|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v8 1/2] xsm: create idle domain privileged and demote after setup
On 5/31/22 11:16, Jan Beulich wrote: > On 31.05.2022 16:56, Daniel P. Smith wrote: >> There are new capabilities, dom0less and hyperlaunch, that introduce internal >> hypervisor logic, which needs to make resource allocation calls that are >> protected by XSM access checks. The need for these resource allocations are >> necessary for dom0less and hyperlaunch when they are constructing the initial >> domain(s). This creates an issue as a subset of the hypervisor code is >> executed under a system domain, the idle domain, that is represented by a >> per-CPU non-privileged struct domain. To enable these new capabilities to >> function correctly but in a controlled manner, this commit changes the idle >> system domain to be created as a privileged domain under the default policy >> and >> demoted before transitioning to running. A new XSM hook, >> xsm_set_system_active(), is introduced to allow each XSM policy type to >> demote >> the idle domain appropriately for that policy type. In the case of SILO, it >> inherits the default policy's hook for xsm_set_system_active(). >> >> For flask, a stub is added to ensure that flask policy system will function >> correctly with this patch until flask is extended with support for starting >> the >> idle domain privileged and properly demoting it on the call to >> xsm_set_system_active(). >> >> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> >> Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx> >> Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx> >> Acked-by: Julien Grall <jgrall@xxxxxxxxxx> # arm > > Hmm, here and on patch 2 you've lost Rahul's R-b and T-b, afaict. erg, you are right, my apologies. Would you like me to respin as v9 to get it in there, so it is not lost? v/r, dps
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |