|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] netif & grant tables
Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote on 07/01/2005 09:56:26 PM: > > If someone has the matching problem for my solution, then let me know. :-) > > Otherwise I think the problem of making domains privileged should really > > be solved - probably starting somewhere in XEN-D. > > There should probably be a flag you pass down from the config. The current It could be done implicitly, meaning that if you give a domain a backend (netif/blkif), that privilege flag will automatically be set by XEN-D and used when creating the domain, or explicitly where one specifies the flag(s) to set in the VM config file. > hack people use is to give the domain access to a PCI device but not compile > in the drivers. Driver domains are privileged at the moment, so it works :-S >From what I can see this does not work anymore - I used to do that also. Passing a PCI device to a partition results in an error since the xc_physdev_pci_access_modify call ends in an error. > > With full grant tables support, full privilege is not necessary, just a grant > from the other party. That's probably the nicest long term solution and can > also hook in with a suitable IO-TLB to provide protection against rogue DMAs. I am not sure how 'privilege' is defined. The privilege does so far not only mean to do dom 0 ops, but seems to also limit guest domains of doing other things - like the backend problem I see. I agree, though, that for grant table support a backend should not need privileges. > > Cheers, > Mark Cheers, Stefan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |