[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls

On Mon, Jan 11, 2016 at 5:58 PM, Andrew Cooper
<andrew.cooper3@xxxxxxxxxx> wrote:
> On 11/01/16 17:11, Konrad Rzeszutek Wilk wrote:
>> On Mon, Jan 11, 2016 at 04:51:19PM +0000, Andrew Cooper wrote:
>>> Currently, hypercalls issued from HVM userspace will unconditionally fail 
>>> with
>>> -EPERM.
>>> This is inflexible, and a guest may wish to allow userspace to make
>>> hypercalls.
>>> Introduce HVMOP_set_hypercall_dpl which allows the guest to alter the
>>> permissions check for hypercalls.  It behaves exactly like the dpl field for
>>> GDT/LDT/IDT entries.
>> Could you explain a bit of the use-case?
> My specific usecase,
> http://xenbits.xen.org/gitweb/?p=people/andrewcoop/xen-test-framework.git;a=shortlog;h=refs/heads/wip-traps-v0.1
> It isn't quite ready for formal release yet.
>> As in why the ioctl via the kernel is no good?
> Who says Linux is running?
> Hopefully answered in
> http://lists.xenproject.org/archives/html/xen-devel/2016-01/msg01155.html

Not really.  Obviously if you're running custom test code rather than
Linux, then you aren't going to make an ioctl system call on a file
descriptor; but what people are actually suggesting is just that you
make *some* sort of system call from ring 3 which will then make the
hypercall from ring 0.  That's not "the Linux way" of doing things,
it's the *operating system* way of doing things.

From the previous discussion, ISTR that what you want to be able to
log messages to the Xen console from your test code when running in
ring 3.  It should be fairly easy to set up a custom system call in
your test system that will then make the appropriate hypercall from
ring 0 and return, with minimal interaction with other parts of the
system.  (I think there were some other suggestions there as well.)

Is there a reason that's not possible?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.