* Re: [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
@ 2018-06-14 16:18 DeGraaf, Daniel G
2018-06-14 21:01 ` Stefano Stabellini
0 siblings, 1 reply; 4+ messages in thread
From: DeGraaf, Daniel G @ 2018-06-14 16:18 UTC (permalink / raw)
To: 'Julien Grall', Stefano Stabellini
Cc: artem_mygaiev, Stefano Stabellini, andrii_anisov, George.Dunlap,
andrew.cooper3, ian.jackson, xen-devel, tim, jbeulich, wei.liu2,
dgdegra
-----Original Message-----
> On 13/06/18 23:15, Stefano Stabellini wrote:
> > This is very useful when starting multiple domains from Xen without
> > xenstore access. It will allow them to print out to the Xen console.
> >
> > Signed-off-by: Stefano Stabellini <stefanos@xilinx.com>
> > CC: andrew.cooper3@citrix.com
> > CC: George.Dunlap@eu.citrix.com
> > CC: ian.jackson@eu.citrix.com
> > CC: jbeulich@suse.com
> > CC: konrad.wilk@oracle.com
> > CC: tim@xen.org
> > CC: wei.liu2@citrix.com
> > CC: dgdegra@tycho.nsa.gov
> > ---
> > If there is a better way to do this with XSM, please advise.
>
> We definitely need to keep the XSM around to avoid opening a hole. We also don't want all the domain to access the console.
>
> Looking at the implementation, any domain with is_privileged will be able to access the console. IHMO, I don't think we should set
> that for DomU created by Xen.
>
> So I would suggest to introduce a new variable is_console and to tell whether a domain can access the console. xsm_console_io(...)
> would then need to be updated accordingly.
There is an existing CONFIG_VERBOSE_DEBUG option which, among other things, allows console output from any domain. The console output part of that (which is just the #ifdef in include/xsm/dummy.h) could be moved to another CONFIG or ORed with an ARM flag. This would apply to all domains; if that's not what you want, you'll need to add a flag (like Julien suggested) or use XSM.
If XSM is enabled, guest hypervisor console output is controlled by the guest_writeconsole boolean in the default policy (tools/flask/policy/modules/guest_features.te) which defaults to allowing it.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
2018-06-14 16:18 [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM DeGraaf, Daniel G
@ 2018-06-14 21:01 ` Stefano Stabellini
0 siblings, 0 replies; 4+ messages in thread
From: Stefano Stabellini @ 2018-06-14 21:01 UTC (permalink / raw)
To: dgdegra
Cc: artem_mygaiev, Stefano Stabellini, Stefano Stabellini,
andrii_anisov, George.Dunlap, andrew.cooper3, ian.jackson,
xen-devel, 'Julien Grall',
tim, jbeulich, wei.liu2
On Thu, 14 Jun 2018, DeGraaf, Daniel G wrote:
> -----Original Message-----
> > On 13/06/18 23:15, Stefano Stabellini wrote:
> > > This is very useful when starting multiple domains from Xen without
> > > xenstore access. It will allow them to print out to the Xen console.
> > >
> > > Signed-off-by: Stefano Stabellini <stefanos@xilinx.com>
> > > CC: andrew.cooper3@citrix.com
> > > CC: George.Dunlap@eu.citrix.com
> > > CC: ian.jackson@eu.citrix.com
> > > CC: jbeulich@suse.com
> > > CC: konrad.wilk@oracle.com
> > > CC: tim@xen.org
> > > CC: wei.liu2@citrix.com
> > > CC: dgdegra@tycho.nsa.gov
> > > ---
> > > If there is a better way to do this with XSM, please advise.
> >
> > We definitely need to keep the XSM around to avoid opening a hole. We also don't want all the domain to access the console.
> >
> > Looking at the implementation, any domain with is_privileged will be able to access the console. IHMO, I don't think we should set
> > that for DomU created by Xen.
> >
> > So I would suggest to introduce a new variable is_console and to tell whether a domain can access the console. xsm_console_io(...)
> > would then need to be updated accordingly.
>
> There is an existing CONFIG_VERBOSE_DEBUG option which, among other things, allows console output from any domain. The console output part of that (which is just the #ifdef in include/xsm/dummy.h) could be moved to another CONFIG or ORed with an ARM flag. This would apply to all domains; if that's not what you want, you'll need to add a flag (like Julien suggested) or use XSM.
>
> If XSM is enabled, guest hypervisor console output is controlled by the guest_writeconsole boolean in the default policy (tools/flask/policy/modules/guest_features.te) which defaults to allowing it.
I think the best user experience would be:
- do not to require XSM to be enabled
- do not to allow all domains to use the Xen console, only the ones started
from Xen
- domUs started from Xen should not be is_privileged
Indeed, the best approach would be be to add a new is_console option.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
2018-06-13 22:15 ` [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM Stefano Stabellini
@ 2018-06-14 15:33 ` Julien Grall
0 siblings, 0 replies; 4+ messages in thread
From: Julien Grall @ 2018-06-14 15:33 UTC (permalink / raw)
To: Stefano Stabellini
Cc: artem_mygaiev, Stefano Stabellini, andrii_anisov, George.Dunlap,
andrew.cooper3, ian.jackson, xen-devel, tim, jbeulich, wei.liu2,
dgdegra
Hi Stefano,
On 13/06/18 23:15, Stefano Stabellini wrote:
> This is very useful when starting multiple domains from Xen without
> xenstore access. It will allow them to print out to the Xen console.
>
> Signed-off-by: Stefano Stabellini <stefanos@xilinx.com>
> CC: andrew.cooper3@citrix.com
> CC: George.Dunlap@eu.citrix.com
> CC: ian.jackson@eu.citrix.com
> CC: jbeulich@suse.com
> CC: konrad.wilk@oracle.com
> CC: tim@xen.org
> CC: wei.liu2@citrix.com
> CC: dgdegra@tycho.nsa.gov
> ---
> If there is a better way to do this with XSM, please advise.
We definitely need to keep the XSM around to avoid opening a hole. We
also don't want all the domain to access the console.
Looking at the implementation, any domain with is_privileged will be
able to access the console. IHMO, I don't think we should set that for
DomU created by Xen.
So I would suggest to introduce a new variable is_console and to tell
whether a domain can access the console. xsm_console_io(...) would then
need to be updated accordingly.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
2018-06-13 22:15 [PATCH RFC 00/15] dom0less step1: boot multiple domains from device tree Stefano Stabellini
@ 2018-06-13 22:15 ` Stefano Stabellini
2018-06-14 15:33 ` Julien Grall
0 siblings, 1 reply; 4+ messages in thread
From: Stefano Stabellini @ 2018-06-13 22:15 UTC (permalink / raw)
To: julien.grall
Cc: artem_mygaiev, Stefano Stabellini, sstabellini, andrii_anisov,
George.Dunlap, andrew.cooper3, ian.jackson, xen-devel, tim,
jbeulich, wei.liu2, dgdegra
This is very useful when starting multiple domains from Xen without
xenstore access. It will allow them to print out to the Xen console.
Signed-off-by: Stefano Stabellini <stefanos@xilinx.com>
CC: andrew.cooper3@citrix.com
CC: George.Dunlap@eu.citrix.com
CC: ian.jackson@eu.citrix.com
CC: jbeulich@suse.com
CC: konrad.wilk@oracle.com
CC: tim@xen.org
CC: wei.liu2@citrix.com
CC: dgdegra@tycho.nsa.gov
---
If there is a better way to do this with XSM, please advise.
---
xen/drivers/char/console.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index 0f05369..dc9e0bb 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -555,9 +555,11 @@ long do_console_io(int cmd, int count, XEN_GUEST_HANDLE_PARAM(char) buffer)
long rc;
unsigned int idx, len;
+#ifndef CONFIG_ARM
rc = xsm_console_io(XSM_OTHER, current->domain, cmd);
if ( rc )
return rc;
+#endif
switch ( cmd )
{
--
1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-06-14 21:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-14 16:18 [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM DeGraaf, Daniel G
2018-06-14 21:01 ` Stefano Stabellini
-- strict thread matches above, loose matches on Subject: below --
2018-06-13 22:15 [PATCH RFC 00/15] dom0less step1: boot multiple domains from device tree Stefano Stabellini
2018-06-13 22:15 ` [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM Stefano Stabellini
2018-06-14 15:33 ` Julien Grall
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.