xen-devel

[Top] [All Lists]

Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch

from [Stefan Berger]

[Permanent Link][Original]

To:	"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject:	Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch
From:	Stefan Berger <stefanb@xxxxxxxxxx>
Date:	Fri, 9 Mar 2007 17:01:34 -0500
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx, Keir Fraser <keir@xxxxxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx, xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Fri, 09 Mar 2007 14:00:50 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<1173470696.24363.29.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 03/09/2007 03:04:56 PM: > On Fri, 2007-03-09 at 12:51 -0500, Stefan Berger wrote: > > > > xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 03/09/2007 11:55:11 AM: > > > > > On Fri, 2007-03-09 at 09:43 +0000, Keir Fraser wrote: > > > > On 8/3/07 19:58, "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> > > wrote: > > > > > > > > > > > > To achieve a very light-weight > > > > > domain, one would like to remove as much functionality from that > > domain > > > > > as possible, to include the interrupt handler. Instead, there > > would > > > > > exist a light-weight domain interrupt handler domain that is > > responsible > > > > > for this functionality. These interrupts would manifest as > > interdomain > > > > > channels; however, the ipi mechanism remains unless a hook > > exists to > > > > > block this code path. Likewise, the light-weight domains > > wouldn't be > > > > > able to close their channels arbitrarily, and require a check on > > close > > > > > as well. > > > > > > > > I think this sounds like a microkernel-style 'interrupt server'? > > Why would > > > > you want that? And if you did have it, why would you care about > > the clients > > > > of this server closing their ends of interdomain event channels? > > > > > > > Fair enough. I'll remove the close check, although we will still > > need a > > > hook in the close code path for cleanup. > > > > > > > There's also a mediation in evtchn_init() [.evtchn_init]. evtchn_init > > () is called from one since place only and that is domain_create(), > > which in turn is behind the xsm_createdomain() mediation call > > [.createdomain]. I suppose it would be enough to guard the creation of > > a domain by the xsm_createdomain() hook only, no? > > > In light of the other comments, you are correct.

Why is there mediation in evtchn_reset [.evtchn_reset]? It looks like the code tries to only close an event channel if necessary. I suppose that once you have been allowed to open an event channel you should be able to reset (close) it.

Stefan
> > > Stefan > > > > > > > > -- Keir > > > > > > > > > _______________________________________________ > > > Xen-devel mailing list > > > Xen-devel@xxxxxxxxxxxxxxxxxxx > > > http://lists.xensource.com/xen-devel > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, (continued) Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, Alex Williamson Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, Keir Fraser Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, Keir Fraser Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, Keir Fraser Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, Stefan Berger Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, Stefan Berger <= Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, Keir Fraser Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II

Previous by Date:	[Xen-devel] Testing status of HVM (Intel VT) on 64bit XEN unstable c/s 14201, Ed Smith
Next by Date:	[Xen-devel] Re: [XenPPC] Re: New domain builder in xen-unstable, Hollis Blanchard
Previous by Thread:	Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II
Next by Thread:	Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II
Indexes:	[Date] [Thread] [Top] [All Lists]