WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Hypercall by DomU Application

To: Srujan Kotikela <ksrujandas@xxxxxxxxx>
Subject: Re: [Xen-devel] Hypercall by DomU Application
From: Tim Deegan <tim@xxxxxxx>
Date: Thu, 27 Oct 2011 11:43:23 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 27 Oct 2011 03:44:01 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAKLFbfyTc-Q4ao44suwBC_XQi7KLaGpfS0=kH=iL2CoQzjQXbQ@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <CAKLFbfyTc-Q4ao44suwBC_XQi7KLaGpfS0=kH=iL2CoQzjQXbQ@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i
At 20:16 -0500 on 25 Oct (1319573807), Srujan Kotikela wrote:
> Hi,
> 
> I am working on a security architecture. In this architecture, the
> application in DomU has to communicate directly with the hypervisor. But as
> I can see, the xen architecture allows only DomU kernel to raise a
> hypercall. I am planning to enable application to communicate with xen
> directly. I am assuming, setting up a trap gate with Ring-3 access should do
> the trick. I have few questions regarding this.
> 
> Is my idea feasible? ==> (  _set_gate(idt_table+HYPERCALL_VECTOR, 15, 3,
> &hypercall); )

Seems like it would be easy to find out. :)

> Are there any security/performance/functional implications with this
> approach?

Well, it totally undermines the security of the kernel if the
application can get the hypervisor to alter memory (since the
hypervisor doesn't know about the kernel's datastructures or policies)
but if you're very restrictive about what hypercalls can be called frum
user-mode, it should be OK. 

One thing to look out for is making sure that the hypercall arguments
are actually mapped properly when the call happens (since the kernel
controls paging).

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>