[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Ping: [PATCH] x86/MSI: add mechanism to protect MSI-X table from PV guest accesses



>>> On 28.02.13 at 13:30, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> For what it is worth, I think the principle is good.  One query I have
> is whether it is sensible to restrict this to dom0, as the comments
> indicate, or whether it should be permitted to be used by any domain
> with appropriate permissions to manage PCI passthrough.

No, I think this indeed ought to be restricted to Dom0 as the
original owner of all devices. If Dom0 decides to had some
devices for management to a second domain, the resource
assignment nevertheless needs to be coordinated by Dom0,
and hence the notification should also come from there.

> How do you see dom0 attempting to use these hypercalls in an example of
> passing a PCI device through to an untrusted domain?

Right now my plan is to have pciback issue the hypercall right
after having called pci_enable_device(), pending confirmation
that resources won't change after that point anymore (see
the mail I sent to Bjorn Helgaas earlier today, xen-devel Cc-ed).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.