Xen project Mailing List

[Xen-devel] Re: Questions about the control tools in Xen

To: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxxxx>

From: "Inaba" <B8844014@xxxxxxxxxxxxxxxxx>

Date: Thu, 19 Feb 2004 21:35:22 +0800

Delivery-date: Thu, 19 Feb 2004 14:39:00 +0000

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

In the Xenolinux source code, I found that in function of HYPERVISOR_dom0_op, it would set the interface version to DOM0_INTERFACE_VERSION!! Does Xen VMM check the commands come from domain0 or not just acording with the interface version? If another domain boot by the xenolinux kernel as same as domain 0 and use the privileged tools, can this domain create or delete another domains? Another question: How guest OS set into kernel mode from ring 3 into ring 1 insteed of ring 3 into ring 0 Thanks a lot !! Cheers, Inaba > > > Recently, I have traced part of the Xen VMM code. > > > > > > but I have some troubles... > > > > > > I could not find out the function ioctl() which is called by the > function do_privcmd() (xeno-1.2.bk/tools/xc/lib/xc_private.h) > > > > "man ioctl" -- its a system call > > I got it , thanks a lot !!! > > > > > > Is the interface between guest OS and VMM just like the interface > between OS and Hardware ? > > > > Similar, but different. The best overview description is in the > > SOSP paper available off the project web page. > > I'm reading this paper now, but I could not understand how guest OS set into > kernel mode from ring 3 into ring 1 insteed of ring 3 into ring 0. > > which functions or codes need to be modified in Xenolinux source code? > > > > > > Is there any protection in Xen VMM to protect that only Domain 0 could > use the control tools? > > > > Yes. There's a concept of a 'privileged domain' that all dom0_ops > > and other hypervisor interfaces check. In future, we may allow > > delegations to enable, for example, domain 3 to be able to > > control and manipulate domain 7 but no others. > > I'm not really understand the concept 'privileged domain' means. > > but I have traced some of codes in xen. > > I found that pyxc_domain_create() would call the function > xc_domain_create() -> do_dom0_op() -> do_xen_hypercall() -> do_privcmd() -> > ioctl() > > In xc_domain_create() would fill in some parameters into dom0_op_t data > structure. > > But if another domain such as domain 1 calls the function > pyxc_domain_create(), then it would create another domain ?? > > I guess that in Xen VMM it would check the the request of operations comes > from which domain. (domain number or address space ???) > > If I want to know the protection mechanism which function I need to trace ? > > Cheers, > > Inaba > > > > > Best, > > Ian > > > ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.