Xen project Mailing List

Re: [Xen-devel] netif & grant tables

To: Mark Williamson <mark.williamson@xxxxxxxxxxxx>

From: Stefan Berger <stefanb@xxxxxxxxxx>

Date: Sun, 3 Jul 2005 18:12:31 -0400

Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Matt Chapman <matthewc@xxxxxx>

Delivery-date: Sun, 03 Jul 2005 22:11:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 07/02/2005 11:34:58 AM: > > It could be done implicitly, meaning that if you give a domain a backend > > (netif/blkif), that privilege flag will automatically be set by XEN-D and > > used when creating the domain, or explicitly where one specifies the > > flag(s) to set in the VM config file. > > Doing it implicitly would probably be sensible. > > > From what I can see this does not work anymore - I used to do that also. > > Passing a PCI device to a partition results in an error since the > > xc_physdev_pci_access_modify call ends in an error. > > Assigning PCI devices is broken in unstable at the moment. It'll be coming > back at some stage. > > > I am not sure how 'privilege' is defined. > > Very coarsely at present: IIRC right now domain who's got access to a PCI > device is as privileged as dom0. This means they're allowed to map memory of > other domains, do dom0 ops, etc. > > Grant tables will enable us to deprivilege guests somewhat, then we'll split > privileges down into more fine-grained capabilities. > Setting the privileged bit in a user domain gets grant tables to work: should this bit be set for those kind of domains or rather the IS_PRIV() test be removed from the call path which basically would allow all user domains to do mapping by default? Stefan > Cheers, > Mark > > > The privilege does so far not > > only mean to do dom 0 ops, but seems to also limit guest domains of doing > > other things - like the backend problem I see. I agree, though, that for > > grant table support a backend should not need privileges. > > > > > Cheers, > > > Mark > > > > Cheers, > > Stefan > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.