From: Keir Fraser <keir.xen@gmail.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: xen-devel@lists.xen.org
Subject: Re: [PATCH v3 0/7] xen: Hardware domain support
Date: Thu, 10 Apr 2014 16:58:30 +0100 [thread overview]
Message-ID: <5346BFA6.2050106@gmail.com> (raw)
In-Reply-To: <1395921128-7086-1-git-send-email-dgdegra@tycho.nsa.gov>
[-- Attachment #1.1: Type: text/plain, Size: 1994 bytes --]
> Daniel De Graaf <mailto:dgdegra@tycho.nsa.gov>
> 27 March 2014 11:52
> This adds support to the hypervisor for the creation of a hardware
> domain distinct from domain 0, allowing further disaggregation of the
> duties of domain 0. The commit message for patch 1 contains a more
> complete description of the distinction between the hardware domain and
> control domain(s). Making the hardware domain distinct from domain 0
> allows it to be further de-privileged using an XSM policy: the hardware
> domain does not need to be permitted access to create or modify other
> domains in order to act as a device backend for them.
>
> Changes since v2:
> - Rename and move CONFIG_LATE_HWDOM declaration to asm-x86/config.h
> - Move alloc_dom0_vcpu0 prototype change from patch 5 to 4
> - Also rename nmi_{dom0 => hwdom}_report
> - Add help/documentation for xl destroy -f
>
> Changes since v1:
> - More complete conversion to is_hardware_domain (convert "== dom0")
> - Rename "dom0" global variable and associated functions
> - Avoid locating the hardware_domid variable in x86-only code
> - Require using "xl destroy -f 0" to destroy domain 0 to retain the
> existing guard against accidental attempts to destroy domain 0 that
> will still cause disruption of the platform.
> - Add an XSM permission check so that the security label of the
> hardware domain can be limited by the policy.
> - Rebase against updated xen/staging
>
> [PATCH 1/7] xen: use domid check in is_hardware_domain
> [PATCH 2/7] xen/iommu: Move dom0 setup to __hwdom_init
> [PATCH 3/7] xen: prevent 0 from being used as a dynamic domid
> [PATCH 4/7] xen: rename dom0 to hardware_domain
> [PATCH 5/7] xen: rename various functions referencing dom0
> [PATCH 6/7] xen: Allow hardare domain != dom0
> [PATCH 7/7] tools/libxl: Allow dom0 to be destroyed
Acked-by: Keir Fraser <keir@xen.org>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
[-- Attachment #1.2.1: Type: text/html, Size: 3825 bytes --]
[-- Attachment #1.2.2: compose-unknown-contact.jpg --]
[-- Type: image/jpeg, Size: 770 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
prev parent reply other threads:[~2014-04-10 15:58 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-27 11:52 [PATCH v3 0/7] xen: Hardware domain support Daniel De Graaf
2014-03-27 11:52 ` [PATCH 1/7] xen: use domid check in is_hardware_domain Daniel De Graaf
2014-03-27 15:31 ` Ian Campbell
2014-03-27 11:52 ` [PATCH 2/7] xen/iommu: Move dom0 setup code to __hwdom_init Daniel De Graaf
2014-03-27 11:52 ` [PATCH 3/7] xen: prevent 0 from being used as a dynamic domid Daniel De Graaf
2014-03-27 11:52 ` [PATCH 4/7] xen: rename dom0 to hardware_domain Daniel De Graaf
2014-03-27 12:20 ` Egger, Christoph
2014-03-27 12:48 ` Daniel De Graaf
2014-03-27 15:46 ` Egger, Christoph
2014-03-27 15:33 ` Ian Campbell
2014-03-27 11:52 ` [PATCH 5/7] xen: rename various functions referencing dom0 Daniel De Graaf
2014-03-27 15:34 ` Ian Campbell
2014-03-27 15:47 ` Daniel De Graaf
2014-03-27 11:52 ` [PATCH 6/7] xen: Allow hardare domain != dom0 Daniel De Graaf
2014-04-11 9:13 ` Jan Beulich
2014-04-11 15:07 ` Daniel De Graaf
2014-04-11 15:20 ` Jan Beulich
2014-04-11 18:22 ` Daniel De Graaf
2014-04-14 7:56 ` Jan Beulich
2014-04-14 20:12 ` Daniel De Graaf
2014-03-27 11:52 ` [PATCH 7/7] tools/libxl: Allow dom0 to be destroyed Daniel De Graaf
2014-03-27 15:35 ` Ian Campbell
2014-04-02 15:08 ` Ian Jackson
2014-04-10 15:58 ` Keir Fraser [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5346BFA6.2050106@gmail.com \
--to=keir.xen@gmail.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).