|
|
|
|
|
|
|
|
|
|
xense-devel
Re: [Xen-devel] [PATCH] Allow programatic iomem permissions
[CC'ing xense-devel as this thread discussed some of the stuff I'm
querying below:
http://lists.xensource.com/archives/html/xen-
devel/2007-05/msg00527.html]
On Mon, 2007-07-09 at 16:23 +0100, Kieran Mansley wrote:
> This patch addresses the problem of how to give iomem access to guests
> from dom0. At the moment, these permissions can only be set up using
> the xen tools, which pretty much rules out doing so programmatically
> from a backend driver for example.
[snip]
> While this patch solves the problem above, there is a chicken-and-egg
> situation that results. Currently, grant table operations are only
> permitted if you have some iomem permissions. This is because of the
> following in iocap.h:
>
> /*
> * Until TLB flushing issues are sorted out we consider it unsafe for
> * domains with no hardware-access privileges to perform grant
> map/transfer
> * operations.
> */
> #define grant_operation_permitted(d) \
> (!rangeset_is_empty((d)->iomem_caps))
>
> This means that you can't do the grant table operation to provide the
> iomemory capability because you don't yet have the iomemory capability.
> There are a couple of obvious solutions to this:
> - make grant_operation_permitted more sophisticated so it can realise
> that iomem grant operations should be allowed.
> - replace grant_operation_permitted with something like the Xen
> Security Policy stuff that is being proposed.
> - solve the TLB issues alluded to in the above comment so we don't have
> to have this restriction.
Any thoughts on the above?
I'm happy to do some work to rectify this situation but don't want to
expend effort on something that won't get accepted. Any background on
the reasons for the restriction (i.e. what the TLB flushing issues are)
would also be of help.
Kieran
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Xen-devel] [PATCH] Allow programatic iomem permissions,
Kieran Mansley <=
|
|
|
|
|