RE: [Xen-ia64-devel] [Xen-devel] Call hypercall straightly from

To:	"Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>, "Tristan Gingold" <tgingold@xxxxxxx>
Subject:	RE: [Xen-ia64-devel] [Xen-devel] Call hypercall straightly from user space
From:	"Xu, Anthony" <anthony.xu@xxxxxxxxx>
Date:	Sun, 31 Dec 2006 12:20:25 +0800
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx, xen-ia64-devel <xen-ia64-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Sat, 30 Dec 2006 20:20:29 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<C1BC3D10.685C%Keir.Fraser@xxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AccsK0xhivBKQJgeEduS3AANk04WTAAZ6Kkg
Thread-topic:	[Xen-ia64-devel] [Xen-devel] Call hypercall straightly from user space

Keir Fraser write on 2006年12月30日 23:58:
> On 30/12/06 3:22 pm, "Tristan Gingold" <tgingold@xxxxxxx> wrote:
> 
>>> As you mention before, we may call hypercall straightly from user
>>> space rather than bouncing through guest kernel.
>> Hi,
>> 
>> I haven't found the reference, but how security is addressed ?  How
>> to prevent a user process from making such hypercalls ?
> 
> It would have to be enabled on a per-process basis by the guest
> kernel, presumably during context switch.

And only user process on dom0 can do this.

--Anthony

> 
>  -- Keir

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

xen-devel

RE: [Xen-ia64-devel] [Xen-devel] Call hypercall straightly from user spa