Am Mon, 21 Aug 2017 17:20:56 -0700 schrieb Gustavo Lima Chaves <[email protected]>:
> Hi, > > what's the intention with the current design where inmates have access > to cell_state (COMM_REGION_GENERIC_HEADER)? Is this safe? I was able > to replicate what apic-demo.c does WRT that in a Zephyr binary as > well, just to be sure. I am afraid i do not get the question. With "have access" you mean they can read and write the value and the change becomes visible to others i.e. hypervisor and root-cell? There are three values that actually have a meaning and change the behavior of the hypervisor (_FAILED, _SHUT_DOWN and RUNNING_LOCKED). Setting itself to FAILED or SHUT_DOWN the cell would not receive messages anymore, does not seem too bad for others. And we already discussed what RUNNING_LOCKED is for. Could you describe a scenario where the control of this variable is unsafe/problematic? > Isn't ./tools/jailhouse cell list or, better yet, > /sys/devices/jailhouse/cells/XXX/state a means for the root cell to > watch cell states in order to act on them (assuming "open" model from > https://events.linuxfoundation.org/sites/events/files/slides/ELCE2016-Jailhouse-Tutorial.pdf)? > If so, how can we trust the cells setting their states and not the > hypervisor only? I think the only case in which a cell would want to / have to set the state itself is RUNNING_LOCKED. You can probably invent a few custom states that only your cell and your rootcell sysfs watchdog know about, if you want to have such a thing. Maybe you have an example for the problematic case where a cell fails to update its state causing trouble in the rest of the system? Henning > Regards, > -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
