From: Steve Ofsthun <sofsthun@virtualiron.com>
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: xen-devel@lists.xensource.com
Subject: Re: [PATCH] Hypercalls from HVM guests
Date: Sat, 22 Apr 2006 11:16:48 -0400 [thread overview]
Message-ID: <444A48E0.6040809@virtualiron.com> (raw)
In-Reply-To: <15277a6e2bde8c0d0a88162b1d5eee55@cl.cam.ac.uk>
Keir Fraser wrote:
>
> On 21 Apr 2006, at 19:13, Steve Ofsthun wrote:
>
>> With these changes you can make raw hypercalls from HVM guests.
>
> You probably want a separate hypercall table from that of
> paravirtualized guests, for several reasons:
> 1. Some hypercalls will not be HVM aware and are probably unsafe to run
> from an HVM context
Which hypercalls in particular should be excluded from HVM use?
A number will require changes to perform properly for HVM guests. This work
will require this patch. In particular, follow on patches for grant table
operations, event channel operations, and memory operations all require this
initial groundwork.
Are you concerned that enabling this patch will make the hypervisor more
vulnerable in some way?
Shouldn't the hypervisor interface be made robust enough to deal with HVM
guests (as well as malfunctioning paravirtualized guests)?
If it is just a matter of testing, I could filter all HVM requests for now
and only allow requests through that have been exercised. As additional
patches are submitted, we could enable new hypercalls to be passed through
the HVM interface.
> 2. Some hypercalls may want different implementations (or at least a
> wrapper) on HVM
If this becomes necessary, it can be added to the interface.
> 3. On 64-bit, you may even want a separate 32-bit hypercall table
> containing wrappers that interface between 32-bit callers and the core
> 64-bit hypercall functions.
At the moment, all of this can be dealt with in HVM DomU code. By doing it
there, we can avoid explicit parameter copying on every hypercall. The 32-bit
vs. 64-bit hypercall interface variations are not unique to HVM code. Adding
conversion interfaces in the hypervisor is only one solution to this problem.
The interfaces themselves could be made size invariant. Except for backward
compatibility, the 32-bit interfaces could be made identical to the 64-bit
interfaces using proper data typing and explicit data alignment.
> (1) is most important right now -- we should only permit the hypercalls
> we need, and audit any others before they are added to the list.
OK, is a bitmap filter of the inbound requests sufficient? For this patch, I'll
just filter every hypercall except HYPERVISOR_xen_version() and return ENOSYS?
Steve
--
Steve Ofsthun - Virtual Iron Software, Inc.
next prev parent reply other threads:[~2006-04-22 15:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-21 18:13 [PATCH] Hypercalls from HVM guests Steve Ofsthun
2006-04-22 8:49 ` Keir Fraser
2006-04-22 15:16 ` Steve Ofsthun [this message]
2006-04-23 8:31 ` Keir Fraser
2006-04-24 16:53 ` Hollis Blanchard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=444A48E0.6040809@virtualiron.com \
--to=sofsthun@virtualiron.com \
--cc=Keir.Fraser@cl.cam.ac.uk \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.