On Tuesday 07 February 2012, Alexander Graf wrote: > On 07.02.2012, at 07:58, Michael Ellerman wrote: > > > On Mon, 2012-02-06 at 13:46 -0600, Scott Wood wrote: > >> You're exposing a large, complex kernel subsystem that does very > >> low-level things with the hardware. It's a potential source of exploits > >> (from bugs in KVM or in hardware). I can see people wanting to be > >> selective with access because of that. > > > > Exactly. > > > > In a perfect world I'd agree with Anthony, but in reality I think > > sysadmins are quite happy that they can prevent some users from using > > KVM. > > > > You could presumably achieve something similar with capabilities or > > whatever, but a node in /dev is much simpler. > > Well, you could still keep the /dev/kvm node and then have syscalls operate on the fd. > > But again, I don't see the problem with the ioctl interface. It's nice, extensible and works great for us. > ioctl is good for hardware devices and stuff that you want to enumerate and/or control permissions on. For something like KVM that is really a core kernel service, a syscall makes much more sense. I would certainly never mix the two concepts: If you use a chardev to get a file descriptor, use ioctl to do operations on it, and if you use a syscall to get the file descriptor then use other syscalls to do operations on it. I don't really have a good recommendation whether or not to change from an ioctl based interface to syscall for KVM now. On the one hand I believe it would be significantly cleaner, on the other hand we cannot remove the chardev interface any more since there are many existing users. Arnd -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
