From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel List <xen-devel@lists.xen.org>
Cc: Tim Deegan <tim@xen.org>, Keir Fraser <keir@xen.org>,
Jan Beulich <JBeulich@suse.com>
Subject: RFC Userspace hypercalls
Date: Wed, 6 Jan 2016 11:44:58 +0000 [thread overview]
Message-ID: <568CFE3A.8080505@citrix.com> (raw)
Hi,
I am in the middle of getting my Xen Test Framework working and usable.
Embarrassingly, the unit test I hacked up for investigating XSA-106
(which was the inspiration to make the framework) correctly identifies
the regression caused by XSA-156. To avoid similar situations in the
future, I am getting the XTF usable as a matter of priority.
The XTF uses a flat, shared address space, with the test free to change
cpl at part of normal operation. For the XSA-106 usecase, this was to
confirm that the x86 emulator correctly performed dpl checks on emulated
exception injection.
All console logging is synchronous (to ensure that log messages have
escaped the VM before an action occurs) and by default, an HVM test will
use the qemu debug port, console_io hypercall, and PV console (which
uses evtchn hypercalls).
This causes problems when the test moves into userspace. The qemu debug
port can trivially be fixed by setting IOPL=3, but the hypercalls are
more problematic. The HVM ABI (for whatever reason) unilaterally fails
a userspace hypercall with -EPERM, making it impossible for the kernel
to trap-and-forward even it wanted to.
There are already scenarios under test where we cannot rely on the test
kernel having a fully functioning set of entry points (e.g. the DPL part
of the test above). Therefore I specifically want to make it possible
to make userspace hypercalls, rather than simply making them possible to
be trapped-and-forwarded.
As a result, I proposing introducing a hypercall which allows a domain
to adjust its entry criteria for hypercalls (e.g. set_hypercall_iopl).
Doing this for HVM guests is straight forward, but PV guests are harder,
as they bounce through Xen entrypoints.
For PV guests, I propose that userspace hypercalls get implemented with
the int $0x82 path exclusively. i.e. enabling userspace hypercalls
causes the hypercall page writing logic to consider the guest a ring1
kernel, and the int $0x82 entrypoint suitably delegates between a
regular hypercall and a compat hypercall.
Thoughts?
~Andrew
next reply other threads:[~2016-01-06 11:44 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-06 11:44 Andrew Cooper [this message]
2016-01-06 14:14 ` RFC Userspace hypercalls Jan Beulich
2016-01-06 14:44 ` Andrew Cooper
2016-01-06 16:09 ` Jan Beulich
2016-01-06 16:20 ` Andrew Cooper
2016-01-06 16:24 ` Jan Beulich
2016-01-06 16:31 ` Jan Beulich
2016-01-06 16:38 ` Andrew Cooper
2016-01-06 16:49 ` Jan Beulich
2016-01-06 17:06 ` Andrew Cooper
2016-01-06 16:41 ` David Vrabel
2016-01-07 10:42 ` Ian Campbell
2016-01-07 10:55 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568CFE3A.8080505@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=keir@xen.org \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.