From: Paolo Bonzini <pbonzini@redhat.com>
To: "Radim Krčmář" <rkrcmar@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Cc: linux-kernel@vger.kernel.org,
"Wanpeng Li" <wanpeng.li@linux.intel.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Xiao Guangrong" <guangrong.xiao@linux.intel.com>,
"Kai Huang" <kai.huang@linux.intel.com>,
"Mihai Donțu" <mdontu@bitdefender.com>,
kvm@vger.kernel.org
Subject: Re: [PATCH] kvm/vmx: EPTP switching test
Date: Tue, 17 Nov 2015 10:23:42 +0100 [thread overview]
Message-ID: <564AF21E.3010604@redhat.com> (raw)
In-Reply-To: <20151116181838.GB17144@potion.brq.redhat.com>
On 16/11/2015 19:18, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= wrote:
>> > No idea how would I even test it, so I'm not interested in #VE at this
>> > point. If you are - go ahead and post a patch for that on top though,
>> > why not.
> I thought that it's going to be simpler to provide functionality (that
> utilizes eptp switching) to the guest through #VE, which probably isn't
> true as I think more about it. (Not interested in implementing it :])
#VE and EPTP switching are distinct features, one does not imply the other.
Unfortunately, EPTP switching is designed for a very specific use case
where the hypervisor is effectively part of the kernel, and the kernel
is trusted to some extent. Examples include antivirus software and
virtual machines. Antiviruses do use VMFUNC, that's as far as I know
the only current use case of it
(https://embedded.communities.intel.com/community/en/applications/blog/2013/06/13/roving-reporter-enhancing-retail-security-and-manageability-with-4th-generation-intel-core-processors).
So I'm against this patch, but only because I'm not sure why KVM would
ever use EPTP switching in its current incarnation. The guest kernel is
absolutely not trusted by KVM.
Paolo
next prev parent reply other threads:[~2015-11-17 9:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-15 16:00 [PATCH] kvm/vmx: EPTP switching test Michael S. Tsirkin
2015-11-16 17:51 ` =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=
2015-11-16 17:59 ` Michael S. Tsirkin
2015-11-16 18:18 ` =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=
2015-11-16 18:52 ` Andy Lutomirski
2015-11-17 9:23 ` Paolo Bonzini [this message]
2015-11-17 1:45 ` Zhang, Yang Z
2015-11-17 10:17 ` Paolo Bonzini
2015-11-17 10:44 ` Wang, Wei W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=564AF21E.3010604@redhat.com \
--to=pbonzini@redhat.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=kai.huang@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mdontu@bitdefender.com \
--cc=mst@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=wanpeng.li@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox