Xen devel - Sep 2010 - [PATCH, RFC] Add sysctl to HVM hypercall table

The sysctl hypercall should be callable from HVM guests.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

---

It may be useful to add all (or almost all) hypercalls to the HVM
hypercall table, rather than adding them one at a time when it is found
that a useful one is missing. While a few hypercalls don''t make sense
when calling from HVM, any call that can interact with global xen state
or another domain could be useful to an HVM driver domain. Thoughts?


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 08/09/2010 08:20, "Daniel De Graaf" <dgdegra@tycho.nsa.gov>
wrote:
> The sysctl hypercall should be callable from HVM guests.
Why?

 K.
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> 
> ---
> 
> It may be useful to add all (or almost all) hypercalls to the HVM
> hypercall table, rather than adding them one at a time when it is found
> that a useful one is missing. While a few hypercalls don''t make
sense
> when calling from HVM, any call that can interact with global xen state
> or another domain could be useful to an HVM driver domain. Thoughts?


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 09/08/2010 11:38 AM, Keir Fraser wrote:
> On 08/09/2010 08:20, "Daniel De Graaf"
<dgdegra@tycho.nsa.gov> wrote:
> 
>> The sysctl hypercall should be callable from HVM guests.
> 
> Why?
> 
>  K.
I would like to be able to call xc_domain_getinfolist from an HVM driver
domain. This uses the XEN_SYSCTL_getdomaininfolist sysctl.
>>
>> It may be useful to add all (or almost all) hypercalls to the HVM
>> hypercall table, rather than adding them one at a time when it is found
>> that a useful one is missing. While a few hypercalls don''t
make sense
>> when calling from HVM, any call that can interact with global xen state
>> or another domain could be useful to an HVM driver domain. Thoughts?
> 
> 

-- 

Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 08/09/2010 09:00, "Daniel De Graaf" <dgdegra@tycho.nsa.gov>
wrote:
>>> The sysctl hypercall should be callable from HVM guests.
>> 
>> Why?
>> 
>>  K.
> 
> I would like to be able to call xc_domain_getinfolist from an HVM driver
> domain. This uses the XEN_SYSCTL_getdomaininfolist sysctl.
You realise that as it stands the domain needs to be as privileged as dom0
to successfully execute the sysctl hypercall?

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 09/08/2010 05:02 PM, Keir Fraser wrote:
> On 08/09/2010 09:00, "Daniel De Graaf"
<dgdegra@tycho.nsa.gov> wrote:
> 
>>>> The sysctl hypercall should be callable from HVM guests.
>>>
>>> Why?
>>>
>>>  K.
>>
>> I would like to be able to call xc_domain_getinfolist from an HVM
driver
>> domain. This uses the XEN_SYSCTL_getdomaininfolist sysctl.
> 
> You realise that as it stands the domain needs to be as privileged as dom0
> to successfully execute the sysctl hypercall?
> 
>  -- Keir
> 
Yes, the domain will need to be privileged. XSM hooks exist to reduce 
the privileges granted to the guest, so it does not need to be equal to
dom0. Since PV domains can already make this hypercall, there''s no
reason not to allow HVM domains to do the same.

-- 

Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel