lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 05 Nov 2006 22:27:45 +0200
From:	Avi Kivity <avi@...ranet.com>
To:	kvm-devel@...ts.sourceforge.net
CC:	linux-kernel@...r.kernel.org, Andrew Morton <akpm@...l.org>
Subject: [PATCH 0/14] KVM: Kernel-based Virtual Machine (v4)

Changes since v3:

- detect msrs on host dynamically.  Avoids oopses on non-ia32e
  capable processors.
- web site: http://kvm.sourceforge.net
- slightly rediffed

Changes since v2:

- mailing list: kvm-devel@...ts.sourceforge.net
  (http://lists.sourceforge.net/lists/listinfo/kvm-devel)
- applied code review comments
- fixed set_sregs() ioctl corrupting guest state if cr0.pe changed
  (a polite way of saying that loading a saved vm was broken)

---

The following patchset adds a driver for Intel's hardware
virtualization extensions to the x86 architecture.  The driver adds
a character device (/dev/kvm) that exposes the virtualization
capabilities to userspace.  Using this driver, a process can run a
virtual machine (a "guest") in a fully virtualized PC containing its
own virtual hard disks, network adapters, and display.

Using this driver, one can start multiple virtual machines on a host.
Each virtual machine is a process on the host; a virtual cpu is a thread
in that process.  kill(1), nice(1), top(1) work as expected.
   
In effect, the driver adds a third execution mode to the existing two:
we now have kernel mode, user mode, and guest mode.  Guest mode has its
own address space mapping guest physical memory (which is accessible to
user mode by mmap()ing /dev/kvm).  Guest mode has no access to any I/O
devices; any such access is intercepted and directed to user mode for
emulation.

The driver supports i386 and x86_64 hosts and guests.  All combinations
are allowed except x86_64 guest on i386 host.  For i386 guests and
hosts, both pae and non-pae paging modes are supported.

SMP hosts and UP guests are supported.  At the moment only Intel
hardware is supported, but AMD virtualization support is being worked on.

Performance currently is non-stellar due to the naive implementation
of the mmu virtualization, which throws away most of the shadow page
table entries every context switch.  We plan to address this in two ways:

- cache shadow page tables across tlv flushes
- wait until AMD and Intel release processors with nested page tables

Currently a virtual desktop is responsive but consumes a lot of CPU.
Under Windows I tried playing pinball and watching a few flash movies;
with a recent CPU one can hardly feel the virtualization.  Linux/X is
slower, probably due to X being in a separate process.

In addition to the driver, you need a slightly modified qemu to provide
I/O device emulation and the BIOS.

Caveats:

- The Windows install currently bluescreens due to a problem with the
  virtual APIC.  We are working on a fix.  A temporary workaround is to
  use an existing image or install through qemu
- Windows 64-bit does not work.  That's also true for qemu, so it's
  probably a problem with the device model.

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists