A goal of the hyperlaunch effort was to solidify the concept of the different
types of domains the hypervisor has some notion around. The initial approach
was to formalize these types as roles enforced through the XSM framework. In
this RFC, a simpler approach is taken to lay a foundation of domain roles and
assignable capabilities.
The approach in this series is to collapse the relevant bools in struct domain
into a pair of bit flag entries that represent roles and capabilities that a
domain is assigned.
Daniel P. Smith (6):
dom0: replace explict zero checks
roles: provide abstraction for the possible domain roles
roles: add a role for xenstore domain
capabilities: introduce console io as a domain capability
capabilities: add dom0 cpu faulting disable
capabilities: convert attach debugger into a capability
xen/arch/arm/domain_build.c | 6 ++-
xen/arch/x86/cpu-policy.c | 2 +-
xen/arch/x86/cpu/common.c | 82 ++++++++++++++++-----------------
xen/arch/x86/hvm/svm/svm.c | 8 ++--
xen/arch/x86/hvm/vmx/realmode.c | 2 +-
xen/arch/x86/hvm/vmx/vmcs.c | 2 +-
xen/arch/x86/hvm/vmx/vmx.c | 10 ++--
xen/arch/x86/setup.c | 6 +++
xen/arch/x86/traps.c | 6 ++-
xen/common/domain.c | 21 +++++++--
xen/common/domctl.c | 6 ++-
xen/common/sched/arinc653.c | 2 +-
xen/common/sched/core.c | 4 +-
xen/include/xen/sched.h | 58 +++++++++++++++++++----
xen/include/xsm/dummy.h | 6 +--
xen/xsm/flask/hooks.c | 12 ++---
16 files changed, 150 insertions(+), 83 deletions(-)
--
2.20.1