| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2019 20:15:30 +0000
From: Joao Martins <joao.m.martins@...cle.com>
To: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Ankur Arora <ankur.a.arora@...cle.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Joao Martins <joao.m.martins@...cle.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
Juergen Gross <jgross@...e.com>,
Stefano Stabellini <sstabellini@...nel.org>,
xen-devel@...ts.xenproject.org
Subject: [PATCH RFC 00/39] x86/KVM: Xen HVM guest support
Hey,
Presented herewith a series that allows KVM to boot Xen x86 HVM guests (with their
respective frontends and backends). On the hypervisor side, the approach is to keep
the implementation similar to how HyperV was done on x86 KVM. On the backend driver
side, the intent is to reuse Xen support.
Note that this is an RFC so there are bugs and room for improvement. The intent
is to get overall feedback before proceeding further.
Running Xen guests on KVM, enables the following use-cases:
* Run unmodified Xen HVM images;
* Facilitate development/testing of Xen guests and Xen PV drivers;
There has been a similar proposal in the past with Xenner, albeit this work
has the following advantages over it:
* Allows use of existing Xen PV drivers such as block, net etc, both as
frontends and backends;
* Xen tooling will see the same UABI as on Xen. This means things like
xenstored, xenstore-list, xenstore-read run unmodified. Optionally,
userspace VMM can emulate xenstore operations;
This work is divided in two parts:
1. Xen HVM ABI support (patches 1 - 16)
Support the necessary mechanisms to allow HVM guests to
boot *without* PV frontends exposed to the guest.
We start by intercepting hypercalls made by the guest, followed
by event channel IPIs/VIRQs (for PV IPI, timers, spinlocks),
pvclock and steal clock.
Ankur Arora (1):
KVM: x86/xen: support upcall vector
Boris Ostrovsky (1):
KVM: x86/xen: handle PV spinlocks slowpath
Joao Martins (14):
KVM: x86: fix Xen hypercall page msr handling
KVM: x86/xen: intercept xen hypercalls if enabled
KVM: x86/xen: register shared_info page
KVM: x86/xen: setup pvclock updates
KVM: x86/xen: update wallclock region
KVM: x86/xen: register vcpu info
KVM: x86/xen: register vcpu time info region
KVM: x86/xen: register steal clock
KVM: x86: declare Xen HVM guest capability
KVM: x86/xen: evtchn signaling via eventfd
KVM: x86/xen: store virq when assigning evtchn
KVM: x86/xen: handle PV timers oneshot mode
KVM: x86/xen: handle PV IPI vcpu yield
KVM: x86: declare Xen HVM evtchn offload capability
Documentation/virtual/kvm/api.txt | 23 ++
arch/x86/include/asm/kvm_host.h | 46 ++++
arch/x86/kvm/Makefile | 2 +-
arch/x86/kvm/irq.c | 25 ++-
arch/x86/kvm/irq_comm.c | 11 +
arch/x86/kvm/trace.h | 33 +++
arch/x86/kvm/x86.c | 60 +++++-
arch/x86/kvm/x86.h | 1 +
arch/x86/kvm/xen.c | 1025 +++++++++++++++++++++++++++++
arch/x86/kvm/xen.h | 48 +++++
include/linux/kvm_host.h | 24 +++
include/uapi/linux/kvm.h | 73 ++++++-
12 files changed, 1361 insertions(+), 10 deletions(-)
2. PV Driver support (patches 17 - 39)
We start by redirecting hypercalls from the backend to routines
which emulate the behaviour that PV backends expect i.e. grant
table and interdomain events. Next, we add support for late
initialization of xenbus, followed by implementing
frontend/backend communication mechanisms (i.e. grant tables and
interdomain event channels). Finally, introduce xen-shim.ko,
which will setup a limited Xen environment. This uses the added
functionality of Xen specific shared memory (grant tables) and
notifications (event channels).
Note that patch 19 is useful to Xen on its own.
Ankur Arora (11):
x86/xen: export vcpu_info and shared_info
x86/xen: make hypercall_page generic
KVM: x86/xen: backend hypercall support
KVM: x86/xen: grant map support
KVM: x86/xen: grant unmap support
KVM: x86/xen: interdomain evtchn support
KVM: x86/xen: evtchn unmask support
KVM: x86/xen: add additional evtchn ops
xen-shim: introduce shim domain driver
xen/gntdev: xen_shim_domain() support
xen/xenbus: xen_shim_domain() support
Joao Martins (12):
xen/xenbus: xenbus uninit support
xen-blkback: module_exit support
KVM: x86/xen: domid allocation
KVM: x86/xen: grant table init
KVM: x86/xen: grant table grow support
KVM: x86/xen: grant copy support
xen/balloon: xen_shim_domain() support
xen/grant-table: xen_shim_domain() support
drivers/xen: xen_shim_domain() support
xen-netback: xen_shim_domain() support
xen-blkback: xen_shim_domain() support
KVM: x86: declare Xen HVM Dom0 capability
[See the entire series diffstat at the end]
There are additional Qemu patches to take advantage of this (and
they are available here[0][1]). An example on how you could run it would be:
$ ./x86_64-softmmu/qemu-system-x86_64 -nodefaults -serial mon:stdio \
-machine xenfv,accel=kvm \
-cpu host,-kvm,+xen,xen-major-version=4,xen-minor-version=4,+xen-vapic,+xen-pvclock \
-kernel /path/to/kernel -m 16G -smp 16,sockets=1,cores=16,threads=1,maxcpus=16 \
-append "earlyprintk=ttyS0 console=tty0 console=ttyS0" \
-device xen-platform -device usb-ehci -device usb-tablet,bus=usb-bus.0 -vnc :0 -k pt \
-netdev type=tap,id=net1,ifname=vif1.0,script=qemu-ifup \
-device xen-nic,netdev=net1,mac=52:54:00:12:34:56,backendtype=vif,backend=0 \
-drive file=/path/to/image.img,format=raw,id=legacy,if=ide \
-blockdev file,node-name=drive,filename=/path/to/image.img,locking=off \
-device xen-disk,vdev=xvda,drive=drive,backendtype=vbd
Naturally other options are still at your disposal (e.g. booting with q35
platform, or with virtio, etc).
Thoughts?
Cheers,
Joao
[0] https://www.github.com/jpemartins/qemu xen-shim-rfc
[1] https://www.github.com/jpemartins/linux xen-shim-rfc
Documentation/virtual/kvm/api.txt | 33 +
arch/x86/include/asm/kvm_host.h | 88 ++
arch/x86/include/asm/xen/hypercall.h | 12 +-
arch/x86/kvm/Kconfig | 10 +
arch/x86/kvm/Makefile | 3 +-
arch/x86/kvm/irq.c | 25 +-
arch/x86/kvm/irq_comm.c | 11 +
arch/x86/kvm/trace.h | 33 +
arch/x86/kvm/x86.c | 66 +-
arch/x86/kvm/x86.h | 1 +
arch/x86/kvm/xen-asm.S | 66 +
arch/x86/kvm/xen-shim.c | 138 ++
arch/x86/kvm/xen.c | 2262 ++++++++++++++++++++++++++++++
arch/x86/kvm/xen.h | 55 +
arch/x86/xen/enlighten.c | 49 +
arch/x86/xen/enlighten_hvm.c | 3 +-
arch/x86/xen/enlighten_pv.c | 1 +
arch/x86/xen/enlighten_pvh.c | 3 +-
arch/x86/xen/xen-asm_32.S | 2 +-
arch/x86/xen/xen-asm_64.S | 2 +-
arch/x86/xen/xen-head.S | 8 +-
drivers/block/xen-blkback/blkback.c | 27 +-
drivers/block/xen-blkback/common.h | 2 +
drivers/block/xen-blkback/xenbus.c | 19 +-
drivers/net/xen-netback/netback.c | 25 +-
drivers/xen/balloon.c | 15 +-
drivers/xen/events/events_2l.c | 4 +-
drivers/xen/events/events_base.c | 6 +-
drivers/xen/events/events_fifo.c | 2 +-
drivers/xen/evtchn.c | 4 +-
drivers/xen/features.c | 1 +
drivers/xen/gntdev.c | 10 +-
drivers/xen/grant-table.c | 15 +-
drivers/xen/privcmd.c | 5 +-
drivers/xen/xenbus/xenbus.h | 2 +
drivers/xen/xenbus/xenbus_client.c | 28 +-
drivers/xen/xenbus/xenbus_dev_backend.c | 4 +-
drivers/xen/xenbus/xenbus_dev_frontend.c | 6 +-
drivers/xen/xenbus/xenbus_probe.c | 57 +-
drivers/xen/xenbus/xenbus_xs.c | 40 +-
drivers/xen/xenfs/super.c | 7 +-
drivers/xen/xenfs/xensyms.c | 4 +
include/linux/kvm_host.h | 24 +
include/uapi/linux/kvm.h | 104 +-
include/xen/balloon.h | 7 +
include/xen/xen-ops.h | 2 +-
include/xen/xen.h | 5 +
include/xen/xenbus.h | 3 +
48 files changed, 3232 insertions(+), 67 deletions(-)
create mode 100644 arch/x86/kvm/xen-asm.S
create mode 100644 arch/x86/kvm/xen-shim.c
create mode 100644 arch/x86/kvm/xen.c
create mode 100644 arch/x86/kvm/xen.h
--
2.11.0
Powered by blists - more mailing lists