From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH/PFC 0/2] s390 host support Date: Sun, 29 Apr 2007 14:49:53 +0300 Message-ID: <46348661.6000909@qumranet.com> References: <1177681224.5770.20.camel@cotte.boeblingen.de.ibm.com> <4632E94C.20904@qumranet.com> <4633099D.3020709@de.ibm.com> <463461B1.7060406@qumranet.com> <4634726F.10705@de.ibm.com> <463477EE.3000406@qumranet.com> <46347E6D.90409@de.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: "kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org" , Christian Borntraeger , mschwid2-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org To: carsteno-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org Return-path: In-Reply-To: <46347E6D.90409-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: kvm.vger.kernel.org Carsten Otte wrote: > > >> Can one do the equivalent of a futex wakeup from the kernel easily? > No, we did not have the need to do that. Now that you mention it, we'd > want to move interprocessor signal handling into the kernel anyway for > performance reasons. That would rise the need to wake up from kernel. > The other way round, how do you intend to wake a thread that uses > poll() or similar from userspace? > Write to a pipe, or send a signal (signals are quite fast if you mask them in userspace and use ppoll()). >> Nested page tables/extended page tables also provide this facility, >> with some caveats: >> >> - on 32-bit hosts (or 64-bit hosts with 32-bit userspace), host >> userspace virtual address space is not enough to contain the guest >> physical address space. >> - there is no way to protect the host userspace from the guest >> - some annoying linker scripts need to be used to compile the host >> userspace to move it out of the guest userspace area, making it more >> difficult to write kvm userspace >> >> I think there's a way to work around these issues on 64-bit npt >> hardware: allocate a pgd entry (at a non-zero offset) to hold guest >> physical memory, and copy this pgd entry into a guest-only pgd at >> offset zero. >> >> Of course, there are many millions of non-npt/ept processors out >> there, and we can't leave them out in the cold, so we'll have to work >> something out for classical shadow page tables. > No, of course not. The nested pagetable approach sounds neat to me. > Does'nt > the fact that there will be no security barrier between guest > userspace and virtual machine require running kvm as non privileged > user in the end? The trick I mentioned (copying a pgd entry) means: - guest physical and host userspace are different (have different pgds) - guest physical (offset 0) is aliased to host userspace (offset $bignum) - guest address space is limited to 2^(12+9*3) - the pte dirty and accessed bits are shared so guest userspace is not exposed, but the guest ptes _are_ shared. In a way, this is similar to shared memory, if shared page tables are ever implemented. Think of a shared memory segment mapped at two different offsets, but aligned at a pud boundary so everything below the pgd entry is sharable. > > Our implementation does use action bits preseted to sys_s390host_sie > to update the hardware control blocks for the virutal machine. The > hardware control blocks would be mapped read-only to user address > space. This way, the kernel can enforce the user not to mess things > up, which allows to run non-privileged user code (userid johndoe > instead of root). Would this approach be reasonable on x86 too? Allowing the guest to hack the host userspace exposes the rest of the user's processes to a malicious guest, and allows the guest to open network connections through the host, no? -- error compiling committee.c: too many arguments to function ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/