Ian Pratt
2005-Sep-04 13:02 UTC
RE: [Xen-devel] frontend and backend devices and differenttypes of hw - pci for example
> While I''m on the subject, I''d personally like to see guests > granted IO access slightly differently. There are two ways > to grant IO access on x86: change the IOPL (giving the guest > access to all IO ports) or set IO bits in the TSS (giving > fine grained control). The problem with the latter is that guest > *apps* will be able to access the hardware; essentially x86 > gives you coarse grained control and ring-level protection, > or vice-versa. > > Since people often like to partition their systems using Xen, > I don''t really like giving apps easy access to the hardware > in this way. I''d like to have the option of trapping IO port > writes in Xen and verifying the guest''s IO privileges in > software, then emulating the write.That''s how it works in -unstable today... Ian _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Mark Williamson
2005-Sep-04 15:38 UTC
Re: [Xen-devel] frontend and backend devices and differenttypes of hw - pci for example
> > Since people often like to partition their systems using Xen, > > I don''t really like giving apps easy access to the hardware > > in this way. I''d like to have the option of trapping IO port > > writes in Xen and verifying the guest''s IO privileges in > > software, then emulating the write. > > That''s how it works in -unstable today...Ah, so it is. IOPL emulation works correctly - cute :-) I actually vaguely remember the checkin but didn''t look at the diff at the time. Thanks, Mark _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel