[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 1/1] xsm: allows system domains to allocate evtchn
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Tue, 29 Mar 2022 09:29:57 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P7LaVwEUO9o/mUITr9NXl39pFPd/fZg8cHV9j957Ytw=; b=SMXsL2K5XdKyPiZ62hUEsbkUorAmyBrPP3l5mJUvx9H2aP2swgLy7toQNk9V0Ho6TEZc8xx6bxjeTUo7Mp0+gXiWSpGkD6P2GgTLaEl7ZRiOkQ5q5MCj3KyaW900M2pr8Fk1Y5FO5FlGUUL4fAZ6MiFjsQNblD9Eq90rmO3z0mqXAyXl8sUF+BZhx3DGlbjsCh4l4YszgpqiGtCJIhOinsdh5YQmrnBtQERiMxTGkvjM69LqZzKxKXF0YkPMuOF9Yl2rq2v8wOm0d8cLGhyDHGrtewgIPK+JJsGeYBDN2tYLLc3Ef8C5gCNpMjfyKDAnTHvmdALhh5FYV5lwafPo1w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ul9CzycNzfhy6Vvne+NJ5iL1LHC4JBq1XaDqpZ8SlKZDKqlOrskkM6QuXj6ibndOxvWG8z79uA1xGEtdKEDSen2y+A3b+AY7WtjxMnC8inf8iOwNCPTNRCUR941T1cXa/A3CqXe1UF182GMCnlIrXNgyPm/SGU4vL7V378ROS9bJemG/gad004pejSqTOeDC3vJpUkpuiy/rC1Iv39TcBI9wVtB0P6QlZCHHse7LmZhxYNnrv9dGUlwX2Xqc5/j5AjmU4c0hZzaN+6HOCiihCJZuGn4GLz+kn2hoQ4+pPIDMdJxBpRNuy8MpP9t3Ox8R/00p7eUo8JAUh9udqxXKpA==
- Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <scott.davis@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Delivery-date: Tue, 29 Mar 2022 07:30:58 +0000
- Ironport-data: A9a23:gOUO8KJndvvhUUjSFE+RUpUlxSXFcZb7ZxGr2PjKsXjdYENS0TwBn GdNWDzXbvqJMWenKowla9yyoxgA78DTm4cyGwNlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vrav67xZVF/fngqoDUUYYoAQgsA148IMsdoUg7wbRh2dQ52YHR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 IUdv7CcYAU4B6fVvc8NYSUEF2ZzLKITrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBNPsM44F/Glp0BnSDOo8QICFSKLPjTNd9Glv2pgTQaiGD yYfQSdNQizmPExEA3cWN6IlhMG62CPOeQQN/Tp5ooJoujOOnWSdyoPFK8HJc9aHQcFUmEewp W/c+Wn9RBYAO7S3yyeB83+qrv/Cm2X8Qo16PLG3+vNlmlS72n0YCBpQU0Cy5/a+lCaWRNZ3O 0ESvC00osAa5EGtC9XwQRC8iHqFpQIHHcpdFfUg7wOAwbaS5ByWbkAIViVEacAmnMYuSCY2y 0SSmNf0GT1otqbTQnWYnp+Wpz6vPSkeLUcZeDQJCwAC5rHLu4o0kg6JQt99EbWdlcH8AzX5y XaLq0ADa6471JBRkf/hpBae3mzq9sOhohMJChv/DjKvwi9QZp+cbZWNwkjp0apEa4uIQQzU1 JQboPS24OcLBJCLsSWCRuQRAb2kj8q43C3gbU1HRMd4qWn0k5K3VcUJuWwleh81WioRUWWxC HI/rz+983O60JGCSaZsK7y8BM0xpUQLPYS0D6uEBjaij3UYSeNmwM2MTRPLt4wOuBJ1+U3aB Xt9WZz2ZZr9If47pAdav89HjdcWKtkWnAs/v6zTwRW9yqa5b3WIU7oDO1bmRrlnsPPY+FqPq YgEaZviJ/BjvAvWOHO/HWk7dw1iEJTGLcqu95w/mhCrfGKK513N+9eOmOh8KuSJboxel/vS/ 2HVZ6Or4AGXuJEzEi3TMioLQOq2Bf5X9CtnVQRxbQfA8yVyOu6HsfZAH6bbiJF6rYSPO9YvF KJbEyhBa9wSIgn6F8M1MMCl9dc4JU3x7e9MVgL8CAUCk1dbb1Wh0vfvfxf19TlICSyytMAkp Kan2B+dSp0GLzmOxu6MAB5z5ztdZUQgpd8=
- Ironport-hdrordr: A9a23:iObBtqE5FOHLHaFKpLqFBJHXdLJyesId70hD6qkvc3Nom52j+/ xGws536faVslcssHFJo6HmBEClewKnyXcV2/hrAV7GZmfbUQSTXeNfBOfZsljd8mjFh5NgPM RbAtZD4b/LfCFHZK/BiWHSebZQo+VvsprY/ds2p00dMj2CAJsQiTuRZDzrdnGfE2J9dOYE/d enl4N6jgvlXU5SQtWwB3EDUeSGj9rXlKj+aRpDIxI88gGBgR6h9ba/SnGjr1wjegIK5Y1n3X nOkgT/6Knmm/anyiXE32uWy5hNgtPuxvZKGcTJoMkILTfHjBquee1aKvW/lQFwhNvqxEchkd HKrRtlF8Nv60nJdmXwmhfp0xmI6kdb11bSjXujxVfzq83wQzw3T+Bbg5hCTxff4008+Plhza NixQuixtZqJCKFuB64y8nDVhlsmEbxi2Eli/Qvg3tWVpZbQKNNrLYY4FheHP47bW/HAbgcYa dT5fznlbdrmQvwVQGYgoAv+q3nYp0LJGbIfqBY0fblkAS/nxhCvj4lLYIk7zU9HakGOul5Dt T/Q9VVfY51P7wrhIJGdZA8qJiMexrwqSylChPhHb2gLtBDB07w
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon, Mar 28, 2022 at 04:36:22PM -0400, Daniel P. Smith wrote:
> During domain construction under dom0less and hyperlaunch it is necessary to
> allocate at least the event channel for xenstore and potentially the event
> channel for the core console. When dom0less and hyperlaunch are doing their
> construction logic they are executing under the idle domain context. The idle
> domain is not a privileged domain, it is not the target domain, and as a
> result
> under the current default XSM policy is not allowed to allocate the event
> channel.
I've not been following the discussion around this patch, but I would
assume such privileges are only required for init code when no other
domains are running?
Since it's only at that point where the idle domain context needs to
allocate event channels would it make sense to temporary elevate it's
privileges by setting d->is_privileged while doing the domain creation?
That way we wouldn't need to grant those permissions for the lifetime
of the host when they are only needed for initialization code.
Another option would be switching to the initial vCPU of the domain
being created, but that's likely to be more complex, or even create a
short lived system domain with is_privileged set just for the purpose
of building other domains.
Overall I'm not sure it's worth giving those extra privileges to the
idle domain when they are just need for a known and bounded period of
time.
Thanks, Roger.
|
