Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread Daniel De Graaf
On 06/22/2017 05:40 AM, George Dunlap wrote: On 22/06/17 08:05, Jan Beulich wrote: On 21.06.17 at 18:36, wrote: On 21/06/17 16:59, Jan Beulich wrote: On 21.06.17 at 16:38, wrote: On 21/06/17 11:08, Jan Beulich wrote: So far callers of

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread George Dunlap
On 22/06/17 11:58, Jan Beulich wrote: >>> Option 2: Pass the domain to the XSM callback, enabling XSM / Flask >>> policies that can forbid specific devices from being assigned to >>> specific guests. >> >> Is there any possible downside to this ? > > As soon as flask wouldn't ignore it anymore,

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread Jan Beulich
>>> On 22.06.17 at 11:58, wrote: > George Dunlap writes ("Re: [PATCH] passthrough: give > XEN_DOMCTL_test_assign_device more sane semantics"): >> I suggest we ask the toolstack maintainers what kind of a function they >> think would be most useful, and then we can

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread Jan Beulich
>>> On 22.06.17 at 11:56, wrote: > On 22/06/17 08:05, Jan Beulich wrote: >> No - I'm open to any change to it which makes the currently ignored >> argument no longer ignored, without breaking existing (known and >> unknown) callers of the libxc wrapper. I.e. I'm in no

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread Ian Jackson
George Dunlap writes ("Re: [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics"): > Well, I'm not sure what to say, because in my view the log message > supports my view. :-) Note that there are two errors, both explaining > why the domain cannot be assigned -- one is "no

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread George Dunlap
On 22/06/17 08:05, Jan Beulich wrote: > No - I'm open to any change to it which makes the currently ignored > argument no longer ignored, without breaking existing (known and > unknown) callers of the libxc wrapper. I.e. I'm in no way opposed to > make it work the way you think it was originally

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread George Dunlap
On 22/06/17 10:40, George Dunlap wrote: > On 22/06/17 08:05, Jan Beulich wrote: > On 21.06.17 at 18:36, wrote: >>> On 21/06/17 16:59, Jan Beulich wrote: >>> On 21.06.17 at 16:38, wrote: > On 21/06/17 11:08, Jan Beulich wrote: >>

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread George Dunlap
On 22/06/17 08:05, Jan Beulich wrote: On 21.06.17 at 18:36, wrote: >> On 21/06/17 16:59, Jan Beulich wrote: >> On 21.06.17 at 16:38, wrote: On 21/06/17 11:08, Jan Beulich wrote: > So far callers of the libxc interface passed

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-22 Thread Jan Beulich
>>> On 21.06.17 at 18:36, wrote: > On 21/06/17 16:59, Jan Beulich wrote: > On 21.06.17 at 16:38, wrote: >>> On 21/06/17 11:08, Jan Beulich wrote: So far callers of the libxc interface passed in a domain ID which was then ignored

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-21 Thread George Dunlap
On 21/06/17 16:59, Jan Beulich wrote: On 21.06.17 at 16:38, wrote: >> On 21/06/17 11:08, Jan Beulich wrote: >>> So far callers of the libxc interface passed in a domain ID which was >>> then ignored in the hypervisor. Instead, make the hypervisor honor it >>>

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-21 Thread Jan Beulich
>>> On 21.06.17 at 16:38, wrote: > On 21/06/17 11:08, Jan Beulich wrote: >> So far callers of the libxc interface passed in a domain ID which was >> then ignored in the hypervisor. Instead, make the hypervisor honor it >> (accepting DOMID_INVALID to obtain original

Re: [Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-21 Thread George Dunlap
On 21/06/17 11:08, Jan Beulich wrote: > So far callers of the libxc interface passed in a domain ID which was > then ignored in the hypervisor. Instead, make the hypervisor honor it > (accepting DOMID_INVALID to obtain original behavior), allowing to > query whether a device is assigned to a

[Xen-devel] [PATCH] passthrough: give XEN_DOMCTL_test_assign_device more sane semantics

2017-06-21 Thread Jan Beulich
So far callers of the libxc interface passed in a domain ID which was then ignored in the hypervisor. Instead, make the hypervisor honor it (accepting DOMID_INVALID to obtain original behavior), allowing to query whether a device is assigned to a particular domain. Ignore the passed in domain ID