[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Discussion] Xen grants and access permissions

  • To: Viresh Kumar <viresh.kumar@xxxxxxxxxx>, Oleksandr Tyshchenko <olekstysh@xxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 16 Feb 2023 11:36:35 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dbij6wud+VIMPRG/4dhS69e7R62YJAqGrWpkgWI4CTk=; b=fnWaozxLzkrobOHXfY1oqWWR4cpClFQN6/gH6rLbVtTz7Hco05ccLhUX3vpnsBLp83Mu/Yf380qagkt8vpFBRPANezgmMg46R5t2D+DwitCyIrDHqpLQMvYeGypEtJ2goJR6h8YNeuO4uLJ1dztbhZw1UOhyFjZPm81mP6EgVSs84Yk6ilHBQNxjBJK+Z58i2V6wKKnY8SseEttabdBrxDfTOnAi174iDtvdAhAyH7lcl9QNqAAIkZ2neF4HgQaTUm0EqH9EzxTlvkHThqS2PxJh7jn90WxYNE+V1BATkYIMxROFNq0gkJ5wBVqRShX2k1axvOSsnbuJQWd+ByClNw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EDeDOg6BIKI0X++IsNY+ApvEzcsK8yrX5g6K9DwKXSeQ66Fg1aHcx+nvB41/NLqZcnWHNPCt31RhGt5d9zp2ZzKc92iyaeCdM762lTM9aI4AbbO1mPtO4+7+hO89fCIz7R6O8PPti+NKNNIusoyXlhSBTwU3KzK1V2cqPSDHtr9oZj9sP0p2XppkKRu2geUAC8Qa7l86+SQjQjPEg284ft+D6oiZv3HQn76CQo16gOm1agno9BzukZIzud1rDb+6cZM0pJ09/e4r7krrbEsvd2aCzloe2m/jcF93TDEWkYYejsSCQPgRH8cMTjr22o4wCodM4YL8NeOwNxWOcVRlHw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Stratos Mailing List <stratos-dev@xxxxxxxxxxxxxxxxxxx>, Alex Bennée <alex.bennee@xxxxxxxxxx>, Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>, Vincent Guittot <vincent.guittot@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
  • Delivery-date: Thu, 16 Feb 2023 11:37:13 +0000
  • Ironport-data: A9a23:iGVfnqKhj/t0GkzxFE+RS5QlxSXFcZb7ZxGr2PjKsXjdYENS3mFSy GJOWmGAa/zeamOmc992aYm38koFv5bXzoNiGwBlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPcwP9TlK6q4mhA5AVgPakjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c57W0MT/ 6U1dAkOQRbZ3tiw6YKgSMlz05FLwMnDZOvzu1lG5BSBV7MdZ8mGRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/dopTSPpOBy+OGF3N79U9qGX8hK2G2fo XrL5T/RCRAGLt2PjzGC9xpAg8eew3qgAtlJTtVU8NZjhVGRzzUCIyQRRECUq/qko3O/Usp2f hl8Fi0G6PJaGFaQZsf8RRCjoDiHoxsVQfJUEusz8gbLzbDbiy6eAmUHVSJQc9wOu8o/RDhs3 ViM9/vyGSZmrLqODH6Q6J+TtXa2ODMJNikGZCkNVwxD5MPsyKk6ih/fCNxuFqi4g/XxGDf52 TfMqzIx750WhNIL1qimu0jAgiitq4LhSg8z7x/QGGW/4WtReo+jbIGu9R7U8PdcMIGFZl2Au nEenI6Z9u9mJYGAkmmBTfsAGJmt5u2ZK3vMjFgpGIMunwlB4FamdIFUpSp4fUFgN55efSezO BOP/wRM+JVUIX2mK7dtZJ68ANgryq6mEsn5UvfTbZxFZZ0ZmBK7wRyCrHW4hwjF+HXAW4ljU XtHWa5A1UonNJk=
  • Ironport-hdrordr: A9a23:K97zaKOWxi+Oh8BcTvujsMiBIKoaSvp037BL7SxMoHluGfBw+P rAoB1273HJYVQqOE3I6OrgBEDoexq1n/NICOIqTNSftWfdyQyVxahZnOnf6gylNyri9vNMkY dMGpIObuEY1GIK6PoSNjPId+od/A==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16/02/2023 11:13 am, Viresh Kumar wrote:
> Hi Oleksandr,
>
> As you already know, I am looking at how we can integrate the Xen
> grants work in our implementation of Rust based Xen vhost frontend [1].
>
> The hypervisor independent vhost-user backends [2] talk to
> xen-vhost-frontend using the standard vhost-user protocol [3]. Every
> memory region that the backends get access to are sent to it by the
> frontend as memory region descriptors, which contain only address and
> size information and lack any permission flags.
>
> I noticed that with Xen grants, there are strict memory access
> restrictions, where a memory region may be marked READ only and we
> can't map it as RW anymore, trying that just fails. Because the
> standard vhost-user protocol doesn't have any permission flags, the
> vhost libraries (in Rust) can't do anything else but try to map
> everything as RW.
>
> I am wondering how do I proceed on this as I am very much stuck here.
>

(unhelpful comment) This is what happens when people try to reinvent the
wheel a little more square than it was before.

If the guest grants the page read-only, then you can only map it read
only.  Anything else is a violation of the security model.

So either you need to adjust the guest to always grant read/write, or
you need to teach virtio that read only is actually a real concept.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.