[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Hypercall_page and hypercall interception

On Thu, 2014-02-27 at 07:36 -0800, VirSecExplorer wrote:
> Hi everyone,
> My name is Thu, and I am currently working on virtualization security using
> Xen.
> I am interested in intercepting hypercalls from DomU, and would like to know
> if I can do that using the hypercall_page kernel symbol. In other words, I
> would like to know if I can use it in the same way system call interception
> is done using the system_call_table.
> I'd be happy if you guys can provide me with some tips on how I can
> intercept hypercalls in Xen.
> Thanks a lot for your help and I look forward to hearing from you.

Are you trying to intercept hypercalls in the guest or hypervisor

The hypercall page is in guest context *but* its content is provided by
the hypervisor, transparently to the guest, if you want to intercept on
the guest end I would recommend you do so at the points which call into
the hypercall page, rather than in the hypercall page itself.

The Xen equivalent to the system_call_table is in the hypervisor itself,
called, unsurprisingly, hypercall_table.

Note that such interception may not be the best way to achieve your
goal. If you tell us what you are actually trying to do perhaps someone
can advise on a better way to achieve your end without intercepting.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.