On Fri, May 1, 2020 at 6:05 PM Liran Alon <liran.alon@xxxxxxxxxx> wrote: > > > On 01/05/2020 23:45, Sean Christopherson wrote: > > Off the top of my head, IO and/or MMIO has a few advantages: > > > > - Allows the guest kernel to delegate permissions to guest userspace, > > whereas KVM restrict hypercalls to CPL0. > > - Allows "pass-through", whereas VMCALL is unconditionally forwarded to > > L1. > > - Is vendor agnostic, e.g. VMX and SVM recognized different opcodes for > > VMCALL vs VMMCALL. > I agree with all the above (I believe similar rational had led VMware to > design their Backdoor PIO interface). Just to set the record straight... VMware's backdoor PIO interface predates both VMX and SVM, so VMCALL and VMMCALL played no role whatsoever in its design. Moreover, VMware's backdoor PIO interface actually does not allow the guest kernel to delegate permissions to guest userspace. VMware ignores the I/O permission bitmap in the TSS for the backdoor ports, so userspace always has access to them. It's the VMware hypervisor that decides whether or not to accept certain hypercalls at CPL>0.
