WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] netif & grant tables

from [Mark Williamson] [Permanent Link][Original]
To: Stefan Berger <stefanb@xxxxxxxxxx>
Subject: Re: [Xen-devel] netif & grant tables
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Sat, 2 Jul 2005 16:34:58 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Matt Chapman <matthewc@xxxxxx>
Delivery-date: Sat, 02 Jul 2005 15:34:16 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <OF8591C91E.48BE4E89-ON85257032.001025FA-85257032.0011DC17@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <OF8591C91E.48BE4E89-ON85257032.001025FA-85257032.0011DC17@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.1 
> It could be done implicitly, meaning that if you give a domain a backend
> (netif/blkif), that privilege flag will automatically be set by XEN-D and
> used when creating the domain, or explicitly where one specifies the
> flag(s) to set in the VM config file.

Doing it implicitly would probably be sensible.

> From what I can see this does not work anymore - I used to do that also.
> Passing a PCI device to a partition results in an error since the
> xc_physdev_pci_access_modify call ends in an error.

Assigning PCI devices is broken in unstable at the moment.  It'll be coming 
back at some stage.

> I am not sure how 'privilege' is defined.

Very coarsely at present: IIRC right now domain who's got access to a PCI 
device is as privileged as dom0.  This means they're allowed to map memory of 
other domains, do dom0 ops, etc.

Grant tables will enable us to deprivilege guests somewhat, then we'll split 
privileges down into more fine-grained capabilities.

Cheers,
Mark

> The privilege does so far not 
> only mean to do dom 0 ops, but seems to also limit guest domains of doing
> other things - like the backend problem I see. I agree, though, that for
> grant table support a backend should not need privileges.
>
> > Cheers,
> > Mark
>
> Cheers,
>    Stefan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] E1000 hanging, Keir Fraser
Next by Date:  [Xen-devel] public headers - multiple defines, Tim Newsham
Previous by Thread:  Re: [Xen-devel] netif & grant tables, Stefan Berger
Next by Thread:  Re: [Xen-devel] netif & grant tables, Stefan Berger
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy