From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Rzeszutek Wilk Subject: Re: [PATCH 2/2] xen/gnt{dev, alloc}: reserve event channels for notify Date: Tue, 25 Oct 2011 15:51:56 -0400 Message-ID: <20111025195156.GC13644@phenom.dumpdata.com> References: <1316207684-19860-1-git-send-email-dgdegra@tycho.nsa.gov> <1318971851-12809-1-git-send-email-dgdegra@tycho.nsa.gov> <1318971851-12809-3-git-send-email-dgdegra@tycho.nsa.gov> <20111024205708.GE2441@phenom.dumpdata.com> <4EA5E024.7040708@tycho.nsa.gov> <20111025190231.GD10062@phenom.dumpdata.com> <4EA710EB.3030809@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <4EA710EB.3030809@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Daniel De Graaf Cc: Ian.Jackson@eu.citrix.com, jeremy@goop.org, xen-devel@lists.xensource.com, keir@xen.org List-Id: xen-devel@lists.xenproject.org > That same SELinux category-based isolation mechanism is also a good solution for xen > qemu-dm processes, although moving qemu to a stubdom provides better isolation since > SELinux currently cannot talk to XSM to determine what domains a particular qemu-dm > process should be able to manipulate. > > Only allowing event channels allocated by userspace to be used in gnt* notify is > a good idea, since there's no reason for userspace to need to manipulate an event > channel set up by the kernel. > .. snip.. > > > > How would that work when the IRQ subsystem (so everything is setup in the kernel) > > gets an event? Would the refcount be for that -1.. oh. You would only set > > the refcnt when the _get/_put calls are made and not when in-kernel calls to setup > > IRQs are done? > > > > Right. The reference count would be a dual-purpose field indicating if the event > channel is kernel-internal (value -1) or userspace-visible (reference count > 0). > New event channels would start out at -1, and evtchn.c would change them to 1. The tricky bit is going to be with the xen_free_irq which might have to deal with kernel events and grantdev events... oh wait, the event_put is going to decrement it and then call xen_free_irq, so that will come out to be the right number. Looking forward to the patches! Thanks for doing this work.