From: Jan Beulich <jbeulich@suse.com>
To: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Cc: sstabellini@kernel.org, julien@xen.org,
Volodymyr_Babchuk@epam.com, andrew.cooper3@citrix.com,
george.dunlap@citrix.com, iwj@xenproject.org, wl@xen.org,
roger.pau@citrix.com, tamas@tklengyel.com, tim@xen.org,
jgross@suse.com, aisaila@bitdefender.com,
ppircalabu@bitdefender.com, dfaggioli@suse.com, paul@xen.org,
kevin.tian@intel.com, dgdegra@tycho.nsa.gov,
adam.schwalm@starlab.io, scott.davis@starlab.io,
xen-devel@lists.xenproject.org
Subject: Re: [RFC PATCH 08/10] xsm-silo: convert silo over to domain roles
Date: Thu, 8 Jul 2021 15:17:42 +0200 [thread overview]
Message-ID: <da689bf7-0e39-fdc6-c3f9-2ec1200f8f48@suse.com> (raw)
In-Reply-To: <20210514205437.13661-9-dpsmith@apertussolutions.com>
On 14.05.2021 22:54, Daniel P. Smith wrote:
> --- a/xen/xsm/silo.c
> +++ b/xen/xsm/silo.c
> @@ -17,9 +17,11 @@
> * You should have received a copy of the GNU General Public License along with
> * this program; If not, see <http://www.gnu.org/licenses/>.
> */
> -#define XSM_NO_WRAPPERS
> -#include <xsm/dummy.h>
>
> +#include <xsm/xsm.h>
> +#include <xsm/roles.h>
> +
> +#define SILO_ALLOWED_ROLES ( XSM_DOM_SUPER | XSM_DEV_BACK )
Assuming XSM_DEV_BACK means (or at least may also mean) a backend outside
of Dom0 serving another domain's frontend, ...
> @@ -29,8 +31,10 @@ static bool silo_mode_dom_check(const struct domain *ldom,
> {
> const struct domain *currd = current->domain;
>
> - return (is_control_domain(currd) || is_control_domain(ldom) ||
> - is_control_domain(rdom) || ldom == rdom);
> + return ( currd->xsm_roles & SILO_ALLOWED_ROLES ||
> + ldom->xsm_roles & SILO_ALLOWED_ROLES ||
> + rdom->xsm_roles & SILO_ALLOWED_ROLES ||
> + ldom == rdom );
... I don't think this is an appropriate conversion. Aiui a backend in
a driver domain is out of reach for a domain in SILO mode.
Jan
next prev parent reply other threads:[~2021-07-08 13:18 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-14 20:54 [RFC PATCH 00/10] xsm: introducing domain roles Daniel P. Smith
2021-05-14 20:54 ` [RFC PATCH 01/10] headers: introduce new default privilege model Daniel P. Smith
2021-06-18 13:56 ` Jan Beulich
2021-05-14 20:54 ` [RFC PATCH 02/10] control domain: refactor is_control_domain Daniel P. Smith
2021-06-18 14:02 ` Jan Beulich
2021-05-14 20:54 ` [RFC PATCH 03/10] xenstore: migrate to default privilege model Daniel P. Smith
2021-05-14 20:54 ` [RFC PATCH 04/10] xsm: convert rewrite privilege check function Daniel P. Smith
2021-06-18 14:14 ` Jan Beulich
2021-05-14 20:54 ` [RFC PATCH 05/10] hardware domain: convert to domain roles Daniel P. Smith
2021-06-18 14:47 ` Jan Beulich
2021-05-14 20:54 ` [RFC PATCH 06/10] xsm-roles: covert the dummy system to roles Daniel P. Smith
2021-05-14 20:54 ` [RFC PATCH 07/10] xsm-roles: adjusting core xsm Daniel P. Smith
2021-05-14 20:54 ` [RFC PATCH 08/10] xsm-silo: convert silo over to domain roles Daniel P. Smith
2021-07-08 13:17 ` Jan Beulich [this message]
2021-05-14 20:54 ` [RFC PATCH 09/10] xsm-flask: clean up for domain roles conversion Daniel P. Smith
2021-05-14 20:54 ` [RFC PATCH 10/10] common/Kconfig: updating Kconfig for domain roles Daniel P. Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=da689bf7-0e39-fdc6-c3f9-2ec1200f8f48@suse.com \
--to=jbeulich@suse.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=adam.schwalm@starlab.io \
--cc=aisaila@bitdefender.com \
--cc=andrew.cooper3@citrix.com \
--cc=dfaggioli@suse.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=dpsmith@apertussolutions.com \
--cc=george.dunlap@citrix.com \
--cc=iwj@xenproject.org \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=kevin.tian@intel.com \
--cc=paul@xen.org \
--cc=ppircalabu@bitdefender.com \
--cc=roger.pau@citrix.com \
--cc=scott.davis@starlab.io \
--cc=sstabellini@kernel.org \
--cc=tamas@tklengyel.com \
--cc=tim@xen.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).