linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] KVM: VMX: enable nested virtualization by default
@ 2018-10-16 22:55 Paolo Bonzini
  2018-10-16 23:13 ` Liran Alon
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Paolo Bonzini @ 2018-10-16 22:55 UTC (permalink / raw)
  To: linux-kernel, kvm; +Cc: liran.alon, jmattson

With live migration support and finally a good solution for CR2/DR6
exception payloads, nested VMX should finally be ready for having a stable
userspace ABI.  The results of syzkaller fuzzing are not perfect but not
horrible either (and might be partially due to running on GCE, so that
effectively we're testing three-level nesting on a fork of upstream KVM!).
Enabling it by default seems like a nice way to conclude the 4.20
pull request. :)

Unfortunately, enabling nested SVM in 2009 was a bit premature.  However,
until live migration support is in place we can reasonably expect that
it does not offer much in terms of ABI guarantees.  Therefore we are
still in time to break things and conform as much as possible to the
interface used for VMX.

Suggested-by: Jim Mattson <jmattson@google.com>
Suggested-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 arch/x86/kvm/vmx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e665aa7167cf..89fc2a744d7f 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -107,7 +107,7 @@ module_param_named(enable_shadow_vmcs, enable_shadow_vmcs, bool, S_IRUGO);
  * VMX and be a hypervisor for its own guests. If nested=0, guests may not
  * use VMX instructions.
  */
-static bool __read_mostly nested = 0;
+static bool __read_mostly nested = 1;
 module_param(nested, bool, S_IRUGO);
 
 static u64 __read_mostly host_xss;
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] KVM: VMX: enable nested virtualization by default
  2018-10-16 22:55 [PATCH] KVM: VMX: enable nested virtualization by default Paolo Bonzini
@ 2018-10-16 23:13 ` Liran Alon
  2018-10-17  0:44 ` Wanpeng Li
  2018-10-17  8:21 ` Wincy Van
  2 siblings, 0 replies; 4+ messages in thread
From: Liran Alon @ 2018-10-16 23:13 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: linux-kernel, kvm, jmattson



> On 17 Oct 2018, at 1:55, Paolo Bonzini <pbonzini@redhat.com> wrote:
> 
> With live migration support and finally a good solution for CR2/DR6
> exception payloads, nested VMX should finally be ready for having a stable

And good solution for setting/getting vCPU events from userspace with correct pending/injected state.

> userspace ABI.  The results of syzkaller fuzzing are not perfect but not
> horrible either (and might be partially due to running on GCE, so that
> effectively we're testing three-level nesting on a fork of upstream KVM!).
> Enabling it by default seems like a nice way to conclude the 4.20
> pull request. :)
> 
> Unfortunately, enabling nested SVM in 2009 was a bit premature.  However,

Don’t you wish to mention commit which enabled it?

> until live migration support is in place we can reasonably expect that
> it does not offer much in terms of ABI guarantees.  Therefore we are
> still in time to break things and conform as much as possible to the
> interface used for VMX.
> 
> Suggested-by: Jim Mattson <jmattson@google.com>
> Suggested-by: Liran Alon <liran.alon@oracle.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> arch/x86/kvm/vmx.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index e665aa7167cf..89fc2a744d7f 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -107,7 +107,7 @@ module_param_named(enable_shadow_vmcs, enable_shadow_vmcs, bool, S_IRUGO);
>  * VMX and be a hypervisor for its own guests. If nested=0, guests may not
>  * use VMX instructions.
>  */
> -static bool __read_mostly nested = 0;
> +static bool __read_mostly nested = 1;
> module_param(nested, bool, S_IRUGO);
> 
> static u64 __read_mostly host_xss;
> -- 
> 2.17.1
> 

Woohoo! :)
Reviewed-by: Liran Alon <liran.alon@oracle.com>



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] KVM: VMX: enable nested virtualization by default
  2018-10-16 22:55 [PATCH] KVM: VMX: enable nested virtualization by default Paolo Bonzini
  2018-10-16 23:13 ` Liran Alon
@ 2018-10-17  0:44 ` Wanpeng Li
  2018-10-17  8:21 ` Wincy Van
  2 siblings, 0 replies; 4+ messages in thread
From: Wanpeng Li @ 2018-10-17  0:44 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: LKML, kvm, Liran Alon, Jim Mattson

On Wed, 17 Oct 2018 at 06:57, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> With live migration support and finally a good solution for CR2/DR6
> exception payloads, nested VMX should finally be ready for having a stable
> userspace ABI.  The results of syzkaller fuzzing are not perfect but not
> horrible either (and might be partially due to running on GCE, so that
> effectively we're testing three-level nesting on a fork of upstream KVM!).
> Enabling it by default seems like a nice way to conclude the 4.20
> pull request. :)
>
> Unfortunately, enabling nested SVM in 2009 was a bit premature.  However,
> until live migration support is in place we can reasonably expect that
> it does not offer much in terms of ABI guarantees.  Therefore we are
> still in time to break things and conform as much as possible to the
> interface used for VMX.
>
> Suggested-by: Jim Mattson <jmattson@google.com>
> Suggested-by: Liran Alon <liran.alon@oracle.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  arch/x86/kvm/vmx.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index e665aa7167cf..89fc2a744d7f 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -107,7 +107,7 @@ module_param_named(enable_shadow_vmcs, enable_shadow_vmcs, bool, S_IRUGO);
>   * VMX and be a hypervisor for its own guests. If nested=0, guests may not
>   * use VMX instructions.
>   */
> -static bool __read_mostly nested = 0;
> +static bool __read_mostly nested = 1;

Really cool, a milestone for nested. :)

Regards,
Wanpeng Li

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] KVM: VMX: enable nested virtualization by default
  2018-10-16 22:55 [PATCH] KVM: VMX: enable nested virtualization by default Paolo Bonzini
  2018-10-16 23:13 ` Liran Alon
  2018-10-17  0:44 ` Wanpeng Li
@ 2018-10-17  8:21 ` Wincy Van
  2 siblings, 0 replies; 4+ messages in thread
From: Wincy Van @ 2018-10-17  8:21 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: linux-kernel, kvm, Liran Alon, Jim Mattson

On Wed, Oct 17, 2018 at 6:57 AM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> With live migration support and finally a good solution for CR2/DR6
> exception payloads, nested VMX should finally be ready for having a stable
> userspace ABI.  The results of syzkaller fuzzing are not perfect but not
> horrible either (and might be partially due to running on GCE, so that
> effectively we're testing three-level nesting on a fork of upstream KVM!).
> Enabling it by default seems like a nice way to conclude the 4.20
> pull request. :)
>
> Unfortunately, enabling nested SVM in 2009 was a bit premature.  However,
> until live migration support is in place we can reasonably expect that
> it does not offer much in terms of ABI guarantees.  Therefore we are
> still in time to break things and conform as much as possible to the
> interface used for VMX.
>
> Suggested-by: Jim Mattson <jmattson@google.com>
> Suggested-by: Liran Alon <liran.alon@oracle.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  arch/x86/kvm/vmx.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index e665aa7167cf..89fc2a744d7f 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -107,7 +107,7 @@ module_param_named(enable_shadow_vmcs, enable_shadow_vmcs, bool, S_IRUGO);
>   * VMX and be a hypervisor for its own guests. If nested=0, guests may not
>   * use VMX instructions.
>   */
> -static bool __read_mostly nested = 0;
> +static bool __read_mostly nested = 1;
>  module_param(nested, bool, S_IRUGO);
>
>  static u64 __read_mostly host_xss;
> --
> 2.17.1
>


bravo!   :-)

Thanks,
Wincy

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2018-10-17  8:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-16 22:55 [PATCH] KVM: VMX: enable nested virtualization by default Paolo Bonzini
2018-10-16 23:13 ` Liran Alon
2018-10-17  0:44 ` Wanpeng Li
2018-10-17  8:21 ` Wincy Van

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).