| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Sep 2013 13:04:14 +0300 From: Gleb Natapov <gleb@...hat.com> To: Borislav Petkov <bp@...en8.de> Cc: Eduardo Habkost <ehabkost@...hat.com>, LKML <linux-kernel@...r.kernel.org>, Borislav Petkov <bp@...e.de>, "H. Peter Anvin" <hpa@...or.com>, Paolo Bonzini <pbonzini@...hat.com>, Andre Przywara <andre@...rep.de>, Joerg Roedel <joro@...tes.org>, X86 ML <x86@...nel.org>, KVM <kvm@...r.kernel.org>, qemu-devel@...gnu.org Subject: Re: [PATCH 1/6] kvm: Add KVM_GET_EMULATED_CPUID On Tue, Sep 24, 2013 at 11:57:00AM +0200, Borislav Petkov wrote: > On Mon, September 23, 2013 6:28 pm, Eduardo Habkost wrote: > > On Sun, Sep 22, 2013 at 04:44:50PM +0200, Borislav Petkov wrote: > >> From: Borislav Petkov <bp@...e.de> > >> > >> Add a kvm ioctl which states which system functionality kvm emulates. > >> The format used is that of CPUID and we return the corresponding CPUID > >> bits set for which we do emulate functionality. > > > > Let me check if I understood the purpose of the new ioctl correctly: the > > only reason for GET_EMULATED_CPUID to exist is to allow userspace to > > differentiate features that are native or that are emulated efficiently > > (GET_SUPPORTED_CPUID) and features that are emulated not very > > efficiently (GET_EMULATED_CPUID)? > > Not only that - emulated features are not reported in CPUID so they > can be enabled only when specifically and explicitly requested, i.e. > "+movbe". Basically, you want to emulate that feature for the guest but > only for this specific guest - the others shouldn't see it. > > > If that's the case, how do we decide how efficient emulation should be, > > to deserve inclusion in GET_SUPPORTED_CPUID? I am guessing that the > > criterion will be: if enabling it doesn't risk making performance worse, > > it can get in GET_SUPPORTED_CPUID. > > Well, in the MOVBE case, supported means, the host can execute this > instruction natively. Now, you guys say you can emulate x2apic very > efficiently and I'm guessing emulating x2apic doesn't bring any > emulation overhead, thus SUPPORTED_CPUID. x2apic emulation has nothing to do with x2apic in a host. It is emulated same way no matter if host has it or not. x2apic is not really cpu feature, but apic one and apic is fully emulated by KVM anyway. > > But for single instructions or group of instructions, the distinction > should be very clear. > > At least this is how I see it but Gleb probably can comment too. > That's how I see it two. Basically you want to use movbe emulation (as opposite of virtualization) only if you have binary kernel that compiled for CPU with movbe (Borislav's use case), or you want to migrate temporarily from movbe enabled host to non movbe host because downtime is not an option. We should avoid enabling it "by mistake". -- Gleb. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists