Ian Pratt
2004-Feb-12 08:23 UTC
[Xen-devel] Re: [Xen-announce] Questions about the control tools in Xen
> Recently, I have traced part of the Xen VMM code. > > but I have some troubles... > > I could not find out the function ioctl() which is called by the function do_privcmd() (xeno-1.2.bk/tools/xc/lib/xc_private.h)"man ioctl" -- its a system call> Is the interface between guest OS and VMM just like the interface between OS and Hardware ?Similar, but different. The best overview description is in the SOSP paper available off the project web page.> Is there any protection in Xen VMM to protect that only Domain 0 could use the control tools?Yes. There''s a concept of a ''privileged domain'' that all dom0_ops and other hypervisor interfaces check. In future, we may allow delegations to enable, for example, domain 3 to be able to control and manipulate domain 7 but no others. Best, Ian ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
Inaba
2004-Feb-18 08:02 UTC
[Xen-devel] Re: [Xen-announce] Questions about the control tools in Xen
----- Original Message ----- From: "Ian Pratt" <Ian.Pratt@cl.cam.ac.uk> To: "Inaba" <B8844014@stmail.cgu.edu.tw> Cc: "Xen VMM Maillist" <xen-devel@lists.sourceforge.net>; <Ian.Pratt@cl.cam.ac.uk> Sent: Thursday, February 12, 2004 4:23 PM Subject: Re: [Xen-announce] Questions about the control tools in Xen> > > Recently, I have traced part of the Xen VMM code. > > > > but I have some troubles... > > > > I could not find out the function ioctl() which is called by thefunction do_privcmd() (xeno-1.2.bk/tools/xc/lib/xc_private.h)> > "man ioctl" -- its a system callI got it , thanks a lot !!!> > > Is the interface between guest OS and VMM just like the interfacebetween OS and Hardware ?> > Similar, but different. The best overview description is in the > SOSP paper available off the project web page.I''m reading this paper now, but I could not understand how guest OS set into kernel mode from ring 3 into ring 1 insteed of ring 3 into ring 0. which functions or codes need to be modified in Xenolinux source code?> > > Is there any protection in Xen VMM to protect that only Domain 0 coulduse the control tools?> > Yes. There''s a concept of a ''privileged domain'' that all dom0_ops > and other hypervisor interfaces check. In future, we may allow > delegations to enable, for example, domain 3 to be able to > control and manipulate domain 7 but no others.I''m not really understand the concept ''privileged domain'' means. but I have traced some of codes in xen. I found that pyxc_domain_create() would call the function xc_domain_create() -> do_dom0_op() -> do_xen_hypercall() -> do_privcmd() -> ioctl() In xc_domain_create() would fill in some parameters into dom0_op_t data structure. But if another domain such as domain 1 calls the function pyxc_domain_create(), then it would create another domain ?? I guess that in Xen VMM it would check the the request of operations comes from which domain. (domain number or address space ???) If I want to know the protection mechanism which function I need to trace ? Cheers, Inaba> > Best, > Ian >------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel