On 07.02.2012, at 07:58, Michael Ellerman wrote: > On Mon, 2012-02-06 at 13:46 -0600, Scott Wood wrote: >> On 02/03/2012 04:52 PM, Anthony Liguori wrote: >>> On 02/03/2012 12:07 PM, Eric Northup wrote: >>>> On Thu, Feb 2, 2012 at 8:09 AM, Avi Kivity<avi@xxxxxxxxxx> wrote: >>>> [...] >>>>> >>>>> Moving to syscalls avoids these problems, but introduces new ones: >>>>> >>>>> - adding new syscalls is generally frowned upon, and kvm will need >>>>> several >>>>> - syscalls into modules are harder and rarer than into core kernel code >>>>> - will need to add a vcpu pointer to task_struct, and a kvm pointer to >>>>> mm_struct >>>> - Lost a good place to put access control (permissions on /dev/kvm) >>>> for which user-mode processes can use KVM. >>>> >>>> How would the ability to use sys_kvm_* be regulated? >>> >>> Why should it be regulated? >>> >>> It's not a finite or privileged resource. >> >> You're exposing a large, complex kernel subsystem that does very >> low-level things with the hardware. It's a potential source of exploits >> (from bugs in KVM or in hardware). I can see people wanting to be >> selective with access because of that. > > Exactly. > > In a perfect world I'd agree with Anthony, but in reality I think > sysadmins are quite happy that they can prevent some users from using > KVM. > > You could presumably achieve something similar with capabilities or > whatever, but a node in /dev is much simpler. Well, you could still keep the /dev/kvm node and then have syscalls operate on the fd. But again, I don't see the problem with the ioctl interface. It's nice, extensible and works great for us. Alex -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
