WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH, RFC] Add sysctl to HVM hypercall table

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH, RFC] Add sysctl to HVM hypercall table
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Wed, 08 Sep 2010 17:15:11 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 08 Sep 2010 14:15:53 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C8AD47EB.12673%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: National Security Agency
References: <C8AD47EB.12673%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100806 Fedora/3.1.2-1.fc13 Thunderbird/3.1.2
On 09/08/2010 05:02 PM, Keir Fraser wrote:
> On 08/09/2010 09:00, "Daniel De Graaf" <dgdegra@xxxxxxxxxxxxx> wrote:
> 
>>>> The sysctl hypercall should be callable from HVM guests.
>>>
>>> Why?
>>>
>>>  K.
>>
>> I would like to be able to call xc_domain_getinfolist from an HVM driver
>> domain. This uses the XEN_SYSCTL_getdomaininfolist sysctl.
> 
> You realise that as it stands the domain needs to be as privileged as dom0
> to successfully execute the sysctl hypercall?
> 
>  -- Keir
> 

Yes, the domain will need to be privileged. XSM hooks exist to reduce 
the privileges granted to the guest, so it does not need to be equal to
dom0. Since PV domains can already make this hypercall, there's no
reason not to allow HVM domains to do the same.

-- 

Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>