| Message ID | 20220929070341.4846-1-chenyi.qiang@intel.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Enable notify VM exit | expand |
On 9/29/22 09:03, Chenyi Qiang wrote: > Notify VM exit is introduced to mitigate the potential DOS attach from > malicious VM. This series is the userspace part to enable this feature > through a new KVM capability KVM_CAP_X86_NOTIFY_VMEXIT. The detailed > info can be seen in Patch 4. > > The corresponding KVM support can be found in linux 6.0-rc: > (2f4073e08f4c KVM: VMX: Enable Notify VM exit) Thanks, I will queue this in my next pull request. Paolo > --- > Change logs: > v7 -> v8 > - Add triple_fault_pending field transmission on migration (Paolo) > - Change the notify-vmexit and notify-window to the accelerator property. Add it as > a x86-specific property. (Paolo) > - Add a preparation patch to expose struct KVMState in order to add target-specific property. > - Define three option for notify-vmexit. Make it on by default. (Paolo) > - Raise a KVM internal error instead of triple fault if invalid context of guest VMCS detected. > - v7: https://lore.kernel.org/qemu-devel/20220923073333.23381-1-chenyi.qiang@intel.com/ > > v6 -> v7 > - Add a warning message when exiting to userspace (Peter Xu) > - v6: https://lore.kernel.org/all/20220915092839.5518-1-chenyi.qiang@intel.com/ > > v5 -> v6 > - Add some info related to the valid range of notify_window in patch 2. (Peter Xu) > - Add the doc in qemu-options.hx. (Peter Xu) > - v5: https://lore.kernel.org/qemu-devel/20220817020845.21855-1-chenyi.qiang@intel.com/ > > --- > > Chenyi Qiang (3): > i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple > fault > kvm: expose struct KVMState > i386: add notify VM exit support > > Paolo Bonzini (1): > kvm: allow target-specific accelerator properties > > accel/kvm/kvm-all.c | 78 ++----------------------- > include/sysemu/kvm.h | 2 + > include/sysemu/kvm_int.h | 75 ++++++++++++++++++++++++ > qapi/run-state.json | 17 ++++++ > qemu-options.hx | 11 ++++ > target/arm/kvm.c | 4 ++ > target/i386/cpu.c | 1 + > target/i386/cpu.h | 1 + > target/i386/kvm/kvm.c | 121 +++++++++++++++++++++++++++++++++++++++ > target/i386/machine.c | 20 +++++++ > target/mips/kvm.c | 4 ++ > target/ppc/kvm.c | 4 ++ > target/riscv/kvm.c | 4 ++ > target/s390x/kvm/kvm.c | 4 ++ > 14 files changed, 272 insertions(+), 74 deletions(-) >
On 9/30/2022 1:28 AM, Paolo Bonzini wrote: > On 9/29/22 09:03, Chenyi Qiang wrote: >> Notify VM exit is introduced to mitigate the potential DOS attach from >> malicious VM. This series is the userspace part to enable this feature >> through a new KVM capability KVM_CAP_X86_NOTIFY_VMEXIT. The detailed >> info can be seen in Patch 4. >> >> The corresponding KVM support can be found in linux 6.0-rc: >> (2f4073e08f4c KVM: VMX: Enable Notify VM exit) > > Thanks, I will queue this in my next pull request. > > Paolo > Thanks Paolo! Please take the resend version at https://lore.kernel.org/qemu-devel/20220929072014.20705-1-chenyi.qiang@intel.com/ There's a minor compile issue in this one. Chenyi >> --- >> Change logs: >> v7 -> v8 >> - Add triple_fault_pending field transmission on migration (Paolo) >> - Change the notify-vmexit and notify-window to the accelerator >> property. Add it as >> a x86-specific property. (Paolo) >> - Add a preparation patch to expose struct KVMState in order to add >> target-specific property. >> - Define three option for notify-vmexit. Make it on by default. (Paolo) >> - Raise a KVM internal error instead of triple fault if invalid >> context of guest VMCS detected. >> - v7: >> https://lore.kernel.org/qemu-devel/20220923073333.23381-1-chenyi.qiang@intel.com/ >> >> v6 -> v7 >> - Add a warning message when exiting to userspace (Peter Xu) >> - v6: >> https://lore.kernel.org/all/20220915092839.5518-1-chenyi.qiang@intel.com/ >> >> v5 -> v6 >> - Add some info related to the valid range of notify_window in patch >> 2. (Peter Xu) >> - Add the doc in qemu-options.hx. (Peter Xu) >> - v5: >> https://lore.kernel.org/qemu-devel/20220817020845.21855-1-chenyi.qiang@intel.com/ >> >> --- >> >> Chenyi Qiang (3): >> i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple >> fault >> kvm: expose struct KVMState >> i386: add notify VM exit support >> >> Paolo Bonzini (1): >> kvm: allow target-specific accelerator properties >> >> accel/kvm/kvm-all.c | 78 ++----------------------- >> include/sysemu/kvm.h | 2 + >> include/sysemu/kvm_int.h | 75 ++++++++++++++++++++++++ >> qapi/run-state.json | 17 ++++++ >> qemu-options.hx | 11 ++++ >> target/arm/kvm.c | 4 ++ >> target/i386/cpu.c | 1 + >> target/i386/cpu.h | 1 + >> target/i386/kvm/kvm.c | 121 +++++++++++++++++++++++++++++++++++++++ >> target/i386/machine.c | 20 +++++++ >> target/mips/kvm.c | 4 ++ >> target/ppc/kvm.c | 4 ++ >> target/riscv/kvm.c | 4 ++ >> target/s390x/kvm/kvm.c | 4 ++ >> 14 files changed, 272 insertions(+), 74 deletions(-) >> >
Notify VM exit is introduced to mitigate the potential DOS attach from malicious VM. This series is the userspace part to enable this feature through a new KVM capability KVM_CAP_X86_NOTIFY_VMEXIT. The detailed info can be seen in Patch 4. The corresponding KVM support can be found in linux 6.0-rc: (2f4073e08f4c KVM: VMX: Enable Notify VM exit) --- Change logs: v7 -> v8 - Add triple_fault_pending field transmission on migration (Paolo) - Change the notify-vmexit and notify-window to the accelerator property. Add it as a x86-specific property. (Paolo) - Add a preparation patch to expose struct KVMState in order to add target-specific property. - Define three option for notify-vmexit. Make it on by default. (Paolo) - Raise a KVM internal error instead of triple fault if invalid context of guest VMCS detected. - v7: https://lore.kernel.org/qemu-devel/20220923073333.23381-1-chenyi.qiang@intel.com/ v6 -> v7 - Add a warning message when exiting to userspace (Peter Xu) - v6: https://lore.kernel.org/all/20220915092839.5518-1-chenyi.qiang@intel.com/ v5 -> v6 - Add some info related to the valid range of notify_window in patch 2. (Peter Xu) - Add the doc in qemu-options.hx. (Peter Xu) - v5: https://lore.kernel.org/qemu-devel/20220817020845.21855-1-chenyi.qiang@intel.com/ --- Chenyi Qiang (3): i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault kvm: expose struct KVMState i386: add notify VM exit support Paolo Bonzini (1): kvm: allow target-specific accelerator properties accel/kvm/kvm-all.c | 78 ++----------------------- include/sysemu/kvm.h | 2 + include/sysemu/kvm_int.h | 75 ++++++++++++++++++++++++ qapi/run-state.json | 17 ++++++ qemu-options.hx | 11 ++++ target/arm/kvm.c | 4 ++ target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 121 +++++++++++++++++++++++++++++++++++++++ target/i386/machine.c | 20 +++++++ target/mips/kvm.c | 4 ++ target/ppc/kvm.c | 4 ++ target/riscv/kvm.c | 4 ++ target/s390x/kvm/kvm.c | 4 ++ 14 files changed, 272 insertions(+), 74 deletions(-)