lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABgObfZWvtskg-m94LRHqN=_FtJpFtTzOi3sEhiAKZx1rzr=ng@mail.gmail.com>
Date: Mon, 28 Jul 2025 17:47:01 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: x86: VMX changes for 6.17

On Sat, Jul 26, 2025 at 12:07 AM Sean Christopherson <seanjc@...gle.com> wrote:
>
> Add a sub-ioctl to allow getting TDX VMs into TEARDOWN before the last reference
> to the VM is put, so that reclaiming the VM's memory doesn't have to jump
> through all the hoops needed to reclaim memory from a live TD, which are quite
> costly, especially for large VMs.
>
> The following changes since commit 347e9f5043c89695b01e66b3ed111755afcf1911:
>
>   Linux 6.16-rc6 (2025-07-13 14:25:58 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.17
>
> for you to fetch changes up to dcab95e533642d8f733e2562b8bfa5715541e0cf:
>
>   KVM: TDX: Add sub-ioctl KVM_TDX_TERMINATE_VM (2025-07-21 16:23:02 -0700)

I haven't pulled this for now because I wonder if it's better to make
this a general-purpose ioctl and cap (plus a kvm_x86_ops hook).  The
faster teardown is a TDX module quirk, but for example would it be
useful if you could trigger kvm_vm_dead() in the selftests?

As a side effect it would remove the supported_caps field and separate
namespace for KVM_TDX_CAP_* capabilities, at least for now.

Paolo

> ----------------------------------------------------------------
> KVM VMX changes for 6.17
>
> Add a TDX sub-ioctl, KVM_TDX_TERMINATE_VM, to let userspace mark a VM as dead,
> and most importantly release its HKID, prior to dropping the last reference to
> the VM.  Releasing the HKID moves the VM to TDX's TEARDOWN state, which allows
> pages to be reclaimed directly and ultimately reduces total reclaim time by a
> factor of 10x or more.
>
> ----------------------------------------------------------------
> Sean Christopherson (1):
>       KVM: TDX: Add sub-ioctl KVM_TDX_TERMINATE_VM
>
>  Documentation/virt/kvm/x86/intel-tdx.rst | 22 ++++++++++++++++++-
>  arch/x86/include/uapi/asm/kvm.h          |  7 ++++++-
>  arch/x86/kvm/vmx/tdx.c                   | 36 +++++++++++++++++++++++++-------
>  3 files changed, 55 insertions(+), 10 deletions(-)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ