From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
Jan Beulich <JBeulich@suse.com>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls
Date: Mon, 11 Jan 2016 13:01:29 -0500 [thread overview]
Message-ID: <20160111180129.GA12039@char.us.oracle.com> (raw)
In-Reply-To: <5693ED57.5010705@citrix.com>
On Mon, Jan 11, 2016 at 05:58:47PM +0000, Andrew Cooper wrote:
> On 11/01/16 17:11, Konrad Rzeszutek Wilk wrote:
> > On Mon, Jan 11, 2016 at 04:51:19PM +0000, Andrew Cooper wrote:
> >> Currently, hypercalls issued from HVM userspace will unconditionally fail with
> >> -EPERM.
> >>
> >> This is inflexible, and a guest may wish to allow userspace to make
> >> hypercalls.
> >>
> >> Introduce HVMOP_set_hypercall_dpl which allows the guest to alter the
> >> permissions check for hypercalls. It behaves exactly like the dpl field for
> >> GDT/LDT/IDT entries.
> >
> > Could you explain a bit of the use-case?
>
> My specific usecase,
> http://xenbits.xen.org/gitweb/?p=people/andrewcoop/xen-test-framework.git;a=shortlog;h=refs/heads/wip-traps-v0.1
>
> It isn't quite ready for formal release yet.
>
> > As in why the ioctl via the kernel is no good?
>
> Who says Linux is running?
What else would there be :-)
>
> Hopefully answered in
> http://lists.xenproject.org/archives/html/xen-devel/2016-01/msg01155.html
Yes. If you could add it in the commit description that would be most helpful.
Thank you!
>
> >
> >> As the dpl is initialised to 0, hypercalls are restricted to cpl0 code until
> >> the OS explicitly chooses an alternative.
> > <scratchis his head> So we enable to make hypercalls but then we don't allow
> > it unless it is in ring 0?
>
> Correct. Hypercalls are by default limited to cpl0 (i.e. the existing
> behaviour), but guests can use this new hypercall to change the
> permission check.
>
> Naturally, you have to be sufficiently privileged to make this hypercall
> in the first place, so only the kernel may opt to relax the check.
Right. Sorry I somehow had in mind that this hypercall would be made by the
toolstack which is why I was confused.
>
> ~Andrew
next prev parent reply other threads:[~2016-01-11 18:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-11 16:51 [PATCH v2] x86/hvm: Allow the guest to permit the use of userspace hypercalls Andrew Cooper
2016-01-11 17:11 ` Konrad Rzeszutek Wilk
2016-01-11 17:58 ` Andrew Cooper
2016-01-11 18:01 ` Konrad Rzeszutek Wilk [this message]
2016-01-12 10:32 ` George Dunlap
2016-01-12 8:34 ` Jan Beulich
2016-01-12 12:15 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160111180129.GA12039@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=stefano.stabellini@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.