Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp89486imn; Tue, 26 Jul 2022 23:59:33 -0700 (PDT) X-Google-Smtp-Source: AGRyM1u2U2FYlzmj6QQxNPtjEJhpNPpi1Drg8eC+ambjMN836idrbXhqiLqxgF1RFezGeeFIaiVW X-Received: by 2002:a63:2ccd:0:b0:411:54ac:5c7e with SMTP id s196-20020a632ccd000000b0041154ac5c7emr17597084pgs.561.1658905173708; Tue, 26 Jul 2022 23:59:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658905173; cv=none; d=google.com; s=arc-20160816; b=YLVGTJzMcm8vLH9DzFZlBzW5zT4Rdn0pF0AerUezPcxlljuDUANs/l3RzetRaUwVOG 2RfrkJ6o54/p/ix4SRYGgnvHTEcqtENt0I3+ZOj6hDLp5JBB6DVk1nRVfYtem3a+OfRe VfyAs/GsrbT61f+91fMzUgT6ZPKSJ8O7ks18ArpxuWEdjmOVnVBiqDJH71mt3nFGDWCl qJzjaBr8UA3BLUtBJKXnlo7wlwq7m9dBIZoAyDkP9RrxXk6F07RE6XxdodYRtV8Ow7D5 tdibkEjSZeHgUi+CzPukUzTLsGcpxa33u4PwJVF/aLVeU/dZokLgLP8xnqNjObp9wYMh 1EXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=dIk2fwAV08ErsFGBkLnOZZhNa5yhNMvY3ac+VYQOigs=; b=JUDZ9xga3162cN6f0dC0kdKNbqREfzEUwnBIMY/mz+FpxcBI41p7S8W4+WVtk+z+xM 5OmxDP4bjtu4RUDUcpJo8ug+NR656F8pprN+pC2Cv+baPhyZPLP4OOkchAfXAozp/wei zRenJSI4Rd7gdlMe7x/xYx4h2B7cPCaPE8SbcDBI5oUwGUBtEzKOFuYFiUAqKGqJ1RFD xMhK5JEsPxb27HRhsvXGBPI0/Ay6sZy6RcBFpoOvt4cT4DQbO2W0D4pJPAldMfdL8b/P 0xDSsmLbGwL6IDCruL/Aq1JhozxJu2iQxx3Mf4p0DeOJYLjdWubQ9v6aFqO+F5M1Yaox ctcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=FbQa9CWL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t3-20020a170902b20300b0016d0cc9d567si18067556plr.291.2022.07.26.23.59.11; Tue, 26 Jul 2022 23:59:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=FbQa9CWL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231320AbiG0Gpe (ORCPT + 99 others); Wed, 27 Jul 2022 02:45:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230029AbiG0Gog (ORCPT ); Wed, 27 Jul 2022 02:44:36 -0400 Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E46E371B3 for ; Tue, 26 Jul 2022 23:44:35 -0700 (PDT) Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-31f661b3f89so3767997b3.11 for ; Tue, 26 Jul 2022 23:44:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dIk2fwAV08ErsFGBkLnOZZhNa5yhNMvY3ac+VYQOigs=; b=FbQa9CWLgVzM61MSmBPyFGX9XBA0kbtIVSTlHrDxqFV7j9+nBUaDPM+IUXwo/wIUxG KPPngDX3kSul/rXj7jFnIoNpmzw1YsziS5UghXNzbGSQCw2GmedjHkmtFF9d+Vi5gbUu Fb6kAFhm8lDtast5qrj+uxouUqkz48c+lZ+lloD4rE3qxbkZ6O7MmYuNxYH6nu+lYkaZ ZqBk3LD/TBSJ3QBsNMJz74WoUcVEXc38KSO2H+/KkazhvWng04YhOfKpn6ja192YM6n6 2nUSpoi059q0aWddmCnes3XpDmvC2G8NmEb6zgHCbUHo7SianEodgTrBRyS6lxyIEY8B Nr7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dIk2fwAV08ErsFGBkLnOZZhNa5yhNMvY3ac+VYQOigs=; b=0KIRpri1f4kJKI6NPs4wujeQEqLX+xdmtI1lb77k5h+uZT4IDMTVJPPuB109EK/Qtu Ns0eLmJ9c85Vz+glk2yBCX1O5CL3emst9HJzYB5XD7cJnuONt+YVA9nlkXvqynr+Y4hG MS8B3sVPCZUvCTCRmEa9jt9tbUtVVU0+mvfv1WC9PhLoPVb9/7GVHafeE+F9ONooBxzc rpyKO3DKhLJUwxnzesn79p+PRE3z6rpkxWM9ZlJpS1oRmrjFVIWXt7+KtYqYkNurPRLk WCzHc1JdtfnT9fuzAfyDv/eaF0lgx7Mw5W355DY7HDxL3KcgiDZ+8NBxJeE42TXGXcQa hY5w== X-Gm-Message-State: AJIora9zTpXbSK6LrBhCnIT1dnaafJVhSVnVT0TtYWnKeStZYpbuMHzO aALQzHuMRtQhLJ0D1IqqfDmV8P1vuwz9VVt7aGBWJA== X-Received: by 2002:a0d:c587:0:b0:31e:8bab:394d with SMTP id h129-20020a0dc587000000b0031e8bab394dmr18163248ywd.107.1658904274278; Tue, 26 Jul 2022 23:44:34 -0700 (PDT) MIME-Version: 1.0 References: <20220722230241.1944655-1-avagin@google.com> <69b45487-ce0e-d643-6c48-03c5943ce2e6@redhat.com> In-Reply-To: <69b45487-ce0e-d643-6c48-03c5943ce2e6@redhat.com> From: Andrei Vagin Date: Tue, 26 Jul 2022 23:44:23 -0700 Message-ID: Subject: Re: [PATCH 0/5] KVM/x86: add a new hypercall to execute host system To: Paolo Bonzini Cc: Sean Christopherson , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Wanpeng Li , Vitaly Kuznetsov , Jianfeng Tan , Adin Scannell , Konstantin Bogomolov , Etienne Perot , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 26, 2022 at 3:27 AM Paolo Bonzini wrote: > > On 7/26/22 10:33, Andrei Vagin wrote: ... > > == Execute system calls from a user-space VMM == > > > > In this case, the Sentry is always running in VM, and a syscall handler in GR0 > > triggers vmexit to transfer control to VMM (user process that is running in > > hr3), VMM executes a required system call, and transfers control back to the > > Sentry. We can say that it implements the suggested hypercall in the > > user-space. > > > > The sentry syscall time is 2100ns in this case. > > > > The new hypercall does the same but without switching to the host ring 3. It > > reduces the sentry syscall time to 1000ns. > > Yeah, ~3000 clock cycles is what I would expect. > > What does it translate to in terms of benchmarks? For example a simple > netperf/UDP_RR benchmark. * netperf in gVisor with the syscall fast path: $ ./runsc --platform kvm --network host --rootless do netperf -H ::1 -p 12865 -t UDP_RR MIGRATED UDP REQUEST/RESPONSE TEST from ::0 (::) port 0 AF_INET6 to ::1 (::1) port 0 AF_INET6 : interval : first burst 0 Local /Remote Socket Size Request Resp. Elapsed Trans. Send Recv Size Size Time Rate bytes Bytes bytes bytes secs. per sec 212992 212992 1 1 10.00 95965.18 212992 212992 * netperf in gVisor without syscall fast path: $ ./runsc.orig --platform kvm --network host --rootless do netperf -H ::1 -p 12865 -t UDP_RR MIGRATED UDP REQUEST/RESPONSE TEST from ::0 (::) port 0 AF_INET6 to ::1 (::1) port 0 AF_INET6 : interval : first burst 0 Local /Remote Socket Size Request Resp. Elapsed Trans. Send Recv Size Size Time Rate bytes Bytes bytes bytes secs. per sec 212992 212992 1 1 10.00 58709.17 212992 212992 * netperf executed on the host without gVisor $ netperf -H ::1 -p 12865 -t UDP_RR MIGRATED UDP REQUEST/RESPONSE TEST from ::0 (::) port 0 AF_INET6 to ::1 (::1) port 0 AF_INET6 : interval : first burst 0 Local /Remote Socket Size Request Resp. Elapsed Trans. Send Recv Size Size Time Rate bytes Bytes bytes bytes secs. per sec 212992 212992 1 1 10.00 146460.80 212992 212992 Thanks, Andrei