WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] netif & grant tables

from [Mark A. Williamson] [Permanent Link][Original]
To: Stefan Berger <stefanb@xxxxxxxxxx>
Subject: Re: [Xen-devel] netif & grant tables
From: "Mark A. Williamson" <mark.williamson@xxxxxxxxxxxx>
Date: Mon, 4 Jul 2005 20:11:40 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 04 Jul 2005 19:10:42 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <OF56CCBCBE.FE26A651-ON85257034.0029A7E9-85257034.0066D143@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <OF56CCBCBE.FE26A651-ON85257034.0029A7E9-85257034.0066D143@xxxxxxxxxx>
Reply-to: mark.williamson@xxxxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.7 
> You are right, it's not the grant tables per se that need the privileged
> bit to be set, but other functions need it and keep backends from working.
>
> Here are two code paths from the network backend:

I suspected it might be something like this.  There's no reason for those to 
require privilege either: they can fairly trivially be converted to use grant 
tables too.  Once it's fully grant-table-ified it shouldn't be necessary to 
make such domains be privileged.

Full grant tables support also a pre-req for the point to point "snappable 
frontend" connections directly between domains with high bandwidth 
requirements.

Cheers,
Mark

> from netback/interface.c calls
>
> linux-2.6.11-xen-sparse/arch/xen/i386/mm/ioremap.c:direct_remap_area_pages(
>) calls
>       HYPERVISOR_mmu_update calls
>          xen/arch/x86/mm.c:do_mmu_update calls
>            set_foreigndom() which has an IS_PRIV() in the path
>
> -> The direct_remap_area_pages call fails if a domain does not have the
> privilege bit set.
>
>
> netback/netback.c: alloc_mfn() calls
>    HYPERVISOR_dom_mem_op(MEMOP_increase_reservation, mfn_list,
> MAX_MFN_ALLOC, 0);
>      xen/common/dom_mem_ops.c:do_dom_mem_op() is called which has a
> IS_PRIV() in the path
>
>
>
>  Stefan
>
> > What I meant was that since grant tables are an explicit capability (you
>
> can
>
> > only map a page of another dom if it gave you an explicit grant) there's
>
> no
>
> > need for mappings in the IO path to require special privileges at all.
>
> If
>
> > someone gave you a grant, they must trust you enough to access that
>
> page.
>
> > Cheers,
> > Mark
> >
> > >     Stefan
> > >
> > > > Cheers,
> > > > Mark
> > > >
> > > > > The privilege does so far not
> > > > > only mean to do dom 0 ops, but seems to also limit guest domains
>
> of
>
> > > doing
> > >
> > > > > other things - like the backend problem I see. I agree, though,
>
> that
>
> > > for
> > >
> > > > > grant table support a backend should not need privileges.
> > > > >
> > > > > > Cheers,
> > > > > > Mark
> > > > >
> > > > > Cheers,
> > > > >    Stefan
> > > >
> > > > _______________________________________________
> > > > Xen-devel mailing list
> > > > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > > > http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] netif & grant tables, Keir Fraser
Next by Date:  Re: [Xen-devel] xen-unstable-src tarball, Frank Heydlauf
Previous by Thread:  Re: [Xen-devel] netif & grant tables, Keir Fraser
Next by Thread:  [Xen-devel] [PATCH] block FE/BE grant table support for initial shared memory page, Stefan Berger
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy