VMCALL to KVM userspace?

VMCALL to KVM userspace?

[Florian Pester]

Hi,

for a uni project I'm trying to write a userspace for KVM that can run
ELF binaries without a full blown OS in the guest. The idea is to handle
any syscalls made by the binary running inside the guest in the
userspace of the host. In the simplest case you could forward them to
the host Linux kernel.

In any case, I've gotten pretty far, setting up IDTs, the VCPU, Page
Tables and whatnot, but right now I'm stuck. I setup my syscall handler
to do a VMCALL, which according to the Intel manual is supposed to
return control to the host. However this seems to be handled by KVM
without an exit into userspace?

If this is correct, is there any way to make a call to the host VMM,
that will be transfered to userspace by KVM?

Thanks
Florian

Re: VMCALL to KVM userspace?

[Paolo Bonzini]

Il 13/08/2013 16:33, Florian Pester ha scritto:
> Hi,
> 
> for a uni project I'm trying to write a userspace for KVM that can run
> ELF binaries without a full blown OS in the guest. The idea is to handle
> any syscalls made by the binary running inside the guest in the
> userspace of the host. In the simplest case you could forward them to
> the host Linux kernel.
> 
> In any case, I've gotten pretty far, setting up IDTs, the VCPU, Page
> Tables and whatnot, but right now I'm stuck. I setup my syscall handler
> to do a VMCALL, which according to the Intel manual is supposed to
> return control to the host. However this seems to be handled by KVM
> without an exit into userspace?

Yes, this is correct.

> If this is correct, is there any way to make a call to the host VMM,
> that will be transfered to userspace by KVM?

You could patch kvm_emulate_hypercall to return to userspace on an
unknown VMCALL.  The simplest implementation could be something like

	vcpu->run->exit_reason = KVM_EXIT_HYPERCALL;
	return 0;

in vmx.c's handle_vmcall and similarly for svm.c's vmmcall_interception.
 If you want to make a patch for upstream, it is a bit more complicated
because of backwards-compatibility.  You will need a new capability and
you will need to enable it with KVM_ENABLE_CAP, which right now is only
used by PowerPC KVM.

However, this "hypercall to userspace" functionality used to be there
and was removed, so it is unlikely to resurrect...  I suggest you use
simply an "out" to an otherwise unused port.

Paolo

Re: VMCALL to KVM userspace?

[Muli Ben-Yehuda]

On Tue, Aug 13, 2013 at 04:33:49PM +0200, Florian Pester wrote:

> for a uni project I'm trying to write a userspace for KVM that can
> run ELF binaries without a full blown OS in the guest. The idea is
> to handle any syscalls made by the binary running inside the guest
> in the userspace of the host. In the simplest case you could forward
> them to the host Linux kernel.

Sounds a lot like Dune,
http://www.scs.stanford.edu/~dm/home/papers/belay:dune.pdf.

> If this is correct, is there any way to make a call to the host VMM,
> that will be transfered to userspace by KVM?

(Paolo already answered)

Cheers,
Muli