lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 3 Aug 2006 20:29:33 +0200
From:	"Antonio Vargas" <windenntw@...il.com>
To:	"Zachary Amsden" <zach@...are.com>,
	"Arjan van de Ven" <arjan@...radead.org>,
	"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
	"Linus Torvalds" <torvalds@...l.org>, greg@...ah.com,
	"Andrew Morton" <akpm@...l.org>,
	"Christoph Hellwig" <hch@...radead.org>,
	"Rusty Russell" <rusty@...tcorp.com.au>, "Jack Lo" <jlo@...are.com>
Subject: Re: A proposal - binary

On 8/3/06, Zachary Amsden <zach@...are.com> wrote:
> Antonio Vargas wrote:
> > If the essence of using virtual machines is precisely that the machine
> > acts just as if it was a real hardware one, then we should not need
> > any modifications to the kernel. So, it would be much better if the
> > hypervirsor was completely transparent and just emulated a native cpu
> > and a common native set of hardware, which would then work 100% with
> > the native code in the kernel. This keeps the smarts of virtual
> > machine management on the hypervisor.
>
> You are basically arguing for full virtualization - which is fine.  But
> today as it stands it does not provide the highest level of performance
> that paravirtualization does, and in the future, it does little to
> provide more advanced virtualization features.

I realise now that I missed mentioning my point. What I envision as a
stable binary interface for comunication between the kernel and the
hypervisor is exactly the current situation that goes into the
hypervisor when the kernel does any priviledged instruction. I
understand that paravirtualization gives a very good speed boost
(within 5% of native speed IIRC?), but I was also wondering about the
relative speed of running unmodified kernels.

> >
> > For example, TBL and pagetable handling can be done with 2 interfaces,
> > one standard via intercepting normal cpu instructions, and a batched
> > one via a hardware driver with a FIFO on shared memory just like many
> > graphics card do to send commands and data to the GPU. I recall this
> > design was the one used in the mac-on-linux hypervisor for ppc
> > architecture. Why not for x86 with vt/pacifica extensions? What about
> > using the same design than on the Sparc T1 port?
>
> You can't use a driver to do this in Linux today, because there are no
> hooks you can use for pagetable handling.  And you will always achieve
> better performance and simplicity by changing the machine definition to
> avoid the really nasty cases.  Hardware virtualization is simply not

Yes, I agree that doing it at the subarch level is good, so that
native subarch gets the original code and the hypervisored subarch
gets the modified one without messing with core kernel code.

> fast enough today.  But it also doesn't leave room for the future -
> proposals such as the abstract MMU interfaces for Linux which have been
> floating around are extremely attractive from a hypervisor point of view

I've been fishing in my mail archive and was unable to get any
discussion about abstract mmu... do you know where I can get more info
on that?

> - but there can be no progress until there is some kind of consensus on
> what those are, and having an interface in the kernel is a requirement
> for any deeper level of paravirtualization.
>
> Zach

Here I'd like to say that I mentioned both mol and the sun T1 because
so far we haven't had any discussion on whether any of their
interfaces are worth copying for the x86 case. Also worth looking at
would be the work done by IBM for ppc64 and s390, especially the last
one is prone to be very optimised since their hypervisor work has been
proven to work for a very long time.

I sure don't mean to diss out both vmware and xen work on the field,
given the rocky nature of the x86 architecture, but maybe taking a
look at preexisting work can be a good idea if it hasn't been done
earlier.

-- 
Greetz, Antonio Vargas aka winden of network
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ