| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
RE: [Xen-devel] Problem when doing direct_remap_area_pages() in aprivile
> I have come accross a problem when trying to do a
> direct_remap_area_pages() call in a backend driver that is
> running in a privileged user domain. The call ends up with an
> error code (-14 = -EFAULT). This in turn is caused by the
> hypervisor call
> HYPERVISOR_mmu_update() which returns an error code of -22 =
> -EINVAL after failing in set_foreigndom due to not (!?!)
> being privileged. The same call returns no error if run in domain-0.
> However, I found the solution to fix this. I needed to make
> a fake(*) PCI device available to the privileged user domain
> by adding a line like pci=['00,07,00'] to the configuration
> file, because this would actually set the privileged flag for
> the domain in
> xen/common/physdev.c:physdev_pci_access_modify(). I wonder
> whether the setting of this flag should not be moved to some
> other place?
Yep, we've had to point people at this work around before. Not nice.
I'd really like to see a patch that creates a more fine grained set of
privilege capabilities, and an appropriate config file option to set
them. For completeness, there should be a dom0_op that enables a domain
to irrevocably surrender a capability.
There's an argument that certain capabilities should be specific to a
specified target domain or group of domains (we already have a domain
group ID). This may be going to far in the first instance, but its worth
bearing in mind while working up a patch for the former.
Cheers,
Ian
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- RE: [Xen-devel] Problem when doing direct_remap_area_pages() in aprivileged user domain,
Ian Pratt <=
|
|
|
| |
|
Home