[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date: Tue, 12 Jan 2016 10:32:22 +0000
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Tue, 12 Jan 2016 10:32:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, Jan 11, 2016 at 5:58 PM, Andrew Cooper
<andrew.cooper3@xxxxxxxxxx> wrote:
> On 11/01/16 17:11, Konrad Rzeszutek Wilk wrote:
>> On Mon, Jan 11, 2016 at 04:51:19PM +0000, Andrew Cooper wrote:
>>> Currently, hypercalls issued from HVM userspace will unconditionally fail 
>>> with
>>> -EPERM.
>>>
>>> This is inflexible, and a guest may wish to allow userspace to make
>>> hypercalls.
>>>
>>> Introduce HVMOP_set_hypercall_dpl which allows the guest to alter the
>>> permissions check for hypercalls.  It behaves exactly like the dpl field for
>>> GDT/LDT/IDT entries.
>>
>> Could you explain a bit of the use-case?
>
> My specific usecase,
> http://xenbits.xen.org/gitweb/?p=people/andrewcoop/xen-test-framework.git;a=shortlog;h=refs/heads/wip-traps-v0.1
>
> It isn't quite ready for formal release yet.
>
>> As in why the ioctl via the kernel is no good?
>
> Who says Linux is running?
>
> Hopefully answered in
> http://lists.xenproject.org/archives/html/xen-devel/2016-01/msg01155.html

Not really.  Obviously if you're running custom test code rather than
Linux, then you aren't going to make an ioctl system call on a file
descriptor; but what people are actually suggesting is just that you
make *some* sort of system call from ring 3 which will then make the
hypercall from ring 0.  That's not "the Linux way" of doing things,
it's the *operating system* way of doing things.

From the previous discussion, ISTR that what you want to be able to
log messages to the Xen console from your test code when running in
ring 3.  It should be fairly easy to set up a custom system call in
your test system that will then make the appropriate hypercall from
ring 0 and return, with minimal interaction with other parts of the
system.  (I think there were some other suggestions there as well.)

Is there a reason that's not possible?

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [v3,11/41] mips: reuse asm-generic/barrier.h
Next by Date: [Xen-devel] [qemu-mainline baseline-only test] 38621: regressions - FAIL
Previous by thread: Re: [Xen-devel] [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls
Next by thread: Re: [Xen-devel] [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.