lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <69304d110608032328r36bc0a6ase0a2dbf36d8cc519@mail.gmail.com>
Date:	Fri, 4 Aug 2006 08:28:26 +0200
From:	"Antonio Vargas" <windenntw@...il.com>
To:	"Chris Wright" <chrisw@...s-sol.org>,
	"Andrew Morton" <akpm@...l.org>,
	"Jeremy Fitzhardinge" <jeremy@...source.com>, greg@...ah.com,
	zach@...are.com, linux-kernel@...r.kernel.org, torvalds@...l.org,
	hch@...radead.org, rusty@...tcorp.com.au, jlo@...are.com,
	xen-devel@...ts.xensource.com, simon@...source.com,
	ian.pratt@...source.com, jeremy@...p.org
Subject: Re: A proposal - binary

On 8/4/06, Chris Wright <chrisw@...s-sol.org> wrote:
> * Andrew Morton (akpm@...l.org) wrote:
> > I must confess that I still don't "get" paravirtops.  AFACIT the VMI
> > proposal, if it works, will make that whole layer simply go away.  Which
> > is attractive.  If it works.
>
> Paravirtops is simply a table of function which are populated by the
> hypervisor specific code at start-of-day.  Some care is taken to patch
> up callsites which are performance sensitive.  The main difference is
> the API vs. ABI distinction.  In paravirt ops case, the ABI is defined at
> compile time from source.  The VMI takes it one step further and fixes
> the ABI.  That last step is a big one.
>
> There are two basic issues. 1) what is the interface between the kernel
> and the glue to a hypervisor. 2) how does one call from the kernel into
> the glue layer.
>
> Getting bogged down in #2, the details of the calling convention, is a
> distraction from the real issue, #1.  We are trying to actually find an
> API that is useful for multiple projects.  Paravirt_ops gives the
> flexibility to evolve the interface.

One feature I found missing at the paravirt patches is to allow the
user to forbid the use of paravirtualization of certain features (via
a bitmask on the kernel commandline for example) so that the execution
drops into the native hardware virtualization system. Such a feature
would provide a big upwards compatibility for the kernel<->hypervisor
system. The case for this would be needing to forcefully upgrade the
hypervisor due to security issues and finding out that the hypervisor
is  incompatible at the paravirtualizatrion level, then the user would
be at least capable of continuing to run the old kernel with the new
hypervisor until the compatibility is reached again.

BTW, what is the recommended distro or kernel setup to help testing
the latest paravirt patches? I've got a spare machine (with no needed
data) at hand which could be put to good use.

-- 
Greetz, Antonio Vargas aka winden of network
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ