| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABgObfZmn03eQU9XYnFRKfHWNUx006z_4x8Z91hapVHZupUYwA@mail.gmail.com> Date: Wed, 30 Jul 2025 19:55:48 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Sean Christopherson <seanjc@...gle.com> Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [GIT PULL] KVM: x86: VMX changes for 6.17 On Tue, Jul 29, 2025 at 9:44 PM Sean Christopherson <seanjc@...gle.com> wrote: > As for this pull request, I vote to drop it for 6.17 and give ourselves time to > figure out what we want to do with vm_dead. Ah ok, so my spidey sense wasn't right for the wrong reasons. :) > I want to land "terminate VM" in > some form by 6.18 (as the next LTS), but AFAIK there's no rush to get it into > 6.17. As you prefer! I had already rewritten slightly the commit log, so here it is for your reference and future consumption: Add a TDX sub-ioctl, KVM_TDX_TERMINATE_VM, to solve a performance issue in TDX VM cleanup. A guest_memfd keeps a reference to the virtual machine, which means the VM cannot be fully destroyed until the guest_memfd is released. However, to release the guest_memfd the TDX module must first destroy the Secure EPT, which is a slow operation if performed while the VM is still valid. KVM_TDX_TERMINATE_VM allows userspace to initiate the transition to the TEARDOWN state before file descriptors are closed (either by hand or on process exit). The TDX module then releases the HKID and S-EPT destruction can runup to 10x faster. Thanks, Paolo
Powered by blists - more mailing lists