On 16/02/2023 11:13 am, Viresh Kumar wrote:
Hi Oleksandr,
As you already know, I am looking at how we can integrate the Xen grants work in our implementation of Rust based Xen vhost frontend [1].
The hypervisor independent vhost-user backends [2] talk to xen-vhost-frontend using the standard vhost-user protocol [3]. Every memory region that the backends get access to are sent to it by the frontend as memory region descriptors, which contain only address and size information and lack any permission flags.
I noticed that with Xen grants, there are strict memory access restrictions, where a memory region may be marked READ only and we can't map it as RW anymore, trying that just fails. Because the standard vhost-user protocol doesn't have any permission flags, the vhost libraries (in Rust) can't do anything else but try to map everything as RW.
I am wondering how do I proceed on this as I am very much stuck here.
(unhelpful comment) This is what happens when people try to reinvent the wheel a little more square than it was before.
If the guest grants the page read-only, then you can only map it read only. Anything else is a violation of the security model.
So either you need to adjust the guest to always grant read/write, or you need to teach virtio that read only is actually a real concept.
~Andrew