Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] xen: add gntdev

On 04/12/12 21:07, Thor Lancelot Simon wrote:
> On Tue, Dec 04, 2012 at 04:26:19PM +0100, Roger Pau Monn? wrote:
>> Independently of what we end up doing as default for handling raw file
>> disks, could someone review this code?
>> It's the first time I've done a device, so someone with more experience
>> should review it.
> I am not sure I entirely follow what this code's doing, but it seems to
> me it may allow arbitrary physical pages to be exposed to userspace
> processes in dom0 -- or in a domU, albeit only if dom0 userspace says so.

This device allows to map memory pages shared with another domain to a
userspace process, provided that the other domain has granted all the
necessary permissions to the remote domain wishing to access this pages.

This device does not allow to share pages from the current domain to a
remote domain, only allows the mapping of pages shared with another
domain, and they are not "arbritary", you need an abstract reference
(grant reference) to that memory page to be able to map it, which is
provided by the remote domain.

> Is that a correct understanding of one of its effects?  If so, there's
> a problem, since not being able to do precisely that is one important
> assumption of the 4.4BSD security model.
> Thor

Home | Main Index | Thread Index | Old Index