lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <949146db-d467-4949-9e82-94f803c3b166@redhat.com>
Date:   Fri, 25 Mar 2022 15:59:50 +0800
From:   Gavin Shan <gshan@...hat.com>
To:     Oliver Upton <oupton@...gle.com>
Cc:     kvmarm@...ts.cs.columbia.edu, maz@...nel.org,
        linux-kernel@...r.kernel.org, eauger@...hat.com,
        shan.gavin@...il.com, Jonathan.Cameron@...wei.com,
        pbonzini@...hat.com, vkuznets@...hat.com, will@...nel.org
Subject: Re: [PATCH v5 19/22] KVM: arm64: Support SDEI ioctl commands on vCPU

Hi Oliver,

On 3/24/22 1:55 AM, Oliver Upton wrote:
> On Tue, Mar 22, 2022 at 04:07:07PM +0800, Gavin Shan wrote:
>> This supports ioctl commands on vCPU to manage the various object.
>> It's primarily used by VMM to accomplish migration. The ioctl
>> commands introduced by this are highlighted as below:
>>
>>     * KVM_SDEI_CMD_GET_VCPU_EVENT_COUNT
>>       Return the total count of vCPU events, which have been queued
>>       on the target vCPU.
>>
>>     * KVM_SDEI_CMD_GET_VCPU_EVENT
>>     * KVM_SDEI_CMD_SET_VCPU_EVENT
>>       Get or set vCPU events.
>>
>>     * KVM_SDEI_CMD_GET_VCPU_STATE
>>     * KVM_SDEI_CMD_SET_VCPU_STATE
>>       Get or set vCPU state.
> 
> All of this GET/SET stuff can probably be added to KVM_{GET,SET}_ONE_REG
> immediately. Just introduce new registers any time a new event comes
> along. The only event we have at the end of this series is the
> software-signaled event, with async PF coming later right?
> 
> Some special consideration is likely necessary to avoid adding a
> register for every u64 chunk of data. I don't think we need to afford
> userspace any illusion of granularity with these, and can probably lump
> it all under one giant pseudoregister.
> 

Yes, KVM_{GET,SET}_ONE_REG is the ideal interface for migration. You're
correct we're only concerned by software signaled event and the one for
Async PF.

I didn't look into Raghavendra's series deeply. Actually, a lump of
registers can be avoid after 2048 byte size is specified in its
encoding. I think 2048 bytes are enough for now since there are
only two supported events.

In the future, we probably have varied number of SDEI events to
be migrated. In that case, we need to add a new bit to the encoding
of the pseudo system register, so that VMM (QEMU) can support
variable sized system register and keep reading and writing on
these registers on migration:

     PSEUDO_SDEI_ADDR: 64-bits in width
     PSEUDO_SDEI_DATA: has varied size

PSEUDO_SDEI_ADDR is used to (1) Indicate the size of PSEUDO_SDEI_DATA
(2) The information to be read/written, for example the (shared/private)
registered events on VM and vCPU, VCPU state.

PSEUDO_SDEI_DATA is used to (1) Retrieved information or that to be
written. (2) Flags to indicate current block of information is the
last one or not.

>>     * KVM_SDEI_CMD_INJECT_EVENT
>>       Inject SDEI event.
> 
> What events are we going to allow userspace to inject? IIUC, the
> software-signaled event is an IPI and really under the control of the
> guest. Async PF is entriely under KVM control.
> 
> I do agree that having some form of event injection would be great. VM
> providers have found it useful to allow users to NMI their VMs when they
> get wedged. I just believe that userspace should not be able to trigger
> events that have a defined meaning and are under full KVM ownership.
> 
> IMO, unless the async PF changes need to go out to userspace, you could
> probably skip event injection for now and only worry about SDEI within a
> VM.
> 

I was overthinking on the usage of SDEI. I had the assumption that SDEI
may be used by emulated devices to inject SDEI events in VMM. It can
even be done through PSEUDO_SDEI_{ADDR, DATA} in future. For now, the
software signaled and Async PF events are concerned, Async PF event
is always raised by host/KVM. So we needn't it for now and I will drop
this functionality, actually the whole ioctl commands and migration
support in next respin, as you suggested :)

Thanks,
Gavin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ