RE: [PATCH] kvm/vmx: EPTP switching test
On 17/11/2015 18:18, Paolo Bonzini wrote:
> On 17/11/2015 02:45, Zhang, Yang Z wrote:
> > We have a different version in hand which is using separate EPTP.
>
> Can you say in advance what you are using EPTP switching for? Offlist if
> necessary.
Hi Paolo,
We are using EPTP switching for a protected inter-VM communication design, as
shown in the slides (#23) here:
http://events.linuxfoundation.org/sites/events/files/slides/Jun_Nakajima_NFV_KVM%202015_final.pdf
Best,
Wei
N�r��yb�X��ǧv�^�){.n�+{zX����ܨ}���Ơz�&j:+v���zZ+��+zf���h���~i���z�
�w���?�&�)ߢf��^jǫy�m��@A�a���
0��h���i
Re: [PATCH] kvm/vmx: EPTP switching test
On 17/11/2015 02:45, Zhang, Yang Z wrote: > We have a different version in hand which is using separate EPTP. Can you say in advance what you are using EPTP switching for? Offlist if necessary. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] kvm/vmx: EPTP switching test
On 16/11/2015 19:18, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= wrote: >> > No idea how would I even test it, so I'm not interested in #VE at this >> > point. If you are - go ahead and post a patch for that on top though, >> > why not. > I thought that it's going to be simpler to provide functionality (that > utilizes eptp switching) to the guest through #VE, which probably isn't > true as I think more about it. (Not interested in implementing it :]) #VE and EPTP switching are distinct features, one does not imply the other. Unfortunately, EPTP switching is designed for a very specific use case where the hypervisor is effectively part of the kernel, and the kernel is trusted to some extent. Examples include antivirus software and virtual machines. Antiviruses do use VMFUNC, that's as far as I know the only current use case of it (https://embedded.communities.intel.com/community/en/applications/blog/2013/06/13/roving-reporter-enhancing-retail-security-and-manageability-with-4th-generation-intel-core-processors). So I'm against this patch, but only because I'm not sure why KVM would ever use EPTP switching in its current incarnation. The guest kernel is absolutely not trusted by KVM. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: [PATCH] kvm/vmx: EPTP switching test
Michael S. Tsirkin wrote on 2015-11-16:
> This patch adds a new parameter: eptp_switching_test, which enables
> testing EPT switching on VMX if supported by hardware. All EPT
> entries are initialized to the same value so this adds no useful
> functionality by itself, but can be used to test VMFUNC performance,
> and serve as a basis for future features based on EPTP switching.
>
> Support for nested virt is not enabled.
>
> This was tested using the following code within guest:
> #define VMX_VMFUNC ".byte 0x0f,0x01,0xd4"
> static void vmfunc(unsigned int nr, unsigned int ept)
> {
> asm volatile(VMX_VMFUNC
>:
>: "a"(nr), "c"(ept)
>: "memory");
> }
>
> VMFUNC instruction cost was measured at ~122 cycles.
> (Note: recent versions of gnu toolchain support the vmfunc
> instruction - removing the need for writing the bytecode manually).
>
> Signed-off-by: Michael S. Tsirkin
> ---
>
> I think I'd like to put this upstream so future eptp switching work
> can be implemented on top. Comments?
We have a different version in hand which is using separate EPTP. As you known,
the patch will be more complex if using separate EPTP. And there are still lots
of thing need to do in our version. We will send out for comments soon.
Best regards,
Yang
N�r��yb�X��ǧv�^�){.n�+{zX����ܨ}���Ơz�&j:+v���zZ+��+zf���h���~i���z�
�w���?�&�)ߢf��^jǫy�m��@A�a���
0��h���i
Re: [PATCH] kvm/vmx: EPTP switching test
On Mon, Nov 16, 2015 at 10:18 AM, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= wrote: > 2015-11-16 19:59+0200, Michael S. Tsirkin: >> On Mon, Nov 16, 2015 at 06:51:06PM +0100, >> =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= wrote: >>> 2015-11-15 18:00+0200, Michael S. Tsirkin: >>> (And I think that eptp switching is expected to be used in conjuction >>> with #VE, so it'd then make sense to implement a nop for it as well.) >> >> No idea how would I even test it, so I'm not interested in #VE at this >> point. If you are - go ahead and post a patch for that on top though, >> why not. > > I thought that it's going to be simpler to provide functionality (that > utilizes eptp switching) to the guest through #VE, which probably isn't > true as I think more about it. (Not interested in implementing it :]) I'm willing to review a #VE stub. I'm not likely to implement it. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] kvm/vmx: EPTP switching test
2015-11-16 19:59+0200, Michael S. Tsirkin: > On Mon, Nov 16, 2015 at 06:51:06PM +0100, > =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= wrote: >> 2015-11-15 18:00+0200, Michael S. Tsirkin: >> (And I think that eptp switching is expected to be used in conjuction >> with #VE, so it'd then make sense to implement a nop for it as well.) > > No idea how would I even test it, so I'm not interested in #VE at this > point. If you are - go ahead and post a patch for that on top though, > why not. I thought that it's going to be simpler to provide functionality (that utilizes eptp switching) to the guest through #VE, which probably isn't true as I think more about it. (Not interested in implementing it :]) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] kvm/vmx: EPTP switching test
On Mon, Nov 16, 2015 at 06:51:06PM +0100,
=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= wrote:
> 2015-11-15 18:00+0200, Michael S. Tsirkin:
> > This patch adds a new parameter: eptp_switching_test, which enables
> >
> > testing EPT switching on VMX if supported by hardware. All EPT entries
> > are initialized to the same value so this adds no useful functionality
> > by itself, but can be used to test VMFUNC performance, and serve as a
> > basis for future features based on EPTP switching.
> >
> > Support for nested virt is not enabled.
> >
> > This was tested using the following code within guest:
> > #define VMX_VMFUNC ".byte 0x0f,0x01,0xd4"
> > static void vmfunc(unsigned int nr, unsigned int ept)
> > {
> > asm volatile(VMX_VMFUNC
> > :
> > : "a"(nr), "c"(ept)
> > : "memory");
> > }
> >
> > VMFUNC instruction cost was measured at ~122 cycles.
> > (Note: recent versions of gnu toolchain support
> > the vmfunc instruction - removing the need for writing
> > the bytecode manually).
> >
> > Signed-off-by: Michael S. Tsirkin
> > ---
> >
> > I think I'd like to put this upstream so future eptp switching work can
> > be implemented on top. Comments?
>
> I'd wait for the future. Patch is already on the list so people
> interested in benchmarking VMFUNC can quickly compile a kernel and
> developers will need to overwrite the code anyway.
It'll bitrot though. But I'll let Paolo decide that.
> (And I think that eptp switching is expected to be used in conjuction
> with #VE, so it'd then make sense to implement a nop for it as well.)
No idea how would I even test it, so I'm not interested in #VE at this
point. If you are - go ahead and post a patch for that on top though,
why not.
> > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> > @@ -3011,6 +3035,7 @@ static __init int setup_vmcs_config(struct
> > vmcs_config *vmcs_conf)
> > SECONDARY_EXEC_PAUSE_LOOP_EXITING |
> > SECONDARY_EXEC_RDTSCP |
> > SECONDARY_EXEC_ENABLE_INVPCID |
> > + SECONDARY_EXEC_ENABLE_VM_FUNCTIONS |
>
> The VMFUNC vmexit should be handled to prevent guests from triggering a
> WARN_ON on the host. (VMFUNC did just #UD before this patch.)
Do you mean VMFUNC other than EPTP switch 0? True, thanks!
>
> After that, it's ok for KVM.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] kvm/vmx: EPTP switching test
2015-11-15 18:00+0200, Michael S. Tsirkin:
> This patch adds a new parameter: eptp_switching_test, which enables
>
> testing EPT switching on VMX if supported by hardware. All EPT entries
> are initialized to the same value so this adds no useful functionality
> by itself, but can be used to test VMFUNC performance, and serve as a
> basis for future features based on EPTP switching.
>
> Support for nested virt is not enabled.
>
> This was tested using the following code within guest:
> #define VMX_VMFUNC ".byte 0x0f,0x01,0xd4"
> static void vmfunc(unsigned int nr, unsigned int ept)
> {
> asm volatile(VMX_VMFUNC
>:
>: "a"(nr), "c"(ept)
>: "memory");
> }
>
> VMFUNC instruction cost was measured at ~122 cycles.
> (Note: recent versions of gnu toolchain support
> the vmfunc instruction - removing the need for writing
> the bytecode manually).
>
> Signed-off-by: Michael S. Tsirkin
> ---
>
> I think I'd like to put this upstream so future eptp switching work can
> be implemented on top. Comments?
I'd wait for the future. Patch is already on the list so people
interested in benchmarking VMFUNC can quickly compile a kernel and
developers will need to overwrite the code anyway.
(And I think that eptp switching is expected to be used in conjuction
with #VE, so it'd then make sense to implement a nop for it as well.)
> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> @@ -3011,6 +3035,7 @@ static __init int setup_vmcs_config(struct vmcs_config
> *vmcs_conf)
> SECONDARY_EXEC_PAUSE_LOOP_EXITING |
> SECONDARY_EXEC_RDTSCP |
> SECONDARY_EXEC_ENABLE_INVPCID |
> + SECONDARY_EXEC_ENABLE_VM_FUNCTIONS |
The VMFUNC vmexit should be handled to prevent guests from triggering a
WARN_ON on the host. (VMFUNC did just #UD before this patch.)
After that, it's ok for KVM.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
