I view it as a performance problem because nothing stops KVM from
copying from
userspace into the private fd during the SEV ioctl(). What's
missing is the
ability for userspace to directly initialze the private fd, which
may or may not
avoid an extra memcpy() depending on how clever userspa
On 7/21/22 14:19, Sean Christopherson wrote:
On Thu, Jul 21, 2022, Gupta, Pankaj wrote:
I view it as a performance problem because nothing stops KVM from copying from
userspace into the private fd during the SEV ioctl(). What's missing is the
ability for userspace to directly initialze the
* The current patch should just work, but prefer to have pre-boot guest
payload/firmware population into private memory for performance.
Not just performance in the case of SEV, it's needed there because firmware
only supports in-place encryption of guest memory, there's no mech
On Thu, Jul 21, 2022, Gupta, Pankaj wrote:
>
> Hi Sean, Chao,
>
> While attempting to solve the pre-boot guest payload/firmware population
> into private memory for SEV SNP, retrieved this thread. Have question below:
>
> > > > Requirements & Gaps
> > > > -
>
Hi Sean, Chao,
While attempting to solve the pre-boot guest payload/firmware population
into private memory for SEV SNP, retrieved this thread. Have question below:
Requirements & Gaps
-
- Confidential computing(CC): TDX/SEV/CCA
* Need support both
On Fri, Jun 10, 2022, Andy Lutomirski wrote:
> On Mon, Apr 25, 2022 at 1:31 PM Sean Christopherson wrote:
> >
> > On Mon, Apr 25, 2022, Andy Lutomirski wrote:
> > >
> > >
> > > On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > > > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrot
On Mon, Apr 25, 2022 at 1:31 PM Sean Christopherson wrote:
>
> On Mon, Apr 25, 2022, Andy Lutomirski wrote:
> >
> >
> > On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
> > >>
> >
> > >>
> > >> 2. Bind the memfile to a VM (or
On Mon, May 09, 2022, Michael Roth wrote:
> On Fri, Apr 22, 2022 at 06:56:12PM +0800, Chao Peng wrote:
> > Requirements & Gaps
> > -
> > - Confidential computing(CC): TDX/SEV/CCA
> > * Need support both explicit/implicit conversions.
> > * Need support
On Fri, Apr 22, 2022 at 06:56:12PM +0800, Chao Peng wrote:
> Great thanks for the discussions. I summarized the requirements/gaps and the
> potential changes for next step. Please help to review.
Hi Chao,
Thanks for writing this up. I've been meaning to respond, but wanted to
make a bit more prog
On Thursday 28 Apr 2022 at 20:29:52 (+0800), Chao Peng wrote:
>
> + Michael in case he has comment from SEV side.
>
> On Mon, Apr 25, 2022 at 07:52:38AM -0700, Andy Lutomirski wrote:
> >
> >
> > On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > > On Sun, Apr 24, 2022 at 09:59:37AM -0700, A
+ Michael in case he has comment from SEV side.
On Mon, Apr 25, 2022 at 07:52:38AM -0700, Andy Lutomirski wrote:
>
>
> On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
> >>
>
> >>
> >> 2. Bind the memfile to a VM (or at
On Mon, Apr 25, 2022, Andy Lutomirski wrote:
>
>
> On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> > On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
> >>
>
> >>
> >> 2. Bind the memfile to a VM (or at least to a VM technology). Now it's in
> >> the initial state appropri
On Mon, Apr 25, 2022, at 6:40 AM, Chao Peng wrote:
> On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
>>
>>
>> 2. Bind the memfile to a VM (or at least to a VM technology). Now it's in
>> the initial state appropriate for that VM.
>>
>> For TDX, this completely bypasses the
On Sun, Apr 24, 2022 at 09:59:37AM -0700, Andy Lutomirski wrote:
>
>
> On Fri, Apr 22, 2022, at 3:56 AM, Chao Peng wrote:
> > On Tue, Apr 05, 2022 at 06:03:21PM +, Sean Christopherson wrote:
> >> On Tue, Apr 05, 2022, Quentin Perret wrote:
> >> > On Monday 04 Apr 2022 at 15:04:17 (-0700), And
On Fri, Apr 22, 2022, at 3:56 AM, Chao Peng wrote:
> On Tue, Apr 05, 2022 at 06:03:21PM +, Sean Christopherson wrote:
>> On Tue, Apr 05, 2022, Quentin Perret wrote:
>> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> Only when the register succeeds, the fd is
> c
On Fri, Apr 22, 2022 at 01:06:25PM +0200, Paolo Bonzini wrote:
> On 4/22/22 12:56, Chao Peng wrote:
> > /* memfile notifier flags */
> > #define MFN_F_USER_INACCESSIBLE 0x0001 /* memory allocated in
> > the file is inaccessible from userspace (e.g. read/write/mmap) */
> >
On 4/22/22 12:56, Chao Peng wrote:
/* memfile notifier flags */
#define MFN_F_USER_INACCESSIBLE 0x0001 /* memory allocated in the
file is inaccessible from userspace (e.g. read/write/mmap) */
#define MFN_F_UNMOVABLE 0x0002 /* memory allocated in the
file
On Tue, Apr 05, 2022 at 06:03:21PM +, Sean Christopherson wrote:
> On Tue, Apr 05, 2022, Quentin Perret wrote:
> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> > > >> - it can be very useful for protected VMs to do shared=>private
> > > >>conversions. Think of a VM r
On Mon, Mar 28, 2022 at 01:16:48PM -0700, Andy Lutomirski wrote:
> On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
> >
> > This is the v5 of this series which tries to implement the fd-based KVM
> > guest private memory. The patches are based on latest kvm/queue branch
> > commit:
> >
> > d5089
On Fri, Apr 08, 2022 at 11:35:05AM -1000, Vishal Annapurve wrote:
> On Mon, Mar 28, 2022 at 10:17 AM Andy Lutomirski wrote:
> >
> > On Thu, Mar 10, 2022 at 6:09 AM Chao Peng
> > wrote:
> > >
> > > This is the v5 of this series which tries to implement the fd-based KVM
> > > guest private memory.
On Mon, Mar 28, 2022 at 10:17 AM Andy Lutomirski wrote:
>
> On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
> >
> > This is the v5 of this series which tries to implement the fd-based KVM
> > guest private memory. The patches are based on latest kvm/queue branch
> > commit:
> >
> > d5089416b7f
On Tue, Apr 5, 2022, at 11:30 AM, Sean Christopherson wrote:
> On Tue, Apr 05, 2022, Andy Lutomirski wrote:
>
>> resume guest
>> *** host -> hypervisor -> guest ***
>> Guest unshares the page.
>> *** guest -> hypervisor ***
>> Hypervisor removes PTE. TLBI.
>> *** hypervisor -> guest ***
>>
>>
On Tuesday 05 Apr 2022 at 10:51:36 (-0700), Andy Lutomirski wrote:
> Let's try actually counting syscalls and mode transitions, at least
> approximately. For non-direct IO (DMA allocation on guest side, not straight
> to/from pagecache or similar):
>
> Guest writes to shared DMA buffer. Assume
On Tuesday 05 Apr 2022 at 18:03:21 (+), Sean Christopherson wrote:
> On Tue, Apr 05, 2022, Quentin Perret wrote:
> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> > > >> - it can be very useful for protected VMs to do shared=>private
> > > >>conversions. Think of a VM
On Tue, Apr 05, 2022, Andy Lutomirski wrote:
> On Tue, Apr 5, 2022, at 3:36 AM, Quentin Perret wrote:
> > On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> >> The best I can come up with is a special type of shared page that is not
> >> GUP-able and maybe not even mmappable, havin
On Tue, Apr 05, 2022, Quentin Perret wrote:
> On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
> > >> - it can be very useful for protected VMs to do shared=>private
> > >>conversions. Think of a VM receiving some data from the host in a
> > >>shared buffer, and then it wa
On Tue, Apr 5, 2022, at 3:36 AM, Quentin Perret wrote:
> On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
>>
>>
>> On Mon, Apr 4, 2022, at 10:06 AM, Sean Christopherson wrote:
>> > On Mon, Apr 04, 2022, Quentin Perret wrote:
>> >> On Friday 01 Apr 2022 at 12:56:50 (-0700), And
On Monday 04 Apr 2022 at 15:04:17 (-0700), Andy Lutomirski wrote:
>
>
> On Mon, Apr 4, 2022, at 10:06 AM, Sean Christopherson wrote:
> > On Mon, Apr 04, 2022, Quentin Perret wrote:
> >> On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
> >> FWIW, there are a couple of reasons why
On Mon, Apr 4, 2022, at 10:06 AM, Sean Christopherson wrote:
> On Mon, Apr 04, 2022, Quentin Perret wrote:
>> On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
>> FWIW, there are a couple of reasons why I'd like to have in-place
>> conversions:
>>
>> - one goal of pKVM is to mi
On Mon, Apr 04, 2022, Quentin Perret wrote:
> On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
> FWIW, there are a couple of reasons why I'd like to have in-place
> conversions:
>
> - one goal of pKVM is to migrate some things away from the Arm
>Trustzone environment (e.g. DR
On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
> On Fri, Apr 1, 2022, at 7:59 AM, Quentin Perret wrote:
> > On Thursday 31 Mar 2022 at 09:04:56 (-0700), Andy Lutomirski wrote:
>
>
> > To answer your original question about memory 'conversion', the key
> > thing is that the pKVM
On Fri, Apr 1, 2022, at 7:59 AM, Quentin Perret wrote:
> On Thursday 31 Mar 2022 at 09:04:56 (-0700), Andy Lutomirski wrote:
> To answer your original question about memory 'conversion', the key
> thing is that the pKVM hypervisor controls the stage-2 page-tables for
> everyone in the system, all
On Fri, Apr 01, 2022, Quentin Perret wrote:
> On Friday 01 Apr 2022 at 17:14:21 (+), Sean Christopherson wrote:
> > On Fri, Apr 01, 2022, Quentin Perret wrote:
> > I assume there is a scenario where a page can be converted from
> > shared=>private?
> > If so, is there a use case where that hap
On Friday 01 Apr 2022 at 17:14:21 (+), Sean Christopherson wrote:
> On Fri, Apr 01, 2022, Quentin Perret wrote:
> > The typical flow is as follows:
> >
> > - the host asks the hypervisor to run a guest;
> >
> > - the hypervisor does the context switch, which includes switching
> >stage-
On Fri, Apr 01, 2022, Quentin Perret wrote:
> The typical flow is as follows:
>
> - the host asks the hypervisor to run a guest;
>
> - the hypervisor does the context switch, which includes switching
>stage-2 page-tables;
>
> - initially the guest has an empty stage-2 (we don't require
>
On Thursday 31 Mar 2022 at 09:04:56 (-0700), Andy Lutomirski wrote:
> On Wed, Mar 30, 2022, at 10:58 AM, Sean Christopherson wrote:
> > On Wed, Mar 30, 2022, Quentin Perret wrote:
> >> On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
> >> > On 29/03/2022 18:01, Quentin Perret wrote
On Wed, Mar 30, 2022, at 10:58 AM, Sean Christopherson wrote:
> On Wed, Mar 30, 2022, Quentin Perret wrote:
>> On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
>> > On 29/03/2022 18:01, Quentin Perret wrote:
>> > > Is implicit sharing a thing? E.g., if a guest makes a memory access
On Wed, Mar 30, 2022, Quentin Perret wrote:
> On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
> > On 29/03/2022 18:01, Quentin Perret wrote:
> > > Is implicit sharing a thing? E.g., if a guest makes a memory access in
> > > the shared gpa range at an address that doesn't have a ba
On Wed, Mar 30, 2022, Steven Price wrote:
> On 29/03/2022 18:01, Quentin Perret wrote:
> > Is implicit sharing a thing? E.g., if a guest makes a memory access in
> > the shared gpa range at an address that doesn't have a backing memslot,
> > will KVM check whether there is a corresponding private m
On Wednesday 30 Mar 2022 at 09:58:27 (+0100), Steven Price wrote:
> On 29/03/2022 18:01, Quentin Perret wrote:
> > On Monday 28 Mar 2022 at 18:58:35 (+), Sean Christopherson wrote:
> >> On Mon, Mar 28, 2022, Quentin Perret wrote:
> >>> Hi Sean,
> >>>
> >>> Thanks for the reply, this helps a lot
On 29/03/2022 18:01, Quentin Perret wrote:
> On Monday 28 Mar 2022 at 18:58:35 (+), Sean Christopherson wrote:
>> On Mon, Mar 28, 2022, Quentin Perret wrote:
>>> Hi Sean,
>>>
>>> Thanks for the reply, this helps a lot.
>>>
>>> On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson wrote
On Monday 28 Mar 2022 at 18:58:35 (+), Sean Christopherson wrote:
> On Mon, Mar 28, 2022, Quentin Perret wrote:
> > Hi Sean,
> >
> > Thanks for the reply, this helps a lot.
> >
> > On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson wrote:
> > > On Thu, Mar 24, 2022, Quentin Perret
On Mon, Mar 28, 2022, Nakajima, Jun wrote:
> > On Mar 28, 2022, at 1:16 PM, Andy Lutomirski wrote:
> >
> > On Thu, Mar 10, 2022 at 6:09 AM Chao Peng
> > wrote:
> >>
> >> This is the v5 of this series which tries to implement the fd-based KVM
> >> guest private memory. The patches are based on
> On Mar 28, 2022, at 1:16 PM, Andy Lutomirski wrote:
>
> On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
>>
>> This is the v5 of this series which tries to implement the fd-based KVM
>> guest private memory. The patches are based on latest kvm/queue branch
>> commit:
>>
>> d5089416b7fb KVM:
On Thu, Mar 10, 2022 at 6:09 AM Chao Peng wrote:
>
> This is the v5 of this series which tries to implement the fd-based KVM
> guest private memory. The patches are based on latest kvm/queue branch
> commit:
>
> d5089416b7fb KVM: x86: Introduce KVM_CAP_DISABLE_QUIRKS2
Can this series be run and
On Mon, Mar 28, 2022, Quentin Perret wrote:
> Hi Sean,
>
> Thanks for the reply, this helps a lot.
>
> On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson wrote:
> > On Thu, Mar 24, 2022, Quentin Perret wrote:
> > > For Protected KVM (and I suspect most other confidential computing
> >
Hi Sean,
Thanks for the reply, this helps a lot.
On Monday 28 Mar 2022 at 17:13:10 (+), Sean Christopherson wrote:
> On Thu, Mar 24, 2022, Quentin Perret wrote:
> > For Protected KVM (and I suspect most other confidential computing
> > solutions), guests have the ability to share some of thei
On Thu, Mar 24, 2022, Quentin Perret wrote:
> For Protected KVM (and I suspect most other confidential computing
> solutions), guests have the ability to share some of their pages back
> with the host kernel using a dedicated hypercall. This is necessary
> for e.g. virtio communications, so these s
Hi Chao,
+CC Will and Marc for visibility.
On Thursday 10 Mar 2022 at 22:08:58 (+0800), Chao Peng wrote:
> This is the v5 of this series which tries to implement the fd-based KVM
> guest private memory. The patches are based on latest kvm/queue branch
> commit:
>
> d5089416b7fb KVM: x86: Intro
This is the v5 of this series which tries to implement the fd-based KVM
guest private memory. The patches are based on latest kvm/queue branch
commit:
d5089416b7fb KVM: x86: Introduce KVM_CAP_DISABLE_QUIRKS2
Introduction
In general this patch series introduce fd-based memslot whic
50 matches
Mail list logo
