Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp973920imn;
        Tue, 26 Jul 2022 14:41:47 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1tPbu49jrs8nJcXb46V7Z+g5M5zw2MkeP4LIn7R3yBidGChWceUDkn3nnR/LYPhGZt0G1Iw
X-Received: by 2002:a17:906:cc46:b0:72b:83d4:de11 with SMTP id mm6-20020a170906cc4600b0072b83d4de11mr14880557ejb.428.1658871707300;
        Tue, 26 Jul 2022 14:41:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658871707; cv=none;
        d=google.com; s=arc-20160816;
        b=yT1WUw8vdvMNib7cn+toZvtnaeoMhMU3xNqyzIgct/YEDpo0EiCiOvsVPAS8kxBbCk
         OOvp25uriHXZoNKRSLIxIhpbqF6GQvqUa1y71vp5ysvQTJgJ3QTLo/dnt4DP5KIZ9vgX
         y5fspccaXBVdVTpGEU7AHJRYfyeLlYDiLAW0siGEdwhlO6SdpjyiCeCX9whhq79dNpi+
         PAkrhRSgRQXg+6nh9vLwZatFqklmfoziWtdtwabD9wNmnMzPKPS/1eUkqzPHvdYFmH+H
         42oZYR1tyIwLKuKll0ieImS8dEZdppOQALBozp4TH1uQf5wnED9mE5KBMEFClHTFS/0a
         IA3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=DXC0ivbrYOpPdY+GikVwjygrI0clyz85eHeYd1p4bKs=;
        b=pMazY18hMVCUt2yD8PTYwBBC3exB/yaERsv9HCjNUKZlD25gm/y+c/t/ioj44GZkvs
         MHCylKerzxJ3Bvj6SdFcQzY1DqwGlY0y3ARiWxCQnoOxXr+ANk+WkJAXnPVZq8hwZd6c
         gY4FKrt3RIb8RF+KhXk7VPPuLd7OQPLFyylDxrTh+b32C8dp6mFyWwvs1TVFzgIqBX3E
         IrtFcCN2A3Npey2y90kC7T86GlyLJfp2Wqj6vAdzFjyCgjSTZsE6HVFGBRuh43lMktq1
         XsHnoRIaRkAuGJKlVASQZMYlfDwGcRI8nFx1Ue1B+AyuPl0eEXHszodIyS7RSfhCSqRf
         7p2Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=DMVqvh1X;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=EO76yDl0;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id cw17-20020a170906479100b0072ed9eda8e6si17777617ejc.985.2022.07.26.14.41.13;
        Tue, 26 Jul 2022 14:41:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=DMVqvh1X;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=EO76yDl0;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232166AbiGZV2I (ORCPT <rfc822;alizee.penel@gmail.com>
        + 99 others); Tue, 26 Jul 2022 17:28:08 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39136 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229480AbiGZV2B (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Jul 2022 17:28:01 -0400
Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9922432BA0;
        Tue, 26 Jul 2022 14:27:58 -0700 (PDT)
From:   Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1658870876;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=DXC0ivbrYOpPdY+GikVwjygrI0clyz85eHeYd1p4bKs=;
        b=DMVqvh1XK7nu+6cu7CtblPOho3P1Df/FfTU+IWUmfGKKMjzYV8hWkhAPrh2TikPX/orRek
        pohEqEYhx9ygn5h3kLaiaBdgmxUXSacnlv0Avu5XOpTc+RSk2Ig89a2GJi5+Ve0A9jgPft
        kI7Yot9VdgdhDhHyCMP9ezY1VkFWqcomKKb3zH4CIbJpd9gJc2ZDuVbOtae6Tllw3itxL1
        yI9a9eNBb8NJaD5GW78L5WxPnD4JH3yTrIm5CUwAlSpcc0xB1XnuWBjfo7d9SXISicJZQi
        3juBbOmmPTmcPUXaAmK6H5qXXXzae9elGBITd7/jC8DL9d5SiCx3ifh2H4AYnA==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1658870876;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=DXC0ivbrYOpPdY+GikVwjygrI0clyz85eHeYd1p4bKs=;
        b=EO76yDl0WXV0ywCuyxvQ7q6iRZaHxjdjTebzhQxGZd3E92/a2Quq8+6XnuRnYhlqaRq93W
        8ijnT/DbBADD7GAg==
To:     Sean Christopherson <seanjc@google.com>,
        Andrei Vagin <avagin@google.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org, Wanpeng Li <wanpengli@tencent.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Jianfeng Tan <henry.tjf@antfin.com>,
        Adin Scannell <ascannell@google.com>,
        Konstantin Bogomolov <bogomolov@google.com>,
        Etienne Perot <eperot@google.com>,
        Andy Lutomirski <luto@kernel.org>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
        "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 0/5] KVM/x86: add a new hypercall to execute host system
In-Reply-To: <Yts1tUfPxdPH5XGs@google.com>
References: <20220722230241.1944655-1-avagin@google.com>
 <Yts1tUfPxdPH5XGs@google.com>
Date:   Tue, 26 Jul 2022 23:27:56 +0200
Message-ID: <87a68vtvhf.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jul 22 2022 at 23:41, Sean Christopherson wrote:
> +x86 maintainers, patch 1 most definitely needs acceptance from folks
> beyond KVM.

Thanks for putting us on CC. It seems to be incredibly hard to CC the
relevant maintainers and to get the prefix in the subject straight.

> On Fri, Jul 22, 2022, Andrei Vagin wrote:
>> Another option is the KVM platform. In this case, the Sentry (gVisor
>> kernel) can run in a guest ring0 and create/manage multiple address
>> spaces. Its performance is much better than the ptrace one, but it is
>> still not great compared with the native performance. This change
>> optimizes the most critical part, which is the syscall overhead.
>
> What exactly is the source of the syscall overhead, and what alternatives have
> been explored?  Making arbitrary syscalls from within KVM is mildly terrifying.

What's even worse is that this exposes a magic kernel syscall interface
to random driver writers. Seriously no.

This approach is certainly a clever idea, but exposing this outside of a
very restricted and controlled environment is a patently bad idea.

I skimmed the documentation on the project page:

  sudo modprobe kvm-intel && sudo chmod a+rw /dev/kvm

Can you spot the fail?

I gave up reading further as shortly after that gem the page failed to
render sensibly in Firefox. Hint: Graphics

What's completely missing from the cover letter _and_ from the project
documentation is which subset of KVM functionality this is actually
using and how the actual content of the "guest" looks like. It's all
blury handwaving and lots of marketing to me.

Thanks,

        tglx