On 02/03/2012 04:52 PM, Anthony Liguori wrote:On 02/03/2012 12:07 PM, Eric Northup wrote:On Thu, Feb 2, 2012 at 8:09 AM, Avi Kivity<avi@xxxxxxxxxx> wrote:
[...]
- Lost a good place to put access control (permissions on /dev/kvm)
Moving to syscalls avoids these problems, but introduces new ones:
- adding new syscalls is generally frowned upon, and kvm will need
several
- syscalls into modules are harder and rarer than into core kernel code
- will need to add a vcpu pointer to task_struct, and a kvm pointer to
mm_struct
for which user-mode processes can use KVM.
How would the ability to use sys_kvm_* be regulated?
Why should it be regulated?
It's not a finite or privileged resource.
You're exposing a large, complex kernel subsystem that does very
low-level things with the hardware.
It's a potential source of exploits
(from bugs in KVM or in hardware). I can see people wanting to be
selective with access because of that.
And sometimes it is a finite resource. I don't know how x86 does it,
but on at least some powerpc hardware we have a finite, relatively small
number of hardware partition IDs.
-Scott