invoking hypercall in qemu-kvm without guest kernel modification

Question

I want a user process in guest machine call a custom hypercall and qemu receives it. I don't want to make any modification of a guest kernel.
From this answer and other materials, I know that vmcall instruction will cause VMEXIT and VMM will receive the its exit reason and arguments.

According to Intel® 64 and IA-32 Architectures Software Developer’s Manual p.1201, vmcall instruction will trigger an exception when CPL > 0.
So I conclude that I need a (guest) kernel interface to invoke a hypercall.

I found that arch/x86/include/asm/kvm_para.h in Linux kernel has kvm_hypercallx functions (where x is a number of arguments). But I can't find a call site of these functions.

Is it possible to invoke a hypercall without any modification of a guest kernel? If so, how to do it? If not, is there any alternative?

Answer 1

Is it possible to invoke a hypercall without any modification of a guest kernel?

hypercall just a way to transfer message between guest & host, you may trigger the hypercall (like virtio used hypercall2), but it is useful for you?

Answer 2

VMCALL causes a VM exit at any CPL level when in a guest (VMX non-root mode). The check for CPL is done only if it is in VMX root mode.

Another way to cause an unconditional VM exit is with the CPUID instruction. The VMM can distinguish a hypercall from a regular CPUID invocation by the value in EAX.