| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] Re: Trying to run X in domain 1: Failed to do IOPL (was
>> > So I untarred myself the X sources (it is sometimes handy to have a gentoo
>> > distro installed :-), and started to look for the mentioned error.
>> > I found the following code, which seems to trigger the problem:
>> >
>> > if (ioperm(0, 1024, 1) || iopl(3))
>> > FatalError("xf86EnableIOPorts: Failed to set IOPL for
>> > I/O\n");
>
>> Obviously, allowing all domains to make privileged calls is not ideal ;-) I
f
>> X really only does need to access IO ports of its PCI device, we can tighten
>> this up trivially by adding better support for the ioperm call. I'll
>> implement this if it looks like it'll work.
>
>Unfortunately the code looks wrong to me --- it requires *both* the
>ioperm() and the iopl() call to succeed. Even if you tighten up
>ioperm, only a privileged domain can do iopl. So it looks like X
>server domains will have to be privileged.
Hmm -- does X really need iopl() in all cases? The iopl() man page
seems to suggest it does, but perhaps worth tracing the X server's
accesses under linux to check. If it only needs a (perhaps slightly
larger) port range, then we can make the iopl(3) 'succeed' for
unpriv domains by being equivalent to ioperm(0, 1024, 1).
Pretty cheesy though :-)
cheers,
S.
|
|
|
| |
|
Home