[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Discussion] Xen grants and access permissions
Hello Viresh. [CCed Jürgen who might have some thoughts] [Sorry for the possible format issues] On Thu, Feb 16, 2023 at 1:36 PM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote: On 16/02/2023 11:13 am, Viresh Kumar wrote: Below are my thoughts which might be wrong. I see the problem, but cannot add anything else to what Andrew has already said. If the frontend maps a page as RO then a backend (device) should map it with the same attribute and perform only read access to it. Restricted memory access using Xen grants is a kind of SW IOMMU, no more no less, so I assume the very same problem would take place if we would implement a virtio-iommu for Xen... Let's assume that we cannot modify a guest to map *everything* as RW. But although the permission flags are not communicated explicitly in classic case, the backend usually knows how a particular frontend page is supposed to be mapped (at least I didn't face any permission related issues when using Xen grants either with standalone virtio-disk backend or Qemu based backends using Jürgen's PoC): 1. The virtqueues are mapped as RW (because it is supposed to be written by both ends) 2. The payload I/O buffer's (virtio ring descriptors) fortunately have a flag field, so it is always known whether they are WO or RO 3. The indirect descriptor is mapped as RO (because it contains a list of other descriptors, so nothing to be written there) So I am wondering can this standard vhost-user protocol be extended to pass some additional information for a memory region? If and only if that standard vhost-user protocol cannot be extended to communicate required information for a memory region *and* there is a need to use Xen grants for virtio (so it is completely unclear what that memory region actually represents and how it should be mapped) one (crazy?) idea could be to try to map everything as RW and fallback to RO if the mapping attempt fails. Or, perhaps, as an alternative, to map as RW only those pages which are going to be modified, anything else map as RO. Although I am not quite sure whether it would be a good idea. Regards, Oleksandr Tyshchenko
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |