[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] grant table and bogus mfns

On Tue, 2007-11-13 at 04:48 +0000, Keir Fraser wrote:
> On 12/11/07 09:35, "Kieran Mansley" <kmansley@xxxxxxxxxxxxxx> wrote:
> >  1) dom0 does a grant op for a page of I/O memory; at this stage no
> > different to a normal grant.
> >  2) grant reference passed (e.g. through xenstore) to domU
> >  3) domU performs a map operation on that grant
> >  4) hypervisor notices that the grant is for an I/O memory page and
> > instead of mapping it to a domU virtual address it instead sets up the
> > I/O mem permissions for that domain to access the region (ie. calls
> > iomem_permit_access())
> >  5) domU can then call ioremap() to get a kernel virtual address for the
> > I/O memory region, and access it as normal.
> I didn't realise this was how it worked. I think it's a bad idea -- mapping
> the grantref should map the I/O page. The mapping domain's io capabilities
> should not be affected. Apart from being the obvious semantics for
> map_grant,

I agree that mapping the I/O page when you map the grant ref makes for a
much better interface.  I'd just obviously got the wrong end of the
stick and thought that you wanted it the other way when we first
discussed this, and it hadn't occurred to me that doing the map without
first getting the right permissions was sane.

Attached is pair of patches against the current xen-
unstable.hg/linux-2.6.18-xen.hg (i.e. instead of not on top of the other
patch I posted in this thread) that should do the I/O page map when the
grant is mapped.  The I/O capabilities of the domain are no longer
modified.  It seems to work for me, is definitely an improvement in the
API, and should fix the original bug that was posted.

I added a GNTMAP_nocache flag to match the GNTMAP_readonly etc flags so
that you can get the equivalent behaviour of ioremap_nocache() vs
ioremap().  The grant is mapped in as normal; e.g.:

  struct gnttab_map_grant_ref op;
  gnttab_set_map_op(&op, (unsigned long)vaddr, GNTMAP_host_map | 
GNTMAP_nocache, gnt_ref, dev->otherend_id);
  BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1));

I'm slightly surprised that without the call to iomem_permit_access() I
don't trip over the iomem_access_permitted() check in
xen/arch/x86/mm.c:get_page_from_l1e() when the grant is mapped.  I hope
this doesn't indicate that I've missed something.



Attachment: iomem_page_test_fix
Description: Text Data

Attachment: add_nocache_grant_flag
Description: Text Data

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.