[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xense-devel] XSM hook for mapping a grant ref

George et al,

In another thread today, my attention has been drawn to the grant_operation_permitted() hook that is called when a domain attempts to map a grant reference. This effectively checks whether or not the mapping domain has any I/O memory capabilities, and allows the mapping if it does. The comment for this macro states that:

"Until TLB flushing issues are sorted out we consider it unsafe for domains with no hardware-access privileges to perform grant map/ transfer operations."

It seems reasonable that we could have trusted domains which one can assume will handle these situations gracefully. Hence, I think there is a case for an XSM hook that determines whether or not a domain is allowed to map any grants. Arguably, this could be combined with the check in xsm_map_grantref, though I would be unsurprised if there is a reason for the grant_operation_permitted hook residing where it is currently.

This also raises the question of whether XSM should be integrated with the existing I/O capabilities system, so that there is one consistent view for a domain's privileges.


Derek Murray.

Xense-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.