[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM

To: "Xin Li" <talons.lee@xxxxxxxxx>, "Daniel de Graaf" <dgdegra@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 03 Jul 2018 01:33:54 -0600
Cc: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, xen-devel@xxxxxxxxxxxxx, Xin Li <xin.li@xxxxxxxxxx>, Ming Lu <ming.lu@xxxxxxxxxx>
Delivery-date: Tue, 03 Jul 2018 07:34:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 03.07.18 at 03:26, <talons.lee@xxxxxxxxx> wrote:
> v2
> To further discuss:
> 1) is the new Kconfig option XSM_SILO necessary?
> we can handle SILO similar as DUMMY, using exsting CONFIG_XSM.
> 
> 2) explain "unmediated communication channel"

I'm confused: As said in the reply to patch 1, this section is generally
expected to contain information on what has changed from the prior
version. I take it the above item instead related to the "To further
discuss" sub-heading.

> 3) is it OK to use the indirect call dummy_xsm_ops.evtchn_unbound?

I'm not convinced it was worthwhile to send v2 with all of these still
open.

> +/*
> + * Check if inter-domain communication is allowed.
> + * Return true when pass check.
> + */
> +static bool silo_mode_dom_check(struct domain *ldom, struct domain *rdom)
> +{
> +    struct domain *cur_dom = current->domain;

const (three times altogether)

> +    return (is_control_domain(cur_dom) || is_control_domain(ldom) ||
> +            is_control_domain(rdom) || ldom == rdom);
> +}
> +
> +static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn,
> +                               domid_t id2)
> +{
> +    int rc = -EPERM;
> +    struct domain *d2 = rcu_lock_domain_by_id(id2);
> +    if ( d2 != NULL && silo_mode_dom_check(d1, d2) )

Blank line please between declaration(s) and statement(s). And
const on the local variable declaration again.

Also, is DOMID_SELF really not allowed here for id2? I don't think
so, looking at e.g. evtchn_alloc_unbound().

> +static int silo_grant_copy(struct domain *d1, struct domain *d2)
> +{
> +    if ( silo_mode_dom_check(d1, d2) )
> +        return dummy_xsm_ops.grant_copy(d1, d2);
> +    return -EPERM;
> +}

I know transitive grants are a bad child, but they shouldn't be left out
altogether in deciding what SILO mode is going to mean. In fact it looks
to me as if there was no XSM check at all for the second half of a
transitive grant copy's domain handling (the recursive
acquire_grant_for_copy() call), which would mean that the fencing
SILO mode looks to mean to establish wouldn't be complete. Daniel?

Speaking of completeness: What about TMEM? Isn't one of the two
pool types also meant to allow page sharing between domains?

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM
  - From: Xin Li (Talons)

References:
- [Xen-devel] [PATCH 1/2] xen/xsm: Introduce new boot parameter xsm
  - From: Xin Li
- [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM
  - From: Xin Li

Prev by Date: Re: [Xen-devel] [PATCH RFC] tools/libxl: Switch Arm guest type to PVH
Next by Date: Re: [Xen-devel] [PATCH v2 5/7] xen: Don't build libelf for Arm
Previous by thread: [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM
Next by thread: Re: [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.