[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] HVMOP_guest_request_vm_event only works from guest in ring0

On 03/08/2016 22:00, Razvan Cojocaru wrote:
> On 08/03/16 23:44, Andrew Cooper wrote:
>> On 03/08/2016 21:37, Bread Cutter wrote:
>>> Hello all,
>>>
>>> I'm writing an executable that runs inside of a guest, and I planned
>>> to use vmcall to talk to a tool running in Dom0, using the vm_event
>>> API. It didn't work, and looking through the code, the first thing
>>> hvm_do_hypercall() does is check if the guest is in ring0. If not, it
>>> returns EPERM and exits.
>>>
>>> In the case of HVMOP_guest_request_vm_event, I'd rather it be up to my
>>> code if a call can be made from CPL>0. Is this done intentionally?
>> In general, allowing hypercalls from user context is unsafe, and the
>> subject of several arguments in the past.
>>
>> However, in this specific case there are plenty of ways for userspace to
>> get the attention of an introspection agent, although in inefficient
>> ways.  As such, blocking access is pointless.  In XenServer, we have
>> whitelisted that specific hypercall.
>>
>> You want something like:
>>
>> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
>> index c1b8392..c7a2cdf 100644
>> --- a/xen/arch/x86/hvm/hvm.c
>> +++ b/xen/arch/x86/hvm/hvm.c
>> @@ -5194,8 +5194,14 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
>>      switch ( mode )
>>      {
>>      case 8:       
>> +        if ( eax == __HYPERVISOR_hvm_op &&
>> +             regs->rdi == HVMOP_guest_request_vm_event )
>> +            break;
>>      case 4:
>>      case 2:
>> +        if ( eax == __HYPERVISOR_hvm_op &&
>> +             regs->ebx == HVMOP_guest_request_vm_event )
>> +            break;
>>          hvm_get_segment_register(curr, x86_seg_ss, &sreg);
>>          if ( unlikely(sreg.attr.fields.dpl) )
>> {
> Indeed, if everyone agrees that the patch is acceptable I'm happy to
> send it to xen-devel. It'd obviously be great if this ends up upstream.

A +1 from me, but there is substantial resistance from others, which is
what stopped my previous attempt to allow a kernel to opt in to allowing
userspace hypercalls.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.