Re: KVM handling external interrupts

[Jan Kiszka <jan.kiszka@web.de>]

[-- Attachment #1: Type: text/plain, Size: 1470 bytes --]

On 2012-06-07 11:55, Abel Gordon wrote:
> 
>>> Note this is not so simple, there are many other issues you should
>>> consider.
>>
>> Is it just complicated, not upstreamable, or are the unsolved issues
>> like security holes or the need to paravirtualize the guest?
> 
> Well, I let you read the paper first :) It will answer all these questions.

I'm on it. Two general remarks so far:

 - At least the preemption timer is not common x86 architecture but can
   only be found in VT-x. You should mention that you are focusing on
   Intel.
 - You discuss interrupt delivery without stating that you have MSIs in
   mind. Some aspects may be helpful for legacy interrupts as well, but
   you obviously can't achieve exit-less operation there. Not an issue,
   should just be made clear.

> 
> In a nutshell,
> Complicated: that always depends who you ask and relative to what you
> consider something complicated. ELI changes some critical points in KVM.
> Unsolved issues: there are some issues solves in theory but not implemented
> Security holes: not if you are OK with the threat model we describe in the
> paper

The thread model looks sane, but I'm not feeling well with the "let's
poll the guest to see if it misbehaved" solution. It should work but is
a bit ugly.

> need paravirtualize the guest: no if you have x2APIC.

...and the guest makes use of it. This excludes older OSes. When did
Windows start to use it?

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]