From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH 00/18] RFC: Merge IS_PRIV checks into XSM
 hooks
Date: Tue, 07 Aug 2012 14:20:43 -0400
Message-ID: <50215C7B.1060509@tycho.nsa.gov>
References: <1344263550-3941-1-git-send-email-dgdegra@tycho.nsa.gov>
	<CAGj-7pXZ6Z+f0p9NSVZ=_M9i8LF49myNNyyjM6rs_T0AqMDSSA@mail.gmail.com>
	<50215461.4030901@tycho.nsa.gov>
	<CAGj-7pWTrXYUM-pdM1zsFTy98krtzHw4ANGFKyTyxAiJ_pJn+A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CAGj-7pWTrXYUM-pdM1zsFTy98krtzHw4ANGFKyTyxAiJ_pJn+A@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Shakeel Butt <shakeel.butt@gmail.com>
Cc: xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On 08/07/2012 02:07 PM, Shakeel Butt wrote:
>> I wasn't intending to exclude the other uses of XSM that this series will
>> benefit; dom0 disaggregation is just the most obvious case that requires
>> the larger changes like removing IS_PRIV checks.
> I was just saying that this patch series is more beneficial than claimed.
> 
>> Xenstore can already be split into its own stub domain (or domains, as in
>> the Xoar paper). The permissions model in Xenstore has a privileged bit
>> similar to IS_PRIV; extending XSM controls into Xenstore similar to how
>> SELinux controls were extended into DBus will address this.
> 
> My real concern here was the use of is_initial_domain() in the xenbus driver
> code. For example I am running all Linux PV and one of them is XenStore
> domain, the xenbus driver needs to do something different than
> is_initial_domain(),
> maybe something like is_xenstore_domain() [not saying this is right
> way to do it].
> Please correct me if I am wrong.
> 
> thanks,
> Shakeel
> 

The method in upstream Linux is more complete than this: if the domain
is started with xenstore information in the shared page, it will use it
(which happens when a domain builder is used to launch dom0 and xenstore
stub domains at the same time); otherwise, there is an ioctl that can
be used in dom0 to tell it about a newly launched xenstore stub domain.
The combination of these eliminates any need for an is_xenstore_domain()
function.

-- 
Daniel De Graaf
National Security Agency