Re: [Qemu-devel] [RFC] Next gen kvm api

From: Anthony Liguori
Date: Tue Feb 07 2012 - 07:28:30 EST

On 02/06/2012 01:46 PM, Scott Wood wrote:
On 02/03/2012 04:52 PM, Anthony Liguori wrote:
On 02/03/2012 12:07 PM, Eric Northup wrote:
On Thu, Feb 2, 2012 at 8:09 AM, Avi Kivity<avi@xxxxxxxxxx> wrote:

Moving to syscalls avoids these problems, but introduces new ones:

- adding new syscalls is generally frowned upon, and kvm will need
- syscalls into modules are harder and rarer than into core kernel code
- will need to add a vcpu pointer to task_struct, and a kvm pointer to
- Lost a good place to put access control (permissions on /dev/kvm)
for which user-mode processes can use KVM.

How would the ability to use sys_kvm_* be regulated?

Why should it be regulated?

It's not a finite or privileged resource.

You're exposing a large, complex kernel subsystem that does very
low-level things with the hardware.

As does the rest of the kernel.

It's a potential source of exploits
(from bugs in KVM or in hardware). I can see people wanting to be
selective with access because of that.

As is true of the rest of the kernel.

If you want finer grain access control, that's exactly why we have things like LSM and SELinux. You can add the appropriate LSM hooks into the KVM infrastructure and setup default SELinux policies appropriately.

And sometimes it is a finite resource. I don't know how x86 does it,
but on at least some powerpc hardware we have a finite, relatively small
number of hardware partition IDs.

But presumably this is per-core, right? And they're recycled, right? IOW, there isn't a limit of number of guests <= number of hardware partitions IDs. It just impacts performance.


Anthony Liguori


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at