On 2023-06-23 16:34, Russell King (Oracle) wrote:
On Fri, Jun 23, 2023 at 05:24:20PM +0200, Ard Biesheuvel wrote:
(cc Marc and Quentin)
On Mon, 5 Jun 2023 at 11:05, Russell King (Oracle)
<linux@xxxxxxxxxxxxxxx> wrote:
>
> Hi,
>
> Are there any comments on this?
>
Hi Russell,
I think the proposed approach is sound, but it is rather intrusive, as
you've pointed out already (wrt KASLR and KASAN etc). And once my LPA2
work gets merged (which uses root level -1 when booted on LPA2 capable
hardware, and level 0 otherwise), we'll have yet another combination
that is either fully incompatible, or cumbersome to support at the
very least.
I wonder if it would be worthwhile to explore an alternative approach,
using pKVM and the host stage2:
- all stage1 kernel mappings remain as they are, and the kernel code
running at EL1 has no awareness of the replication beyond being
involved in allocating the memory;
- host is booted in protected KVM mode, which means that the host
kernel executes under a stage 2 mapping;
- each NUMA node has its own set of stage 2 page tables, and maps the
kernel's code/rodata IPA range to a NUMA local PA range
- the kernel's code and rodata are mapped read-only in the primary
stage-2 mapping so updates trap to EL2, permitting the hypervisor to
replicate those update to all clones.
Note that pKVM retains the capabilities of ordinary KVM, so as long as
you boot at EL2, the only downside compared to your approach would be
the increased TLB footprint due to the stage 2 mappings for the host
kernel.
Marc, Quentin, Will: any thoughts?
Thanks for taking a look.
That sounds great, but my initial question would be whether, with such
a
setup, one could then run VMs under such a kernel without hardware that
supports nested virtualisation? I suspect the answer would be no.
The answer is yes. All you need to do is to switch between the host
and guest stage-2s in the hypervisor, which is what KVM running in
protected mode does.
M.
--
Jazz is not dead. It just smells funny...
