| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] Hypercall privilege check
> But I guess my question was not clear enough, because I was actually
> asking about Xen and how it enforces hypercalls to be made only from
> ring 1. I just assumed that Xen checks if int 0x82 is executed with
> the right privilege. But when I tried to find where Xen actually does
> it, I couldn't find it. I hope my question is more clear this time :)
Ah, I see what you mean.
I think the hardware actually enforces this... lemme see...
Yes, here we are: in xen/arch/x86/x86_32/traps.c::244 we have a:
/* The hypercall entry vector is only accessible from ring 1. */
_set_gate(idt_table+HYPERCALL_VECTOR, 14, 1, &hypercall);
So int 0x82 is only permitted to be executed from ring 1. And the x86
interrupt gate things enforce it in hardware, I assume. x86 scares me, and
so I'm being a bit vague here!
Great! Exactly what I was looking for. Thanks.
I imagine you'd get a GPF if you tried to hypercall from userspace, but I'm
not so familiar with lowlevel x86 goop (at least, not when my manual's in
another building!) so I can't be certain.
Trivia: As a result of hypercalls being only allowed from ring 1, the Minix
port (for Xen 2.0, I think) which uses ring 1, 2 and 3 has portions of the
kernel in ring 2 calling portions in ring 1 to actually perform hypercalls.
This is interesting. I think I should look at Minix port. Thanks a lot.
- Steve
Cheers,
Mark
> - Steve
>
> On 6/28/07, Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote:
> > > I'm wondering where Xen actually checks whether a hypercall is made
> > > from ring 1 or ring 3. Could anyone point me out to the code? Any
> > > pointer would be much appreciated. Thanks!
> >
> > Hypercalls are made from ring 1. The userspace tools do make hypercalls
> > sometimes, but they do it by calling a special kernel driver, which then
> > does the actual hypercall. *actually* what that does is to jump into the
> > hypercall transfer page at the right location. This page contains the
> > actual implementation of the hypercall (using this indirection allows
> > future versions of Xen to supply different implementations of the calls,
> > if appropriate).
> >
> > Take a look at:
> > drivers/xen/privcmd/privcmd.c in the XenLinux tree. This is used by the
> > dom0 tools to do control plane operations.
> >
> > Also, take a look at: include/asm-i386/mach-xen/asm/hypercall.h which
> > contains implementations of some other hypercalls.
> >
> > HTH,
> > Cheers,
> > mark
> >
> > --
> > Dave: Just a question. What use is a unicyle with no seat? And no
> > pedals! Mark: To answer a question with a question: What use is a
> > skateboard? Dave: Skateboards have wheels.
> > Mark: My wheel has a wheel!
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
--
Dave: Just a question. What use is a unicyle with no seat? And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home