[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/2] xsm: create idle domain privileged and demote after setup

To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
From: Jason Andryuk <jandryuk@xxxxxxxxx>
Date: Fri, 22 Apr 2022 12:57:30 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Scott Davis <scott.davis@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Fri, 22 Apr 2022 16:57:48 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Apr 22, 2022 at 12:35 PM Daniel P. Smith
<dpsmith@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> There are now instances where internal hypervisor logic needs to make resource
> allocation calls that are protected by XSM checks. The internal hypervisor 
> logic
> is represented a number of system domains which by designed are represented by
> non-privileged struct domain instances. To enable these logic blocks to
> function correctly but in a controlled manner, this commit changes the idle
> domain to be created as a privileged domain under the default policy, which is
> inherited by the SILO policy, and demoted before transitioning to running. A
> new XSM hook, xsm_set_system_active, is introduced to allow each XSM policy
> type to demote the idle domain appropriately for that policy type.
>
> For flask a stub is added to ensure that flask policy system will function
> correctly with this patch until flask is extended with support for starting 
> the
> idle domain privileged and properly demoting it on the call to
> xsm_set_system_active.
>
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>

References:
- [PATCH v3 0/2] Adds starting the idle domain privileged
  - From: Daniel P. Smith
- [PATCH v3 1/2] xsm: create idle domain privileged and demote after setup
  - From: Daniel P. Smith

Prev by Date: [ovmf test] 169626: regressions - FAIL
Next by Date: Re: [PATCH v3 2/2] flask: implement xsm_set_system_active
Previous by thread: [PATCH v3 1/2] xsm: create idle domain privileged and demote after setup
Next by thread: Re: [PATCH v3 1/2] xsm: create idle domain privileged and demote after setup
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.