2

I want a user process in guest machine call a custom hypercall and qemu receives it. I don't want to make any modification of a guest kernel.
From this answer and other materials, I know that vmcall instruction will cause VMEXIT and VMM will receive the its exit reason and arguments.

According to Intel® 64 and IA-32 Architectures Software Developer’s Manual p.1201, vmcall instruction will trigger an exception when CPL > 0.
So I conclude that I need a (guest) kernel interface to invoke a hypercall.

I found that arch/x86/include/asm/kvm_para.h in Linux kernel has kvm_hypercallx functions (where x is a number of arguments). But I can't find a call site of these functions.

Is it possible to invoke a hypercall without any modification of a guest kernel? If so, how to do it? If not, is there any alternative?

Dae R. Jeong
  • 105
  • 11

2 Answers2

1

VMCALL causes a VM exit at any CPL level when in a guest (VMX non-root mode). The check for CPL is done only if it is in VMX root mode.

Another way to cause an unconditional VM exit is with the CPUID instruction. The VMM can distinguish a hypercall from a regular CPUID invocation by the value in EAX.

prl
  • 11,716
  • 2
  • 13
  • 31
  • Ah I misread the document. Then when I execute `asm ("vmcall" :: "a"(VAL))`, can qemu receive the control? I tried it but `run->exit_reason` in `kvm_cpu_exec() in qemu/kvm-all.c` is never the sams as the value `VAL`. Do you know where the code point should I look into? – Dae R. Jeong Aug 16 '17 at 09:24
  • I don't know KVM internals, but I guess the exit reason would be 18 (vmcall). You would get the value of eax from the guest state. – prl Aug 16 '17 at 14:48
  • I found the reason! [This page](https://github.com/dpw/kvm-hello-world) says that `The most obvious way might be the VMCALL (or VMMCALL on AMD) instruction, which it specifically intended to call out to the hypervisor. But it turns out the KVM reserves VMCALL/VMMCALL for its internal hypercall mechanism, without notifying the userspace VM host program of the VM exits caused by these instructions. So we need some other way to trigger a VM exit. HLT is convenient because it is a single-byte instruction.`. This is why qemu cannot receive the vm exit and its exit reason! :) – Dae R. Jeong Aug 17 '17 at 14:39
0
Is it possible to invoke a hypercall without any modification of a guest kernel?

hypercall just a way to transfer message between guest & host, you may trigger the hypercall (like virtio used hypercall2), but it is useful for you?

liunx
  • 751
  • 4
  • 13
  • 32
  • I did a mitake. What I wanna do is transferring a control from a guest's user process to a host's qemu when the user process executes the specific instruction (for example, vmcall). hypercall in kernel may not be userful. – Dae R. Jeong Aug 16 '17 at 09:37
  • @DaeR.Jeong The best way should be adding a virtual device model in /dev/ and using shared memory – Hangchen Yu Feb 18 '18 at 19:52