From: "H. Peter Anvin" <hpa@zytor.com>
To: Andy Lutomirski <luto@amacapital.net>,
David Hepkin <davidhep@microsoft.com>
Cc: Mathew John <mathewj@microsoft.com>,
Theodore Ts'o <tytso@mit.edu>,
John Starks <John.Starks@microsoft.com>,
kvm list <kvm@vger.kernel.org>, Gleb Natapov <gleb@kernel.org>,
Niels Ferguson <niels@microsoft.com>,
Linux Virtualization <virtualization@lists.linux-foundation.org>,
Jake Oshins <jakeo@microsoft.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Standardizing an MSR or other hypercall to get an RNG seed?
Date: Thu, 18 Sep 2014 15:03:57 -0700 [thread overview]
Message-ID: <541B56CD.4010906@zytor.com> (raw)
In-Reply-To: <CALCETrUgcJt7p_aS0njtHmvPQ=XxNdonFHtPzFgVNpAE4U=R3Q@mail.gmail.com>
On 09/18/2014 03:00 PM, Andy Lutomirski wrote:
> On Thu, Sep 18, 2014 at 2:46 PM, David Hepkin <davidhep@microsoft.com> wrote:
>> I'm not sure what you mean by "this mechanism?" Are you suggesting that each hypervisor put "CrossHVPara\0" somewhere in the 0x40000000 - 0x400fffff CPUID range, and an OS has to do a full scan of this CPUID range on boot to find it? That seems pretty inefficient. An OS will take 1000's of hypervisor intercepts on every boot just to search this CPUID range.
>
> Linux already does this, which is arguably unfortunate. But it's not
> quite that bad; the KVM and Xen code is only scanning at increments of
> 0x100.
>
> I think that Linux as a guest would have no problem with checking the
> Hyper-V range or some new range. I don't think that Linux would want
> to have to set a guest OS identity, and it's not entirely clear to me
> whether this would be necessary to use the Hyper-V mechanism.
>
We really don't want to have to do this in early code, though.
>>
>> I suggest we come to consensus on a specific CPUID leaf where an OS needs to look to determine if a hypervisor supports this capability. We could define a new CPUID leaf range at a well-defined location, or we could just use one of the existing CPUID leaf ranges implemented by an existing hypervisor. I'm not familiar with the KVM CPUID leaf range, but in the case of Hyper-V, the Hyper-V CPUID leaf range was architected to allow for other hypervisors to implement it and just show through specific capabilities supported by the hypervisor. So, we could define a bit in the Hyper-V CPUID leaf range (since Xen and KVM also implement this range), but that would require Linux to look in that range on boot to discover this capability.
>
> I also don't know whether QEMU and KVM would be okay with implementing
> the host side of the Hyper-V mechanism by default. They would have to
> implement at least leaves 0x40000001 and 0x4000002, plus correctly
> reporting zeros through whatever leaf is used for this new feature.
> Gleb? Paolo?
>
The problem is what happens with a noncooperating hypervisor. I guess
we could put a magic number in one of the leaf registers, but still...
-hpa
next prev parent reply other threads:[~2014-09-18 22:03 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-18 2:50 Standardizing an MSR or other hypercall to get an RNG seed? Andy Lutomirski
2014-09-18 14:40 ` KY Srinivasan
2014-09-18 14:43 ` H. Peter Anvin
2014-09-18 15:38 ` Andy Lutomirski
2014-09-18 15:44 ` Andy Lutomirski
2014-09-18 15:58 ` Paolo Bonzini
2014-09-18 16:36 ` KY Srinivasan
2014-09-18 17:13 ` Nakajima, Jun
2014-09-18 17:17 ` Paolo Bonzini
2014-09-18 17:20 ` Jake Oshins
2014-09-18 17:20 ` KY Srinivasan
2014-09-18 17:42 ` Nakajima, Jun
2014-09-18 18:35 ` Andy Lutomirski
2014-09-18 18:39 ` H. Peter Anvin
2014-09-18 18:54 ` Niels Ferguson
2014-09-18 19:03 ` Andy Lutomirski
2014-09-18 21:54 ` David Hepkin
2014-09-19 6:04 ` Paolo Bonzini
2014-09-18 18:58 ` Paolo Bonzini
2014-09-18 19:07 ` Andy Lutomirski
2014-09-18 21:21 ` Nakajima, Jun
2014-09-18 21:35 ` Andy Lutomirski
2014-09-18 21:46 ` David Hepkin
2014-09-18 21:57 ` H. Peter Anvin
2014-09-18 22:07 ` Andy Lutomirski
2014-09-19 0:49 ` Nakajima, Jun
2014-09-19 1:03 ` Andy Lutomirski
2014-09-19 1:28 ` Andy Lutomirski
2014-09-19 16:14 ` Nakajima, Jun
2014-09-19 16:22 ` Paolo Bonzini
2014-09-19 16:40 ` H. Peter Anvin
2014-09-19 17:21 ` Andy Lutomirski
2014-09-19 17:36 ` H. Peter Anvin
2014-09-19 17:39 ` Andy Lutomirski
2014-09-19 22:05 ` Theodore Ts'o
2014-09-19 22:06 ` Andy Lutomirski
2014-09-19 22:57 ` Nakajima, Jun
2014-09-19 22:57 ` Theodore Ts'o
2014-09-19 23:12 ` Andy Lutomirski
2014-09-19 23:29 ` H. Peter Anvin
2014-09-19 23:35 ` Theodore Ts'o
2014-09-19 23:41 ` Andy Lutomirski
2014-09-20 0:06 ` H. Peter Anvin
2014-09-19 23:29 ` H. Peter Anvin
2014-09-18 22:00 ` Andy Lutomirski
2014-09-18 22:03 ` H. Peter Anvin [this message]
2014-09-19 16:37 ` Gleb Natapov
2014-09-19 16:40 ` H. Peter Anvin
2014-09-19 16:53 ` Gleb Natapov
2014-09-19 17:08 ` H. Peter Anvin
2014-09-19 17:15 ` Gleb Natapov
2014-09-19 17:18 ` H. Peter Anvin
2014-09-19 17:18 ` H. Peter Anvin
2014-09-19 17:49 ` Gleb Natapov
2014-09-19 18:02 ` Andy Lutomirski
2014-09-19 18:12 ` Gleb Natapov
2014-09-19 18:20 ` Andy Lutomirski
2014-09-19 20:53 ` Gleb Natapov
2014-09-22 4:11 ` Alok Kataria
2014-09-19 17:21 ` Andy Lutomirski
2014-09-19 17:59 ` Gleb Natapov
2014-09-18 18:56 ` Paolo Bonzini
2014-09-19 18:30 ` Christopher Covington
2014-09-19 18:42 ` Andy Lutomirski
2014-09-19 20:21 ` Nadav Amit
2014-09-19 20:46 ` Andy Lutomirski
2014-09-19 21:46 ` H. Peter Anvin
2014-09-22 13:31 ` Christopher Covington
2014-09-22 14:17 ` H. Peter Anvin
2014-09-22 14:18 ` H. Peter Anvin
2014-09-22 23:01 ` H. Peter Anvin
2014-09-21 12:39 ` Paolo Bonzini
2014-09-22 13:33 ` Christopher Covington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=541B56CD.4010906@zytor.com \
--to=hpa@zytor.com \
--cc=John.Starks@microsoft.com \
--cc=davidhep@microsoft.com \
--cc=gleb@kernel.org \
--cc=jakeo@microsoft.com \
--cc=kvm@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mathewj@microsoft.com \
--cc=niels@microsoft.com \
--cc=pbonzini@redhat.com \
--cc=tytso@mit.edu \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox