[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 08/23] xen/arm: dom0less seed xenstore grant table entry
On 2025-03-06 20:47, Stefano Stabellini wrote: On Thu, 6 Mar 2025, Jason Andryuk wrote:With a split hardware and control domain, the control domain may still want and xenstore access. Currently this relies on init-dom0less to seed the grants. This is problematic since we don't want hardware domain to be able to map the control domain's resources. Instead have the hypervisor see the grant table entry. The grant is then accessible as normal. This is also useful with a xenstore stubdom to setup the xenbus page much earlier.Reading the patch, it seems that what is doing is letting the xenstore domain map the domU's grant table page. Is that correct? The end result is everything is setup for xenstored to map GNTTAB_RESERVED_XENSTORE at some time later. If so, I would suggest to update the commit message as follows: With split hardware/control/xenstore domains, the xenstore domain may still want to access other domains' xenstore page. Currently this relies on init-dom0less to seed the grants from Dom0. This is problematic since we don't want the hardware domain to be able to map other domains' resources without their permission. Instead have the hypervisor seed the grant table entry for every dom0less domain. The grant is then accessible as normal. I'll go with a tweaked version of yours: xenstored maps other domains' xenstore pages. Currently this relieson init-dom0less or xl to seed the grants from Dom0. With split hardware/control/xenstore domains, this is problematic since we don't want the hardware domain to be able to map other domains' resources without their permission. Instead have the hypervisor seed the grant table entry for every dom0less domain. The grant is then accessible as normal. Regards, Jason
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |