WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] Problem when doing direct_remap_area_pages() in aprivile

To: "Stefan Berger" <stefanb@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] Problem when doing direct_remap_area_pages() in aprivileged user domain
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Fri, 15 Apr 2005 20:09:09 +0100
Delivery-date: Fri, 15 Apr 2005 19:09:02 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcVB6M+5ZJ9JiHMCRCC4SbNiMdx1iwABRbaw
Thread-topic: [Xen-devel] Problem when doing direct_remap_area_pages() in aprivileged user domain
>   I have come accross a problem when trying to do a
> direct_remap_area_pages() call in a backend driver that is 
> running in a privileged user domain. The call ends up with an 
> error code (-14 = -EFAULT). This in turn is caused by the 
> hypervisor call
> HYPERVISOR_mmu_update() which returns an error code of -22 = 
> -EINVAL after failing in set_foreigndom due to not (!?!) 
> being privileged. The same call returns no error if run in domain-0.
>   However, I found the solution to fix this. I needed to make 
> a fake(*) PCI device available to the privileged user domain 
> by adding a line like pci=['00,07,00'] to the configuration 
> file, because this would actually set the privileged flag for 
> the domain in 
> xen/common/physdev.c:physdev_pci_access_modify(). I wonder 
> whether the setting of this flag should not be moved to some 
> other place?

Yep, we've had to point people at this work around before. Not nice.

I'd really like to see a patch that creates a more fine grained set of
privilege capabilities, and an appropriate config file option to set
them. For completeness, there should be a dom0_op that enables a domain
to irrevocably surrender a capability. 

There's an argument that certain capabilities should be specific to a
specified target domain or group of domains (we already have a domain
group ID). This may be going to far in the first instance, but its worth
bearing in mind while working up a patch for the former.

Cheers,
Ian  

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • RE: [Xen-devel] Problem when doing direct_remap_area_pages() in aprivileged user domain, Ian Pratt <=