From mboxrd@z Thu Jan 1 00:00:00 1970 From: Scott Wood Subject: Re: [Qemu-devel] [RFC] Next gen kvm api Date: Mon, 6 Feb 2012 13:46:21 -0600 Message-ID: <4F302E0D.20302@freescale.com> References: <4F2AB552.2070909@redhat.com> <4F2C6517.3040203@codemonkey.ws> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Cc: Eric Northup , Avi Kivity , linux-kernel , KVM list , qemu-devel To: Anthony Liguori Return-path: In-Reply-To: <4F2C6517.3040203@codemonkey.ws> Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 02/03/2012 04:52 PM, Anthony Liguori wrote: > On 02/03/2012 12:07 PM, Eric Northup wrote: >> On Thu, Feb 2, 2012 at 8:09 AM, Avi Kivity wrote: >> [...] >>> >>> Moving to syscalls avoids these problems, but introduces new ones: >>> >>> - adding new syscalls is generally frowned upon, and kvm will need >>> several >>> - syscalls into modules are harder and rarer than into core kernel code >>> - will need to add a vcpu pointer to task_struct, and a kvm pointer to >>> mm_struct >> - Lost a good place to put access control (permissions on /dev/kvm) >> for which user-mode processes can use KVM. >> >> How would the ability to use sys_kvm_* be regulated? > > Why should it be regulated? > > It's not a finite or privileged resource. You're exposing a large, complex kernel subsystem that does very low-level things with the hardware. It's a potential source of exploits (from bugs in KVM or in hardware). I can see people wanting to be selective with access because of that. And sometimes it is a finite resource. I don't know how x86 does it, but on at least some powerpc hardware we have a finite, relatively small number of hardware partition IDs. -Scott