Xen’s grant tables provide a generic mechanism to memory sharing between domains. This shared memory interface underpins the split device drivers for block and network IO.
Each domain has its own grant table. This is a data structure that is shared with
Xen; it allows the domain to tell Xen what kind of permissions other domains have
on its pages. Entries in the grant table are identified by grant references. A grant
reference is an integer, which indexes into the grant table. It acts as a capability
which the grantee can use to perform operations on the granter’s memory.
This capability-based system allows shared-memory communications between un-
privileged domains. A grant reference also encapsulates the details of a shared
page, removing the need for a domain to know the real machine address of a page
it is sharing. This makes it possible to share memory correctly with domains run-
ning in fully virtualised memory.
Grant table manipulation
Creating and destroying grant references is done by direct access to the grant table.
This removes the need to involve Xen when creating grant references, modifying access permissions, etc.
The grantee domain will invoke hypercalls to use the grant references.
Four main operations can be accomplished by directly manipulating the table:
Grant foreign access allocate a new entry in the grant table and fill out the access permissions accordingly. The access permissions will be looked up by Xen when the grantee attempts to use the reference to map the granted frame.
End foreign access check that the grant reference is not currently in use, then remove the mapping permissions for the frame. This prevents further mappings from taking place but does not allow forced revocations of existing mappings.
Grant foreign transfer allocate a new entry in the table specifying transfer permissions for the grantee. Xen will look up this entry when the grantee attempts to transfer a frame to the granter.
End foreign transfer remove permissions to prevent a transfer occurring in future. If the transfer is already committed, modifying the grant table cannot prevent it from completing.
阅读(995) | 评论(0) | 转发(0) |