lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1518791030-31765-1-git-send-email-karahmed@amazon.de>
Date:   Fri, 16 Feb 2018 15:23:48 +0100
From:   KarimAllah Ahmed <karahmed@...zon.de>
To:     kvm@...r.kernel.org, x86@...nel.org
Cc:     KarimAllah Ahmed <karahmed@...zon.de>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: [RFC 0/2] KVM/nVMX: Add support for saving and restoring L1 hypervisors with its running L2s

Live migration software in L0 needs to be able to capture an accurate state of
the L1 guest in order to save it and later restore it. One of the complications
of doing this when you have a nested/L2 guest is that the state from the L0
user space point of view is very indeterminstic. The state can be coming from
the L1 or the L2 guest depending on when the vCPU was kicked out of non-root
mode. There is also no way currently to extract the extra meta-state that L0
holds in order to run L2s.

In order to fix this, always switch to L1 state before exiting to user space
(Patch 1) and provide a new ioctl command to extra the extra meta-state (Patch 2).

This is still an early RFC because:

1- To get feedback on the approach taken here.
2- I am still debugging a VMEntry failure for L2 that occassionaly happens when
   I run a pause+unpause loop against an L1 guest running L2s. Also there is some
   meta-state that I am not extracting yet (will update this soon). L1 seems to
   be very stable though.

KarimAllah Ahmed (2):
  KVM/nVMX: Cleanly exit from L2 to L1 on user-space exit
  KVM/nVMX: Add support for saving/restoring L2 meta-state stored by L0

 arch/x86/include/asm/kvm_host.h |  5 +++
 arch/x86/include/uapi/asm/kvm.h |  7 ++++
 arch/x86/kvm/vmx.c              | 83 +++++++++++++++++++++++++++++++++++++++++
 arch/x86/kvm/x86.c              | 43 ++++++++++++++++++---
 include/linux/kvm_host.h        |  2 +
 include/uapi/linux/kvm.h        |  3 ++
 virt/kvm/kvm_main.c             | 24 ++++++++++++
 7 files changed, 162 insertions(+), 5 deletions(-)

Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Radim Krčmář <rkrcmar@...hat.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: x86@...nel.org
Cc: kvm@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Signed-off-by: KarimAllah Ahmed <karahmed@...zon.de>

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ