[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XenStore permissions from kernel space

To: NAHieu <nahieu@xxxxxxxxx>
From: James Pendergrass <james.pendergrass@xxxxxxxxxx>
Date: Thu, 15 Jun 2006 11:55:29 -0400
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 15 Jun 2006 08:56:21 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On Jun 15, 2006, at 11:27 AM, NAHieu wrote:

Hi James,

On 6/15/06, James Pendergrass <james.pendergrass@xxxxxxxxxx> wrote:

Hello,
I've been working on a kernel module that shares some pages between
to domUs.
In the course of doing this I had the need to communicate information
via XenStore (e.g., the grant references),
but for a number of reasons did not want to use the full XenBus
registration/probe/hotplug...system (it is too dynamic,
and requires a kick off event from dom0 rather than allowing self
organizing shares between domUs).

I established that the only thing preventing my setup of domA writing
to a node in XenStore and domB reading it
was the lack of the xs_get/set_permissions function in the kernel
level xenbus/xenstore interface.  So I ported those
functions down from the userland xenstore libraries.


You mean you want any domU to read any other domU's information
(stored in XenStore)? I doubt that is not a good idea because of
potential security problems.

Any ideas?

Thanks,
H

I think you have overstated my intent. I want a domU kernel to beable to allow

a specific other domU to read a specific node in XenStore.

As it stands now, the userland xenstore libs have xs_set_permissionsand xs_get_permissionsthat allow modification of the permissions of a node in XenStore.These funcs rely onxs_single/xs_talkv to send the appropriate messages to the centralxenstore daemon.The xs_single and xs_talkv symbols are (intentionally) not exportedto outside the kernel levelxenbus driver (which prevents other modules from directlycommunicating with xenstore).Instead, the xenbus provides typical printf, scanf, watch, and gathermethods. But not get/set perms.

The patch I submitted just implements these functions inside thexenbus driver and exports the symbolsso that my module (which shouldn't really be of interest to anyoneoutside of my project) can use thesecalls to set permissions on a node in xenstore. It happens that mydriver opens up one node (read only)for each domain with id 0 to N-1 (i.e. dom3 can read /<my_path>/3 toget the grant reference it needs to

communicate more fully with the domain in question).

Alternatively, the symbols for xs_talkv or xs_single could beexported, but I assume the originaldevelopers intentionally did not export these for fear of a roguedriver mucking about with things it

shouldn't.

-aaron

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] XenStore permissions from kernel space
  - From: James Pendergrass
- Re: [Xen-devel] XenStore permissions from kernel space
  - From: NAHieu

Prev by Date: Re: [Xen-devel] current hg unstable tree: arch/i386/kernel/built-in.o: In function `safe_halt': undefined reference to `rcu_needs_cpu'
Next by Date: Re: [Xen-devel] Unable to set dom0 vcpu to 1
Previous by thread: Re: [Xen-devel] XenStore permissions from kernel space
Next by thread: [Xen-devel] Does hardware VMX kill hardware passthrough to non-VMX domains?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.