and hyperlaunch are doing their > construction logic they are executing under the idle domain context. The idle > domain is not a privileged domain, it is not the target domain, and as a > result > under the current default XSM policy is not allowed to allocate the event > channel. I appreciate the change is only needed there right now, but it feels inconsistent. _If_ it is to remain that way, at least a comment needs to be put in xsm_evtchn_unbound() making clear why this is a special case, and hence clarifying to people what the approximate conditions are to have such also put elsewhere. But imo it would be better to make the adjustment right in xsm_default_action(), without touching event_channel.c at all. Iirc altering xsm_default_action() was discussed before, but I don't recall particular reasons speaking against that approach. > This patch only addresses the event channel situation by adjust the default > XSM > policy for xsm_evtchn_unbound to explicitly allow system domains to be able to > make the allocation call. Indeed I'm having trouble seeing how your change would work for SILO mode, albeit Stefano having tested this would make me assume he did so in SILO mode, as that's the default on Arm iirc. Afaict silo_mode_dom_check() should return false in the described situation. Similarly I don't see how things would work transparently with a Flask policy in place. Regardless of you mentioning the restriction, I think this wants resolving before the patch can go in. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.