[RFC,0/6] Hyperlaunch domain roles and capabilities

Message

Daniel P. Smith Aug. 1, 2023, 8:20 p.m. UTC

A goal of the hyperlaunch effort was to solidify the concept of the different
types of domains the hypervisor has some notion around. The initial approach
was to formalize these types as roles enforced through the XSM framework. In
this RFC, a simpler approach is taken to lay a foundation of domain roles and
assignable capabilities.

The approach in this series is to collapse the relevant bools in struct domain
into a pair of bit flag entries that represent roles and capabilities that a
domain is assigned.

Daniel P. Smith (6):
  dom0: replace explict zero checks
  roles: provide abstraction for the possible domain roles
  roles: add a role for xenstore domain
  capabilities: introduce console io as a domain capability
  capabilities: add dom0 cpu faulting disable
  capabilities: convert attach debugger into a capability

 xen/arch/arm/domain_build.c     |  6 ++-
 xen/arch/x86/cpu-policy.c       |  2 +-
 xen/arch/x86/cpu/common.c       | 82 ++++++++++++++++-----------------
 xen/arch/x86/hvm/svm/svm.c      |  8 ++--
 xen/arch/x86/hvm/vmx/realmode.c |  2 +-
 xen/arch/x86/hvm/vmx/vmcs.c     |  2 +-
 xen/arch/x86/hvm/vmx/vmx.c      | 10 ++--
 xen/arch/x86/setup.c            |  6 +++
 xen/arch/x86/traps.c            |  6 ++-
 xen/common/domain.c             | 21 +++++++--
 xen/common/domctl.c             |  6 ++-
 xen/common/sched/arinc653.c     |  2 +-
 xen/common/sched/core.c         |  4 +-
 xen/include/xen/sched.h         | 58 +++++++++++++++++++----
 xen/include/xsm/dummy.h         |  6 +--
 xen/xsm/flask/hooks.c           | 12 ++---
 16 files changed, 150 insertions(+), 83 deletions(-)