| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] netif & grant tables
Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote on 07/01/2005
09:56:26 PM:
> > If someone has the matching problem for my solution, then let me know.
:-)
> > Otherwise I think the problem of making domains privileged should
really
> > be solved - probably starting somewhere in XEN-D.
>
> There should probably be a flag you pass down from the config. The
current
It could be done implicitly, meaning that if you give a domain a backend
(netif/blkif), that privilege flag will automatically be set by XEN-D and
used when creating the domain, or explicitly where one specifies the
flag(s) to set in the VM config file.
> hack people use is to give the domain access to a PCI device but not
compile
> in the drivers. Driver domains are privileged at the moment, so it
works :-S
>From what I can see this does not work anymore - I used to do that also.
Passing a PCI device to a partition results in an error since the
xc_physdev_pci_access_modify call ends in an error.
>
> With full grant tables support, full privilege is not necessary, just a
grant
> from the other party. That's probably the nicest long term solution and
can
> also hook in with a suitable IO-TLB to provide protection against rogue
DMAs.
I am not sure how 'privilege' is defined. The privilege does so far not
only mean to do dom 0 ops, but seems to also limit guest domains of doing
other things - like the backend problem I see. I agree, though, that for
grant table support a backend should not need privileges.
>
> Cheers,
> Mark
Cheers,
Stefan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home