This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] netif & grant tables

> It could be done implicitly, meaning that if you give a domain a backend
> (netif/blkif), that privilege flag will automatically be set by XEN-D and
> used when creating the domain, or explicitly where one specifies the
> flag(s) to set in the VM config file.

Doing it implicitly would probably be sensible.

> From what I can see this does not work anymore - I used to do that also.
> Passing a PCI device to a partition results in an error since the
> xc_physdev_pci_access_modify call ends in an error.

Assigning PCI devices is broken in unstable at the moment.  It'll be coming 
back at some stage.

> I am not sure how 'privilege' is defined.

Very coarsely at present: IIRC right now domain who's got access to a PCI 
device is as privileged as dom0.  This means they're allowed to map memory of 
other domains, do dom0 ops, etc.

Grant tables will enable us to deprivilege guests somewhat, then we'll split 
privileges down into more fine-grained capabilities.


> The privilege does so far not 
> only mean to do dom 0 ops, but seems to also limit guest domains of doing
> other things - like the backend problem I see. I agree, though, that for
> grant table support a backend should not need privileges.
> > Cheers,
> > Mark
> Cheers,
>    Stefan

Xen-devel mailing list