[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH] xen/kconfig: allow LATE_HWDOM config for ARM

  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Sergiy Kibrik <Sergiy_Kibrik@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Michal Orzel <michal.orzel@xxxxxxx>
  • Date: Thu, 19 Dec 2024 09:18:54 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=apertussolutions.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mb0Jwr8ZAr5STYERUAS8FBU5YnufPumQ0+feLCaQuAs=; b=JLXuRCX9lmeNCAbSPE10vtNnSyOqd1bQBaVa7IZSRDYwYAJaTn2sv97iQ7zcNubCH2pssWcB7lGSUN5l2TIShNbCGWjJS3j8AljbGOJiyj44QNXzRqfqfVS131lJ02n1qdByjRAiNmD0iPYH6oogULz9EmS5J1JuONGhMtRpP71gfZXqVy06ujYkgnf83e5Q1N3u6koqPATTycUasg2AY40NYYQ2XbFLTmKNnIyGJ6k7E3dy+QxXGf+a0OzEzcQWsHm0mnnCJJgwMTh+QwBkcjIHkialYmXjJTq7uS2xxrDMe/ODxcNE4/3tnTtkwdq3NXmZT8KAOrM5gxohVPnm6w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Q7FwgRc4HOLWIaSCg26SK8NxgUVYjVipevLfVSgsrpIOT1brh3pV5DW+q09WvjOZjXXGwSiHpKPQseipktmlUcKy8ed5cQX6umoTqGjcasx8CYX3lE2TAhV2Y5Ua48F9M2MVNh5foPVPGgk5R6dE+fsUdbIGp35u2sEVuGvS1JjQEfainZLg7NxD2qu+mEurqhrv7vb4lkK2OBq7FVaNuaHZzCerhXd5+zqG2gmQODhXiUD20mfYw1J2IZeirldWof3LXtiaKH6IZCbuSrV1qC7Vq9zz2WDr7g9ZIU4TTNY25h3eVCaAPO8Ktjg6HS45ceB4ZKfggo4ZUC+ch2kFcg==
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Thu, 19 Dec 2024 08:19:12 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 18/12/2024 17:26, Daniel P. Smith wrote:
> 
> 
> Hey Michal,
> 
> On 12/18/24 06:04, Michal Orzel wrote:
>> Hi Daniel,
>>
>> On 18/12/2024 02:17, Daniel P. Smith wrote:
>>>
>>>
>>>> On 17/12/2024 11:47, Sergiy Kibrik wrote:
>>>>> Allow to build ARM configuration with support for initializing
>>>>> hardware domain.
>>>>> On ARM it is only possible to start hardware domain in multiboot mode, so
>>>>> dom0less support is required. This is reflected by dependency on
>>>>> DOM0LESS_BOOT
>>>>> instead of directly depending on ARM config option.
>>>
>>>
>>> Just to make sure my assumption is correct, you are looking to do a
>>> multi-domain construction at boot time, with at least two domains. One
>>> of those two domains is the "control domain" and one is the "hardware
>>> domain", aka late hwdom except it's not constructed "late".
>>>
>>> If you want such a configuration, I would highly recommend you first
>>> enable setting flask labels via dom0less (assuming it is not there)
>> Speaking about dom0less and FLASK. A year ago, I did sent you (privately, 
>> through
>> AMD hyperlaunch collab) my attempt to add minimal steps to enable setting 
>> FLASK policy
>> for dom0less domUs. You then told me that you have a slightly different 
>> vision on how it
>> should be done. Any update with that regard? TBH I though that you're going 
>> to add this
>> support together with other hyperlaunch patches.
> 
> As I mentioned back in my March response, the concern I have with the
> patch you provided was with the layering violation. A security label is
> a flask-centric concept, at least currently, and thus not a concept you
> want to expose in the general XSM api. The correct way to get an XSM
> module's specific info, or translation, is to use the xsm_do_xsm_op(). I
> do feel that xsm_do_xsm_op() has a laying violation in its
> implementation, and is what I want to fix, it is still the correct
> interface. Priorities in meeting the core requirements AMD needs from
> hyperlaunch resulted in several abilities to fall to the wayside for the
> time being. I understand things need to move along, so I would prefer
> the use of existing interface that can be just updated when
> xsm_do_xsm_op() does get fixed up.
xsm_do_xsm_op() is made as an interface between a guest and Xen and is expected 
to be
called from within a guest, just like any other hypercall. In dom0less case, 
it's Xen who
needs to convert seclabel specified by the user to SID. How do you expect Xen 
to use
xsm_do_xsm_op()?

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.