[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] Problem when doing direct_remap_area_pages() in aprivileged user domain
> I have come accross a problem when trying to do a > direct_remap_area_pages() call in a backend driver that is > running in a privileged user domain. The call ends up with an > error code (-14 = -EFAULT). This in turn is caused by the > hypervisor call > HYPERVISOR_mmu_update() which returns an error code of -22 = > -EINVAL after failing in set_foreigndom due to not (!?!) > being privileged. The same call returns no error if run in domain-0. > However, I found the solution to fix this. I needed to make > a fake(*) PCI device available to the privileged user domain > by adding a line like pci=['00,07,00'] to the configuration > file, because this would actually set the privileged flag for > the domain in > xen/common/physdev.c:physdev_pci_access_modify(). I wonder > whether the setting of this flag should not be moved to some > other place? Yep, we've had to point people at this work around before. Not nice. I'd really like to see a patch that creates a more fine grained set of privilege capabilities, and an appropriate config file option to set them. For completeness, there should be a dom0_op that enables a domain to irrevocably surrender a capability. There's an argument that certain capabilities should be specific to a specified target domain or group of domains (we already have a domain group ID). This may be going to far in the first instance, but its worth bearing in mind while working up a patch for the former. Cheers, Ian _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |