From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>,
kvm@vger.kernel.org, Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>,
Igor Mammedov <imammedo@redhat.com>,
"Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
Subject: Re: [PATCH 1/5] KVM: Make the maximum number of user memslots a per-VM thing
Date: Thu, 28 Jan 2021 16:26:44 +0100 [thread overview]
Message-ID: <87v9bh13rf.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <34f76035-8749-e06b-2fb0-f30e295f6425@redhat.com>
Paolo Bonzini <pbonzini@redhat.com> writes:
> On 28/01/21 11:48, Maciej S. Szmigiero wrote:
>>>
>>> VMMs (especially big ones like QEMU) are complex and e.g. each driver
>>> can cause memory regions (-> memslots in KVM) to change. With this
>>> feature it becomes possible to set a limit upfront (based on VM
>>> configuration) so it'll be more obvious when it's hit.
>>>
>>
>> I see: it's a kind of a "big switch", so every VMM doesn't have to be
>> modified or audited.
>> Thanks for the explanation.
>
> Not really, it's the opposite: the VMM needs to opt into a smaller
> number of memslots.
>
> I don't know... I understand it would be defense in depth, however
> between dynamic allocation of memslots arrays and GFP_KERNEL_ACCOUNT, it
> seems to be a bit of a solution in search of a problem. For now I
> applied patches 1-2-5.
An alternative with a new module parameter was also suggested, that
would make it possible to protect against buggy/malicious VMMs but
again, the attack is not any different from just creating many
VMs. Module parameter will most like end up being unused 99,9% of the
time (if not 100). I don't seem to have a strong opinion.
--
Vitaly
next prev parent reply other threads:[~2021-01-28 15:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-27 17:57 [PATCH 0/5] KVM: Make the maximum number of user memslots configurable and raise the default Vitaly Kuznetsov
2021-01-27 17:57 ` [PATCH 1/5] KVM: Make the maximum number of user memslots a per-VM thing Vitaly Kuznetsov
2021-01-27 22:27 ` Maciej S. Szmigiero
2021-01-28 8:45 ` Vitaly Kuznetsov
2021-01-28 10:48 ` Maciej S. Szmigiero
2021-01-28 13:01 ` Paolo Bonzini
2021-01-28 15:26 ` Vitaly Kuznetsov [this message]
2021-01-28 17:31 ` Sean Christopherson
2021-01-28 17:59 ` Paolo Bonzini
2021-02-08 14:20 ` Vitaly Kuznetsov
2021-02-08 15:02 ` Paolo Bonzini
2021-01-27 17:57 ` [PATCH 2/5] KVM: Raise the maximum number of user memslots Vitaly Kuznetsov
2021-01-27 17:57 ` [PATCH 3/5] KVM: Make the maximum number of user memslots configurable Vitaly Kuznetsov
2021-01-27 17:57 ` [PATCH 4/5] selftests: kvm: Test the newly introduced KVM_CAP_MEMSLOTS_LIMIT Vitaly Kuznetsov
2021-01-27 17:57 ` [PATCH 5/5] selftests: kvm: Raise the default timeout to 120 seconds Vitaly Kuznetsov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v9bh13rf.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=imammedo@redhat.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=maciej.szmigiero@oracle.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.