On 1/22/20 10:14 AM, Julien Grall wrote: > > > On 22/01/2020 10:01, Sergey Dyasli wrote: >> On 20/01/2020 10:01, Jan Beulich wrote: >>> On 17.01.2020 17:44, Sergey Dyasli wrote: >>>> v2 --> v3: >>>> - Remove hvmloader filtering >>> >>> Why? Seeing the prior discussion, how about adding XENVER_denied to >>> return the "denied" string, allowing components which want to filter >>> to know exactly what to look for? And then re-add the filtering you >>> had? (The help text of the config option should then perhaps be >>> extended to make very clear that the chosen string should not match >>> anything that could potentially be returned by any of the XENVER_ >>> sub-ops.) >> >> I had the following reasoning: >> >> 1. Most real-world users would set CONFIG_XSM_DENIED_STRING="" anyway. >> >> 2. Filtering in DMI tables is not a complete solution, since denied >> string leaks elsewhere through the hypercall (PV guests, sysfs, driver >> logs) as Andrew has pointed out in the previous discussion. >> >> On the other hand, SMBios filtering slightly improves the situation for >> HVM domains, so I can return it if maintainers find it worthy. > > While I am not a maintainer of this code, my concern is you impose the > conversion from "denied" to "" to all the users (include those who wants > to keep "denied"). > > If you were doing any filtering in hvmloader, then it would be best if > this is configurable. But this is a bit pointless if you already allow > the user to configure the string at the hypervisor level :).
So there are two things we're concerned about: - Some people don't want to scare users with a "<denied>" string - Some people don't want to "silently fail" with a "" string The fact is, in *both cases*, this is a UI problem. EVERY caller of this interface should figure out independently what a graceful way of handling failure is for their target UI. Any caller who does not think carefully about what to do in the failure case is buggy -- which includes every single caller today. The CONFIG_XSM_DENIED_STRING is a gross hack fallback for buggy UIs. Now, I don't like to tell other people to do work, and I certainly don't plan on fixing hvmloader at the moment, because it's low-priority for me. But I do think that having hvmloader detect failure and explicitly make a sensible decision is the right thing to do, regardless of the availability of CONFIG_XSM_DENIED_STRING to work around buggy callers. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
