On Tue, 2014-08-05 at 14:45 +0100, David Vrabel wrote: > On 05/08/14 14:42, Konrad Rzeszutek Wilk wrote: > > > > - Some of these hypercalls don't have an ABI so we can't depend > > on them being stable. How do you want to handle that? > > We are not going any further with this series because of this. > > David Well, this is partially true. We agree the patches as they are cannot be accepted however in the long term we'd like to find a solution. The current ABI from user-space to kernel defined by these patches is perfectly fine (just two ioctl to restrict event channel/privcmd to a specific domain). For the implementation we were looking at different approaches: - add an additional target field in vcpu structure to restrict to a target for a particular vCPU with some additional hypercalls (like multicall) that restrict contained hypercalls to a domain; - an additional hypercall to do domctl but with restriction (this probably require less changes to current patches); - using flask. This looks easy to implement but currently code does not deals well with vCPUs as labels are attached to domains. Frediano -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
