[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Trying to run X in domain 1: Failed to do IOPL (was Re:USB with Xen 2.0)

> I guess the X server might try doing IO to some things that Xen won't let
> it access.  By default, the domain will only have access to the IO ports
> and IO memory regions of the graphics card and USB controller themselves.

As reported earlier, I'm receiving an 'Failed to do IOPL' message when
starting X in domain 1. It seems to be also triggered when running scanpci
in the same domain, or in domain 0 as non-root user.

So I untarred myself the X sources (it is sometimes handy to have a gentoo
distro installed :-), and started to look for the mentioned error.
I found the following code, which seems to trigger the problem:

        if (ioperm(0, 1024, 1) || iopl(3))
                FatalError("xf86EnableIOPorts: Failed to set IOPL for I/O\n");

Since I have no clue what ioperm or iopl do, I looked up the man pages,
and found this:

 int ioperm(unsigned long from, unsigned long num, int turn_on); 

 Ioperm sets the port access permission bits for the process for num bytes 
 starting from port address from to the value turn_on. The use of ioperm 
 requires root privileges. 
 Only the first 0x3ff I/O ports can be specified in this manner. For more 
 ports, the iopl function must be used. Permissions are not inherited on fork,
 but on exec they are. This is useful for giving port access permissions to
 non-privileged tasks. 


 int iopl(int level); 
 
 iopl changes the I/O privilege level of the current process, as specified in
 level. 
 This call is necessary to allow 8514-compatible X servers to run under Linux.
 Since these X servers require access to all 65536 I/O ports, the ioperm call
 is not sufficient. 
 In addition to granting unrestricted I/O port access, running at a higher I/O
 privilege level also allows the process to disable interrupts. This will
 probably crash the system, and is not recommended. 


Although I don't want X to touch hardware in other domains, it is ok for me if
it touches any hardware which I assigned to domain 1.

Why are these calls not working? Does Xen need to intercept these calls
to keep things working? Can I do anything to get passed this problem?


Best Regards,
Mark


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.