WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Hypercall privilege check

To: "Mark Williamson" <mark.williamson@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Hypercall privilege check
From: "Steven Y. Ko" <sko@xxxxxxxxxxx>
Date: Thu, 28 Jun 2007 21:37:59 -0500
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 28 Jun 2007 19:35:51 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=dmzlkqH06Pa3m/jn3A7+ezRbX8H8ry9fnFZCe0haStjTf8utYZmMEnxpNN0LTMwDobgvmKvmLZa/GfJJFHHXNK1DRMEwr1tUdBTs3PhXp7CCR8x17fp0KNideRuiIvJiZhga3P2v6Etlo+CIi76QhiWMFn7jqErHRpBb39Phxus=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=C9QEWmDwHOTFNZk/HRmlYVntrIhePGRjE5jrUghBeF5nwBI9jJhVmvJx2dTHz+tgHKW2FAlhAhAVzTAr42gup3XCwr7yjB+biP0zkubCzQMSKEHZjFAPrymR3bIEfQVjH3Xa5c8x4TIUo90CLtczHdAv+Om0Nt4LzHYfB5Zm9JM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200706290244.26894.mark.williamson@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <5fa100fd0706281554s4bd36ae1l936e92b8ec8ce280@xxxxxxxxxxxxxx> <200706290007.05501.mark.williamson@xxxxxxxxxxxx> <5fa100fd0706281832x1bb0c898jb5a1651901587ed0@xxxxxxxxxxxxxx> <200706290244.26894.mark.williamson@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
> But I guess my question was not clear enough, because I was actually
> asking about Xen and how it enforces hypercalls to be made only from
> ring 1. I just assumed that Xen checks if int 0x82 is executed with
> the right privilege. But when I tried to find where Xen actually does
> it, I couldn't find it. I hope my question is more clear this time :)

Ah, I see what you mean.

I think the hardware actually enforces this...  lemme see...

Yes, here we are: in xen/arch/x86/x86_32/traps.c::244 we have a:

    /* The hypercall entry vector is only accessible from ring 1. */
    _set_gate(idt_table+HYPERCALL_VECTOR, 14, 1, &hypercall);

So int 0x82 is only permitted to be executed from ring 1.  And the x86
interrupt gate things enforce it in hardware, I assume.  x86 scares me, and
so I'm being a bit vague here!

Great! Exactly what I was looking for. Thanks.

I imagine you'd get a GPF if you tried to hypercall from userspace, but I'm
not so familiar with lowlevel x86 goop (at least, not when my manual's in
another building!) so I can't be certain.

Trivia: As a result of hypercalls being only allowed from ring 1, the Minix
port (for Xen 2.0, I think) which uses ring 1, 2 and 3 has portions of the
kernel in ring 2 calling portions in ring 1 to actually perform hypercalls.

This is interesting. I think I should look at Minix port. Thanks a lot.

- Steve


Cheers,
Mark

> - Steve
>
> On 6/28/07, Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote:
> > > I'm wondering where Xen actually checks whether a hypercall is made
> > > from ring 1 or ring 3. Could anyone point me out to the code? Any
> > > pointer would be much appreciated. Thanks!
> >
> > Hypercalls are made from ring 1.  The userspace tools do make hypercalls
> > sometimes, but they do it by calling a special kernel driver, which then
> > does the actual hypercall.  *actually* what that does is to jump into the
> > hypercall transfer page at the right location.  This page contains the
> > actual implementation of the hypercall (using this indirection allows
> > future versions of Xen to supply different implementations of the calls,
> > if appropriate).
> >
> > Take a look at:
> > drivers/xen/privcmd/privcmd.c  in the XenLinux tree.  This is used by the
> > dom0 tools to do control plane operations.
> >
> > Also, take a look at: include/asm-i386/mach-xen/asm/hypercall.h which
> > contains implementations of some other hypercalls.
> >
> > HTH,
> > Cheers,
> > mark
> >
> > --
> > Dave: Just a question. What use is a unicyle with no seat?  And no
> > pedals! Mark: To answer a question with a question: What use is a
> > skateboard? Dave: Skateboards have wheels.
> > Mark: My wheel has a wheel!
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



--
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel