[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] netif & grant tables



Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote on 07/01/2005 
09:56:26 PM:

> > If someone has the matching problem for my solution, then let me know. 
:-)
> > Otherwise I think the problem of making domains privileged should 
really
> > be solved - probably starting somewhere in XEN-D.
> 
> There should probably be a flag you pass down from the config.  The 
current 

It could be done implicitly, meaning that if you give a domain a backend 
(netif/blkif), that privilege flag will automatically be set by XEN-D and 
used when creating the domain, or explicitly where one specifies the 
flag(s) to set in the VM config file.

> hack people use is to give the domain access to a PCI device but not 
compile 
> in the drivers.  Driver domains are privileged at the moment, so it 
works :-S

>From what I can see this does not work anymore - I used to do that also. 
Passing a PCI device to a partition results in an error since the 
xc_physdev_pci_access_modify call ends in an error.
> 
> With full grant tables support, full privilege is not necessary, just a 
grant 
> from the other party.  That's probably the nicest long term solution and 
can 
> also hook in with a suitable IO-TLB to provide protection against rogue 
DMAs.

I am not sure how 'privilege' is defined. The privilege does so far not 
only mean to do dom 0 ops, but seems to also limit guest domains of doing 
other things - like the backend problem I see. I agree, though, that for 
grant table support a backend should not need privileges.

> 
> Cheers,
> Mark

Cheers,
   Stefan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.