Re: [Xen-devel] Direct Ethernet Connection Bug (3.0.4-1)

[Mark Williamson <mark.williamson@xxxxxxxxxxxx>]

On Friday 02 February 2007 15:47, Keir Fraser wrote:
> On 2/2/07 15:28, "Timo Benk" <timo.benk@xxxxxx> wrote:
> >> So, this crash indicates that you have not given any I/O-memory access
> >> privilege to the backend domain. Have you actually given it access to
> >> the Ethernet PCI device and its I/O memory and I/O port resources?
> >
> > Hm, you are right, i have not given any domains any other privileges then
> > the default setup. Can you give me a hint where i can configure that?
>
> Ah, but I see actually you don't want a physical device backing up this
> network -- you just want point-to-point virtual network comms between the
> two domUs?
>
> The only way to grant any iomem to a domU in current tools is by assigning
> access to a PCI device.

I guess an interim hack which you might get away with (!?) is to pass the domU 
a PCI device which you make sure it *doesn't* have a driver for, so it won't 
actually try to use it.

I think this has been used to elevate privileges on Xen before in this kind of 
situation - very hacky, though!

Cheers,
Mark

> What I can do is add a Xen boot parameter 'permissive_grant' to allow any
> domU to map foreign pages via grant tables. This boot parameter can then be
> removed when we fix the TLB-flushing races in the grant table code.
>
> Are you running from xen-unstable, or a different codebase?
>
>  -- Keir
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel