Abstract
Hypervisors and virtual machines (VMs) running under them must coordinate policy decisions in order to run efficiently. The abstraction of a VM, however, creates a semantic gap which makes it difficult for hypervisor and VM to work in unison due to privilege separation. Today, the semantic gap is bridged by techniques which couple policy decision with execution. In this paper, we introduce and implement a new mechanism, the hypercallback, which enables hypervisors and VMs to coordinate policy with verified, safety-checked code, decoupling execution and decision making. Our results show that hypercallbacks can significantly improve memory management without compromising security and robustness, but the challenge of defining limits without compromising programability and performance remain an open question.