On Tue, Aug 18, 2009 at 01:45:05PM +0300, Avi Kivity wrote:
On 08/18/2009 01:28 PM, Michael S. Tsirkin wrote:userspace will know which it is, because hypercall capability
There are no different hypercalls. There's just one hypercallSuppose a nested guest has two devices. One a virtual device backed byNot sure I understand. What I had in mind is that devices would have to
its host (our guest), and one a virtual device backed by us (the real
host), and assigned by the guest to the nested guest. If both devices
use hypercalls, there is no way to distinguish between them.
either use different hypercalls and map hypercall to address during
setup, or pass address with each hypercall. We get the hypercall,
translate the address as if it was pio access, and know the destination?
instruction, and there's no standard on how it's used. If a nested call
issues a hypercall instruction, you have no idea if it's calling a
Hyper-V hypercall or a vbus/virtio kick.
in the device has been activated, and can tell kernel, using
something similar to iosignalfd. No?
You could have a protocol where you register the hypercall instruction'sI really thought we could pass the io address in register as an input
address with its recipient, but it quickly becomes a tangled mess.
parameter. Is there a way to do this in a secure manner?
Hmm. Doesn't kvm use hypercalls now? How does this work with nesting?
For example, in this code in arch/x86/kvm/x86.c:
switch (nr) {
case KVM_HC_VAPIC_POLL_IRQ:
ret = 0;
break;
case KVM_HC_MMU_OP:
r = kvm_pv_mmu_op(vcpu, a0, hc_gpa(vcpu, a1, a2),&ret);
break;
default:
ret = -KVM_ENOSYS;
break;
}
how do we know that it's the guest and not the nested guest performing
the hypercall?