how does it get page fault? I made sure the output buffer at
the user space is properly allocated with the correct size.
When page fault, do I have no choice but abort? It seems
calling the hypercall again does not solve it.
And nothing guarentees that your userspace process is in context
when Xen is running, or that the kernel hasn't played with the
pagetables behind your back.
You must use the hypercall buffer mechanism to avoid issues like
this. See the hypercall implementations in libxc. In Xen, you must
have a XEN_GUEST_HANDLE() which is an opaque reference to your
buffer, and use copy_{to,from}_guest() rather than {to/from}_user(),
which is generally only safe for kernel addresses.