[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5838ebdd46bcddd836bc87d0ec7d57fadbfb79f6.camel@redhat.com>
Date: Tue, 28 Nov 2023 09:34:10 +0200
From: Maxim Levitsky <mlevitsk@...hat.com>
To: Nicolas Saenz Julienne <nsaenz@...zon.com>,
Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hyperv@...r.kernel.org, pbonzini@...hat.com,
vkuznets@...hat.com, anelkz@...zon.com, graf@...zon.com,
dwmw@...zon.co.uk, jgowans@...zon.com, kys@...rosoft.com,
haiyangz@...rosoft.com, decui@...rosoft.com, x86@...nel.org,
linux-doc@...r.kernel.org
Subject: Re: [RFC 14/33] KVM: x86: Add VTL to the MMU role
On Fri, 2023-11-10 at 18:52 +0000, Nicolas Saenz Julienne wrote:
> On Wed Nov 8, 2023 at 5:26 PM UTC, Sean Christopherson wrote:
> > On Wed, Nov 08, 2023, Nicolas Saenz Julienne wrote:
> > > With the upcoming introduction of per-VTL memory protections, make MMU
> > > roles VTL aware. This will avoid sharing PTEs between vCPUs that belong
> > > to different VTLs, and that have distinct memory access restrictions.
> > >
> > > Four bits are allocated to store the VTL number in the MMU role, since
> > > the TLFS states there is a maximum of 16 levels.
> >
> > How many does KVM actually allow/support? Multiplying the number of possible
> > roots by 16x is a *major* change.
>
> AFAIK in practice only VTL0/1 are used. Don't know if Microsoft will
> come up with more in the future. We could introduce a CAP that expses
> the number of supported VTLs to user-space, and leave it as a compile
> option.
>
Actually hyperv spec says that currently only two VTLs are implemented in HyperV
https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/vsm
"Architecturally, up to 16 levels of VTLs are supported; however a hypervisor may choose to implement fewer than 16 VTL’s. Currently, only two VTLs are implemented."
We shouldn't completely hardcode two VTLs but I think that it is safe to make optimizations aiming at two VTLs,
and also have a compile time switch for the number of supported VTLs.
In terms of adding VTLs to MMU role, as long as it's only 2 VTLs, I don't think that this is a terrible idea.
This does bring a question: what we are going to do about SMM? Windows will need it due to secure boot,
so we can't just say that VSM is only supported without SMM.
However if we take the approach of having a VM per VTL, then all of this is free, except that every time userspace changes memslots,
it will have to do so for both VMs at the same time (and that might introduce races).
Also TLB flushes might be tricky to synchronize between these two VMs and so on.
Best regards,
Maxim Levitsky
Powered by blists - more mailing lists