On Mon, Nov 4, 2024 at 5:13 PM Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > On Wed, Oct 30, 2024 at 4:35 AM Zack Rusin <zack.rusin@xxxxxxxxxxxx> wrote: > > > > VMware products handle hypercalls in userspace. Give KVM the ability > > to run VMware guests unmodified by fowarding all hypercalls to the > > userspace. > > > > Enabling of the KVM_CAP_X86_VMWARE_HYPERCALL_ENABLE capability turns > > the feature on - it's off by default. This allows vmx's built on top > > of KVM to support VMware specific hypercalls. > > Hi Zack, Hi, Paolo. Thank you for looking at this. > is there a spec of the hypercalls that are supported by userspace? I > would like to understand if there's anything that's best handled in > the kernel. There's no spec but we have open headers listing the hypercalls. There's about a 100 of them (a few were deprecated), the full list starts here: https://github.com/vmware/open-vm-tools/blob/739c5a2f4bfd4cdda491e6a6f6869d88c0bd6972/open-vm-tools/lib/include/backdoor_def.h#L97 They're not well documented, but the names are pretty self-explenatory. > If we allow forwarding _all_ hypercalls to userspace, then people will > use it for things other than VMware and there goes all hope of > accelerating stuff in the kernel in the future. > > So even having _some_ checks in the kernel before going out to > userspace would keep that door open, or at least try. Doug just looked at this and I think I might have an idea on how to limit the scope at least a bit: if you think it would help we could limit forwarding of hypercalls to userspace only to those that that come with a BDOOR_MAGIC (which is 0x564D5868) in eax. Would that help? > Patch 1 instead looks good from an API point of view. Ah, great, thanks! z
