[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/5] pciback: new configuration space fields, permissive flag

To: Ryan <hap9@xxxxxxxxxxxxxx>
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Thu, 13 Apr 2006 10:06:11 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 13 Apr 2006 02:05:54 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>


On 11 Apr 2006, at 19:31, Ryan wrote:

The following patches add some new capabilities to the PCI Backend's
virtual configuration space handler (such as support for the tg3network
card and for the Vital Product Data and Power Management structures on
the capability list). These patches must be applied together (I'vetried
to divide them up into logical groups of functionality for easier
review, but there is a bit of overlap).
These patches also contain some general formatting fixes and renamingof
a few functions to clarify their purpose in light of the new code.

It seems to me that this splits policy decisions on permissiveness ofaccess to a particular PCI device between user space and kernel.Specifically, to make good automatic use of the per-device permissiveflag we will need a mapping in user space from device ids to correctsetting of the flag. If you leave it manually to the user, you knowwhich way it will always be set. :-) At the same time, in the kernel wehave a mapping from device ids to filtering rules, which are justanother facet of filtering policy.

I think it would be much neater to implement only the enforcementmechanisms in the kernel driver, and to move all the rules about whichregisters may be accessed for which device types out into user space.Then, when binding a PCI device to pciback we would also squirt thefiltering rules into the kernel. This seems to me preferable for anumber of reasons:1. We don't end up with a scaling mess of extra C source files forevery new device we come across.

 2. Maintain the rules in an easier to edit format in text files
 3. One place we maintain mappings from device ids -> filtering policies

The main downside is the extra work to push the rules into the kerneland do whatever parsing is required. It does feel like the right way togo, though.


 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 0/5] pciback: new configuration space fields, permissive flag
  - From: Ryan

References:
- [Xen-devel] [PATCH 0/5] pciback: new configuration space fields, permissive flag
  - From: Ryan

Prev by Date: [Xen-devel] PATCH: console bug fixes
Next by Date: Re: [Xen-devel] Guest image and symtable alignement
Previous by thread: [Xen-devel] [PATCH 0/5] pciback: new configuration space fields, permissive flag
Next by thread: Re: [Xen-devel] [PATCH 0/5] pciback: new configuration space fields, permissive flag
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.