RE: [Xen-devel] Grant tables from dom0 userspace?

To:	"Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>
Subject:	RE: [Xen-devel] Grant tables from dom0 userspace?
From:	"King, Steven R" <steven.r.king@xxxxxxxxx>
Date:	Thu, 9 Mar 2006 12:44:23 -0800
Cc:	Andrew Warfield <andrew.warfield@xxxxxxxxxxxx>, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, Jacob Gorm Hansen <jacobg@xxxxxxx>, xen-devel Devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Thu, 09 Mar 2006 20:45:21 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcZDqrL7sukqSBhkRx2prXMdHjU3lQAABvrw
Thread-topic:	[Xen-devel] Grant tables from dom0 userspace?

Fair enough.  Not being an expert, I'm willing to take my lumps when
voicing opinion on these issues.

No offense to Andrew, who is very helpful, but I don't believe blktap
has worked around these grant table problems:

Shared pages can only be unshared if all the mapping domains play nice
-- IMHO, an "Enterprise-Grade" security problem already discussed here:
http://lists.xensource.com/archives/html/xen-devel/2006-01/msg00369.html
In the code, this manifests itself as a "WARNING: g.e. still in use"
printk in sparse/arch/xen/kernel/gnttab.c 

The implicit grant unmap problem, previously discussed here:
http://lists.xensource.com/archives/html/xen-devel/2006-02/msg00517.html
http://lists.xensource.com/archives/html/xen-devel/2006-01/msg00689.html
This is an interesting one, since it's arguable where
"paravirtualization" ends and "unnatural" begins.  It would sure be nice
to have a scheme that didn't force the gamut of guest OS's to add
special hooks just for Xen shared pages.  Whether Xen adds bookkeeping,
or all guest OS's create a special case, I'm in favor of whatever scheme
has the least net complexity.

The reliance on the _PAGE_GNTMAP bit in the pte to catch disallowed OS
behavior, such as implicit unmaps above.  I recall the code comment
saying using pte bits is broken for *BSD for example.  If implicit
unmaps can be made to work, then perhaps this bit goes away.  If only
explicit unmaps are allowed (via new OS hooks or whatever), then I think
we're be stuck with _PAGE_GNTMAP.

-steve

-----Original Message-----
From: Keir Fraser [mailto:Keir.Fraser@xxxxxxxxxxxx] 
Sent: Thursday, March 09, 2006 10:50 AM
To: King, Steven R
Cc: Andrew Warfield; Cihula, Joseph; Jacob Gorm Hansen; xen-devel Devel
Subject: Re: [Xen-devel] Grant tables from dom0 userspace?

On 9 Mar 2006, at 18:46, King, Steven R wrote:

> Following much of Andrew's work in my own driver, I've tried to create

> general purpose user-mode mappings based on grant tables.  The results

> are unsatisfactory.  You'll encounter some tricky domain crashes that 
> have been discussed already on this list.

With due respect, just because you haven't got it working correctly yet
does not mean it can't be done. It's working okay in the blktap driver
after all.

  -- Keir

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

RE: [Xen-devel] Grant tables from dom0 userspace?