[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: Hypercall by DomU Application




On Tue, Oct 25, 2011 at 8:16 PM, Srujan Kotikela <ksrujandas@xxxxxxxxx> wrote:
Hi,

I am working on a security architecture. In this architecture, the application in DomU has to communicate directly with the hypervisor. But as I can see, the xen architecture allows only DomU kernel to raise a hypercall. I am planning to enable application to communicate with xen directly. I am assuming, setting up a trap gate with Ring-3 access should do the trick. I have few questions regarding this.

Is my idea feasible? ==> (  _set_gate(idt_table+HYPERCALL_VECTOR, 15, 3, &hypercall); )

Are there any security/performance/functional implications with this approach?

Thanks and regards,
SDK.



In the proposed security architecture, please note that, it is essential to NOT involve DomU kernel in the process of invoking the hypercall.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.