Re: [Xen-devel] KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On Sat, Sep 30, 2017 at 4:39 AM, Paolo Bonziniwrote: > > - Lai Jiangshan ha scritto: >> On Sat, Sep 30, 2017 at 12:39 AM, Paolo Bonzini wrote: >> > On 29/09/2017 17:47, Lai Jiangshan wrote: >> >> Hello, all >> >> >> >> An interesting (at least to me) thinking came up to me when I found >> >> that the lguest was removed. But I don't have enough knowledge >> >> to find out the answer nor energy to implement it in some time. >> >> >> >> Is it possible to implement kvm-pv which allows kvm to run on >> >> the boxes without hardware virtualization support, so that >> >> qemu/kvm can be used on clouds such as aws, azure? >> > >> > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized >> > hardware with event channels, grant tables and the like, but still using >> > hardware extensions for MMU). >> > >> > Rather, cloud providers should help getting nested virtualization ready >> > for production use. At least for KVM it's not that far. >> > >> >> Although I'm not business man, I don't think the top cloud provider[s] >> would allow nested virtualization, however mature nested virtualization >> is. Even xen-pv is unable to be nested in the aws and azure. A lot of new Windows features, like Credential Guard and Device Guard require hardware virtualization support, as do security products like Bromium. So it's not surprising that cloud providers are becoming more interested in nested hardware support. > Check the contributors to KVM nested virtualization, you might be surprised. > > Nested Xen PV is not possible because the Xen hypervisor cannot run as a PV > guest. It's a technical limitation. Minor correction: Xen can't run on AWS as a PV guest, but it can run as an L1 hypervisor inside any "fully virtualized" VM (as both AWS and Azure provide), and provide PV L2 guests. -George
Re: [Xen-devel] KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On Sat, Sep 30, 2017 at 4:39 AM, Paolo Bonzini wrote: > > - Lai Jiangshan ha scritto: >> On Sat, Sep 30, 2017 at 12:39 AM, Paolo Bonzini wrote: >> > On 29/09/2017 17:47, Lai Jiangshan wrote: >> >> Hello, all >> >> >> >> An interesting (at least to me) thinking came up to me when I found >> >> that the lguest was removed. But I don't have enough knowledge >> >> to find out the answer nor energy to implement it in some time. >> >> >> >> Is it possible to implement kvm-pv which allows kvm to run on >> >> the boxes without hardware virtualization support, so that >> >> qemu/kvm can be used on clouds such as aws, azure? >> > >> > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized >> > hardware with event channels, grant tables and the like, but still using >> > hardware extensions for MMU). >> > >> > Rather, cloud providers should help getting nested virtualization ready >> > for production use. At least for KVM it's not that far. >> > >> >> Although I'm not business man, I don't think the top cloud provider[s] >> would allow nested virtualization, however mature nested virtualization >> is. Even xen-pv is unable to be nested in the aws and azure. A lot of new Windows features, like Credential Guard and Device Guard require hardware virtualization support, as do security products like Bromium. So it's not surprising that cloud providers are becoming more interested in nested hardware support. > Check the contributors to KVM nested virtualization, you might be surprised. > > Nested Xen PV is not possible because the Xen hypervisor cannot run as a PV > guest. It's a technical limitation. Minor correction: Xen can't run on AWS as a PV guest, but it can run as an L1 hypervisor inside any "fully virtualized" VM (as both AWS and Azure provide), and provide PV L2 guests. -George
Re: [Xen-devel] KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On Fri, Sep 29, 2017 at 5:39 PM, Paolo Bonziniwrote: > On 29/09/2017 17:47, Lai Jiangshan wrote: >> Hello, all >> >> An interesting (at least to me) thinking came up to me when I found >> that the lguest was removed. But I don't have enough knowledge >> to find out the answer nor energy to implement it in some time. >> >> Is it possible to implement kvm-pv which allows kvm to run on >> the boxes without hardware virtualization support, so that >> qemu/kvm can be used on clouds such as aws, azure? > > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized > hardware with event channels, grant tables and the like, but still using > hardware extensions for MMU). That said, the main pain point for Xen's PV so far has been the fact that we expose the real pagetables directly to the guest, in order to avoid having to do use shadow pagetables. If you're willing to take the performance hit and use an existing shadow pagetable implementation from the start, it might not be so bad from a development perspective. Still, I'm betting it will be a lot more work than you expect. :-) -George
Re: [Xen-devel] KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On Fri, Sep 29, 2017 at 5:39 PM, Paolo Bonzini wrote: > On 29/09/2017 17:47, Lai Jiangshan wrote: >> Hello, all >> >> An interesting (at least to me) thinking came up to me when I found >> that the lguest was removed. But I don't have enough knowledge >> to find out the answer nor energy to implement it in some time. >> >> Is it possible to implement kvm-pv which allows kvm to run on >> the boxes without hardware virtualization support, so that >> qemu/kvm can be used on clouds such as aws, azure? > > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized > hardware with event channels, grant tables and the like, but still using > hardware extensions for MMU). That said, the main pain point for Xen's PV so far has been the fact that we expose the real pagetables directly to the guest, in order to avoid having to do use shadow pagetables. If you're willing to take the performance hit and use an existing shadow pagetable implementation from the start, it might not be so bad from a development perspective. Still, I'm betting it will be a lot more work than you expect. :-) -George
Re: KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
- Lai Jiangshanha scritto: > On Sat, Sep 30, 2017 at 12:39 AM, Paolo Bonzini wrote: > > On 29/09/2017 17:47, Lai Jiangshan wrote: > >> Hello, all > >> > >> An interesting (at least to me) thinking came up to me when I found > >> that the lguest was removed. But I don't have enough knowledge > >> to find out the answer nor energy to implement it in some time. > >> > >> Is it possible to implement kvm-pv which allows kvm to run on > >> the boxes without hardware virtualization support, so that > >> qemu/kvm can be used on clouds such as aws, azure? > > > > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized > > hardware with event channels, grant tables and the like, but still using > > hardware extensions for MMU). > > > > Rather, cloud providers should help getting nested virtualization ready > > for production use. At least for KVM it's not that far. > > > > Although I'm not business man, I don't think the top cloud provider[s] > would allow nested virtualization, however mature nested virtualization > is. Even xen-pv is unable to be nested in the aws and azure. Check the contributors to KVM nested virtualization, you might be surprised. Nested Xen PV is not possible because the Xen hypervisor cannot run as a PV guest. It's a technical limitation. Paolo > > Thanks, > Lai > > >
Re: KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
- Lai Jiangshan ha scritto: > On Sat, Sep 30, 2017 at 12:39 AM, Paolo Bonzini wrote: > > On 29/09/2017 17:47, Lai Jiangshan wrote: > >> Hello, all > >> > >> An interesting (at least to me) thinking came up to me when I found > >> that the lguest was removed. But I don't have enough knowledge > >> to find out the answer nor energy to implement it in some time. > >> > >> Is it possible to implement kvm-pv which allows kvm to run on > >> the boxes without hardware virtualization support, so that > >> qemu/kvm can be used on clouds such as aws, azure? > > > > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized > > hardware with event channels, grant tables and the like, but still using > > hardware extensions for MMU). > > > > Rather, cloud providers should help getting nested virtualization ready > > for production use. At least for KVM it's not that far. > > > > Although I'm not business man, I don't think the top cloud provider[s] > would allow nested virtualization, however mature nested virtualization > is. Even xen-pv is unable to be nested in the aws and azure. Check the contributors to KVM nested virtualization, you might be surprised. Nested Xen PV is not possible because the Xen hypervisor cannot run as a PV guest. It's a technical limitation. Paolo > > Thanks, > Lai > > >
Re: KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On Sat, Sep 30, 2017 at 12:39 AM, Paolo Bonziniwrote: > On 29/09/2017 17:47, Lai Jiangshan wrote: >> Hello, all >> >> An interesting (at least to me) thinking came up to me when I found >> that the lguest was removed. But I don't have enough knowledge >> to find out the answer nor energy to implement it in some time. >> >> Is it possible to implement kvm-pv which allows kvm to run on >> the boxes without hardware virtualization support, so that >> qemu/kvm can be used on clouds such as aws, azure? > > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized > hardware with event channels, grant tables and the like, but still using > hardware extensions for MMU). > > Rather, cloud providers should help getting nested virtualization ready > for production use. At least for KVM it's not that far. > Although I'm not business man, I don't think the top cloud provider[s] would allow nested virtualization, however mature nested virtualization is. Even xen-pv is unable to be nested in the aws and azure. Thanks, Lai >
Re: KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On Sat, Sep 30, 2017 at 12:39 AM, Paolo Bonzini wrote: > On 29/09/2017 17:47, Lai Jiangshan wrote: >> Hello, all >> >> An interesting (at least to me) thinking came up to me when I found >> that the lguest was removed. But I don't have enough knowledge >> to find out the answer nor energy to implement it in some time. >> >> Is it possible to implement kvm-pv which allows kvm to run on >> the boxes without hardware virtualization support, so that >> qemu/kvm can be used on clouds such as aws, azure? > > No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized > hardware with event channels, grant tables and the like, but still using > hardware extensions for MMU). > > Rather, cloud providers should help getting nested virtualization ready > for production use. At least for KVM it's not that far. > Although I'm not business man, I don't think the top cloud provider[s] would allow nested virtualization, however mature nested virtualization is. Even xen-pv is unable to be nested in the aws and azure. Thanks, Lai >
Re: KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On 29/09/2017 17:47, Lai Jiangshan wrote: > Hello, all > > An interesting (at least to me) thinking came up to me when I found > that the lguest was removed. But I don't have enough knowledge > to find out the answer nor energy to implement it in some time. > > Is it possible to implement kvm-pv which allows kvm to run on > the boxes without hardware virtualization support, so that > qemu/kvm can be used on clouds such as aws, azure? No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized hardware with event channels, grant tables and the like, but still using hardware extensions for MMU). Rather, cloud providers should help getting nested virtualization ready for production use. At least for KVM it's not that far. Paolo > Without hardware virtualization support, the host kvm-pv module and > the guest linux kernel need to cooperate in some ways. And some kvm > facilities can help. For instance, the existing shadow-paging, which > was not introduced when lguest had been added to kernel, could be > reused to help on mmu virtualization. For guest kernel/userspace > separation in x86_64, the intel cpu's segment registers can help too. > (or use a new set of page-table for the guest kernel on amd64). > > The thought is quite shallow, but I hope this email brings some > inspirations rather than annoyance. And I'm sorry if the later things > would happen. > > Thanks, > Lai. > > On Thu, Aug 17, 2017 at 1:31 AM, Juergen Grosswrote: >> Lguest seems to be rather unused these days. It has seen only patches >> ensuring it still builds the last two years and its official state is >> "Odd Fixes". >> >> Nuke it in order to be able to clean up the paravirt code. >
Re: KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
On 29/09/2017 17:47, Lai Jiangshan wrote: > Hello, all > > An interesting (at least to me) thinking came up to me when I found > that the lguest was removed. But I don't have enough knowledge > to find out the answer nor energy to implement it in some time. > > Is it possible to implement kvm-pv which allows kvm to run on > the boxes without hardware virtualization support, so that > qemu/kvm can be used on clouds such as aws, azure? No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized hardware with event channels, grant tables and the like, but still using hardware extensions for MMU). Rather, cloud providers should help getting nested virtualization ready for production use. At least for KVM it's not that far. Paolo > Without hardware virtualization support, the host kvm-pv module and > the guest linux kernel need to cooperate in some ways. And some kvm > facilities can help. For instance, the existing shadow-paging, which > was not introduced when lguest had been added to kernel, could be > reused to help on mmu virtualization. For guest kernel/userspace > separation in x86_64, the intel cpu's segment registers can help too. > (or use a new set of page-table for the guest kernel on amd64). > > The thought is quite shallow, but I hope this email brings some > inspirations rather than annoyance. And I'm sorry if the later things > would happen. > > Thanks, > Lai. > > On Thu, Aug 17, 2017 at 1:31 AM, Juergen Gross wrote: >> Lguest seems to be rather unused these days. It has seen only patches >> ensuring it still builds the last two years and its official state is >> "Odd Fixes". >> >> Nuke it in order to be able to clean up the paravirt code. >
KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
Hello, all An interesting (at least to me) thinking came up to me when I found that the lguest was removed. But I don't have enough knowledge to find out the answer nor energy to implement it in some time. Is it possible to implement kvm-pv which allows kvm to run on the boxes without hardware virtualization support, so that qemu/kvm can be used on clouds such as aws, azure? Without hardware virtualization support, the host kvm-pv module and the guest linux kernel need to cooperate in some ways. And some kvm facilities can help. For instance, the existing shadow-paging, which was not introduced when lguest had been added to kernel, could be reused to help on mmu virtualization. For guest kernel/userspace separation in x86_64, the intel cpu's segment registers can help too. (or use a new set of page-table for the guest kernel on amd64). The thought is quite shallow, but I hope this email brings some inspirations rather than annoyance. And I'm sorry if the later things would happen. Thanks, Lai. On Thu, Aug 17, 2017 at 1:31 AM, Juergen Grosswrote: > Lguest seems to be rather unused these days. It has seen only patches > ensuring it still builds the last two years and its official state is > "Odd Fixes". > > Nuke it in order to be able to clean up the paravirt code.
KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lguest support)
Hello, all An interesting (at least to me) thinking came up to me when I found that the lguest was removed. But I don't have enough knowledge to find out the answer nor energy to implement it in some time. Is it possible to implement kvm-pv which allows kvm to run on the boxes without hardware virtualization support, so that qemu/kvm can be used on clouds such as aws, azure? Without hardware virtualization support, the host kvm-pv module and the guest linux kernel need to cooperate in some ways. And some kvm facilities can help. For instance, the existing shadow-paging, which was not introduced when lguest had been added to kernel, could be reused to help on mmu virtualization. For guest kernel/userspace separation in x86_64, the intel cpu's segment registers can help too. (or use a new set of page-table for the guest kernel on amd64). The thought is quite shallow, but I hope this email brings some inspirations rather than annoyance. And I'm sorry if the later things would happen. Thanks, Lai. On Thu, Aug 17, 2017 at 1:31 AM, Juergen Gross wrote: > Lguest seems to be rather unused these days. It has seen only patches > ensuring it still builds the last two years and its official state is > "Odd Fixes". > > Nuke it in order to be able to clean up the paravirt code.