| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-devel] [PATCH] block FE/BE grant table support for initial shared m
Hello!
Attached is a patch that fully 'grant-table-ifies' the block front and
backends. It is necessary to do a make clean in the tools directory and
then rebuild the tree.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 07/04/2005 03:11:40 PM:
> > You are right, it's not the grant tables per se that need the
privileged
> > bit to be set, but other functions need it and keep backends from
working.
> >
> > Here are two code paths from the network backend:
>
> I suspected it might be something like this. There's no reason for
those to
> require privilege either: they can fairly trivially be converted to use
grant
> tables too. Once it's fully grant-table-ified it shouldn't be necessary
to
> make such domains be privileged.
>
> Full grant tables support also a pre-req for the point to point
"snappable
> frontend" connections directly between domains with high bandwidth
> requirements.
>
> Cheers,
> Mark
>
> > from netback/interface.c calls
> >
> >
linux-2.6.11-xen-sparse/arch/xen/i386/mm/ioremap.c:direct_remap_area_pages(
> >) calls
> > HYPERVISOR_mmu_update calls
> > xen/arch/x86/mm.c:do_mmu_update calls
> > set_foreigndom() which has an IS_PRIV() in the path
> >
> > -> The direct_remap_area_pages call fails if a domain does not have
the
> > privilege bit set.
> >
> >
> > netback/netback.c: alloc_mfn() calls
> > HYPERVISOR_dom_mem_op(MEMOP_increase_reservation, mfn_list,
> > MAX_MFN_ALLOC, 0);
> > xen/common/dom_mem_ops.c:do_dom_mem_op() is called which has a
> > IS_PRIV() in the path
> >
> >
> >
> > Stefan
> >
> > > What I meant was that since grant tables are an explicit capability
(you
> >
> > can
> >
> > > only map a page of another dom if it gave you an explicit grant)
there's
> >
> > no
> >
> > > need for mappings in the IO path to require special privileges at
all.
> >
> > If
> >
> > > someone gave you a grant, they must trust you enough to access that
> >
> > page.
> >
> > > Cheers,
> > > Mark
> > >
> > > > Stefan
> > > >
> > > > > Cheers,
> > > > > Mark
> > > > >
> > > > > > The privilege does so far not
> > > > > > only mean to do dom 0 ops, but seems to also limit guest
domains
> >
> > of
> >
> > > > doing
> > > >
> > > > > > other things - like the backend problem I see. I agree,
though,
> >
> > that
> >
> > > > for
> > > >
> > > > > > grant table support a backend should not need privileges.
> > > > > >
> > > > > > > Cheers,
> > > > > > > Mark
> > > > > >
> > > > > > Cheers,
> > > > > > Stefan
> > > > >
> > > > > _______________________________________________
> > > > > Xen-devel mailing list
> > > > > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > > > > http://lists.xensource.com/xen-devel
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
blkif_grant.patch
Description: Binary data
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home