[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] How can I create another privileged domian?



 

> -----Original Message-----
> From: Ashit Kumar [mailto:Ashit_Kumar@xxxxxxxxxxxx] 
> Sent: 21 March 2007 14:24
> To: Petersson, Mats; Prabhakar Chaganti
> Cc: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: RE: [Xen-users] How can I create another privileged domian?
> 
> Hi Mats,
> Thanks for the reply.
> 
> Mats wrote:
> >>we could pass an entire SCSI controller (or other disk
> >>controller) to the domain with the pci-hide/passthrough 
> mechanism, and
> let the domain handle it's own disk entirely.
> 
> Suppose I have a two SCSI storage Controllers as 
>  14:05.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030
> PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 08)
>  14:05.1 SCSI storage controller: LSI Logic / Symbios Logic 53c1030
> PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 08)
> And I want to pass 14.05.0 to DomainX,
> Now if I change the grub.conf with the kernel command line as:
>  root=/dev/sda4 ro console=tty0 pciback.hide=(14.05.0)
> Then will it work?
> Also how do we ensure that to which Domain we are passing this SCSI
> controller because we are not mentioning anywhere the domain 
> info,in the
> above line in the grub.conf?

You'd have to add that pass-through into the configuration file of the
DomU you decide should use that device - I'm not an expert on how this
works, so I can't say exactly how that statement would look. 

I think (from "xm create --help_config|grep pci") that you'd add
"pci=14.05.0" to the config file. 

Once the device has been taken by a domain, it can't be used by any
other (at  least, it shouldn't be allowed). 

Note that this doesn't make this domain PRIVILEGED, it still can't
control other domains for example. It just allows the domain to control
that SCSI device (and any attached functionality). 

--
Mats
> 
> Please help..
> Thanks and regards
> Ashit
> 
> 
> -----Original Message-----
> From: Petersson, Mats [mailto:Mats.Petersson@xxxxxxx] 
> Sent: Monday, March 19, 2007 11:51 PM
> To: Prabhakar Chaganti; Ashit Kumar
> Cc: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: RE: [Xen-users] How can I create another privileged domian?
> 
>  
> 
> > -----Original Message-----
> > From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> > [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Prabhakar 
> > Chaganti
> > Sent: 19 March 2007 16:33
> > To: Ashit Kumar
> > Cc: xen-users@xxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Xen-users] How can I create another privileged domian?
> > 
> > So will there be two privileged domains (dom0 and domx) 
> running at the
> 
> > same time?
> 
> In theory, you could have any number of privileged domains, just like
> you can have multiple users with "root" privilege on a Linux (or admin
> privs on Windows if you prefer). See below for practical limitation(s)
> to this. 
> 
> >   
> > 
> > 
> > On 3/19/07, Ashit Kumar < Ashit_Kumar@xxxxxxxxxxxx 
> > <mailto:Ashit_Kumar@xxxxxxxxxxxx> > wrote:
> > 
> >     Hi, 
> >     We know that Domain0 is the privileged domain.Now as per the Xen
> 
> > architecture we can make another DomainX (X>0) to be a privileged 
> > domain.
> > 
> >     Now here are a few Questions: 
> >     A) How can I make another Domain (apart from Domain0) as a
> privileged 
> > host?
> 
> At the moment, I don't think there's a way to set the flag to make a
> domain priviliged, aside from the Dom0 startup (which is 
> integral to the
> startup of Xen. 
> 
> There is of course no reason to expect this limitation to 
> last forever -
> if there's a good reason to have multiple privileged domains, then I'm
> sure it can be pretty easily achieved. 
> 
> >     B) As per the architecture this new privileged domain can manage
> 
> > other Domains.So Can it directly manage the drivers and can the 
> > DomainX view the drivers of this newly created privileged domain?
> 
> Not sure what you're referring to here. Drivers are available for both
> privileged and unprivileged domains. The difference is that privileged
> domains are allowed to perform certain operations (such as directly
> mapping other domains memory) that unprivileged domains are 
> not allowed
> to perform. 
> 
> As long as the domain stays within it's own memory space, it's
> essentially alllowed to do whatever it likes, including using whatever
> drivers the kernel and/or owner sees fit. Of course, most 
> domains don't
> have any REAL hardware to access, so many drivers that you would
> normally find on a "real" system become meaningless in a system where
> there is no real hardware for the driver to access (most drivers will
> fail to install/load/initialize in this situation). 
> 
> Drivers that don't need direct access to hardware (file-system drivers
> for example) are perfectly fine in such a system. 
> 
> The guest domain also needs drivers for the virtualized devices, in a
> para-virtual world, that is the virtual network and disk drivers. In a
> fully-virtual domain, disk-drive is a regular IDE driver, with an IDE
> interface inside the device-model that translates the "virtual" disk
> device into requests in Dom0 to read/write to the actual 
> device that is
> "behind" the virtual wall. 
> 
> > 
> >     C) Volume Groups(VG) can be created over the raw storage devices
> on 
> > Domain0 and the other VM can access them through this 
> Volume Group.Is 
> > the same thing happens in the case of this newly created privileged 
> > Domain too?
> 
> Volume groups (as in LVM) has nothing to do with Xen Domains 
> at all. Of
> course, normally, only Domain zero owns the physical disk/device that
> you can (or would want to) create a volume group onto. But in theory,
> you could probably create volume groups on top of a virtual 
> disk that is
> visible to the guest-domain. Also, assuming we have a para-virtual
> domain, we could pass an entire SCSI controller (or other disk
> controller) to the domain with the pci-hide/passthrough mechanism, and
> let the domain handle it's own disk entirely.
> 
> Please explain to me, if I've misunderstood the meaning of 
> Volume Groups
> or in other ways not understood your question. 
> 
> --
> Mats 
> > 
> >     Thanks and regards 
> >     Ashit
> > 
> > 
> >     _______________________________________________
> >     Xen-users mailing list
> >     Xen-users@xxxxxxxxxxxxxxxxxxx
> > <mailto:Xen-users@xxxxxxxxxxxxxxxxxxx> 
> >     http://lists.xensource.com/xen-users
> >     
> > 
> > 
> > 
> 
> 
> 
> 
> 



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.