From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>,
Ian Campbell <ian.campbell@citrix.com>, Tim Deegan <tim@xen.org>,
xen-devel@lists.xen.org,
Stefano Stabellini <stefano.stabellini@citrix.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Xiantao Zhang <xiantao.zhang@intel.com>
Subject: Re: [PATCH 1/6] xen: use domid check in is_hardware_domain
Date: Wed, 05 Mar 2014 16:23:17 -0500 [thread overview]
Message-ID: <531795C5.10805@tycho.nsa.gov> (raw)
In-Reply-To: <531754A802000078001213CE@nat28.tlf.novell.com>
On 03/05/2014 10:45 AM, Jan Beulich wrote:
>>>> On 05.03.14 at 16:25, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>> On 03/05/2014 04:23 AM, Jan Beulich wrote:
>>>>>> On 04.03.14 at 23:51, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>>>> --- a/xen/arch/x86/domain.c
>>>> +++ b/xen/arch/x86/domain.c
>>>> @@ -1505,7 +1505,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next)
>>>> }
>>>>
>>>> set_cpuid_faulting(is_pv_vcpu(next) &&
>>>> - (next->domain->domain_id != 0));
>>>> + !is_control_domain(next->domain));
>>>
>>> I can't see why the hardware domain (which can't be migrated)
>>> should be prevented from seeing the real CPUID values. It's
>>> less obvious whether a control domain should always see real
>>> values. Hence if you think the latter should be the case (as the
>>> change above shows), I think you should check for both cases
>>> here.
>>
>> Agreed, the hardware domain also needs to be checked for here. The
>> reason the control domain is present is that it needs to see real
>> CPUID values in order to set CPUID policy for guests based on the
>> real hardware values.
>
> So don't envision a staged system where the root domain hides
> some features from creation-capable ones, and those may hide
> further features from their descendants? Up to where even the
> controlling domains might become migratable?
Perhaps is_control_domain should be renamed to is_root_control_domain;
it is not necessary for every control domain to have is_control_domain
return true. In fact, the domain builder I posted does not set the
is_privileged field on any guest it creates, and so once it shuts down,
there are no domains that the hypervisor considers control domains. The
XSM policy governs which domains are permitted to create, pause, and do
all the usual "control" operations.
A quick grep actually seems to point out that is_control_domain could
easily be removed, as the only references that remain are these CPUID
fields. This would end up simplifying the disaggregation model a bit.
>> Using is_hardware_domain here avoids that problem (as the hardware domain
>> may never shut down or be destroyed), so that may be the simplest
>> solution until a better model of who is responsible for profiling is
>> presented.
>
> Then please do so, with a short note to that effect in either the
> description or a code comment.
>
> Jan
Right, this change and a comment will be in the v2 when I post it.
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2014-03-05 21:23 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-04 22:51 [PATCH 0/6] xen: Hardware domain support Daniel De Graaf
2014-03-04 22:51 ` [PATCH 1/6] xen: use domid check in is_hardware_domain Daniel De Graaf
2014-03-05 3:44 ` Julien Grall
2014-03-05 9:23 ` Jan Beulich
2014-03-05 15:25 ` Daniel De Graaf
2014-03-05 15:45 ` Jan Beulich
2014-03-05 21:23 ` Daniel De Graaf [this message]
2014-03-11 13:10 ` Ian Campbell
2014-03-04 22:51 ` [PATCH 2/6] xen/iommu: Move dom0 setup code out of __init Daniel De Graaf
2014-03-05 9:56 ` Jan Beulich
2014-03-05 22:25 ` Daniel De Graaf
2014-03-06 9:53 ` Jan Beulich
2014-03-04 22:51 ` [PATCH 3/6] xen: prevent 0 from being used as a dynamic domid Daniel De Graaf
2014-03-04 22:51 ` [PATCH 4/6] xen: Allow hardare domain != dom0 Daniel De Graaf
2014-03-05 3:50 ` Julien Grall
2014-03-05 23:04 ` Daniel De Graaf
2014-03-05 10:04 ` Jan Beulich
2014-03-05 23:04 ` Daniel De Graaf
2014-03-06 9:54 ` Jan Beulich
2014-03-04 22:51 ` [PATCH 5/6] tools/libxl: Allow dom0 to be destroyed Daniel De Graaf
2014-03-05 10:07 ` Jan Beulich
2014-03-05 12:02 ` Ian Jackson
2014-03-05 22:36 ` Daniel De Graaf
2014-03-10 16:45 ` Ian Jackson
2014-03-12 14:27 ` Daniel De Graaf
2014-03-13 17:17 ` Ian Jackson
2014-03-13 17:41 ` Daniel De Graaf
2014-03-14 14:32 ` Ian Jackson
2014-03-04 22:51 ` [PATCH 6/6] xenstored: add --master-domid to support domain builder Daniel De Graaf
2014-03-10 12:14 ` Ian Jackson
2014-03-04 23:32 ` Domain Builder Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531795C5.10805@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=JBeulich@suse.com \
--cc=ian.campbell@citrix.com \
--cc=keir@xen.org \
--cc=stefano.stabellini@citrix.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
--cc=xiantao.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.