WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] problem with netfront.c

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] problem with netfront.c
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Sun, 3 Apr 2005 15:21:32 +0100
Cc: Jacob Gorm Hansen <jacobg@xxxxxxx>
Delivery-date: Mon, 04 Apr 2005 14:21:43 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4250AF21.8040909@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1E39C7@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <4250AF21.8040909@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8
> This looks quite interesting. Is there anything written up about the
> motivations for this design, and how it compares to other similar
> mechanisms, say, L4's grant-via-IPC system?

I don't know of much writeup beyond the details in the README and the original 
description in the 2004 OASIS paper 
(http://www.cl.cam.ac.uk/netos/papers/2004-oasis-ngio.pdf).

> Are the grant references capabilities, or how do you prevent domains
> from inventing their own?

I think they behave like capabilities.  Given a grant ref. ID, the mapping 
domain asks Xen for a mapping.  Xen uses the ID to index into the mappee's 
grant table and checks that reference gives the appropriate permissions.

> Who takes care of garbage-collecting them when 
> a domain exists or dies?

I guess a domains memory won't be deallocated until all mappings to it are 
relinquished (due to ref counting).  At this point it will be safe to throw 
away all the grant references.

> Can a domain DoS a Xen-system by allocating all 
> the grant refs in the system?

Each domain has its own grant table, so this shouldn't be a problem.

Cheers,
Mark

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel