From: Ian Campbell <ian.campbell@citrix.com>
To: "Roger Pau Monné" <roger.pau@citrix.com>, xen-devel@lists.xenproject.org
Cc: Wei Liu <wei.liu2@citrix.com>, Ian Jackson <ian.jackson@eu.citrix.com>
Subject: Re: [PATCH v3 5/5] libxl: add options to enable/disable emulated devices
Date: Thu, 21 Jan 2016 10:29:58 +0000 [thread overview]
Message-ID: <1453372198.26343.217.camel@citrix.com> (raw)
In-Reply-To: <56A0AC87.8060405@citrix.com>
On Thu, 2016-01-21 at 11:01 +0100, Roger Pau Monné wrote:
> El 21/01/16 a les 10.39, Ian Campbell ha escrit:
> > > If we don't have that guarantee I think this is already a bug, and we
> > > should call _setdefault before sending the domain info to the other end.
> > > In fact I have a patch that does exactly that, but I'm unsure if it's
> > > needed because I don't know the policy regarding default values in libxl.
> >
> > Wei, isn't this (turning the defaults into concrete values) supposed to be
> > taken care of by the JSON mangling which you added?
>
> Heh, I think you mean the JSON mangling added by Wei.
Correct.
> In order to
> propagate the values filled by default in libxl_domain_config I had to
> add the following patch, which basically calls the _setdefault
> functions before converting the domain_config into JSON. I'm planning
> to make it part of this series in the next iteration:
I'll let Wei comment on why this isn't already done.
> > > With the current code, libxl basically limits the set of allowed masks
> > > to what it knows. After the change libxl just becomes a proxy for
> > > transmitting what the user has selected to Xen, and Xen either accepts
> > > or refuses it, basically making Xen the only arbiter that decides which
> > > emulated devices get enabled or not. This means that if we want to make
> > > more emulated devices available to the guest in the future no libxl
> > > changes will be required.
> >
> > We would need to add a new defbool for the new feature.
>
> Yes, but I was thinking more in the direction of enabling them, rather
> than adding new ones.
Which would then require changing the defbool_set_default in libxl after
this change, so you do still need to change libxl.
> > > It also means that HVMlite guests created with current Xen will be
> > > capable of migrating to newer version of Xen, that might have a
> > > different default policy. For example in the future we might want to
> > > enable the lapic by default, so if a guest is created with the current
> > > Xen version it doesn't get a lapic at all, and then when migrated to
> > > newer versions a lapic would magically appear after the migration, which
> > > is not desired.
> >
> > ... and the reason these details can't be propagated via the Xen blob is
> > that this emul stuff needs to be set exactly once at domain create time I
> > suppose? Changing it to be later binding is considered to be too hard/too
> > big a yak?
>
> Right, emulated devices are initialised as part of the
> XEN_DOMCTL_createdomain hypercall. Allowing them to be added later on
> and introducing a kind of intermediate domain building phase where only
> a certain set of hypercalls are valid is a possibility that Andrew
> already pointed out, however this seems like a very big project.
This seems like the right approach to me, but I appreciate you not wanting
to tackle this here and now.
Would it be possible to set the set of "potential" emulated devices at
create time and only "commit" to it after the save state is loaded? That
would essentially mean init-all, load state, de-init those which didn't get
any state loaded? Not as nice as doing it with the split of hypercall
availability, but might be more achievable, since you already have the de-
init code for domain teardown time.
In any case, whatever is chosen as the solution the commit message needs to
go into a fair amount of detail as to why we picked that way of doing
things, particularly if it is a compromise vs doing it properly.
This is important so we can answer "why did we do it this way" in 2 years
time.
> > Even with the set of devices set at domain creation time Xen needs to take
> > care when reading its blob, and not fall apart (from a security PoV, it's
> > allowed to fail the state load) when presented with a save record relating
> > to something which is supposedly disabled. Has this been checked?
>
> Yes, trying to load a state into a disable device will result in
> -ENODEV.
Grand.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-01-21 10:30 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-20 11:57 [PATCH v3 0/5] HVMlite: DomU fixes and a Dom0 preparatory patch Roger Pau Monne
2016-01-20 11:57 ` [PATCH v3 1/5] libelf: rewrite symtab/strtab loading for Dom0 Roger Pau Monne
2016-01-20 11:57 ` [PATCH v3 2/5] libxl: introduce LIBXL_VGA_INTERFACE_TYPE_UNDEF Roger Pau Monne
2016-01-20 12:42 ` Ian Campbell
2016-01-20 11:57 ` [PATCH v3 3/5] libxl: initialise the build info before calling prepare_config Roger Pau Monne
2016-01-20 12:46 ` Ian Campbell
2016-01-20 15:32 ` Roger Pau Monné
2016-01-20 15:37 ` Ian Campbell
2016-01-20 11:57 ` [PATCH v3 4/5] x86/PV: allow PV guests to have an emulated PIT Roger Pau Monne
2016-01-20 12:11 ` Jan Beulich
2016-01-20 11:57 ` [PATCH v3 5/5] libxl: add options to enable/disable emulated devices Roger Pau Monne
2016-01-20 13:01 ` Ian Campbell
2016-01-20 18:33 ` Roger Pau Monné
2016-01-21 9:39 ` Ian Campbell
2016-01-21 10:01 ` Roger Pau Monné
2016-01-21 10:29 ` Ian Campbell [this message]
2016-01-21 11:10 ` Roger Pau Monné
2016-01-21 11:31 ` Wei Liu
2016-01-21 15:55 ` Roger Pau Monné
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453372198.26343.217.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=roger.pau@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.