[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Grant tables from dom0 userspace?

(Combining w/ Christopher's reply:)

I would add my support to providing this as a common service to
userspace (as opposed to just creating a solution that works for your

Using xc_foreign_mapping interfaces may work for dom0 code but it
requires the domain to be privileged and does not have fine-grained
permissions (i.e. if you can map something then you can map anything).
Grant tables are a much better, from a security POV, solution to sharing

Joseph Cihula
(Linux) Software Security Architect
Open Source Technology Center
Intel Corp.

*** These opinions are not necessarily those of my employer ***

On Thursday, March 09, 2006 10:13 AM,  Keir Fraser <> wrote:
> I think blktap gives an example how to do this, but it might be
> specific to aio right now. You could probably use some of the same
> hooks to provide a device file that you could mmap(), passing grant
> refs to map. I cc'ed Andy Warfield in case he has any ideas...
> The only other supported mechanism is the xc_foreign mapping
> interfaces. 

On Thursday, March 09, 2006 10:10 AM,  Christopher Clark <> wrote:
> Grant tables aren't the right interface for use from userspace, which
> is why tools/libxc/xc_gnttab.c was removed. You should probably just
> write a kernel module to do the mapping for you using grant tables and
> then expose a custom interface to userspace from the module to trigger
> the mapping as you need.

> On 9 Mar 2006, at 17:59, Jacob Gorm Hansen wrote:
>> I would like to share some pages between my domU graphics frontend
>> device, and the backend which runs in userspace in dom0. Right now I
>> am doing this with my own scheme, but presumably grant tables would
>> be the correct solution. 
>> Is it possible to use grant tables from dom0 userspace? There used to
>> be a file called tools/libxc/xc_gnttab.c but that seems to be gone
>> now.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.