lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 12 Dec 2018 13:56:17 -0800
From:   Maran Wilson <maran.wilson@...cle.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     x86@...nel.org, xen-devel@...ts.xenproject.org,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        pbonzini@...hat.com, jgross@...e.com, boris.ostrovsky@...cle.com,
        bp@...e.de, dave.hansen@...ux.intel.com, davem@...emloft.net,
        gregkh@...uxfoundation.org, hpa@...or.com, jpoimboe@...hat.com,
        kirill.shutemov@...ux.intel.com, luto@...nel.org,
        mchehab@...nel.org, mingo@...hat.com, rdunlap@...radead.org,
        tglx@...utronix.de, thomas.lendacky@....com, hch@...radead.org,
        roger.pau@...rix.com, rkrcmar@...hat.com
Subject: Re: [PATCH v9 0/7] KVM: x86: Allow Qemu/KVM to use PVH entry point



On 12/12/2018 12:39 PM, Borislav Petkov wrote:
> On Tue, Dec 11, 2018 at 11:29:21AM -0800, Maran Wilson wrote:
>> Is your question about what options you need to provide to Qemu? Or is your
>> question about the SW implementation choices?
>>
>> Assuming the former...
> Yeah, that's what I wanted to know. But looking at it, I'm booting
> bzImage here just as quickly and as flexible so I don't see the
> advantage of this new method for my use case here of booting kernels
> in qemu.
>
> But maybe there's a good use case where firmware is slow and one doesn't
> really wanna noodle through it or when one does start a gazillion VMs
> per second or whatever...

Right, the time saved is not something you would notice while starting a 
VM manually. But it does reduce the time to reach startup_64() in Linux 
by about 50% (going from around 94ms to around 47ms) when booting a VM 
using Qemu+qboot (for example). That time savings becomes pretty 
important when you are trying to use VMs as containers (for instance, as 
is the case with Kata containers) and trying to get the latency for 
launching such a container really low -- to come as close as possible to 
match the latency for launching more traditional containers that don't 
have the additional security/isolation of running within a separate VM.

Thanks,
-Maran

>
> Thx.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ