[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 00/23] ARM split hardware and control domains
This series implements separation of dom0 into separate hardware and control domains. It uses the capabilities idea from Hyperlaunch - hardware, control, and xenstore. It's been tested with dom0 as hardware & xenstore, dom1 as control, and dom2 as a domU. Running hardware and xenstore together eases the implementation. Xenstore permissions were tested with a hyperlaunched xenstore stubdom. C xenstored is needed to use grant mapping instead of foreign mapping - this is especially needed for hwdom to provide the xenstore to control. Xen seeds the xenstore grant entries since init-dom0less in hardware domain does not have permission to map the grant table. There is a dependency on an ImageBuilder update to generate the capability device tree nodes. An update for the automation is in the last commit - not to be commited. The early patches re-work dom0less code to allow construction of hwdom. There are some changes to expose the capabilities to the toolstack. xenstored is changed to track dom0_domid (hwdom) and priv_domid. This works for only a single one of each. Then there are a bunch of changes to the XSM dummy policy. The sysctls are the most problematic. With a coarse grain policy, they are allowed for both hwdom and control. Flask can be used for fine grain control. Finally, an automation test is added. Daniel P. Smith (1): xen: introduce hardware domain create flag Jason Andryuk (22): xen/arm: Factor out construct_hwdom() xen/arm: dom0less hwdom construction xen/arm: dom0less use domid 0 for hwdom xen/arm: Add capabilities to dom0less xen/domctl: Expose privileged and hardware capabilities tools/libxl: Expose hardware and privileged flags xen/arm: dom0less seed xenstore grant table entry tools/init-dom0less: Only seed legacy xenstore grants xen/arm: dom0less delay xenstore initialization tools/xenstored: Automatically set dom0_domid and priv_domid tools/xl: Print domain capabilities with verbose xsm/dummy: Allow XS_PRIV XEN_SYSCTL_getdomaininfolist xsm/dummy: Allow XS_PRIV to call get_hvm_param xen/xsm: Add XSM_HW_PRIV xsm/dummy: Allow hwdom xen_version xsm/dummy: Allow hwdom more - except targeting control xsm/dummy: Allow hwdom SYSCTL_readconsole/physinfo xsm/dummy: Allow sysctls to both hardware and control xsm/silo: Support hwdom/control domains automation/dom0less-arm64: Use double quotes automation: Add arm64 hardware/control split test DO NOT COMMIT: automation: updated imagebuilder automation/gitlab-ci/test.yaml | 8 + .../scripts/qemu-smoke-dom0less-arm64.sh | 87 ++++++++-- docs/man/xl.1.pod.in | 3 +- docs/misc/arm/device-tree/booting.txt | 11 ++ tools/helpers/init-dom0less.c | 10 +- tools/include/libxl.h | 16 ++ tools/libs/light/libxl_domain.c | 2 + tools/libs/light/libxl_types.idl | 2 + tools/xenstored/domain.c | 16 ++ tools/xl/xl_info.c | 24 ++- xen/arch/arm/dom0less-build.c | 164 +++++++++++++----- xen/arch/arm/domain.c | 3 +- xen/arch/arm/domain_build.c | 35 ++-- xen/arch/arm/hvm.c | 2 +- xen/arch/arm/include/asm/dom0less-build.h | 2 + xen/arch/arm/include/asm/domain_build.h | 2 + xen/arch/arm/platform_hypercall.c | 2 +- xen/arch/x86/hvm/hvm.c | 8 +- xen/arch/x86/msi.c | 2 +- xen/arch/x86/physdev.c | 12 +- xen/arch/x86/platform_hypercall.c | 2 +- xen/arch/x86/setup.c | 3 +- xen/common/domain.c | 2 +- xen/common/domctl.c | 2 + xen/common/grant_table.c | 10 ++ xen/common/sysctl.c | 2 +- xen/drivers/passthrough/pci.c | 5 +- xen/drivers/pci/physdev.c | 2 +- xen/include/public/bootfdt.h | 27 +++ xen/include/public/domctl.h | 6 + xen/include/xen/domain.h | 2 + xen/include/xen/grant_table.h | 8 + xen/include/xsm/dummy.h | 55 ++++-- xen/include/xsm/xsm.h | 1 + xen/xsm/silo.c | 9 +- 35 files changed, 431 insertions(+), 116 deletions(-) create mode 100644 xen/include/public/bootfdt.h -- 2.48.1
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |