From: Jeremy Fitzhardinge <jeremy@goop.org>
To: Bastian Blank <waldi@debian.org>,
Keir Fraser <keir.fraser@eu.citrix.com>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: xenfs aka /proc/xen
Date: Sat, 05 Jun 2010 17:48:21 -0700 [thread overview]
Message-ID: <4C0AF055.1020700@goop.org> (raw)
In-Reply-To: <20100605162947.GA31336@wavehammer.waldi.eu.org>
On 06/05/2010 09:29 AM, Bastian Blank wrote:
> On Fri, May 28, 2010 at 06:40:02AM +0100, Keir Fraser wrote:
>
>> On 27/05/2010 23:54, "Bastian Blank" <waldi@debian.org> wrote:
>>
>>> One of the entries (capabilities) provides information about the
>>> proviledge level to the hypervisor and belongs more likely into
>>> /sys/hypervisor. The four other are plain old devices and belongs into
>>> /dev.
>>>
> Okay. I thought about it and would settle for the following:
> * $SYSFS/hypervisor/properties/guest_capabilites
> It includes the same value then $XENFS/capabilities. Or should that be
> changed as the meaning of "control_d" is not really clear (like
> "control-domain")?
>
The general rule for sysfs is one value per file. It would probably be
more consistent to have a (guest_)capabilities directory, with a file
per capability (containing 1/0, or some other value if appropriate).
> * $DEV/xen/xenbus
> Merge into builtin xenbus support or own module xenbus-user
>
Would you expect to change the actual ABI/protocol?
> * $DEV/xen/privcmd
> - Module xen-control or so
> - *Needs to check for CAP_ADMIN*
> * $DEV/xen/xenstored
> - Module xen-control or so
> - Merges xsd_kva and xsd_port
> - Supports:
> - mmap, only support pagesized maps
> - ioctl: get event channel port, get size (page size may be different)
>
Yes, the interface of exposing the xenstore mfn to userspace has always
seemed a bit mad. The kernel driver should do the mapping for
usermode. Does it also need to expose the xs event channel? Or can the
kernel just handle it internally and expose a normal blocking interface.
In fact, does it needs its own separate driver? This is just
symmetrical with /{proc,dev}/xen/xenbus. Can that driver be made to
handle both ends? Or at least a driver which looks symmetric to the
guest-side xenbus?
> - Security constraints needs check. What can a user with access to
> this device do?
>
Policy should be enforced by xenstored itself. Guests are not
trustworthy in general, so there's no point in enforcing anything within
the guest kernel.
> * Core kernel may trigger loading of xen-control module by some means
> (to be defined).
>
All a bit awkward, since there's no obvious trigger to hang the load
event off. Maybe key them off Xen or xenbus bringup as some kind of
adjunct pseudo device?
J
next prev parent reply other threads:[~2010-06-06 0:48 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-27 22:54 xenfs aka /proc/xen Bastian Blank
2010-05-28 5:40 ` Keir Fraser
2010-06-05 16:29 ` Bastian Blank
2010-06-06 0:48 ` Jeremy Fitzhardinge [this message]
2010-06-06 11:21 ` Bastian Blank
2010-06-08 17:44 ` Jeremy Fitzhardinge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C0AF055.1020700@goop.org \
--to=jeremy@goop.org \
--cc=keir.fraser@eu.citrix.com \
--cc=waldi@debian.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.