can I boot privilleged dom like dom0 via xm create

can I boot privilleged dom like dom0 via xm create

[ruby young]

[-- Attachment #1.1: Type: text/plain, Size: 1071 bytes --]

 Hi all,
    I'm using vmlinuz-2.6.18-xen0 as domU kernel and I boot it via *xm
create.* But the kernel didn't panic, it's running but all of xen tools can
not work. I am surprised at this.
    Now My question whether I can boot privilleged dom like dom0 via xm
create ? and how can I do it?
    I am looking forwards to your suggestions.

Best wishes

                                      Ruby Young


---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
杨漾
北京航空航天大学计算机学院体系结构研究所
电话:010-82338059-132
邮件:9907yruby@gmail.com
地址：北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
--------------------------------------------------------------------------------
Yang Yang
Institute of Computer Architecture and System
BeiHang University（BUAA）
Tel: (86-10)82338059-132
Email: 9907yruby@gmail.com
Addr: Room 1026,Building G,The New Main Building,37# Xueyuan Rd.,Haidian
District, Beijing 100083, PRC

[-- Attachment #1.2: Type: text/html, Size: 1573 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: can I boot privilleged dom like dom0 via xm create

[Derek Murray]

[-- Attachment #1: Type: text/plain, Size: 1855 bytes --]

Hi Ruby,

At present, there is no way to do this with xm. In the hypervisor,
each struct domain has an is_privileged attribute (which is at present
only set when dom0 is created at boot). You could add a domctl to
control the setting of this bit, and then write a small C program that
uses do_domctl from libxc to set the privilege on a domain.

However, simply running two privileged domains with parallel sets of
Xen tools is unlikely to work, for example because you will end up
with two instances of XenStore.

Regards,

Derek Murray.

2008/6/13 ruby young <yangyang@les.buaa.edu.cn>:
> Hi all,
>     I'm using vmlinuz-2.6.18-xen0 as domU kernel and I boot it via xm
> create. But the kernel didn't panic, it's running but all of xen tools can
> not work. I am surprised at this.
>     Now My question whether I can boot privilleged dom like dom0 via xm
> create ? and how can I do it?
>     I am looking forwards to your suggestions.
>
> Best wishes
>
>                                       Ruby Young
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 杨漾
> 北京航空航天大学计算机学院体系结构研究所
> 电话:010-82338059-132
> 邮件:9907yruby@gmail.com
> 地址：北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
> --------------------------------------------------------------------------------
> Yang Yang
> Institute of Computer Architecture and System
> BeiHang University（BUAA）
> Tel: (86-10)82338059-132
> Email: 9907yruby@gmail.com
> Addr: Room 1026,Building G,The New Main Building,37# Xueyuan Rd.,Haidian
> District, Beijing 100083, PRC
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>
>

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: can I boot privilleged dom like dom0 via xm create

[Mark Williamson]

Ruby,

Further to what Derek has said, I'd like to point out that what kernel you use 
never affects the privilege of the guest.

All the -xen0 kernel name means is that the kernel /can/ do dom0 stuff.  This 
is as opposed to a -xenU kernel, which has had the dom0 support removed from 
it.  Removing the dom0 support in a xenU kernel is done /only to make the 
kernel smaller/.  It doesn't have any effect on security or privilege.

Actually, most distributions seem to now supply one -xen kernel that is used 
both in dom0 and domU.

This is because, as Derek mentioned, Xen enforces the privileges of guests 
itself and doesn't have to trust their kernels.  This is different to how 
User Mode Linux works, since in that system the kernel itself enforces the 
virtual machine boundaries.  You can securely run any kernel you want in a 
domU - even one supplied by the user - because Xen will contain it.

Cheers,
Mark

> At present, there is no way to do this with xm. In the hypervisor,
> each struct domain has an is_privileged attribute (which is at present
> only set when dom0 is created at boot). You could add a domctl to
> control the setting of this bit, and then write a small C program that
> uses do_domctl from libxc to set the privilege on a domain.
>
> However, simply running two privileged domains with parallel sets of
> Xen tools is unlikely to work, for example because you will end up
> with two instances of XenStore.
>
> Regards,
>
> Derek Murray.
>
> 2008/6/13 ruby young <yangyang@les.buaa.edu.cn>:
> > Hi all,
> >     I'm using vmlinuz-2.6.18-xen0 as domU kernel and I boot it via xm
> > create. But the kernel didn't panic, it's running but all of xen tools
> > can not work. I am surprised at this.
> >     Now My question whether I can boot privilleged dom like dom0 via xm
> > create ? and how can I do it?
> >     I am looking forwards to your suggestions.
> >
> > Best wishes
> >
> >                                       Ruby Young
> >
> > -------------------------------------------------------------------------
> >--------------------------------------------------------------------------
> >------------------------------------------------ 杨漾
> > 北京航空航天大学计算机学院体系结构研究所
> > 电话:010-82338059-132
> > 邮件:9907yruby@gmail.com
> > 地址：北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
> > -------------------------------------------------------------------------
> >------- Yang Yang
> > Institute of Computer Architecture and System
> > BeiHang University（BUAA）
> > Tel: (86-10)82338059-132
> > Email: 9907yruby@gmail.com
> > Addr: Room 1026,Building G,The New Main Building,37# Xueyuan Rd.,Haidian
> > District, Beijing 100083, PRC
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel



-- 
Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/)

Re: can I boot privilleged dom like dom0 via xm create

[ruby young]

[-- Attachment #1.1: Type: text/plain, Size: 4284 bytes --]

Thanks, Mark
What you said helps me a lot!

But I have an another quesiton:
I compared the configuration of xen, xen0 and xenU(the config file are in
the directory named build-linux-2.6.18-xen/xen0/xenU_x86_32). As my
expected, xen0 and xenU config the necessary devices they want and xen
config more things such as more network options and others. But the size of
the kernels is  below:
*vmlinux-syms-2.6.18-xen    4080677*
*vmlinux-syms-2.6.18-xen0  51225377*
*vmlinux-syms-2.6.18-xenU 28080922*
why the kernel, vmlinux-syms-2.6.18-xen, is the smallest? I think it may be
largest.

Eager for your answering~
Best wishes !

Ruby Young


On 6/19/08, Mark Williamson <mark.williamson@cl.cam.ac.uk> wrote:
>
> Ruby,
>
> Further to what Derek has said, I'd like to point out that what kernel you
> use
> never affects the privilege of the guest.
>
> All the -xen0 kernel name means is that the kernel /can/ do dom0
> stuff.  This
> is as opposed to a -xenU kernel, which has had the dom0 support removed
> from
> it.  Removing the dom0 support in a xenU kernel is done /only to make the
> kernel smaller/.  It doesn't have any effect on security or privilege.
>
> Actually, most distributions seem to now supply one -xen kernel that is
> used
> both in dom0 and domU.
>
> This is because, as Derek mentioned, Xen enforces the privileges of guests
> itself and doesn't have to trust their kernels.  This is different to how
> User Mode Linux works, since in that system the kernel itself enforces the
> virtual machine boundaries.  You can securely run any kernel you want in a
> domU - even one supplied by the user - because Xen will contain it.
>
> Cheers,
> Mark
>
> > At present, there is no way to do this with xm. In the hypervisor,
> > each struct domain has an is_privileged attribute (which is at present
> > only set when dom0 is created at boot). You could add a domctl to
> > control the setting of this bit, and then write a small C program that
> > uses do_domctl from libxc to set the privilege on a domain.
> >
> > However, simply running two privileged domains with parallel sets of
> > Xen tools is unlikely to work, for example because you will end up
> > with two instances of XenStore.
> >
> > Regards,
> >
> > Derek Murray.
> >
> > 2008/6/13 ruby young <yangyang@les.buaa.edu.cn>:
> > > Hi all,
> > >     I'm using vmlinuz-2.6.18-xen0 as domU kernel and I boot it via xm
> > > create. But the kernel didn't panic, it's running but all of xen tools
> > > can not work. I am surprised at this.
> > >     Now My question whether I can boot privilleged dom like dom0 via xm
> > > create ? and how can I do it?
> > >     I am looking forwards to your suggestions.
> > >
> > > Best wishes
> > >
> > >                                       Ruby Young
> > >
> > >
> -------------------------------------------------------------------------
> >
> >--------------------------------------------------------------------------
> > >------------------------------------------------ 杨漾
> > > 北京航空航天大学计算机学院体系结构研究所
> > > 电话:010-82338059-132
> > > 邮件:9907yruby@gmail.com
> > > 地址：北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
> > >
> -------------------------------------------------------------------------
> > >------- Yang Yang
> > > Institute of Computer Architecture and System
> > > BeiHang University（BUAA）
> > > Tel: (86-10)82338059-132
> > > Email: 9907yruby@gmail.com
> > > Addr: Room 1026,Building G,The New Main Building,37# Xueyuan
> Rd.,Haidian
> > > District, Beijing 100083, PRC
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@lists.xensource.com
> > > http://lists.xensource.com/xen-devel
>
>
>
> --
> Push Me Pull You - Distributed SCM tool (
> http://www.cl.cam.ac.uk/~maw48/pmpu/)
>



-- 
Best wishes

杨漾
北京航空航天大学计算机学院体系结构研究所
电话:010-82338059-132
邮件:9907yruby@gmail.com
地址：北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
--------------------------------------------------------------------------------
Yang Yang
Institute of Computer Architecture and System
BeiHang University（BUAA）
Tel: (86-10)82338059-132
Email: 9907yruby@gmail.com
Addr: Room 1026,Building G,The New Main Building,37# Xueyuan Rd.,Haidian
District, Beijing 100083, PRC

[-- Attachment #1.2: Type: text/html, Size: 5849 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: can I boot privilleged dom like dom0 via xm create

[Mark Williamson]

> But I have an another quesiton:
> I compared the configuration of xen, xen0 and xenU(the config file are in
> the directory named build-linux-2.6.18-xen/xen0/xenU_x86_32). As my
> expected, xen0 and xenU config the necessary devices they want and xen
> config more things such as more network options and others. But the size of
> the kernels is  below:
> *vmlinux-syms-2.6.18-xen    4080677*
> *vmlinux-syms-2.6.18-xen0  51225377*
> *vmlinux-syms-2.6.18-xenU 28080922*
> why the kernel, vmlinux-syms-2.6.18-xen, is the smallest? I think it may be
> largest.

The -xen0 kernel builds a load of drivers statically into the kernel, which is 
useful mainly for developers.  The -xen kernel builds those drivers as 
modules, which will be loaded later.  This makes the basic size of the kernel 
image smaller, although the modules that are loaded will take up some further 
space.  This approach avoids you wasting memory space on drivers you don't 
need.  The on disk space is probably bigger because the -xen config builds 
lots of drivers.

Cheers,
Mark

>
> Eager for your answering~
> Best wishes !
>
> Ruby Young
>
> On 6/19/08, Mark Williamson <mark.williamson@cl.cam.ac.uk> wrote:
> > Ruby,
> >
> > Further to what Derek has said, I'd like to point out that what kernel
> > you use
> > never affects the privilege of the guest.
> >
> > All the -xen0 kernel name means is that the kernel /can/ do dom0
> > stuff.  This
> > is as opposed to a -xenU kernel, which has had the dom0 support removed
> > from
> > it.  Removing the dom0 support in a xenU kernel is done /only to make the
> > kernel smaller/.  It doesn't have any effect on security or privilege.
> >
> > Actually, most distributions seem to now supply one -xen kernel that is
> > used
> > both in dom0 and domU.
> >
> > This is because, as Derek mentioned, Xen enforces the privileges of
> > guests itself and doesn't have to trust their kernels.  This is different
> > to how User Mode Linux works, since in that system the kernel itself
> > enforces the virtual machine boundaries.  You can securely run any kernel
> > you want in a domU - even one supplied by the user - because Xen will
> > contain it.
> >
> > Cheers,
> > Mark
> >
> > > At present, there is no way to do this with xm. In the hypervisor,
> > > each struct domain has an is_privileged attribute (which is at present
> > > only set when dom0 is created at boot). You could add a domctl to
> > > control the setting of this bit, and then write a small C program that
> > > uses do_domctl from libxc to set the privilege on a domain.
> > >
> > > However, simply running two privileged domains with parallel sets of
> > > Xen tools is unlikely to work, for example because you will end up
> > > with two instances of XenStore.
> > >
> > > Regards,
> > >
> > > Derek Murray.
> > >
> > > 2008/6/13 ruby young <yangyang@les.buaa.edu.cn>:
> > > > Hi all,
> > > >     I'm using vmlinuz-2.6.18-xen0 as domU kernel and I boot it via xm
> > > > create. But the kernel didn't panic, it's running but all of xen
> > > > tools can not work. I am surprised at this.
> > > >     Now My question whether I can boot privilleged dom like dom0 via
> > > > xm create ? and how can I do it?
> > > >     I am looking forwards to your suggestions.
> > > >
> > > > Best wishes
> > > >
> > > >                                       Ruby Young
> >
> > -------------------------------------------------------------------------
> >
> > >------------------------------------------------------------------------
> > >--
> > >
> > > >------------------------------------------------ 杨漾
> > > > 北京航空航天大学计算机学院体系结构研究所
> > > > 电话:010-82338059-132
> > > > 邮件:9907yruby@gmail.com
> > > > 地址：北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
> >
> > -------------------------------------------------------------------------
> >
> > > >------- Yang Yang
> > > > Institute of Computer Architecture and System
> > > > BeiHang University（BUAA）
> > > > Tel: (86-10)82338059-132
> > > > Email: 9907yruby@gmail.com
> > > > Addr: Room 1026,Building G,The New Main Building,37# Xueyuan
> >
> > Rd.,Haidian
> >
> > > > District, Beijing 100083, PRC
> > > > _______________________________________________
> > > > Xen-devel mailing list
> > > > Xen-devel@lists.xensource.com
> > > > http://lists.xensource.com/xen-devel
> >
> > --
> > Push Me Pull You - Distributed SCM tool (
> > http://www.cl.cam.ac.uk/~maw48/pmpu/)



-- 
Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/)

Re: can I boot privilleged dom like dom0 via xm create

[tgh]

hi
  I am interested in this issue, and I wonder wether we could manage 
dom0 in xen architecture, that is ,to boot dom0, to reboot it ,to store 
it ,or restore it ,while suspending domU in memory ,through some domctl 
whenever necessary, or could we develop some new hypercall to make it 
work ,or does xen architecture have some inherent limit in itself and 
have no compatibility  with  this  potential augment? and why not  or 
how to achieve it , could some one give some advise on it

Thanks in advance

 
 




Mark Williamson 写道:
> Ruby,
>
> Further to what Derek has said, I'd like to point out that what kernel you use 
> never affects the privilege of the guest.
>
> All the -xen0 kernel name means is that the kernel /can/ do dom0 stuff.  This 
> is as opposed to a -xenU kernel, which has had the dom0 support removed from 
> it.  Removing the dom0 support in a xenU kernel is done /only to make the 
> kernel smaller/.  It doesn't have any effect on security or privilege.
>
> Actually, most distributions seem to now supply one -xen kernel that is used 
> both in dom0 and domU.
>
> This is because, as Derek mentioned, Xen enforces the privileges of guests 
> itself and doesn't have to trust their kernels.  This is different to how 
> User Mode Linux works, since in that system the kernel itself enforces the 
> virtual machine boundaries.  You can securely run any kernel you want in a 
> domU - even one supplied by the user - because Xen will contain it.
>
> Cheers,
> Mark
>
>   
>> At present, there is no way to do this with xm. In the hypervisor,
>> each struct domain has an is_privileged attribute (which is at present
>> only set when dom0 is created at boot). You could add a domctl to
>> control the setting of this bit, and then write a small C program that
>> uses do_domctl from libxc to set the privilege on a domain.
>>
>> However, simply running two privileged domains with parallel sets of
>> Xen tools is unlikely to work, for example because you will end up
>> with two instances of XenStore.
>>
>> Regards,
>>
>> Derek Murray.
>>
>> 2008/6/13 ruby young <yangyang@les.buaa.edu.cn>:
>>     
>>> Hi all,
>>>     I'm using vmlinuz-2.6.18-xen0 as domU kernel and I boot it via xm
>>> create. But the kernel didn't panic, it's running but all of xen tools
>>> can not work. I am surprised at this.
>>>     Now My question whether I can boot privilleged dom like dom0 via xm
>>> create ? and how can I do it?
>>>     I am looking forwards to your suggestions.
>>>
>>> Best wishes
>>>
>>>                                       Ruby Young
>>>
>>> -------------------------------------------------------------------------
>>> --------------------------------------------------------------------------
>>> ------------------------------------------------ 杨漾
>>> 北京航空航天大学计算机学院体系结构研究所
>>> 电话:010-82338059-132
>>> 邮件:9907yruby@gmail.com
>>> 地址：北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
>>> -------------------------------------------------------------------------
>>> ------- Yang Yang
>>> Institute of Computer Architecture and System
>>> BeiHang University（BUAA）
>>> Tel: (86-10)82338059-132
>>> Email: 9907yruby@gmail.com
>>> Addr: Room 1026,Building G,The New Main Building,37# Xueyuan Rd.,Haidian
>>> District, Beijing 100083, PRC
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@lists.xensource.com
>>> http://lists.xensource.com/xen-devel
>>>       
>
>
>
>   

Re: can I boot privilleged dom like dom0 via xm create

[Daniel Stodden]

On Sun, 2008-06-29 at 12:20 +0800, tgh wrote:
> hi
>   I am interested in this issue, and I wonder wether we could manage 
> dom0 in xen architecture, that is ,to boot dom0, to reboot it ,to store 
> it ,or restore it ,while suspending domU in memory ,through some domctl 
> whenever necessary, or could we develop some new hypercall to make it 
> work ,or does xen architecture have some inherent limit in itself and 
> have no compatibility  with  this  potential augment? and why not  or 
> how to achieve it , could some one give some advise on it

Dom0 maintains a lot of information reflecting overall system state,
including that of other guest systems. There's e.g. xenstore, typically
most, if not all of the backend machinery used to serve guests. There's
the qemu device emulation. All of these are stateful interfaces exposed
to guests.

So you'd have to save/restore all that (volatile) information to rehost
other guests seamlessly after a reset. Not like it's absolutely
undoable, but it'd be tricky and still easy to break during upgrades.
Then there's dom0 as the maintenance interface at the foreground of your
console machine interface. If that reboot fails, you're left with a
completely nonoperational system, since the VMM provides no (or only
minimal) interaction itself.

It's a neat idea, but unlikely to be practical unless you move critical
parts of its duties into different VMs, and at that point maybe even not
so interesting anymore.

Best,
Daniel

-- 
Daniel Stodden
LRR     -      Lehrstuhl für Rechnertechnik und Rechnerorganisation
Institut für Informatik der TU München             D-85748 Garching
http://www.lrr.in.tum.de/~stodden         mailto:stodden@cs.tum.edu
PGP Fingerprint: F5A4 1575 4C56 E26A 0B33  3D80 457E 82AE B0D8 735B