[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges

To: "Julien Grall" <julien.grall@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 26 May 2014 12:15:19 +0100
Cc: Ian.Campbell@xxxxxxxxxxxxx, paolo.valente@xxxxxxxxxx, keir@xxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, dario.faggioli@xxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, julien.grall@xxxxxxxxxx, etrudeau@xxxxxxxxxxxx, tim@xxxxxxx, Arianna Avanzini <avanzini.arianna@xxxxxxxxx>, viktor.kleinik@xxxxxxxxxxxxxxx
Delivery-date: Mon, 26 May 2014 11:15:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 26.05.14 at 12:58, <julien.grall@xxxxxxxxxx> wrote:

> 
> On 26/05/14 11:11, Jan Beulich wrote:
>>>>> On 25.05.14 at 19:08, <julien.grall@xxxxxxxxxx> wrote:
>>> On 25/05/14 11:51, Arianna Avanzini wrote:
>>>> +
>>>> +        /*
>>>> +         * If VGA passthru is enabled by domain config, be sure that the
>>>> +         * domain can access VGA-related iomem regions.
>>>> +         */
>>>> +        if (d_config->b_info.u.hvm.gfx_passthru.val) {
>>>> +            uint64_t vga_iomem_start = 0xa0000 >> XC_PAGE_SHIFT;
>>>> +            ret = xc_domain_iomem_permission(CTX->xch, domid,
>>>> +                                             vga_iomem_start, 0x20, 1);
>>>> +            if (ret < 0) {
>>>> +                LOGE(ERROR,
>>>> +                     "failed to give dom%d access to iomem range "
>>>> +                     "%"PRIx64"-%"PRIx64" for VGA passthru",
>>>> +                     domid, vga_iomem_start, (vga_iomem_start + 0x20 - 
>>>> 1));
>>>> +                goto error_out;
>>>> +            }
>>>> +        }
>>>
>>> IHMO, the guest doesn't need to have permission to this region. When
>>> QEMU ask to map this region to the guest, the hypercall will only check
>>> the permission on the domain where QEMU is running. Therefore, the
>>> permission should be given to the stubdomain.
>>
>> How would qemu be involved in I/O from/to a passed through
>> device?
> 
> AFAIU, the mapping of the range 0xa0000-* will be done by QEMU for an 
> HVM guest (i.e calling xc_domain_memory_mapping).

If qemu is mapping this _machine_ range to every guest (or every
guest getting a GFX device passed through) that would be wrong
then too afaict.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v8 00/14] Implement the XEN_DOMCTL_memory_mapping hypercall for ARM
  - From: Arianna Avanzini
- [Xen-devel] [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
  - From: Arianna Avanzini
- Re: [Xen-devel] [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH v7 10/10] xen/common: do not implicitly permit access to mapped I/O memory
Next by Date: Re: [Xen-devel] [PATCH v7 10/10] xen/common: do not implicitly permit access to mapped I/O memory
Previous by thread: Re: [Xen-devel] [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
Next by thread: Re: [Xen-devel] [PATCH v8 13/14] tools/libxl: explicitly grant access to needed I/O-memory ranges
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.