[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Hypercall_page and hypercall interception

Hi Ian,

Thanks for your reply.

I would like to monitor hypercalls within the guest OS and intercept them to examine the hypercall parameters, before forwarding them to the hypervisor for execution.  

Therefore I would really appreciate it if you can provide me with information on how to go about finding the points which call into the hypercall page in the guest OS.

Thank you very much for your assistance and I look forward to hearing from you.

Sincerely Yours,


On 11 March 2014 09:54, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
On Thu, 2014-02-27 at 07:36 -0800, VirSecExplorer wrote:
> Hi everyone,
> My name is Thu, and I am currently working on virtualization security using
> Xen.
> I am interested in intercepting hypercalls from DomU, and would like to know
> if I can do that using the hypercall_page kernel symbol. In other words, I
> would like to know if I can use it in the same way system call interception
> is done using the system_call_table.
> I'd be happy if you guys can provide me with some tips on how I can
> intercept hypercalls in Xen.
> Thanks a lot for your help and I look forward to hearing from you.

Are you trying to intercept hypercalls in the guest or hypervisor

The hypercall page is in guest context *but* its content is provided by
the hypervisor, transparently to the guest, if you want to intercept on
the guest end I would recommend you do so at the points which call into
the hypercall page, rather than in the hypercall page itself.

The Xen equivalent to the system_call_table is in the hypervisor itself,
called, unsurprisingly, hypercall_table.

Note that such interception may not be the best way to achieve your
goal. If you tell us what you are actually trying to do perhaps someone
can advise on a better way to achieve your end without intercepting.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.