[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 04/17] xen: Introduce XEN_DOMCTL_CDF_not_hypercall_target
- To: Julien Grall <julien@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Jason Andryuk <jason.andryuk@xxxxxxx>
- Date: Wed, 23 Jul 2025 16:44:53 -0400
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=xen.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=potqh3QIguw+LifqcfVwTsspYVABpGY3NDoB13jNelY=; b=TK1bpoogIO2GHNNmpI/PAYMRRoPVFJrtRqu4uEiBhCOo8c9uVrjjrsdHY3KlS/qv1LEDS6WIU92QOYlevwwa56dLjo7AOdkHm/3Hvg1KDoP4FDkQAMRTzkQqJeHKn+rvkDN42DCM1v4wkW3fwnYnIUQ9Dlpfrms4gVaBH9AP8DKr6fnMklU7phINGU+iQqbblDlFo+B61CaIjedRbnHTXI6yqKkpfyDNFNNZJgMjEEI0QF4C9J2kKXwDpuMGmaHGf0WBmU6uINRjdL2zfJd50tZf3QPKxC86XznOaqbWi6PtefrL7jUsmBW0xpIPeusHTgg1xRKY+o18nao4bjNx7g==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=r6M8bKnAFKA8j+h4Ko7Mn2B2b/VhINFxeRXocogkU22949PqFGXQhUY0zURO0IRqHLDJXjrTbXeA0CfdNd+JlhiUE/11beZiGSHYr33hzz+qcr558/2ZcISvCvvo5FsT94bslTObBrJ4m6K7xGCkJufMvPehsolgbgCNWcIeMxyrDRtMDVChLwf+BV3t0RMLqjpCHRYpYDzBVMPhcDiCcY1h4+qPT/bOsQD1X8p+JFswiib8weKyI4z8+UBMKsoTV2984nnXgjvoMyJs62iW4+NdpYPF+6EOJUIwK07EOuo1J9lMUaPCkJIiJTg/N3gmEN1PkNlDXtkSMBFME0SRHw==
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Volodymyr Babchuk" <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, "David Scott" <dave@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 23 Jul 2025 20:45:18 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-07-23 05:29, Julien Grall wrote:
Hi Jason,
On 21/07/2025 23:00, Jason Andryuk wrote:
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 88a294c5be..f1f6f96bc2 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -70,9 +70,11 @@ struct xen_domctl_createdomain {
#define XEN_DOMCTL_CDF_trap_unmapped_accesses (1U << 8)
/* Allow domain to provide device model for multiple other domains */
#define XEN_DOMCTL_CDF_device_model (1U << 9)
+/* Domain cannot be the target of hypercalls */
+#define XEN_DOMCTL_CDF_not_hypercall_target (1U << 10)
/* Max XEN_DOMCTL_CDF_* constant. Used for ABI checking. */
-#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_device_model
+#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_not_hypercall_target
I am not sure where to comment. But aren't both flags mutually
exclusive?
No, XEN_DOMCTL_CDF_device_model is *this* domain providing the device
model to other domains:
+ * Device model capability allows the use of the dm_op hypercalls to
provide
+ * the device model emulation (run QEMU) for other domains. This is a
+ * subset of the Control capability which can be granted to the
+ * Hardware domain for running QEMU.
Whereas XEN_DOMCTL_CDF_not_hypercall_target removes targeting on
*this* domain. So the domain with XEN_DOMCTL_CDF_device_model cannot
target the XEN_DOMCTL_CDF_not_hypercall_target domain.
Thanks for the clarification. I misunderstood the goal of
XEN_DOMCTL_CDF_device_model. That said, I think there is still a problem
because with CDF_not_hypercall_target, you would not be able to have a
device-emulator for that domain. Is this intended?
Yes, it is intentional that CDF_not_hypercall_target prevents using a
device model. With out safety use-case, we want to be able to avoid
interference for specific domains.
Regards,
Jason
|
