> I learned from the Xen SOSP paper that Xen installs a fast trap handler to
> allow the system calls issued by guest app direct trap into the guest os
> system trap handler. I guess the procedure should be as follows:
> Guest app issues a system call, because it runs at ring 3, the instruction
> will be trapped. Xem hypervisor, as a VMM, defines an exception handler
> for int 80. In the exception handler, there are an interrupt vector
> defined according to current running guest OS. That is, guest os reports
> its interrupt vector to vmm, and vmm save the vector for fast handling.
> Since VMM knows the interrupt vector of the specific guest os, it can
> directly jump to the right place, which is the entry of the guest os
> system call function, and start to process the system call.
The fast trap vector is installed directly into the IDT when
context-switchign between domains, so syscalls will trap directly to
teh guest OS in ring 1 --- Xen is not involved in the fast-trap path.
> Is my understanding right? If so, I have two questions:
> first, when will the guest os register the system call handler with the
Registers it when it boots, using HYPERVISOR_set_fast_trap().
> second, if a guest os is compromised, can intruders change the handler by
> registering another entry point at runtime?
If a guest OS root account is compromised then an intruder has full
control over that OS and can do things like registering a different
fast trap handler.
> I noticed that many people are trying to do more development on Xen. Can
> Xen group publish more design document? Although reading source code is
> usually a good way to understand Xen, it is not the fastest way, not to
> mention that people may misunderstand some codes. Maybe a simple flow
> chart of Xen will help us a lot!
More documentation is likely to appear in the future, now that the
interface to Xen has stabilised.
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
Xen-devel mailing list