| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 07 Jun 2009 13:01:37 +0300 From: Avi Kivity <avi@...hat.com> To: Ingo Molnar <mingo@...e.hu> CC: Linus Torvalds <torvalds@...ux-foundation.org>, George Dunlap <george.dunlap@...citrix.com>, Thomas Gleixner <tglx@...utronix.de>, David Miller <davem@...emloft.net>, "jeremy@...p.org" <jeremy@...p.org>, Dan Magenheimer <dan.magenheimer@...cle.com>, "xen-devel@...ts.xensource.com" <xen-devel@...ts.xensource.com>, "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Keir Fraser <Keir.Fraser@...citrix.com>, "gregkh@...e.de" <gregkh@...e.de>, "kurt.hackel@...cle.com" <kurt.hackel@...cle.com>, Ian Pratt <Ian.Pratt@...citrix.com>, "xen-users@...ts.xensource.com" <xen-users@...ts.xensource.com>, ksrinivasan <ksrinivasan@...ell.com>, "EAnderson@...ell.com" <EAnderson@...ell.com>, "wimcoekaerts@...mekes.net" <wimcoekaerts@...mekes.net>, Stephen Spector <stephen.spector@...rix.com>, "jens.axboe@...cle.com" <jens.axboe@...cle.com>, "npiggin@...e.de" <npiggin@...e.de> Subject: Re: Xen is a feature Ingo Molnar wrote: >> There is in fact a way to get dom0 support with nearly no changes >> to Linux, but it involves massive changes to Xen itself and >> requires hardware support: run dom0 as a fully virtualized guest, >> and assign it all the resources dom0 can access. It's probably a >> massive effort though. >> >> I've considered it for kvm when faced with the "I want a thin >> hypervisor" question: compile the hypervisor kernel with PCI >> support but nothing else (no CONFIG_BLOCK or CONFIG_NET, no device >> drivers), load userspace from initramfs, and assign host devices >> to one or more privileged guests. You could probably run the host >> with a heavily stripped configuration, and enjoy the slimness >> while every interrupt invokes the scheduler, a context switch, and >> maybe an IPI for good measure. >> > > This would be an acceptable model i suspect, if someone wants a > 'slim hypervisor'. > > We can context switch way faster than we handle IRQs. Plus in a > slimmed-down config we could intentionally slim down aspects of the > scheduler as well, if it ever became a measurable performance issue. > The hypervisor would run a minimal user-space and most of the > context-switching overhead relates to having a full-fledged > user-space with rich requirements. So there's no real conceptual > friction between a 'lean and mean' hypervisor and a full-featured > native kernel. > The context switch would be taken by the Xen scheduler, not the Linux scheduler. It's how interrupts work under Xen: an interrupt is taken, Xen schedules the domain that owns the interrupts (dom0 usually), which then handles the interrupt. The Linux scheduler would only be involved if you thread your interrupt handlers. This context switch is necessary regardless of how dom0 is integrated into Linux; it's simply a side effect of implementing device drivers outside the kernel (in this context, the kernel is Xen, and dom0 is just another userspace, albeit with elevated privileges. The Linux equivalent to dom0 is a process that uses uio. -- Do not meddle in the internals of kernels, for they are subtle and quick to panic. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists