[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] dom0 vs non-dom0 differentiation inside Xen hypervisor

  • To: xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: Peter Teoh <htmldeveloper@xxxxxxxxx>
  • Date: Sun, 02 Sep 2007 15:12:08 +0800
  • Delivery-date: Thu, 13 Sep 2007 05:27:12 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:user-agent:mime-version:to:subject:content-type:content-transfer-encoding:from; b=PnNtZREsXz4nCheOOT0OVFixNan9JiXkrb2lQNBtkUz3bH5CTeKKf3U06I/g0Ukoj0hlqEoojl44PrQfPXGGq8Hh2QAS7joZpY3dmjsEZsfxZYXKgK+9qfiptgvhruEirlyz+mDqMUVVcm7Df8GPKVZKBY+iQPkQtEWv5eX+2R4=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
In some parts of IA64 I can see that domain==dom0 checking is done, but in all x86 - I have yet to find a proper checking that the hypercalls comes from a dom0 domain instead of any other domain.
Theoretically, this means that any domain (PV or HVM) can always modify its own kernel binary and then make a direct hypercall (via int 0x82 or SYSENTER) into the hypervisor, executing domain controller commands like create domain etc.
Is this possible? Access control should be done from the hypervisor side, so any existing dom0 checking (CONFIG_XEN_PRIVILEGED_GUEST compilation option - done from the dom0 side) seems like useless, because another domU can always modify its own kernel binaries to achieve all the features what CONF_XEN_PRIVILEGED_GUEST restrict. 

Am I right?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.