[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Could Xen hyperviosr be able to invoke Linux systemcalls?

2015-08-15 2:31 GMT+01:00 Kun Cheng <chengkunck@xxxxxxxxx>:
> Hi all,
> That might be a dumb question but I just not confident with it. I'm not
> familiar with Xen's memory management part. Currently I want to add some
> support  (it should cope more with machine memory) to the hyperviosr to
> assist the management of the above VMs. Now the situation is there're some
> codes in the kernel which are supposed to be useful. but can Xen call Linux
> system calls or other kernel functions?
> I'm not pretty sure about this as in my understanding xen hyperviosr lies
> under the kernel, so it can't invoke a systemcall from the kernel (or let's
> say dom0's kernel) . Then if I want to use those codes, I suppose I have to
> implement them in the hyperviosr by myself, right?
> And does anyone know which one of xen's wiki pages explain the management &
> APIs of xen's memory?
> Thank you all.

Good question. However I would hardly see such stuff in an hypervisor.
Usually VM management is done inserting some cd/dvd/usb and managing
the installation or injecting files into the filesystem at storage
level. Xen emulate the hardware so is not that easy to do system
calls. Just an example you are not sure which kind of OS is running
(well... unless you are using PVs but even so you are not 100% sure).
Saying that you are able to detect OS from what is doing/looking at
storage/memory/whatever. Then you have to do the syscall. You could
trap syscall/int for the OS you detected to run send to the VM an
event that trigger a syscall from an high permission executable and
detect it and then start injecting syscalls to do whatever you want.
However you have also consider the "ethics" of doing so. Basically you
are hacking the OS from the hypervisor forcing the VM to do something
unexpected. I don't know if such a patch would be considered for
inclusion upstream. Surely not if you can easily disable it or better
if by default is disabled but you can enable and detect from the VMs.

I don't know if something similar is possible from domain0 instead of
Xen. You can surely change memory of another domain from dom0 but
injecting syscall is another stuff. You can poll the VM to see if is
running in userspace (stopping the CPU), set a new context and change
code cpu is running but is even much more hacky then the Xen

Well, actually are just some ideas, you could even change the callback
code once registered and use it to inject code. Still the ethic
question remain.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.