On 31.05.2022 16:56, Daniel P. Smith wrote: > There are new capabilities, dom0less and hyperlaunch, that introduce internal > hypervisor logic, which needs to make resource allocation calls that are > protected by XSM access checks. The need for these resource allocations are > necessary for dom0less and hyperlaunch when they are constructing the initial > domain(s). This creates an issue as a subset of the hypervisor code is > executed under a system domain, the idle domain, that is represented by a > per-CPU non-privileged struct domain. To enable these new capabilities to > function correctly but in a controlled manner, this commit changes the idle > system domain to be created as a privileged domain under the default policy > and > demoted before transitioning to running. A new XSM hook, > xsm_set_system_active(), is introduced to allow each XSM policy type to demote > the idle domain appropriately for that policy type. In the case of SILO, it > inherits the default policy's hook for xsm_set_system_active(). > > For flask, a stub is added to ensure that flask policy system will function > correctly with this patch until flask is extended with support for starting > the > idle domain privileged and properly demoting it on the call to > xsm_set_system_active(). > > Signed-off-by: Daniel P. Smith <[email protected]> > Reviewed-by: Jason Andryuk <[email protected]> > Reviewed-by: Luca Fancellu <[email protected]> > Acked-by: Julien Grall <[email protected]> # arm
Hmm, here and on patch 2 you've lost Rahul's R-b and T-b, afaict. Jan
