[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Daniel De Graaf" <dgdegra@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 16 Apr 2014 10:08:07 +0100
Cc: Keir Fraser <keir@xxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
Delivery-date: Wed, 16 Apr 2014 09:08:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 16.04.14 at 01:37, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 15/04/2014 23:07, Daniel De Graaf wrote:
>> On 04/15/2014 10:45 AM, Andrew Cooper wrote:
>>> On 14/04/14 22:23, Daniel De Graaf wrote:
>>>> diff --git a/xen/common/domain.c b/xen/common/domain.c
>>>> index 3c05711..11c905a 100644
>>>> --- a/xen/common/domain.c
>>>> +++ b/xen/common/domain.c
>>>> @@ -61,6 +61,11 @@ struct domain *domain_list;
>>>>
>>>>   struct domain *hardware_domain __read_mostly;
>>>>
>>>> +#ifdef CONFIG_LATE_HWDOM
>>>> +domid_t hardware_domid __read_mostly;
>>>> +integer_param("hardware_dom", hardware_domid);
>>>> +#endif
>>>> +
>>>
>>> Is it worth putting a custom_param() in here which clamps hardware_domid
>>> below FIRST_RESERVED_DOMID, or allow anyone specifying
>>> hardware_dom=0xffff to keep all the broken pieces they find?  Aliasing
>>> the magic domids is sure to break things.
>>>
>>> ~Andrew
>>
>> I'm currently of the opinion that a custom_param is overkill to prevent
>> users from deliberately doing bad things, but could easily write one if
>> others think that it would be helpful.
>>
> 
> I suppose the answer depends on how subtle the breakage will be if the
> user gets it accidentally wrong.  Given that slightly over half the
> domid space is reserved and domid_t signed value, I can forsee subtle
> bugs if a domid_t ever used as an array index, as well as very unsubtle
> breakage if the user aliases one of the magic domids.
> 
> On the balance, a custom_param() is probably worthwhile for peace of mind.

Why can't we just BUG_ON() or panic() the first time domain_create()
gets to see the out of range domain ID?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH 1/2] implement is_hardware_domain using hardware_domain global
  - From: Daniel De Graaf
- [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] MPIDR register usage in ARMv8
Next by Date: Re: [Xen-devel] [PATCH v1 3/6] x86: Enable Supervisor Mode Execution Prevention (SMAP) for Xen
Previous by thread: Re: [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0
Next by thread: Re: [Xen-devel] [PATCH v4 2/2] allow hardware domain != dom0
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.