I view it as a performance problem because nothing stops KVM from
copying from
userspace into the private fd during the SEV ioctl(). What's
missing is the
ability for userspace to directly initialze the private fd, which
may or may not
avoid an extra memcpy() depending on how clever
On 7/21/22 14:19, Sean Christopherson wrote:
On Thu, Jul 21, 2022, Gupta, Pankaj wrote:
I view it as a performance problem because nothing stops KVM from copying from
userspace into the private fd during the SEV ioctl(). What's missing is the
ability for userspace to directly initialze the
* The current patch should just work, but prefer to have pre-boot guest
payload/firmware population into private memory for performance.
Not just performance in the case of SEV, it's needed there because firmware
only supports in-place encryption of guest memory, there's no
On Thu, Jul 21, 2022, Gupta, Pankaj wrote:
>
> Hi Sean, Chao,
>
> While attempting to solve the pre-boot guest payload/firmware population
> into private memory for SEV SNP, retrieved this thread. Have question below:
>
> > > > Requirements & Gaps
> > > > -
>
Hi Sean, Chao,
While attempting to solve the pre-boot guest payload/firmware population
into private memory for SEV SNP, retrieved this thread. Have question below:
Requirements & Gaps
-
- Confidential computing(CC): TDX/SEV/CCA
* Need support both
On Fri, Jun 10, 2022, Andy Lutomirski wrote:
> On Mon, Apr 25, 2022 at 1:31 PM Sean Christopherson wrote:
> >
> > On Mon, Apr 25, 2022, Andy Lutomirski wrote:
> > >
> > >
> > > On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > > > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski
On Mon, Apr 25, 2022 at 1:31 PM Sean Christopherson wrote:
>
> On Mon, Apr 25, 2022, Andy Lutomirski wrote:
> >
> >
> > On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
> > >>
> >
> > >>
> > >> 2. Bind the memfile to a VM
On Mon, May 09, 2022, Michael Roth wrote:
> On Fri, Apr 22, 2022 at 06:56:12PM +0800, Chao Peng wrote:
> > Requirements & Gaps
> > -
> > - Confidential computing(CC): TDX/SEV/CCA
> > * Need support both explicit/implicit conversions.
> > * Need support
On Fri, Apr 22, 2022 at 06:56:12PM +0800, Chao Peng wrote:
> Great thanks for the discussions. I summarized the requirements/gaps and the
> potential changes for next step. Please help to review.
Hi Chao,
Thanks for writing this up. I've been meaning to respond, but wanted to
make a bit more
On Thursday 28 Apr 2022 at 20:29:52 (+0800), Chao Peng wrote:
>
> + Michael in case he has comment from SEV side.
>
> On Mon, Apr 25, 2022 at 07:52:38AM -0700, Andy Lutomirski wrote:
> >
> >
> > On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > > On Sun, Apr 24, 2022 at 09:59:37AM -0700,
+ Michael in case he has comment from SEV side.
On Mon, Apr 25, 2022 at 07:52:38AM -0700, Andy Lutomirski wrote:
>
>
> On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
> >>
>
> >>
> >> 2. Bind the memfile to a VM (or at
On Mon, Apr 25, 2022, Andy Lutomirski wrote:
>
>
> On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
> >>
>
> >>
> >> 2. Bind the memfile to a VM (or at least to a VM technology). Now it's in
> >> the initial state
On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
>>
>>
>> 2. Bind the memfile to a VM (or at least to a VM technology). Now it's in
>> the initial state appropriate for that VM.
>>
>> For TDX, this completely bypasses
On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
>
>
> On Fri, Apr 22, 2022, at 3:56 AM, Chao Peng wrote:
> > On Tue, Apr 05, 2022 at 06:03:21PM +, Sean Christopherson wrote:
> >> On Tue, Apr 05, 2022, Quentin Perret wrote:
> >> > On Monday 04 Apr 2022 at 15:04:17 (-0700),
On Fri, Apr 22, 2022, at 3:56 AM, Chao Peng wrote:
> On Tue, Apr 05, 2022 at 06:03:21PM +, Sean Christopherson wrote:
>> On Tue, Apr 05, 2022, Quentin Perret wrote:
>> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> Only when the register succeeds, the fd is
>
On Fri, Apr 22, 2022 at 01:06:25PM +0200, Paolo Bonzini wrote:
> On 4/22/22 12:56, Chao Peng wrote:
> > /* memfile notifier flags */
> > #define MFN_F_USER_INACCESSIBLE 0x0001 /* memory allocated in
> > the file is inaccessible from userspace (e.g. read/write/mmap) */
> >
On 4/22/22 12:56, Chao Peng wrote:
/* memfile notifier flags */
#define MFN_F_USER_INACCESSIBLE 0x0001 /* memory allocated in the
file is inaccessible from userspace (e.g. read/write/mmap) */
#define MFN_F_UNMOVABLE 0x0002 /* memory allocated in the
On Tue, Apr 05, 2022 at 06:03:21PM +, Sean Christopherson wrote:
> On Tue, Apr 05, 2022, Quentin Perret wrote:
> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> > > >> - it can be very useful for protected VMs to do shared=>private
> > > >>conversions. Think of a VM
On Mon, Mar 28, 2022 at 01:16:48PM -0700, Andy Lutomirski wrote:
> On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
> >
> > This is the v5 of this series which tries to implement the fd-based KVM
> > guest private memory. The patches are based on latest kvm/queue branch
> > commit:
> >
> >
On Fri, Apr 08, 2022 at 11:35:05AM -1000, Vishal Annapurve wrote:
> On Mon, Mar 28, 2022 at 10:17 AM Andy Lutomirski wrote:
> >
> > On Thu, Mar 10, 2022 at 6:09 AM Chao Peng
> > wrote:
> > >
> > > This is the v5 of this series which tries to implement the fd-based KVM
> > > guest private
On Mon, Mar 28, 2022 at 10:17 AM Andy Lutomirski wrote:
>
> On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
> >
> > This is the v5 of this series which tries to implement the fd-based KVM
> > guest private memory. The patches are based on latest kvm/queue branch
> > commit:
> >
> >
On Tue, Apr 5, 2022, at 11:30 AM, Sean Christopherson wrote:
> On Tue, Apr 05, 2022, Andy Lutomirski wrote:
>
>> resume guest
>> *** host -> hypervisor -> guest ***
>> Guest unshares the page.
>> *** guest -> hypervisor ***
>> Hypervisor removes PTE. TLBI.
>> *** hypervisor -> guest ***
>>
On Tuesday 05 Apr 2022 at 10:51:36 (-0700), Andy Lutomirski wrote:
> Let's try actually counting syscalls and mode transitions, at least
> approximately. For non-direct IO (DMA allocation on guest side, not straight
> to/from pagecache or similar):
>
> Guest writes to shared DMA buffer.
On Tuesday 05 Apr 2022 at 18:03:21 (+), Sean Christopherson wrote:
> On Tue, Apr 05, 2022, Quentin Perret wrote:
> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> > > >> - it can be very useful for protected VMs to do shared=>private
> > > >>conversions. Think of a
On Tue, Apr 05, 2022, Andy Lutomirski wrote:
> On Tue, Apr 5, 2022, at 3:36 AM, Quentin Perret wrote:
> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> >> The best I can come up with is a special type of shared page that is not
> >> GUP-able and maybe not even mmappable,
On Tue, Apr 05, 2022, Quentin Perret wrote:
> On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> > >> - it can be very useful for protected VMs to do shared=>private
> > >>conversions. Think of a VM receiving some data from the host in a
> > >>shared buffer, and then it
On Tue, Apr 5, 2022, at 3:36 AM, Quentin Perret wrote:
> On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
>>
>>
>> On Mon, Apr 4, 2022, at 10:06 AM, Sean Christopherson wrote:
>> > On Mon, Apr 04, 2022, Quentin Perret wrote:
>> >> On Friday 01 Apr 2022 at 12:56:50 (-0700),
On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
>
>
> On Mon, Apr 4, 2022, at 10:06 AM, Sean Christopherson wrote:
> > On Mon, Apr 04, 2022, Quentin Perret wrote:
> >> On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
> >> FWIW, there are a couple of reasons why
On Mon, Apr 4, 2022, at 10:06 AM, Sean Christopherson wrote:
> On Mon, Apr 04, 2022, Quentin Perret wrote:
>> On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
>> FWIW, there are a couple of reasons why I'd like to have in-place
>> conversions:
>>
>> - one goal of pKVM is to
On Mon, Apr 04, 2022, Quentin Perret wrote:
> On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
> FWIW, there are a couple of reasons why I'd like to have in-place
> conversions:
>
> - one goal of pKVM is to migrate some things away from the Arm
>Trustzone environment (e.g.
On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
> On Fri, Apr 1, 2022, at 7:59 AM, Quentin Perret wrote:
> > On Thursday 31 Mar 2022 at 09:04:56 (-0700), Andy Lutomirski wrote:
>
>
> > To answer your original question about memory 'conversion', the key
> > thing is that the
On Fri, Apr 1, 2022, at 7:59 AM, Quentin Perret wrote:
> On Thursday 31 Mar 2022 at 09:04:56 (-0700), Andy Lutomirski wrote:
> To answer your original question about memory 'conversion', the key
> thing is that the pKVM hypervisor controls the stage-2 page-tables for
> everyone in the system,
On Fri, Apr 01, 2022, Quentin Perret wrote:
> On Friday 01 Apr 2022 at 17:14:21 (+), Sean Christopherson wrote:
> > On Fri, Apr 01, 2022, Quentin Perret wrote:
> > I assume there is a scenario where a page can be converted from
> > shared=>private?
> > If so, is there a use case where that
On Friday 01 Apr 2022 at 17:14:21 (+), Sean Christopherson wrote:
> On Fri, Apr 01, 2022, Quentin Perret wrote:
> > The typical flow is as follows:
> >
> > - the host asks the hypervisor to run a guest;
> >
> > - the hypervisor does the context switch, which includes switching
> >
On Fri, Apr 01, 2022, Quentin Perret wrote:
> The typical flow is as follows:
>
> - the host asks the hypervisor to run a guest;
>
> - the hypervisor does the context switch, which includes switching
>stage-2 page-tables;
>
> - initially the guest has an empty stage-2 (we don't require
>
On Thursday 31 Mar 2022 at 09:04:56 (-0700), Andy Lutomirski wrote:
> On Wed, Mar 30, 2022, at 10:58 AM, Sean Christopherson wrote:
> > On Wed, Mar 30, 2022, Quentin Perret wrote:
> >> On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
> >> > On 29/03/2022 18:01, Quentin Perret
On Wed, Mar 30, 2022, at 10:58 AM, Sean Christopherson wrote:
> On Wed, Mar 30, 2022, Quentin Perret wrote:
>> On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
>> > On 29/03/2022 18:01, Quentin Perret wrote:
>> > > Is implicit sharing a thing? E.g., if a guest makes a memory
On Wed, Mar 30, 2022, Quentin Perret wrote:
> On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
> > On 29/03/2022 18:01, Quentin Perret wrote:
> > > Is implicit sharing a thing? E.g., if a guest makes a memory access in
> > > the shared gpa range at an address that doesn't have a
On Wed, Mar 30, 2022, Steven Price wrote:
> On 29/03/2022 18:01, Quentin Perret wrote:
> > Is implicit sharing a thing? E.g., if a guest makes a memory access in
> > the shared gpa range at an address that doesn't have a backing memslot,
> > will KVM check whether there is a corresponding private
On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
> On 29/03/2022 18:01, Quentin Perret wrote:
> > On Monday 28 Mar 2022 at 18:58:35 (+), Sean Christopherson wrote:
> >> On Mon, Mar 28, 2022, Quentin Perret wrote:
> >>> Hi Sean,
> >>>
> >>> Thanks for the reply, this helps a
On 29/03/2022 18:01, Quentin Perret wrote:
> On Monday 28 Mar 2022 at 18:58:35 (+), Sean Christopherson wrote:
>> On Mon, Mar 28, 2022, Quentin Perret wrote:
>>> Hi Sean,
>>>
>>> Thanks for the reply, this helps a lot.
>>>
>>> On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson
On Monday 28 Mar 2022 at 18:58:35 (+), Sean Christopherson wrote:
> On Mon, Mar 28, 2022, Quentin Perret wrote:
> > Hi Sean,
> >
> > Thanks for the reply, this helps a lot.
> >
> > On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson wrote:
> > > On Thu, Mar 24, 2022, Quentin
On Mon, Mar 28, 2022, Nakajima, Jun wrote:
> > On Mar 28, 2022, at 1:16 PM, Andy Lutomirski wrote:
> >
> > On Thu, Mar 10, 2022 at 6:09 AM Chao Peng
> > wrote:
> >>
> >> This is the v5 of this series which tries to implement the fd-based KVM
> >> guest private memory. The patches are based on
> On Mar 28, 2022, at 1:16 PM, Andy Lutomirski wrote:
>
> On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
>>
>> This is the v5 of this series which tries to implement the fd-based KVM
>> guest private memory. The patches are based on latest kvm/queue branch
>> commit:
>>
>> d5089416b7fb
On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
>
> This is the v5 of this series which tries to implement the fd-based KVM
> guest private memory. The patches are based on latest kvm/queue branch
> commit:
>
> d5089416b7fb KVM: x86: Introduce KVM_CAP_DISABLE_QUIRKS2
Can this series be run
On Mon, Mar 28, 2022, Quentin Perret wrote:
> Hi Sean,
>
> Thanks for the reply, this helps a lot.
>
> On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson wrote:
> > On Thu, Mar 24, 2022, Quentin Perret wrote:
> > > For Protected KVM (and I suspect most other confidential computing
>
Hi Sean,
Thanks for the reply, this helps a lot.
On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson wrote:
> On Thu, Mar 24, 2022, Quentin Perret wrote:
> > For Protected KVM (and I suspect most other confidential computing
> > solutions), guests have the ability to share some of
On Thu, Mar 24, 2022, Quentin Perret wrote:
> For Protected KVM (and I suspect most other confidential computing
> solutions), guests have the ability to share some of their pages back
> with the host kernel using a dedicated hypercall. This is necessary
> for e.g. virtio communications, so these
Hi Chao,
+CC Will and Marc for visibility.
On Thursday 10 Mar 2022 at 22:08:58 (+0800), Chao Peng wrote:
> This is the v5 of this series which tries to implement the fd-based KVM
> guest private memory. The patches are based on latest kvm/queue branch
> commit:
>
> d5089416b7fb KVM: x86:
This is the v5 of this series which tries to implement the fd-based KVM
guest private memory. The patches are based on latest kvm/queue branch
commit:
d5089416b7fb KVM: x86: Introduce KVM_CAP_DISABLE_QUIRKS2
Introduction
In general this patch series introduce fd-based memslot
50 matches
Mail list logo
