[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor

To: Peter Teoh <htmldeveloper@xxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Date: Mon, 03 Sep 2007 07:15:01 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 02 Sep 2007 23:15:25 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On Mon, 2007-09-03 at 08:45 +0800, Peter Teoh wrote:
> In some parts of IA64 I can see that domain==dom0 checking is done,
> but in all of x86 - I have yet to find a proper checking that the
> hypercalls comes from a dom0 domain instead of any other domain. 
> 
> Theoretically, this means that any domain (PV or HVM) can always
> modify its own kernel binary and then make a direct hypercall (via int
> 0x82 or SYSENTER) into the hypervisor, executing domain controller
> commands like create domain etc. 
> 
> Is this possible?

No. The checks you are talking about are done using IS_PRIV() rather
than comparing directly domain==dom0.

e.g. from do_domctl and do_sysctl:
   if ( !IS_PRIV(current->domain) )
        return -EPERM;

In practise only dom0 passes this test.

Cheers,
Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor
  - From: Peter Teoh

Prev by Date: RE: [Xen-devel] [PATCH] 1/2: cpufreq/PowerNow! in Xen: Time and platform changes
Next by Date: RE: [Xen-devel] Re: free_irq_vector on ia64
Previous by thread: [Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor
Next by thread: Re: [Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.