From: George Dunlap <george.dunlap@citrix.com>
To: NathanStuder <nathan.studer@dornerworks.com>,
Lars Kurth <lars.kurth.xen@gmail.com>,
Robert VanVossen <robert.vanvossen@dornerworks.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@citrix.com>,
"Tim (Xen.org)" <tim@xen.org>,
Julien Grall <julien.grall@arm.com>,
Rich Persaud <persaur@gmail.com>,
Dario Faggioli <raistlin@linux.it>,
Meng Xu <mengxu@cis.upenn.edu>, 'Jan Beulich' <jbeulich@suse.com>,
xen-devel <xen-devel@lists.xenproject.org>,
JoshWhitehead <josh.whitehead@dornerworks.com>
Subject: Re: [PATCH RFC v2] Add SUPPORT.md
Date: Thu, 2 Nov 2017 17:34:08 +0000 [thread overview]
Message-ID: <a3f1ce1d-aa0e-ca88-1bc0-bcb5ae2e0a8e@citrix.com> (raw)
In-Reply-To: <7c4767f2-9ed9-8aac-52fb-808f001317d9@dornerworks.com>
On 10/27/2017 04:09 PM, NathanStuder wrote:
>
>
> On 10/09/2017 10:14 AM, Lars Kurth wrote:
>>
>>> On 27 Sep 2017, at 13:57, Robert VanVossen <robert.vanvossen@dornerworks.com> wrote:
>>>
>>>
>>>
>>> On 9/26/2017 3:12 AM, Dario Faggioli wrote:
>>>> [Cc-list modified by removing someone and adding someone else]
>>>>
>>>> On Mon, 2017-09-25 at 16:10 -0700, Stefano Stabellini wrote:
>>>>> On Mon, 11 Sep 2017, George Dunlap wrote:
>>>>>> +### RTDS based Scheduler
>>>>>> +
>>>>>> + Status: Experimental
>>>>>> +
>>>>>> +A soft real-time CPU scheduler built to provide guaranteed CPU
>>>>>> capacity to guest VMs on SMP hosts
>>>>>> +
>>>>>> +### ARINC653 Scheduler
>>>>>> +
>>>>>> + Status: Supported, Not security supported
>>>>>> +
>>>>>> +A periodically repeating fixed timeslice scheduler. Multicore
>>>>>> support is not yet implemented.
>>>>>> +
>>>>>> +### Null Scheduler
>>>>>> +
>>>>>> + Status: Experimental
>>>>>> +
>>>>>> +A very simple, very static scheduling policy
>>>>>> +that always schedules the same vCPU(s) on the same pCPU(s).
>>>>>> +It is designed for maximum determinism and minimum overhead
>>>>>> +on embedded platforms.
>>
>> ...
>>
>>>> Actually, the best candidate for gaining security support, is IMO
>>>> ARINC. Code is also rather simple and "stable" (hasn't changed in the
>>>> last... years!) and it's used by DornerWorks' people for some of their
>>>> projects (I think?). It's also not tested in OSSTest, though, and
>>>> considering how special purpose it is, I think we're not totally
>>>> comfortable marking it as Sec-Supported, without feedback from the
>>>> maintainers.
>>>>
>>>> George, Josh, Robert?
>>>>
>>>
>>> Yes, we do still use the ARINC653 scheduler. Since it is so simple, it hasn't
>>> really needed any modifications in the last couple years.
>>>
>>> We are not really sure what kind of feedback you are looking from us in regards
>>> to marking it sec-supported, but would be happy to try and answer any questions.
>>> If you have any specific questions or requests, we can discuss it internally and
>>> get back to you.
>>
>> I think there are two sets of issues: one around testing, which Dario outlined.
>>
>> For example, if you had some test harnesses that could be run on Xen release
>> candidates, which verify that the scheduler works as expected, that would
>> help. It would imply a commitment to run the tests on release candidates.
>
> We have an internal Xen test harness that we use to test the scheduler, but I
> assume you would like it converted to use OSSTest instead, so that the
> tests could be integrated into the main test suite someday?
In our past discussions I don't think anyone has thought the "everything
has to be tested in osstest" strategy is really feasible. So I think we
were going for a model where it just had to be regularly tested
*somewhere*, more or less as a marker for "is this functionality
important enough to people to give security support".
>> The second question is what happens if someone reported a security issue on
>> the scheduler. The security team would not have the capability to fix issues in
>> the ARINC scheduler: so it would be necessary to pull in an expert under
>> embargo to help triage the issue, fix the issue and prove that the fix works. This
>> would most likely require "the expert" to work to the timeline of the security
>> team (which may require prioritising it over other work), as once a security issue
>> has been reported, the reporter may insist on a disclosure schedule. If we didn't
>> have a fix in time, because we don't get expert bandwidth, we could be forced to
>> disclose an XSA without a fix.
>
> We can support this and have enough staff familiar with the scheduler that
> prioritizing security issues shouldn't be a problem. The maintainers (Robbie
> and Josh) can triage issues if and when the time comes, but if you need a more
> dedicated "expert" for this type of issue, then that would likely be me.
OK -- in that case, if it's OK with you, I'll list ArinC as 'Supported'.
Thanks,
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-11-02 17:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-11 17:01 [PATCH RFC v2] Add SUPPORT.md George Dunlap
2017-09-11 17:53 ` Andrew Cooper
2017-09-12 9:48 ` Jan Beulich
2017-09-12 9:49 ` Wei Liu
2017-10-23 16:22 ` George Dunlap
2017-10-23 17:55 ` Andrew Cooper
2017-10-23 20:57 ` Stefano Stabellini
2017-10-24 10:27 ` George Dunlap
2017-10-24 11:42 ` Andrew Cooper
2017-10-25 10:59 ` George Dunlap
2017-10-25 11:30 ` Andrew Cooper
2017-10-26 9:19 ` Jan Beulich
2017-10-26 10:59 ` Andrew Cooper
2017-10-24 10:29 ` Julien Grall
2017-09-12 5:09 ` Juergen Gross
2017-09-12 10:39 ` Roger Pau Monné
2017-09-12 19:52 ` Stefano Stabellini
2017-09-12 20:09 ` Julien Grall
2017-11-01 17:01 ` George Dunlap
2017-11-01 16:57 ` George Dunlap
2017-09-12 13:14 ` George Dunlap
2017-09-12 15:35 ` Rich Persaud
2017-10-09 13:53 ` Lars Kurth
2017-10-24 14:00 ` George Dunlap
2017-09-15 14:51 ` Konrad Rzeszutek Wilk
2017-10-24 15:22 ` George Dunlap
2017-11-01 17:10 ` Konrad Rzeszutek Wilk
2017-11-02 10:46 ` George Dunlap
2017-11-02 15:23 ` Konrad Rzeszutek Wilk
2017-09-25 23:10 ` Stefano Stabellini
2017-09-26 7:12 ` Dario Faggioli
2017-09-27 12:57 ` Robert VanVossen
2017-09-27 13:48 ` Dario Faggioli
2017-10-09 14:14 ` Lars Kurth
2017-10-27 15:09 ` NathanStuder
2017-11-02 17:34 ` George Dunlap [this message]
2017-11-02 20:42 ` NathanStuder
2017-09-26 10:34 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a3f1ce1d-aa0e-ca88-1bc0-bcb5ae2e0a8e@citrix.com \
--to=george.dunlap@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.jackson@citrix.com \
--cc=jbeulich@suse.com \
--cc=josh.whitehead@dornerworks.com \
--cc=julien.grall@arm.com \
--cc=lars.kurth.xen@gmail.com \
--cc=mengxu@cis.upenn.edu \
--cc=nathan.studer@dornerworks.com \
--cc=persaur@gmail.com \
--cc=raistlin@linux.it \
--cc=robert.vanvossen@dornerworks.com \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).