|
|
|
|
|
|
|
|
|
|
xense-devel
[Xense-devel] XSM hook for mapping a grant ref
George et al,
In another thread today, my attention has been drawn to the
grant_operation_permitted() hook that is called when a domain
attempts to map a grant reference. This effectively checks whether or
not the mapping domain has any I/O memory capabilities, and allows
the mapping if it does. The comment for this macro states that:
"Until TLB flushing issues are sorted out we consider it unsafe for
domains with no hardware-access privileges to perform grant map/
transfer operations."
It seems reasonable that we could have trusted domains which one can
assume will handle these situations gracefully. Hence, I think there
is a case for an XSM hook that determines whether or not a domain is
allowed to map any grants. Arguably, this could be combined with the
check in xsm_map_grantref, though I would be unsurprised if there is
a reason for the grant_operation_permitted hook residing where it is
currently.
This also raises the question of whether XSM should be integrated
with the existing I/O capabilities system, so that there is one
consistent view for a domain's privileges.
Regards,
Derek Murray.
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xense-devel] XSM hook for mapping a grant ref,
Derek Murray <=
|
|
|
|
|