From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755586AbcAWAbO (ORCPT ); Fri, 22 Jan 2016 19:31:14 -0500 Received: from ppsw-33.csi.cam.ac.uk ([131.111.8.133]:48769 "EHLO ppsw-33.csi.cam.ac.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755406AbcAWAa1 (ORCPT ); Fri, 22 Jan 2016 19:30:27 -0500 X-Cam-AntiVirus: no malware found X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Subject: Re: [Xen-devel] [PATCH v1 04/12] xen/hvmlite: Bootstrap HVMlite guest To: "Luis R. Rodriguez" , Boris Ostrovsky References: <1453498558-6028-1-git-send-email-boris.ostrovsky@oracle.com> <1453498558-6028-5-git-send-email-boris.ostrovsky@oracle.com> <20160122233218.GA20964@wotan.suse.de> Cc: Juergen Gross , Jeremy Fitzhardinge , Rusty Russell , linux-kernel@vger.kernel.org, Andy Lutomirski , david.vrabel@citrix.com, hpa@zytor.com, xen-devel@lists.xenproject.org, Borislav Petkov , roger.pau@citrix.com From: Andrew Cooper X-Enigmail-Draft-Status: N1110 Message-ID: <56A2C99A.2050701@citrix.com> Date: Sat, 23 Jan 2016 00:30:18 +0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <20160122233218.GA20964@wotan.suse.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 22/01/2016 23:32, Luis R. Rodriguez wrote: > On Fri, Jan 22, 2016 at 04:35:50PM -0500, Boris Ostrovsky wrote: >> + /* >> + * See Documentation/x86/boot.txt. >> + * >> + * Version 2.12 supports Xen entry point but we will use default x86/PC >> + * environment (i.e. hardware_subarch 0). >> + */ >> + xen_hvmlite_boot_params.hdr.version = 0x212; >> + xen_hvmlite_boot_params.hdr.type_of_loader = 9; /* Xen loader */ >> +} > I realize PV got away with setting up boot_params on C code but best > ask now that this new code is being introduced: why can't we just have > the Xen hypervisor fill this in? It'd save us all this code. I agree that this looks to be a mess. Having said that, the DMLite boot protocol is OS agnostic, and will be staying that way. It happens to look suspiciously like multiboot; a flat 32bit protected mode entry (at a location chosen in an ELF note), with %ebx pointing to an in-ram structure containing things like a command line and module list. I would have though the correct way to do direct Linux support would be to have a very small init stub which constructs an appropriate zero page, and lets the native entry point get on with things. This covers the usecase where people wish to boot a specific Linux kernel straight out of the dom0 filesystem. For the alternative usecase of general OS support, dom0 would boot something such as grub2 as the DMLite "kernel", at which point all stooging around in the guests filesystem is done from guest context, rather than control context (mitigating a substantial attack surface). ~Andrew From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH v1 04/12] xen/hvmlite: Bootstrap HVMlite guest Date: Sat, 23 Jan 2016 00:30:18 +0000 Message-ID: <56A2C99A.2050701@citrix.com> References: <1453498558-6028-1-git-send-email-boris.ostrovsky@oracle.com> <1453498558-6028-5-git-send-email-boris.ostrovsky@oracle.com> <20160122233218.GA20964@wotan.suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aMm5v-00077W-Pw for xen-devel@lists.xenproject.org; Sat, 23 Jan 2016 00:30:23 +0000 In-Reply-To: <20160122233218.GA20964@wotan.suse.de> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: "Luis R. Rodriguez" , Boris Ostrovsky Cc: Juergen Gross , Jeremy Fitzhardinge , Rusty Russell , linux-kernel@vger.kernel.org, Andy Lutomirski , david.vrabel@citrix.com, hpa@zytor.com, xen-devel@lists.xenproject.org, Borislav Petkov , roger.pau@citrix.com List-Id: xen-devel@lists.xenproject.org On 22/01/2016 23:32, Luis R. Rodriguez wrote: > On Fri, Jan 22, 2016 at 04:35:50PM -0500, Boris Ostrovsky wrote: >> + /* >> + * See Documentation/x86/boot.txt. >> + * >> + * Version 2.12 supports Xen entry point but we will use default x86/PC >> + * environment (i.e. hardware_subarch 0). >> + */ >> + xen_hvmlite_boot_params.hdr.version = 0x212; >> + xen_hvmlite_boot_params.hdr.type_of_loader = 9; /* Xen loader */ >> +} > I realize PV got away with setting up boot_params on C code but best > ask now that this new code is being introduced: why can't we just have > the Xen hypervisor fill this in? It'd save us all this code. I agree that this looks to be a mess. Having said that, the DMLite boot protocol is OS agnostic, and will be staying that way. It happens to look suspiciously like multiboot; a flat 32bit protected mode entry (at a location chosen in an ELF note), with %ebx pointing to an in-ram structure containing things like a command line and module list. I would have though the correct way to do direct Linux support would be to have a very small init stub which constructs an appropriate zero page, and lets the native entry point get on with things. This covers the usecase where people wish to boot a specific Linux kernel straight out of the dom0 filesystem. For the alternative usecase of general OS support, dom0 would boot something such as grub2 as the DMLite "kernel", at which point all stooging around in the guests filesystem is done from guest context, rather than control context (mitigating a substantial attack surface). ~Andrew