From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Ellerman Subject: Re: [RFC] Next gen kvm api Date: Tue, 07 Feb 2012 17:58:54 +1100 Message-ID: <1328597934.6802.6.camel@concordia> References: <4F2AB552.2070909@redhat.com> <4F2C6517.3040203@codemonkey.ws> <4F302E0D.20302@freescale.com> Reply-To: michael@ellerman.id.au Mime-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-NPSjDqGcvI+C4OAzKwu4" Cc: KVM list , qemu-devel , linux-kernel , Eric Northup , Avi Kivity To: Scott Wood Return-path: In-Reply-To: <4F302E0D.20302@freescale.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org Sender: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org List-Id: kvm.vger.kernel.org --=-NPSjDqGcvI+C4OAzKwu4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2012-02-06 at 13:46 -0600, Scott Wood wrote: > On 02/03/2012 04:52 PM, Anthony Liguori wrote: > > On 02/03/2012 12:07 PM, Eric Northup wrote: > >> On Thu, Feb 2, 2012 at 8:09 AM, Avi Kivity wrote: > >> [...] > >>> > >>> Moving to syscalls avoids these problems, but introduces new ones: > >>> > >>> - adding new syscalls is generally frowned upon, and kvm will need > >>> several > >>> - syscalls into modules are harder and rarer than into core kernel co= de > >>> - will need to add a vcpu pointer to task_struct, and a kvm pointer t= o > >>> mm_struct > >> - Lost a good place to put access control (permissions on /dev/kvm) > >> for which user-mode processes can use KVM. > >> > >> How would the ability to use sys_kvm_* be regulated? > >=20 > > Why should it be regulated? > >=20 > > It's not a finite or privileged resource. >=20 > You're exposing a large, complex kernel subsystem that does very > low-level things with the hardware. It's a potential source of exploits > (from bugs in KVM or in hardware). I can see people wanting to be > selective with access because of that. Exactly. In a perfect world I'd agree with Anthony, but in reality I think sysadmins are quite happy that they can prevent some users from using KVM. You could presumably achieve something similar with capabilities or whatever, but a node in /dev is much simpler. cheers --=-NPSjDqGcvI+C4OAzKwu4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCAAGBQJPMMuuAAoJEFHr6jzI4aWAy20P/jq4i3CvLydEUAPNIVqCS6Ll G/xdvq/p0NWNpIQWYLntc+8hvjaJUjDboa2uXsAZCdOc5X5r2oazdxotDz7ywjx4 rP5/eJWZnLmfMRnsLrSEWEDqxVGtj1tMY6ae5cgKTglM+gk3OBoeM6hfiBnp+4Jd A6h8Z/XFUSNq9m3koakRIme9qQ5leC/6mTI2M+tbQOCaWIkUFjhBx09tTub56m3m eCfizOJFczJdXVb58KyN4DYx0vYF51xsHwGaoRImzAz7l+4tSMMptBnC8rADsPYN c/Fx0fijDR+yAF3R1SogbH/BnInA1KvfHw2Vv0uwDdbYJpV6QaCq8TQGhANKC1fm aNaDvr0IWwhQ0uuzW0qX6lwjqiqp4Hw9cOlOzv0kyVVetKQWA2xl4m0vnqF3/d4q mmw2DJMz6xc45tSmtS1tpyBZtHE1gSwMmEGcE9VKUpeEN3z8Fg+w0w4qG7xmTsUK 3xxMDnTOPFaaslFEK2nyi6xiOQPO7K06ViEnsxyxuTLPSeLB5tul5XMtyqQDMoNN EdWPgdmv5rItDXtzES6ihs3ChWbox2ok0IvrXGUItAwRPuRIr8gp8na1lgn/NufG GvsOGb8E/cyoFUzls0NzKiiphkwiYmfSxeD6QdorRoSBRdcTghcDbr+T8/W7jzbg iARgii4fM/2QhLFwDIK3 =3BUR -----END PGP SIGNATURE----- --=-NPSjDqGcvI+C4OAzKwu4--