Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp1084641imn; Tue, 26 Jul 2022 18:14:17 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ts3iCtnRYr9gzvsHNdJhBMOiuYwBS/9vUfd5XYdu3UWeaSBUlGGwfhxiRZjKVCdZf5Xmzv X-Received: by 2002:a05:6402:345a:b0:43c:abfe:5b75 with SMTP id l26-20020a056402345a00b0043cabfe5b75mr1354593edc.416.1658884457445; Tue, 26 Jul 2022 18:14:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658884457; cv=none; d=google.com; s=arc-20160816; b=Cd6XTCA+yUfMox/f70x3KHSKd6QoYtVISaLJzdCXefYmG1pSkfk3aMN33bjg+Ts25Z K0EKgwrHK1Hhvnzh9Wn4SpqEw0HmdW0IaGWi8J3yu3NS2yG/jCHv22QbWsphDy805hvQ /+dTqXKZJZw0g6vsoWxpCaM/cx4+xi8+AxzMnZdXuI8KgcLq72Bo4FBpJOKRpAnVOcrw 4lOUvyUkyj7Gy03cZBYNKAU25jIg3xL3ru8FaXBKnbK1E1EilTDaWYIZOgDx+ggDDqy1 E0urHCjeLfNkmSxL78eSUW5O22Qz7Lw4nwbthDBs/B8YH3Ysxw5mvXxP1GzNrL1wGvue MGKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=F1CB8uxEEeVmjEqML3wHULJiqkA1BC56ArX1DExl2h0=; b=zV67x+5ls0vpUk/4I/fYSrwszn+zArx80fcCAUos/2ceDPQqxYvyY+zjmdtgQ9PKGl GQ4TDuXuV/nYSqIa7GdLhQX13z3iwSv4F/Pc4gIk6odBmeZBmSRQ+M80Sa5t+Vltmnfc cd3jiTHCuY6SNPbcsxENB+gJC1Q25OSaK0sHjVL7KQRptp0oDkMvraQ4cQSEHsAsXpUd AIkqNcahi0JXdzMm9D/mJhCmZR8vmzMbyIO7GhRdPvYNfpiaJA6IvDS4A8LsTbo6v2Yd 4bVLpH1CjMG2YsFWjfZtTb147r7Us/XmgPQGC1y0/a7LQR39qj9t0lcR5fjJn7Jj+EMM e4Wg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Bowbdoek; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e18-20020a17090658d200b0072f1dffedcfsi22239789ejs.588.2022.07.26.18.13.52; Tue, 26 Jul 2022 18:14:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Bowbdoek; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240112AbiG0BEA (ORCPT + 99 others); Tue, 26 Jul 2022 21:04:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239972AbiG0BD6 (ORCPT ); Tue, 26 Jul 2022 21:03:58 -0400 Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 094693191C for ; Tue, 26 Jul 2022 18:03:57 -0700 (PDT) Received: by mail-yb1-xb2e.google.com with SMTP id 123so5163368ybv.7 for ; Tue, 26 Jul 2022 18:03:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=F1CB8uxEEeVmjEqML3wHULJiqkA1BC56ArX1DExl2h0=; b=BowbdoekaMtWgeqq6JQeYxKcmHK+fziGoVioqo96wYk6ogTiHULPf4SFWGSe7wcDHQ 5B5YGzp/Hoi+EAxUMDZy9RVS8WYYSDvYTBeg+z1mT8LQWxhYNPs8qO1pO4az8spk0vK/ MWD4BMay3csEszpYfEbpFda2WQfCZBau7qu7Km+U2EtFCucH8A4tXLbmnaDV58OeBZ9L aGHCRzJ+ZbIEw3Tgt1ofq3ES8n7CYx9kuT/tSozsqeohGOgctAr88tg7WLpiH14C2DIu /EE219agvhkYpwOtk78869F1P6IfDBx0NKG1Lpmbn8VrTU064hZpqHqCHBAYbEId67Tm JiYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=F1CB8uxEEeVmjEqML3wHULJiqkA1BC56ArX1DExl2h0=; b=XFyLEsKLDN5LGdbC6jwBnM40tYred0NB5CDvrj11hC81WzclK5LeMsVHyOPatgzL6B rgoRqT50X6eJmxA4Ti86wopFo6ylcxQOKHH9ZRjaOsr1WKyx/Lx6lY9HeVx9xGqrdaRb nantn2VAFHpEfNL1qz0eWg7Vb6DerGg0tYetkqqZEFKc8a5UTdvcVzvX8Oocdb9+6nbi gcwhMYTg0cBxRQeAWIMZxshmC5QfnQDaMHHiaSLOEZrqGUXSISAqNWnAj1Y2bivBJVyc XK1N1m8eQe4RrwmtInCKQTEIFTewkACMtt+A7ba5R6ThHirijSupXNcQ9mVkEFYnN5VV 3XiQ== X-Gm-Message-State: AJIora/FcM+qv4v7Y51GYt5x+WutVaL+Y8ioGo7Xg+lJ8ohS5psDx6zu 3FM5uNTdYtnLAbNbXn9CoAk3jqVqOW1hJt4ysDDfTA== X-Received: by 2002:a25:b9d1:0:b0:671:49f9:4e01 with SMTP id y17-20020a25b9d1000000b0067149f94e01mr8795250ybj.398.1658883835983; Tue, 26 Jul 2022 18:03:55 -0700 (PDT) MIME-Version: 1.0 References: <20220722230241.1944655-1-avagin@google.com> <875yjjttiz.ffs@tglx> In-Reply-To: <875yjjttiz.ffs@tglx> From: Andrei Vagin Date: Tue, 26 Jul 2022 18:03:44 -0700 Message-ID: Subject: Re: [PATCH 0/5] KVM/x86: add a new hypercall to execute host system To: Thomas Gleixner Cc: Sean Christopherson , Paolo Bonzini , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Wanpeng Li , Vitaly Kuznetsov , Jianfeng Tan , Adin Scannell , Konstantin Bogomolov , Etienne Perot , Andy Lutomirski , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 26, 2022 at 3:10 PM Thomas Gleixner wrote: > > On Tue, Jul 26 2022 at 15:10, Sean Christopherson wrote: > > On Tue, Jul 26, 2022, Andrei Vagin wrote: > >> * It doesn't allow to support Confidential Computing (SEV-ES/SGX). The Sentry > >> has to be fully enclosed in a VM to be able to support these technologies. > > > > Speaking of SGX, this reminds me a lot of Graphene, SCONEs, etc..., which IIRC > > tackled the "syscalls are crazy expensive" problem by using a message queue and > > a dedicated task outside of the enclave to handle syscalls. Would something like > > that work, or is having to burn a pCPU (or more) to handle syscalls in the host a > > non-starter? > > Let's put VMs aside for a moment. The problem you are trying to solve is > ptrace overhead because that requires context switching, right? Yes, you are right. > > Did you ever try to solve this with SYSCALL_USER_DISPATCH? That requires > signals, which are not cheap either, but we certainly could come up with > a lightweight signal implementation for that particular use case. We thought about this interface and how it could be used for gVisor needs. I think the main question is how to manage guest address spaces. gVisor can run multiple processes in one sandbox. Each process must have its address space isolated from other address spaces. The gVisor kernel (Sentry) has to run in a separate address space that guest processes don't have access to, but the Sentry has to be able to access all other address spaces. > > Thanks, > > tglx >