From: Marc Zyngier <maz@kernel.org>
To: Tangnianyao <tangnianyao@huawei.com>
Cc: Will Deacon <will@kernel.org>, <oliver.upton@linux.dev>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <kvmarm@lists.linux.dev>,
"guoyang (C)" <guoyang2@huawei.com>,
Ard Biesheuvel <ardb@kernel.org>
Subject: Re: Question on get random long worse in VM than on host
Date: Sat, 31 Aug 2024 08:42:23 +0100 [thread overview]
Message-ID: <86zfotuoio.wl-maz@kernel.org> (raw)
In-Reply-To: <214e37e9-7aba-1e61-f63f-85cb10c9a878@huawei.com>
[+ Ard, who actually understands the whole RNG thing]
On Sat, 31 Aug 2024 04:34:33 +0100,
Tangnianyao <tangnianyao@huawei.com> wrote:
>
> Hi, all
>
> On ARM64 server(Kunpeng), performance of some syscall cases (like fork
> and open) in guest, which need random u64, are 10~20% worse than
> those on host. Because CONFIG_ARCH_HAS_ELF_RANDOMIZE=y and
> CONFIG_STACKPROTECTOR=y, guest kernel need random u64 and
> require them from host kvm using hvc.
>
> If FEAT_RNG is supported and EL3 firmware not support smccc trng, host
> kvm finally return random u64 using RNDRRS to guest.
>
> Shall we firstly let guest get random u64 from RNDRRS to avoid hvc trap?
> For example, if host find smccc trng not available, then tell guest smccc
> trng not available when guest check trng version.
My recollection is that it was a deliberate decision to decouple what
the host firmware offers from what the guest sees (we can always
implement the SMCCC TRNG using any mechanism that the host has to
deliver entropy).
Now, userspace has almost complete freedom to expose what the guest
sees in terms of PV services. In this particular case, it can write to
the KVM_REG_ARM_STD_BMAP pseudo register to remove the
KVM_REG_ARM_STD_BIT_TRNG_V1_0 bit from the bitmap, which will hide the
functionality.
Isn't this sufficient here? Given that you seem to be micro-optimising
for a particular platform, this seems like the easiest way to reach
your goal without having to change anything.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2024-08-31 7:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-31 3:34 Question on get random long worse in VM than on host Tangnianyao
2024-08-31 7:42 ` Marc Zyngier [this message]
2024-08-31 7:56 ` Ard Biesheuvel
2024-08-31 8:14 ` Marc Zyngier
2024-09-02 21:26 ` Ard Biesheuvel
2024-09-03 1:39 ` Tangnianyao
2024-09-03 15:04 ` Ard Biesheuvel
2024-09-05 3:12 ` Tangnianyao
2024-09-05 8:17 ` Marc Zyngier
2024-09-06 3:42 ` Tangnianyao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86zfotuoio.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=ardb@kernel.org \
--cc=guoyang2@huawei.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=tangnianyao@huawei.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).