|
|
|
|
|
|
|
|
|
|
xen-devel
[Xen-devel] Re: Questions about the control tools in Xen
In the Xenolinux source code, I found that in function of
HYPERVISOR_dom0_op, it would set the interface version to
DOM0_INTERFACE_VERSION!!
Does Xen VMM check the commands come from domain0 or not just acording with
the interface version?
If another domain boot by the xenolinux kernel as same as domain 0 and use
the privileged tools, can this domain create or delete another domains?
Another question:
How guest OS set into kernel mode from ring 3 into ring 1 insteed of ring 3
into ring 0
Thanks a lot !!
Cheers,
Inaba
> > > Recently, I have traced part of the Xen VMM code.
> > >
> > > but I have some troubles...
> > >
> > > I could not find out the function ioctl() which is called by the
> function do_privcmd() (xeno-1.2.bk/tools/xc/lib/xc_private.h)
> >
> > "man ioctl" -- its a system call
>
> I got it , thanks a lot !!!
>
> >
> > > Is the interface between guest OS and VMM just like the interface
> between OS and Hardware ?
> >
> > Similar, but different. The best overview description is in the
> > SOSP paper available off the project web page.
>
> I'm reading this paper now, but I could not understand how guest OS set
into
> kernel mode from ring 3 into ring 1 insteed of ring 3 into ring 0.
>
> which functions or codes need to be modified in Xenolinux source code?
>
> >
> > > Is there any protection in Xen VMM to protect that only Domain 0 could
> use the control tools?
> >
> > Yes. There's a concept of a 'privileged domain' that all dom0_ops
> > and other hypervisor interfaces check. In future, we may allow
> > delegations to enable, for example, domain 3 to be able to
> > control and manipulate domain 7 but no others.
>
> I'm not really understand the concept 'privileged domain' means.
>
> but I have traced some of codes in xen.
>
> I found that pyxc_domain_create() would call the function
> xc_domain_create() -> do_dom0_op() -> do_xen_hypercall() ->
do_privcmd() ->
> ioctl()
>
> In xc_domain_create() would fill in some parameters into dom0_op_t data
> structure.
>
> But if another domain such as domain 1 calls the function
> pyxc_domain_create(), then it would create another domain ??
>
> I guess that in Xen VMM it would check the the request of operations comes
> from which domain. (domain number or address space ???)
>
> If I want to know the protection mechanism which function I need to trace
?
>
> Cheers,
>
> Inaba
>
> >
> > Best,
> > Ian
> >
>
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-devel] Re: Questions about the control tools in Xen,
Inaba <=
|
|
|
|
|