From: Juergen Gross <jgross@suse.com>
To: "Roger Pau Monné" <roger.pau@citrix.com>
Cc: xen-devel@lists.xenproject.org, Ian Jackson <iwj@xenproject.org>,
Wei Liu <wl@xen.org>, Julien Grall <julien@xen.org>
Subject: Re: [PATCH DNA 5/6] tools/xenstored: restore support for mapping ring as foreign memory
Date: Mon, 20 Sep 2021 12:51:55 +0200 [thread overview]
Message-ID: <1cff7e8e-613f-629e-99b9-0407767900ae@suse.com> (raw)
In-Reply-To: <YUhlfuPWEqnT0/42@MacBook-Air-de-Roger.local>
[-- Attachment #1.1.1: Type: text/plain, Size: 1732 bytes --]
On 20.09.21 12:42, Roger Pau Monné wrote:
> On Mon, Sep 20, 2021 at 10:24:45AM +0200, Juergen Gross wrote:
>> On 17.09.21 17:46, Roger Pau Monne wrote:
>>> Restore the previous way of mapping the xenstore ring using foreign
>>> memory. Use xenforeignmemory instead of libxc in order to avoid adding
>>> another dependency on a unstable interface.
>>
>> Mapping a guest page via xenforeignmemory is no good move IMO. A guest
>> not supporting a grant table for security reasons is a rather strange
>> idea, as it needs to trade that for a general memory access by any
>> backend without a way to restrict such accesses. This contradicts one
>> of the main concepts of the Xen security architecture.
>
> I've done this in order to be able to assert that the switch to
> disable grant tables was working correctly, I don't intended this
> specific mode to be something that is desirable or that should be used
> in production, but I do think it's useful to be able to create such
> guests in order to assert that the option is taking effect.
>
> The main problem of xenstore not being correctly initialized on a
> domain is that the "@introduceDomain" watch doesn't fire, and thus
> other components don't get notified of the newly created domain.
>
> This seems to be a limitation of the current design, where the only
> way to get notifications of new domain creation is using
> "@introduceDomain", even when the caller doesn't care of whether the
> created domain as a working xenstore connection.
>
> Maybe I can workaround this differently in xenstore, so that the watch
> fires even when the shared xenstore ring cannot be initialized.
Yes, I think this would be the way to go.
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3135 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
next prev parent reply other threads:[~2021-09-20 10:52 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-17 15:46 [PATCH 0/6] gnttab: add per-domain controls Roger Pau Monne
2021-09-17 15:46 ` [PATCH 1/6] gnttab: allow setting max version per-domain Roger Pau Monne
2021-09-17 15:46 ` [PATCH 2/6] gnttab: allow per-domain control over transitive grants Roger Pau Monne
2021-09-20 9:32 ` Andrew Cooper
2021-09-20 11:45 ` Roger Pau Monné
2021-09-17 15:46 ` [PATCH 3/6] tools/console: use xenforeigmemory to map console ring Roger Pau Monne
2021-09-20 10:32 ` Ian Jackson
2021-09-17 15:46 ` [PATCH 4/6] tools/xenstored: use atexit to close interfaces Roger Pau Monne
2021-09-20 7:17 ` Roger Pau Monné
2021-09-20 9:22 ` Juergen Gross
2021-09-20 10:53 ` Roger Pau Monné
2021-09-20 10:57 ` Ian Jackson
2021-09-20 11:02 ` Juergen Gross
2021-09-20 12:21 ` Ian Jackson
2021-09-20 10:34 ` Ian Jackson
2021-09-20 10:39 ` Juergen Gross
2021-09-17 15:46 ` [PATCH DNA 5/6] tools/xenstored: restore support for mapping ring as foreign memory Roger Pau Monne
2021-09-20 8:24 ` Juergen Gross
2021-09-20 10:42 ` Roger Pau Monné
2021-09-20 10:51 ` Juergen Gross [this message]
2021-09-20 10:35 ` Ian Jackson
2021-09-17 15:46 ` [PATCH 6/6] gnttab: allow disabling grant table per-domain Roger Pau Monne
2021-09-17 16:06 ` [PATCH 0/6] gnttab: add per-domain controls Christian Lindig
2021-09-20 7:26 ` Roger Pau Monné
2021-09-20 8:24 ` Edwin Torok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1cff7e8e-613f-629e-99b9-0407767900ae@suse.com \
--to=jgross@suse.com \
--cc=iwj@xenproject.org \
--cc=julien@xen.org \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.