On 08/30/2018 10:28 AM, Juergen Gross wrote:
> On 30/08/18 10:26, Jan Beulich wrote:
> On 30.08.18 at 09:52, wrote:
>>> @@ -202,7 +202,7 @@ static int alloc_trace_bufs(unsigned int pages)
>>> * Allocate buffers for all of the cpus.
>>> * If any fails, deallocate what you have so fa
On 09/13/2018 04:46 PM, Wei Liu wrote:
> On Thu, Sep 06, 2018 at 05:20:53PM +0100, George Dunlap wrote:
>> On 09/04/2018 05:15 PM, Wei Liu wrote:
>>> These functions are only useful for nested hvm, which isn't enabled
>>> when CONFIG_HVM is false.
>>>
On 09/04/2018 05:15 PM, Wei Liu wrote:
> They all incorrectly named a parameter virtual address while it should
> have been linear address.
>
> Requested-by: Andrew Cooper
> Signed-off-by: Wei Liu
> Acked-by: Jan Beulich
> Reviewed-by: Kevin Tian
> Acked-by: Boris Ostr
e whole the
better scheduler to use by default. And in any case, making those
improvements on credit2 will be easier than on credit.
Signed-off-by: George Dunlap
---
CC: Ian Jackson
CC: Wei Liu
CC: Andrew Cooper
CC: Jan Beulich
CC: Tim Deegan
CC: Stefano Stabellini
CC: Konrad Wilk
CC: Dar
On 09/04/2018 05:15 PM, Wei Liu wrote:
> Nested HVM is not enabled when !CONFIG_HVM.
>
> Signed-off-by: Wei Liu
Acked-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
opulate those RAM regions and copy the data.
>
> Note that this allows to remove unshare_xen_page_with_guest since the
> only caller was the PVH Dom0 builder.
>
> Signed-off-by: Roger Pau Monné
Removing unshare_xen_page_with_guest() once it'
> On Sep 18, 2018, at 8:15 AM, Pasi Kärkkäinen wrote:
>
> Hi,
>
> On Mon, Sep 17, 2018 at 02:06:02PM -0400, Boris Ostrovsky wrote:
>> On 9/16/18 7:43 AM, Pasi Kärkkäinen wrote:
>>> Hi,
>>>
>>> On Mon, Dec 18, 2017 at 12:32:11PM -0500, Boris Ostrovsky wrote:
On 12/18/2017 02:36 AM, Jan Be
ion for a structure of a single
int, but there's no point in leaving ourselves work to do later when we
add a second byte. :-)
Reviewed-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 09/18/2018 12:10 PM, Juergen Gross wrote:
> On 18/09/18 12:32, Jan Beulich wrote:
> On 18.09.18 at 08:02, wrote:
>>> Instead of using binary hypervisor interfaces for new parameters of
>>> domains or cpupools this patch series adds support for generic text
>>> based parameter parsing.
>>>
>
On 09/18/2018 12:19 PM, Jan Beulich wrote:
On 18.09.18 at 13:02, wrote:
>> On 18/09/18 12:32, Jan Beulich wrote:
>> On 18.09.18 at 08:02, wrote:
Instead of using binary hypervisor interfaces for new parameters of
domains or cpupools this patch series adds support for generic te
On 09/18/2018 12:23 PM, Jan Beulich wrote:
On 18.09.18 at 13:20, wrote:
>> On 09/18/2018 12:19 PM, Jan Beulich wrote:
>> On 18.09.18 at 13:02, wrote:
On 18/09/18 12:32, Jan Beulich wrote:
On 18.09.18 at 08:02, wrote:
>> Instead of using binary hypervisor interfaces for
On 09/18/2018 12:32 PM, Juergen Gross wrote:
> On 18/09/18 13:20, Jan Beulich wrote:
> On 18.09.18 at 13:10, wrote:
>>> On 18/09/18 12:32, Jan Beulich wrote:
>>> On 18.09.18 at 08:02, wrote:
> Instead of using binary hypervisor interfaces for new parameters of
> domains or cpupool
any attempts to update to a new version of upstream grub1,
> but it seems unlikely that such a thing will ever happen.
>
> Signed-off-by: Ian Jackson
This all seems reasonable to me:
Acked-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 09/18/2018 02:36 PM, Juergen Gross wrote:
> On 18/09/18 15:25, George Dunlap wrote:
>> On 09/18/2018 12:32 PM, Juergen Gross wrote:
>>> On 18/09/18 13:20, Jan Beulich wrote:
>>>>>>> On 18.09.18 at 13:10, wrote:
>>>>> On 18/09/18 12:32, Jan
On 09/18/2018 03:57 PM, Juergen Gross wrote:
> On 18/09/18 15:57, George Dunlap wrote:
>> On 09/18/2018 02:36 PM, Juergen Gross wrote:
>>> On 18/09/18 15:25, George Dunlap wrote:
>>>> On 09/18/2018 12:32 PM, Juergen Gross wrote:
>>>>> On 18/09/18 13:20
On 09/14/2018 10:02 AM, Wei Liu wrote:
> On Fri, Sep 14, 2018 at 02:45:35AM -0600, Jan Beulich wrote:
>>>>> On 13.09.18 at 18:51, wrote:
>>> On Thu, 2018-09-13 at 17:38 +0100, George Dunlap wrote:
>>>> Credit2 was declared "supported" in 4.8, an
On 09/14/2018 01:29 PM, Dario Faggioli wrote:
> On Fri, 2018-09-14 at 09:45 +0100, Jan Beulich wrote:
> On 13.09.18 at 18:51, wrote:
>>> I fully agree with and second George's reasoning, and feel 100%
>>> like
>>> providing my:
>>>
>>> Acked-by: Dario Faggioli
>>
>> And that's despite "sched=
On 09/03/2018 09:25 AM, Razvan Cojocaru wrote:
> When an new altp2m view is created very early on guest boot, the
> display will freeze (although the guest will run normally). This
> may also happen on resizing the display. The reason is the way
> Xen currently (mis)handles logdirty VGA: it intenti
On 09/19/2018 01:15 PM, George Dunlap wrote:
> On 09/03/2018 09:25 AM, Razvan Cojocaru wrote:
>> When an new altp2m view is created very early on guest boot, the
>> display will freeze (although the guest will run normally). This
>> may also happen on resizing the display.
On 09/19/2018 02:01 PM, Razvan Cojocaru wrote:
> On 9/19/18 3:15 PM, George Dunlap wrote:
>> Hey Razvan, thanks for doing this, and sorry it's taken so long to respond.
>
> No problem, thanks for the review!
>
>>> We should discuss if just copying over
>>&
On 09/19/2018 03:09 PM, Razvan Cojocaru wrote:
> On 9/19/18 3:15 PM, George Dunlap wrote:
>>> * has p2m_init_altp2m_ept() copy over max_mapped_pfn,
>>> logdirty_ranges, global_logdirty, ept.ad and default_access
>>> from the hostp2m (the latter more for complet
On 09/12/2018 06:03 PM, Andrii Anisov wrote:
> From: Andrii Anisov
>
> For different keyhandlers, replace a hex with delimiter representation
> of time to PRI_stime which is decimal ns currently.
>
> Signed-off-by: Andrii Anisov
Acked
On 09/03/2018 04:48 PM, Adrian Pop wrote:
> Introduce a new hvmop, HVMOP_altp2m_set_suppress_ve, which allows a
> domain to change the value of the #VE suppress bit for a page.
>
> Add a libxc wrapper for invoking this hvmop.
>
> Signed-off-by: Adrian Pop
> Acked-by: Wei Liu
> Acked-by: Tamas K
On 09/03/2018 04:48 PM, Adrian Pop wrote:
> Signed-off-by: Adrian Pop
> ---
> tools/libxc/include/xenctrl.h | 2 ++
> tools/libxc/xc_altp2m.c | 26 +++
> xen/arch/x86/hvm/hvm.c | 19 ++
> xen/arch/x86/mm/mem_access.c| 45
On Tue, Sep 4, 2018 at 6:00 AM Adrian Pop wrote:
>
> In a classic HVI + Xen setup, the introspection engine would monitor
> legacy guest page-tables by marking them read-only inside the EPT; this
> way any modification explicitly made by the guest or implicitly made by
> the CPU page walker would
On Thu, Sep 20, 2018 at 3:55 PM Razvan Cojocaru
wrote:
>
> On 9/20/18 5:42 PM, George Dunlap wrote:
> > I do have a question about your proposed use case. You're running
> > this in 'mixed' mode, right, and using the altp2m to hide a secure bit
> > of cod
re to
look.
Suggested-by: Ross Lagerwall
Signed-off-by: George Dunlap
---
Not sure the best way to get XEN_RUN_DIR; having configure process this
file seems like a bit overkill.
CC: Ian Jackson
CC: Wei Liu
CC: Anthony Perard
---
docs/designs/qemu-deprivilege.md | 12 +++---
tools/libxl/
- RLIMIT_MEMLOCK: 0
NB that we do not yet set RLIMIT_AS (total virtual memory) or
RLIMIT_NOFILES (number of open files), since these require more care
and/or more coordination with QEMU to implement.
Suggested-by: Ross Lagerwall
Signed-off-by: George Dunlap
---
CC: Ian Jackson
CC: Wei Liu
CC: Anthony Perard
QEMU has a `sandbox` feature, wherein it will use seccomp2 to restrict
what system calls it is able to make.
Suggested-by: Ross Lagerwall
Signed-off-by: George Dunlap
---
This can't be checked in as-is, because `-sandbox` support may not have
been compiled in. We therefore need to eithe
implemented.
Signed-off-by: George Dunlap
---
CC: Ian Jackson
CC: Wei Liu
CC: Stefano Stabellini
CC: Anthony Perard
CC: Ross Lagerwall
---
tools/tests/depriv/depriv-process-checker.sh | 71
1 file changed, 71 insertions(+)
create mode 100755 tools/tests/depriv/depriv-process
pace (or at least, a different one than the
caller).
Suggested-by: Ross Lagerwall
Signed-off-by: George Dunlap
---
CC: Ian Jackson
CC: Wei Liu
CC: Anthony Perard
---
docs/designs/qemu-deprivilege.md | 12 ++--
tools/libxl/libxl_dm.c | 2 ++
tools/l
he future.
The idea here is that as we implement the various items for the
future, we move them from "Restrictions still to do" to "Restrictions
done". This can also act as a design document -- a place for public
discussion of what can or should be done and how.
Signed-off
Sorry, looks like this may not have gone through.
-G
On Thu, Sep 20, 2018 at 5:08 PM George Dunlap wrote:
>
> On Thu, Sep 20, 2018 at 4:53 PM Razvan Cojocaru
> wrote:
> >
> > On 9/20/18 2:34 PM, George Dunlap wrote:
> > >> +int p2m_set_suppress_ve(struct domai
On 09/24/2018 09:20 AM, Paul Durrant wrote:
>> -Original Message-
>> From: Xen-devel [mailto:xen-devel-boun...@lists.xenproject.org] On Behalf
>> Of George Dunlap
>> Sent: 21 September 2018 18:04
>> To: xen-devel@lists.xenproject.org
>> Cc: Antho
On 09/24/2018 11:49 AM, Ian Jackson wrote:
> George Dunlap writes ("[PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU
> sandboxing"):
>> QEMU has a `sandbox` feature, wherein it will use seccomp2 to restrict
>> what system calls it is able to make.
> ...
>&
On 09/24/2018 11:23 AM, Ian Jackson wrote:
> George Dunlap writes ("[PATCH v2 1/6] docs/qemu-deprivilege: Revise and
> update with status and future plans"):
>> +## Xen library / file-descriptor restrictions
>> +
>> +'''Description&#x
On 09/24/2018 02:04 PM, Ian Jackson wrote:
> George Dunlap writes ("Re: [PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU
> sandboxing"):
>> From qemu-depriv.md:
>>
>> `elevateprivileges` is currently required to allow `-runas` to work.
>> Removing this
On 09/24/2018 11:40 AM, Ian Jackson wrote:
> George Dunlap writes ("[PATCH v2 4/6] tools/dm_restrict: Unshare mount and
> IPC namespaces on Linux"):
>> QEMU running under Xen doesn't need mount or IPC functionality.
>> Create and enter separate namespaces for
On 09/24/2018 12:21 PM, Ian Jackson wrote:
> Apropos of our conversation on IRC, I looked at the checker script in
> detail.
>
>> #!/bin/bash
>>
>> domain="$1"
>
> Just noticed this, but: OMG no `set -e'.
> You probably want `set -o pipefail' too.
`set -e` never made any sense to me -- that's no
On 09/24/2018 11:48 AM, Ian Jackson wrote:
>> +if (rc < 0) {
>> +char *msg = GCSPRINTF("libxl: Setting rlimit %d to %lld failed
>> with error %d\n",
>> + rlimits[i].resource,
>
> If you cared very much about the error handling, you could produc
On 09/24/2018 11:57 AM, Ian Jackson wrote:
> George Dunlap writes ("[PATCH v2 2/6] test/depriv: Add a tool to check
> process-level depriv"):
>> Add a tool to check whether the various process-level deprivileging
>> operations have actually taken place on the proces
On 09/23/2018 06:04 PM, Razvan Cojocaru wrote:
> Move p2m_{get/set}_suppress_ve() to p2m.c, replace incorrect
> ASSERT() in p2m-pt.c (since a guest can run in shadow mode even on
> a system with virt exceptions, which would trigger the ASSERT()),
> and move the VMX-isms (cpu_has_vmx_virt_exceptions
On 09/21/2018 04:54 PM, Wei Liu wrote:
> These functions are only useful for nested hvm, which isn't enabled
> when CONFIG_HVM is false.
>
> Enclose relevant code and fields in CONFIG_HVM.
>
> Signed-off-by: Wei Liu
> Acked-by: Jan Beulich
ose fields
> under CONFIG_HVM.
>
> Signed-off-by: Wei Liu
Looks great, thanks:
Reviewed-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
}
> +#else
> +
> +static inline bool altp2m_active(const struct domain *d)
> +{
> +return false;
> +}
> +
> +uint16_t altp2m_vcpu_idx(const struct vcpu *v);
Hmm, this looks like another, "I assume calls to this function will be
optimized
On 09/24/2018 04:45 PM, Razvan Cojocaru wrote:
> On 9/24/18 6:25 PM, George Dunlap wrote:
>> On 09/23/2018 06:04 PM, Razvan Cojocaru wrote:
>>> Move p2m_{get/set}_suppress_ve() to p2m.c, replace incorrect
>>> ASSERT() in p2m-pt.c (since a guest can run in shadow mode eve
On Tue, Sep 25, 2018 at 9:37 AM Razvan Cojocaru
wrote:
>
> Move p2m_{get/set}_suppress_ve() to p2m.c, replace incorrect
> ASSERT() in p2m-pt.c (since a guest can run in shadow mode even on
> a system with virt exceptions, which would trigger the ASSERT()),
> move the VMX-isms (cpu_has_vmx_virt_exc
On 09/25/2018 09:36 AM, Razvan Cojocaru wrote:
> Move p2m_{get/set}_suppress_ve() to p2m.c, replace incorrect
> ASSERT() in p2m-pt.c (since a guest can run in shadow mode even on
> a system with virt exceptions, which would trigger the ASSERT()),
> move the VMX-isms (cpu_has_vmx_virt_exceptions che
On 09/24/2018 01:59 PM, Andrew Cooper wrote:
> There is no need to duplicate the contents of the skip block.
>
> While cleaning up this function, change 4 ints to be unsigned.
>
> Signed-off-by: Andrew Cooper
Reviewed-by: George Dunlap
On 09/24/2018 02:00 PM, Andrew Cooper wrote:
> Callers of p2m_pod_zero_check() pass a count of up to POD_SWEEP_STRIDE.
> Move the definition of POD_SWEEP_STRIDE and give the arrays a fixed
> bound.
>
> Signed-off-by: Andrew Cooper
Reviewed-by
On 03/06/2018 07:05 PM, Wei Liu wrote:
> On Tue, Mar 06, 2018 at 06:18:12PM +0000, George Dunlap wrote:
>> On 03/06/2018 06:08 PM, Wei Liu wrote:
>>> On Tue, Mar 06, 2018 at 05:08:43PM +0000, George Dunlap wrote:
>>>> We don't promise to protect you against ro
On 09/25/2018 12:02 PM, Ian Jackson wrote:
> George Dunlap writes ("Re: [PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU
> sandboxing"):
>> On 09/24/2018 12:21 PM, Ian Jackson wrote:
>>> Just noticed this, but: OMG no `set -e'.
>>> You probably wan
t_exceptions checks) to
> p2m_ept_{get/set}_entry(), and fix locking code in
> p2m_get_suppress_ve().
>
> Signed-off-by: Razvan Cojocaru
Reviewed-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://list
On 09/26/2018 09:17 AM, Isaila Alexandru wrote:
> On Wed, 2018-07-25 at 04:37 -0600, Jan Beulich wrote:
> On 25.07.18 at 11:25, wrote:
>>>
>>> On 07/24/2018 01:02 PM, Jan Beulich wrote:
>>> On 24.07.18 at 13:26, wrote:
>
> On 07/24/2018 09:55 AM, Jan Beulich wrote:
> On 23
On Mon, Jul 23, 2018 at 2:48 PM Alexandru Isaila
wrote:
>
> From: Isaila Alexandru
>
> This patch adds access control for NPT mode.
>
> There aren’t enough extra bits to store the access rights in the NPT p2m
> table, so we add a radix tree to store the rights. For efficiency,
> remove entries w
[Resending]
On Wed, Sep 26, 2018 at 5:02 PM George Dunlap
wrote:
>
> On Mon, Jul 23, 2018 at 2:48 PM Alexandru Isaila
> wrote:
> >
> > From: Isaila Alexandru
> >
> > This patch adds access control for NPT mode.
> >
> > There aren’t enough extra b
particular, gla_valid will never be set on AMD systems; but
npfec.kind will still be valid and should still be propagated.
Signed-off-by: Alexandru Isaila
Signed-off-by: George Dunlap
---
CC: Andrew Cooper
CC: Jan Beulich
CC: Tim Deegan
CC: Tamas K Lengyel
CC: Razvan Cojocaru
---
xen/a
la
Signed-off-by: George Dunlap
---
NB, this is compile-tested only.
cc'ing Paul because this is functionality he may want at some point in
the future.
I'm not sure why we only allow 'int' to be stored in the radix tree,
but that throws away 30-some bits we could otherwise us
On 09/27/2018 08:04 AM, Jan Beulich wrote:
>>>> On 26.09.18 at 19:00, wrote:
>> On 26/09/18 17:47, George Dunlap wrote:
>>> --- a/xen/arch/x86/mm/mem_access.c
>>> +++ b/xen/arch/x86/mm/mem_access.c
>>> @@ -232,12 +232,12 @@ bool p2m_mem_acc
[Moving to xen-devel]
Daniel,
Any comments on this one?
-George
On Wed, Sep 26, 2018 at 12:41 PM wrote:
>
> Hi,
>
> I just noticed from a bad behaviour of my installation and the
> security_iterate_iomem_sids
> function that the iomem ranges have to be sorted in the device_contexts file.
> Th
On 09/26/2018 06:22 PM, Andrew Cooper wrote:
> On 26/09/18 17:47, George Dunlap wrote:
>> From: Isaila Alexandru
>>
>> This patch adds access control for NPT mode.
>>
>> There aren’t enough extra bits to store the access rights in the NPT p2m
>> table
particular, gla_valid will never be set on AMD systems; but
npfec.kind will still be valid and should still be propagated.
Signed-off-by: Alexandru Isaila
Signed-off-by: George Dunlap
---
Changes since RFC:
- Use switch() rather than a series of if's
- Adjust spacing
CC: Andrew Cooper
CC: Jan B
On Tue, Sep 25, 2018 at 12:20 PM Anthony PERARD
wrote:
>
> On Fri, Sep 21, 2018 at 06:04:23PM +0100, George Dunlap wrote:
> > +## Migration
> > +
> > +When calling xen-save-devices-state, since QEMU is running in a chroot
> > +it is not useful to pass a filename (it
On 10/01/2018 12:11 PM, Razvan Cojocaru wrote:
>
>
> On 10/1/18 1:39 PM, Jan Beulich wrote:
> On 01.10.18 at 11:58, wrote:
>>> Changes since V1:
>>> - Removed unnecessary p2m_lock() in p2m_init_altp2m_ept().
>>
>> This was a step in the right direction, but ...
>>
>>> static void ept_enabl
On 10/01/2018 02:12 PM, Andrew Cooper wrote:
> On 01/10/18 12:13, Jan Beulich wrote:
> On 01.10.18 at 11:58, wrote:
>>> Having the allocator return unscrubbed pages is a potential security
>>> concern: some domain can be given pages with memory contents of another
>>> domain. This may happen,
On 10/01/2018 12:25 PM, Jan Beulich wrote:
On 01.10.18 at 12:52, wrote:
>> Olaf Hering writes ("Re: [PATCH v9] new config option vtsc_tolerance_khz to
>> avoid TSC emulation"):
>>> Am Thu, 13 Sep 2018 09:39:13 +0200
>>> schrieb Olaf Hering :
this patch was not applied yet, even after a
On 10/01/2018 02:44 PM, Boris Ostrovsky wrote:
> On 10/1/18 9:12 AM, Andrew Cooper wrote:
>> On 01/10/18 12:13, Jan Beulich wrote:
>> On 01.10.18 at 11:58, wrote:
Having the allocator return unscrubbed pages is a potential security
concern: some domain can be given pages with memory
On 10/01/2018 02:44 PM, Sergey Dyasli wrote:
> On Mon, 2018-10-01 at 07:38 -0600, Jan Beulich wrote:
> On 01.10.18 at 15:12, wrote:
>>>
>>> On 01/10/18 12:13, Jan Beulich wrote:
>>> On 01.10.18 at 11:58, wrote:
>
> Having the allocator return unscrubbed pages is a potential securi
On 10/01/2018 03:00 PM, Jan Beulich wrote:
On 01.10.18 at 15:38, wrote:
>> On 10/01/2018 12:25 PM, Jan Beulich wrote:
>>> I think the main concern
>>> was with the way migration of the new value was implemented. But I
>>> really have to defer to Andrew for that, irrespective of him not
>>> ha
On 10/01/2018 04:17 PM, Wei Liu wrote:
> On Mon, Oct 01, 2018 at 09:10:25AM -0600, Jan Beulich wrote:
> On 01.10.18 at 16:33, wrote:
>>> On Mon, Oct 01, 2018 at 03:04:02AM -0600, Jan Beulich wrote:
>>> On 30.09.18 at 23:59, wrote:
> flight 128240 xen-unstable real [real]
> http://
On 09/28/2018 05:19 PM, Razvan Cojocaru wrote:
> On 9/28/18 6:55 PM, Jan Beulich wrote:
> On 28.09.18 at 17:25, wrote:
>>> On 9/28/18 5:52 PM, Jan Beulich wrote:
>>> On 28.09.18 at 13:55, wrote:
> @@ -1218,34 +1219,67 @@ static void ept_tlb_flush(struct p2m_domain *p2m)
> ept
On 10/01/2018 04:40 PM, Andrew Cooper wrote:
> On 01/10/18 16:35, Wei Liu wrote:
>> On Mon, Oct 01, 2018 at 04:19:07PM +0100, George Dunlap wrote:
>>> On 10/01/2018 04:17 PM, Wei Liu wrote:
>>>> On Mon, Oct 01, 2018 at 09:10:25AM -0600, Jan Beulich wrote:
>>
On 10/01/2018 06:58 PM, Dario Faggioli wrote:
> On Mon, 2018-10-01 at 18:07 +0200, Juergen Gross wrote:
>> On 01/10/2018 17:48, George Dunlap wrote:
>>> On 10/01/2018 04:40 PM, Andrew Cooper wrote:
>>>> On 01/10/18 16:35, Wei Liu wrote:
>>>>>&
rent scheduler for that domain.
In domcreate_stream_done(), before calling libxl__build_post(), set
the scheduler to LIBXL_SCHEDULER_UNKNOWN. This will propagate
scheduler parameters from the previous instantiation on a best-effort
basis.
Signed-off-by: George Dunlap
---
CC: Ian Jackson
CC: Wei L
On 10/02/2018 04:49 PM, George Dunlap wrote:
> Commit 3b4adba ("tools/libxl: include scheduler parameters in the
> output of xl list -l") added scheduling parameters to the set of
> information collected by libxl_retrieve_domain_configuration(), in
> order to report that info
On 10/02/2018 04:49 PM, George Dunlap wrote:
> Commit 3b4adba ("tools/libxl: include scheduler parameters in the
> output of xl list -l") added scheduling parameters to the set of
> information collected by libxl_retrieve_domain_configuration(), in
> order to report that info
On Tue, Oct 2, 2018 at 3:20 PM Juergen Gross wrote:
>
> Today the domain config info contains the cpupool name the domain was
> started in only if the cpupool was specified at domain creation. Moving
> the domain to another cpupool later won't change that information.
>
> Correct that by modifying
On Wed, Oct 3, 2018 at 12:29 PM Wei Liu wrote:
>
> On Wed, Oct 03, 2018 at 12:02:24PM +0100, George Dunlap wrote:
> > On Tue, Oct 2, 2018 at 3:20 PM Juergen Gross wrote:
> > >
> > > Today the domain config info contains the cpupool name the domain was
> >
On Wed, Oct 3, 2018 at 12:45 PM George Dunlap wrote:
>
> On Wed, Oct 3, 2018 at 12:29 PM Wei Liu wrote:
> >
> > On Wed, Oct 03, 2018 at 12:02:24PM +0100, George Dunlap wrote:
> > > On Tue, Oct 2, 2018 at 3:20 PM Juergen Gross wrote:
> > > >
> >
On 09/26/2018 08:04 AM, Jan Beulich wrote:
On 25.09.18 at 18:22, wrote:
>> On 18/09/18 13:44, Jan Beulich wrote:
>> On 10.09.18 at 16:02, wrote:
Rather than unconditionally using vCPU 0, use the current vCPU if the
subject domain is the current one.
Signed-off-by: Jan
On 10/04/2018 11:51 AM, Juergen Gross wrote:
> Modify the xentrace utility to allow sparse cpu list resulting in not
> all possible cpus having a trace buffer allocated.
>
> Signed-off-by: Juergen Gross
This looks good:
Reviewed-by: George Dunlap
Would you mind if I fold in
force maximum value for an unsigned type */
> @@ -151,11 +151,11 @@ static int calculate_tbuf_size(unsigned int pages,
> uint16_t t_info_first_offset)
> * NB this calculation is correct, because t_info_first_offset is
> * in words, not bytes, not bytes
> */
This sound
y: Paul Durrant
> Reviewed-by: Wei Liu
> Reviewed-by: Kevin Tian
> Reviewed-by: Roger Pau Monne
> Acked-by: Jan Beulich
> Acked-by: Julien Grall
Reviewed-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https:
On 10/04/2018 04:20 PM, Jan Beulich wrote:
On 04.10.18 at 16:56, wrote:
>> The biggest problem here is p2m->logdirty_ranges. This patch will
>> (justly) not work, because struct rangeset is only forward-declared in
>> xen/rangeset.h, so an incomplete type here:
>>
>> -void p2m_init_altp2m_ept
On 10/04/2018 04:45 PM, Jan Beulich wrote:
On 04.10.18 at 17:34, wrote:
>> On 10/04/2018 04:20 PM, Jan Beulich wrote:
>> On 04.10.18 at 16:56, wrote:
The biggest problem here is p2m->logdirty_ranges. This patch will
(justly) not work, because struct rangeset is only forward-dec
> p2m-common.h so that it is possible to declare
> check_get_page_from_gfn() there rather than having to add
> duplicate declarations in the per-architecture p2m headers.
>
> Signed-off-by: Paul Durrant
> Reviewed-by: Roger Pau Monne
> Reviewed-by: Jan Beuli
passthrough/pci.c:assign_device() which has simply been
> removed since it appears to be unnecessary.
>
> NOTE: There are some callers of need_iommu() that strictly operate on
> the hardware domain. In some of these case a more global flag is
> used instead.
>
> Sign
appings.
>
> Signed-off-by: Paul Durrant
> Reviewed-by: Kevin Tian
> Acked-by: Julien Grall
Acked-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 10/04/2018 11:45 AM, Paul Durrant wrote:
> This patch removes the implicit domain_crash() from iommu_map(),
> unmap_page() and iommu_iotlb_flush() and turns them into straightforward
> wrappers that check the existence of the relevant iommu_op and call
> through to it. This makes them usable by
Re-cc’ing xen-devel...
> On Oct 5, 2018, at 11:34 AM, George Dunlap wrote:
>
>
>
>> On Oct 5, 2018, at 11:27 AM, Paul Durrant wrote:
>>
>>> -Original Message-
>>> From: George Dunlap
>>> Sent: 05 October 2018 11:25
>>> T
[resending]
On Fri, Oct 5, 2018 at 4:17 PM George Dunlap wrote:
>
> On Mon, Sep 24, 2018 at 9:35 AM Paul Durrant wrote:
> > > +{
> > > +.resource = -1
> >
> > Is -1 guaranteed not to clash with any defined resource type?
>
> Hmm... well a
- RLIMIT_MEMLOCK: 0
NB that we do not yet set RLIMIT_AS (total virtual memory) or
RLIMIT_NOFILES (number of open files), since these require more care
and/or more coordination with QEMU to implement.
Suggested-by: Ross Lagerwall
Signed-off-by: George Dunlap
---
Changes since v2:
- Use a macro to define rlimit
he future.
The idea here is that as we implement the various items for the
future, we move them from "Restrictions still to do" to "Restrictions
done". This can also act as a design document -- a place for public
discussion of what can or should be done and how.
Also add an ent
pace (or at least, a different one than the
caller).
Suggested-by: Ross Lagerwall
Signed-off-by: George Dunlap
---
Changes in v2:
- Return an error rather than calling exit()
- Use LOGE() and print to the current stderr fd, rather than
printing to the new stderr fd via write()
- Use r for external
Add a tool to check whether the various process-level deprivileging
operations have actually taken place on the process.
The tool takes a domname or domid, and returns success or failure.
Signed-off-by: George Dunlap
---
Changes since v2:
- Make grep for Uid line more strict
- Fix Gid grep
this), simply rmdir the
directory, relying on the fact that the previous QEMU instance, if
properly restricted, shouldn't have been able to write anything
anyway.
Suggested-by: Ross Lagerwall
Signed-off-by: George Dunlap
---
Changes since v2:
- Style fixes
- Testing moved to a different patc
On 10/05/2018 06:29 PM, Ian Jackson wrote:
> Signed-off-by: Ian Jackson
Reviewed-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 10/05/2018 06:29 PM, Ian Jackson wrote:
> Signed-off-by: Ian Jackson
Reviewed-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 10/05/2018 06:29 PM, Ian Jackson wrote:
> Signed-off-by: Ian Jackson
Reviewed-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
current->state field.
>
> Signed-off-by: Andrew Cooper
Not sure exactly what the rules are, but in case you need it:
Acked-by: George Dunlap
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
901 - 1000 of 2084 matches
Mail list logo
