From: Jason Andryuk <andryuk@aero.org>
To: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH v2] libxl: Reset toolstack_save file position in libxl
Date: Thu, 22 May 2014 08:07:50 -0400 [thread overview]
Message-ID: <537DE896.6020703@aero.org> (raw)
In-Reply-To: <21372.52731.294158.259488@mariner.uk.xensource.com>
On 5/21/2014 12:02 PM, Ian Jackson wrote:
> Jason Andryuk writes ("[PATCH v2] libxl: Reset toolstack_save file position in libxl"):
>> toolstack_save data is written to a temporary file in libxl and read
>> back in libxl-save-helper. The file position must be reset prior to
>> reading the file, which is done in libxl-save-helper with lseek.
>>
>> lseek is unsupported for pipes and sockets, so a wrapper passing such an
>> fd to libxl-save-helper fails the lseek. Moving the lseek to libxl
>> avoids the error, allowing the save to continue.
>
> I don't object to this in principle, and arguably it's wrong that this
> functionality should be in the save helper rather than libxl proper
> (since the save helper is supposed to be an as-thin-as-possible
> wrapper around the libxc functions). So TBH I'm inclined to take
> this change on those grounds.
>
> But I'm curious as to what kind of wrapper you have devised, and for
> what purpose. Do you mean a wrapper program for libxl-save-helper ?
> Which presumably interposes a pipe for the toolstack data fd ?
Using XSM Flask and Domain Builder [1], the hypervisor can protect domU memory from control domains. The wrapper spawns a migrator domain to run libxl-save-helper. This migrator domain has the XSM permission to access the domU memory and encrypts the data stream to continue protecting the domU.
The wrapper in the control domain plumbs stdin, stdout, io_fd, and toolstack_save_fd through a vchan to the migrator domain. Inside the migrator domain, the vchan data streams are passed through pipes to libxl-save-helper. (An earlier prototype used vifs and a socket). The migrator domain's libxl-save-helper return value is passed to control domain, where the wrapper cleans up and then exits with the aforementioned return value.
Yes, it's an atypical setup. The patch doesn't change co-located libxl/libxl-save-helper, but it does allow the possibility described above.
Regards,
Jason
[1] http://lists.xen.org/archives/html/xen-devel/2014-03/msg00320.html
next prev parent reply other threads:[~2014-05-22 12:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-19 18:36 [PATCH v2] libxl: Reset toolstack_save file position in libxl Jason Andryuk
2014-05-19 22:07 ` Andrew Cooper
2014-05-21 16:04 ` Ian Jackson
2014-05-21 16:12 ` Andrew Cooper
2014-05-21 16:02 ` Ian Jackson
2014-05-22 12:07 ` Jason Andryuk [this message]
2014-05-22 15:33 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537DE896.6020703@aero.org \
--to=andryuk@aero.org \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.