RE: [PATCH v2 4/4] nested vmx: use a list to store the launched vmcs12 for L1 VMM
> -Original Message- > From: Orit Wasserman [mailto:owass...@redhat.com] > Sent: Wednesday, November 28, 2012 8:30 PM > To: Marcelo Tosatti > Cc: Xu, Dongxiao; kvm@vger.kernel.org; g...@redhat.com > Subject: Re: [PATCH v2 4/4] nested vmx: use a list to store the launched > vmcs12 > for L1 VMM > > On 11/28/2012 02:29 AM, Marcelo Tosatti wrote: > > On Thu, Nov 22, 2012 at 12:51:59PM +0800, Dongxiao Xu wrote: > >> The launch state is not a member in the VMCS area, use a separate > >> variable (list) to store it instead. > >> > >> Signed-off-by: Dongxiao Xu > > > > 1. What is the problem with keeping launched state in the VMCS? > > Assuming there is a positive answer to the above: > > > > 2. Don't you have to change VMCS ID? > > > > 3. Can't it be kept somewhere else other than a list? Current scheme > > allows guest to allocate unlimited amounts of host memory. > I agree with Marcelo you have to limit the number of VMCS in the list > otherwise > it will be easy to attack a host with nested :) Yes it is a point. I will add a limitation of the VMCS number for the guest VMM. Thanks, Dongxiao > > > > 4. What is the state of migration / nested vmx again? If vmcs12 is > > migrated, this means launched state is not migrated anymore. > > > > Patches 1-3 seem fine. > > > > -- > > To unsubscribe from this list: send the line "unsubscribe kvm" in the > > body of a message to majord...@vger.kernel.org More majordomo info at > > http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH v2 4/4] nested vmx: use a list to store the launched vmcs12 for L1 VMM
> -Original Message- > From: Gleb Natapov [mailto:g...@redhat.com] > Sent: Wednesday, November 28, 2012 7:28 PM > To: Marcelo Tosatti > Cc: Xu, Dongxiao; kvm@vger.kernel.org > Subject: Re: [PATCH v2 4/4] nested vmx: use a list to store the launched > vmcs12 > for L1 VMM > > On Tue, Nov 27, 2012 at 10:29:08PM -0200, Marcelo Tosatti wrote: > > On Thu, Nov 22, 2012 at 12:51:59PM +0800, Dongxiao Xu wrote: > > > The launch state is not a member in the VMCS area, use a separate > > > variable (list) to store it instead. > > > > > > Signed-off-by: Dongxiao Xu > > > > 1. What is the problem with keeping launched state in the VMCS? > > Assuming there is a positive answer to the above: > > > > 2. Don't you have to change VMCS ID? > > > > 3. Can't it be kept somewhere else other than a list? Current scheme > > allows guest to allocate unlimited amounts of host memory. > > > > 4. What is the state of migration / nested vmx again? If vmcs12 is > > migrated, this means launched state is not migrated anymore. > > > > Patches 1-3 seem fine. > According to Dongxiao they are slowing down nested guest by 4%. For this version, it will introduce certain performance downgrade. Actually in my new patch, I simplified the vmcs12_read() and vmcs12_write() functions and there is no obvious performance downgrade. Thanks, Dongxiao > > -- > Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 4/4] nested vmx: use a list to store the launched vmcs12 for L1 VMM
On 11/28/2012 02:29 AM, Marcelo Tosatti wrote: > On Thu, Nov 22, 2012 at 12:51:59PM +0800, Dongxiao Xu wrote: >> The launch state is not a member in the VMCS area, use a separate >> variable (list) to store it instead. >> >> Signed-off-by: Dongxiao Xu > > 1. What is the problem with keeping launched state in the VMCS? > Assuming there is a positive answer to the above: > > 2. Don't you have to change VMCS ID? > > 3. Can't it be kept somewhere else other than a list? Current scheme > allows guest to allocate unlimited amounts of host memory. I agree with Marcelo you have to limit the number of VMCS in the list otherwise it will be easy to attack a host with nested :) > > 4. What is the state of migration / nested vmx again? If vmcs12 is > migrated, this means launched state is not migrated anymore. > > Patches 1-3 seem fine. > > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 4/4] nested vmx: use a list to store the launched vmcs12 for L1 VMM
On Tue, Nov 27, 2012 at 10:29:08PM -0200, Marcelo Tosatti wrote: > On Thu, Nov 22, 2012 at 12:51:59PM +0800, Dongxiao Xu wrote: > > The launch state is not a member in the VMCS area, use a separate > > variable (list) to store it instead. > > > > Signed-off-by: Dongxiao Xu > > 1. What is the problem with keeping launched state in the VMCS? > Assuming there is a positive answer to the above: > > 2. Don't you have to change VMCS ID? > > 3. Can't it be kept somewhere else other than a list? Current scheme > allows guest to allocate unlimited amounts of host memory. > > 4. What is the state of migration / nested vmx again? If vmcs12 is > migrated, this means launched state is not migrated anymore. > > Patches 1-3 seem fine. According to Dongxiao they are slowing down nested guest by 4%. -- Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 4/4] nested vmx: use a list to store the launched vmcs12 for L1 VMM
On Thu, Nov 22, 2012 at 12:51:59PM +0800, Dongxiao Xu wrote: > The launch state is not a member in the VMCS area, use a separate > variable (list) to store it instead. > > Signed-off-by: Dongxiao Xu 1. What is the problem with keeping launched state in the VMCS? Assuming there is a positive answer to the above: 2. Don't you have to change VMCS ID? 3. Can't it be kept somewhere else other than a list? Current scheme allows guest to allocate unlimited amounts of host memory. 4. What is the state of migration / nested vmx again? If vmcs12 is migrated, this means launched state is not migrated anymore. Patches 1-3 seem fine. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
