[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor
On Mon, 2007-09-03 at 08:45 +0800, Peter Teoh wrote: > In some parts of IA64 I can see that domain==dom0 checking is done, > but in all of x86 - I have yet to find a proper checking that the > hypercalls comes from a dom0 domain instead of any other domain. > > Theoretically, this means that any domain (PV or HVM) can always > modify its own kernel binary and then make a direct hypercall (via int > 0x82 or SYSENTER) into the hypervisor, executing domain controller > commands like create domain etc. > > Is this possible? No. The checks you are talking about are done using IS_PRIV() rather than comparing directly domain==dom0. e.g. from do_domctl and do_sysctl: if ( !IS_PRIV(current->domain) ) return -EPERM; In practise only dom0 passes this test. Cheers, Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |