Czakó Krisztián
2005-Apr-29 18:55 UTC
[Xen-users] xen testing (2.6.11.7) & physdev_access problem
Hello, I can''t start a domain with my own built xenU kernel when I enable physdev_access. I build the kernels on a Debian sarge with make-kpkg. When I build a "normal" guest kernel, it boots and the domain starts up. When I enable physdev_access, nothing happen after an xm create testvm -c (console starts up, and stops after a while without any output on it). No error message, simply nothing. I enable physdev_access via menuconfig (make ARCH=xen menuconfig), and disable net and blk backend, as I wantto use the domain0 as net & blk backend, and I leave enabled the frontends (and CONFIG_DUMMY_CONSOLE=y). PCI support is enabled also. I''ve started with a default config from arch/xen/configs/xenU_defconfig. What''s wrong with it? What am I missed? I''ve attached the .config I''ve used. Thx. Regards, Slapic _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Czakó Krisztián
2005-May-02 16:24 UTC
[Xen-users] working xen domU kernel with PHYSDEV_ACCESS?
Hello, As noone answered my question, I try a different way... :( Does anyone has a working domU kernel whith PHYSDEV_ACCESS, so that a domU kernel can access PCI devices? Regards, Krisztian Czako _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Mark Williamson
2005-May-02 17:24 UTC
Re: [Xen-users] working xen domU kernel with PHYSDEV_ACCESS?
Hi, If you just use the dom0 kernel that''ll work in a domU with or without physical access to devices. You can compile a custom kernel for it if you really need to but even then it''s probably easiest to start with the dom0 configuration. Cheers, Mark On Monday 02 May 2005 17:24, Czakó Krisztián wrote:> Hello, > > As noone answered my question, I try a different way... :( > > Does anyone has a working domU kernel whith PHYSDEV_ACCESS, so that a > domU kernel can access PCI devices? > > > Regards, > Krisztian Czako > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Mark Williamson
2005-May-02 17:40 UTC
Re: [Xen-users] working xen domU kernel with PHYSDEV_ACCESS?
> 2005-05-02, h keltezéssel 18.19-kor Mark Williamson ezt írta: > > You should just be able to use the dom0 kernel itself - have you tried > > that? > > That works. Ok. > I think I''ve misunderstood something in the docs/list archives. > As I understand, the privileged guest (dom0 kernel) has full privileges > to the xen command interface (so that can manage domains)Yes, dom0 has those privileges. This is, however, *independent* of the kernel image it uses. The PRIVILEGED_GUEST option compiles a kernel that knows *how* to access the privileged control interface. Unless Xen gives it this privilege, it still won''t be able to manage domains. Thus, using a xen0 kernel in a domU does not in any way imply reduced security. In fact, from a security PoV it doesn''t matter what kernel you use in a guest domain - the worst a guest can do is allow *itself* to be compromised. It''s not a risk to the rest of the machine to allow users to compile their own kernels.> and is a > backend for other domains. The docs also says that a block device > backend can''t be a block device frontend, so that can''t use a device > from an other backand (the Domain-0 for example). But it seems that it > can...At the time, it was not possible for a domain to *actively* use both its backend driver and its frontend driver. This is not true anymore in the unstable tree for network devices but is still true in the stable tree AFAIK. There''s no problem with a domain having both drivers compiled in, it just can''t use them both at once.> Can I disable the PRIVILEGED_GUEST option of the dom0 kernel when I want > to use that one as a guest with physical device (some pci device) > access?You can if you want but if you give a guest physical device access, it''ll still have (almost) dom0 privileges, you just won''t be able to *use* the management interface (so easily) from userspace. Don''t let anyone you don''t trust use this domain ;-) Privileges for guests with physical device access will gradually get tightened up with the introduction of grant tables in the unstable / 3.0 tree. Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Czakó Krisztián
2005-May-02 18:08 UTC
Re: [Xen-users] working xen domU kernel with PHYSDEV_ACCESS?
2005-05-02, h keltezéssel 18.19-kor Mark Williamson ezt írta:> You should just be able to use the dom0 kernel itself - have you tried that?That works. Ok. I think I''ve misunderstood something in the docs/list archives. As I understand, the privileged guest (dom0 kernel) has full privileges to the xen command interface (so that can manage domains) and is a backend for other domains. The docs also says that a block device backend can''t be a block device frontend, so that can''t use a device from an other backand (the Domain-0 for example). But it seems that it can... Can I disable the PRIVILEGED_GUEST option of the dom0 kernel when I want to use that one as a guest with physical device (some pci device) access? Regards, Krisztian Czako _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users