WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Re: Questions about the control tools in Xen

To: "Inaba" <B8844014@xxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Re: Questions about the control tools in Xen
From: Mark Williamson <Mark.Williamson@xxxxxxxxxxxx>
Date: Thu, 19 Feb 2004 15:36:18 +0000
Cc: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 19 Feb 2004 15:44:48 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Message from "Inaba" <B8844014@xxxxxxxxxxxxxxxxx> of "Thu, 19 Feb 2004 21:35:22 +0800." <001001c3f6ed$43b31e00$f57519a3@linuxlz9uvn4k3>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> In the Xenolinux source code, I found that in function of
> HYPERVISOR_dom0_op, it would set the interface version to
> DOM0_INTERFACE_VERSION!!
> Does Xen VMM check the commands come from domain0 or not just acording with
> the interface version?

DOM0_INTERFACE_VERSION is #defined in xen/include/hypervisor-ifs/dom0_ops.h 
(which holds various details about the valid dom0 ops and their data 
structures).  The idea is that whenever there is a change to the interface, 
the interface version number will be changed.  This way, if you're using a set 
of control tools that were built for an older version of the interface, Xen 
will see that the version is different (the check for this is in 
xen/common/dom0_ops.c::do_dom0_op() ).  This is to prevent people using 
control tools that are built with the wrong interface.

> If another domain boot by the xenolinux kernel as same as domain 0 and use
> the privileged tools, can this domain create or delete another domains?

The xenolinux kernel normally used by dom0 includes a control interface for 
sending commands to Xen from the control tools.  The interface consists of 
some files under /proc/xeno/ - you've probably already seen some of the code 
related to this.

If you boot other domains using this kernel then they will also have those 
special files BUT they *won't* be able to use them to do privileged control 
ops *unless* they are made privileged.  By default, other domains are not made 
privileged, so usually the control interface in /proc/xeno won't do anything 
in non-0 domains.  If you want you can build a different kernel for your 
non-privileged domains, removing the control interface in the kernel config.

When domains attempt to perform privileged operations, Xen checks that they 
are really allowed to do them (i.e. that they are privileged).  You can see 
one such check at the start of xen/commond/dom0_ops.c::do_dom0_op() - Xen 
returns an EPERM error if the domain is not privileged.

Well, that's the detail.  But in summary: only privileged domains can access 
the Xen control interface.  Domains (other than 0) are unprivileged by 
default.  The /proc/xeno interface only works on privileged domains, on others 
it won't do anything.

HTH.

Mark



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

<Prev in Thread] Current Thread [Next in Thread>