Message ID | 2867fad589f4f571e9ff885c24bc05a3bc7a9b11.1539288711.git.joseph.salisbury@canonical.com |
---|---|
State | New |
Headers | show |
Series | KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the same VM | expand |
On 11.10.2018 22:19, Joseph Salisbury wrote: > From: Paul Mackerras <paulus@ozlabs.org> > > BugLink: https://bugs.launchpad.net/bugs/1792957 > > This adds a mode where the vcore scheduling logic in HV KVM limits itself > to scheduling only virtual cores from the same VM on any given physical > core. This is enabled via a new module parameter on the kvm-hv module > called "one_vm_per_core". For this to work on POWER9, it is necessary to > set indep_threads_mode=N. (On POWER8, hardware limitations mean that KVM > is never in independent threads mode, regardless of the indep_threads_mode > setting.) > > Thus the settings needed for this to work are: > > 1. The host is in SMT1 mode. > 2. On POWER8, the host is not in 2-way or 4-way static split-core mode. > 3. On POWER9, the indep_threads_mode parameter is N. > 4. The one_vm_per_core parameter is Y. > > With these settings, KVM can run up to 4 vcpus on a core at the same > time on POWER9, or up to 8 vcpus on POWER8 (depending on the guest > threading mode), and will ensure that all of the vcpus belong to the > same VM. > > This is intended for use in security-conscious settings where users are > concerned about possible side-channel attacks between threads which could > perhaps enable one VM to attack another VM on the same core, or the host. > > Signed-off-by: Paul Mackerras <paulus@ozlabs.org> > (cherry picked from commit aa2278644ae54ff762ce33f9c9563d759e9cca9f linux-next) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > > --- > arch/powerpc/kvm/book3s_hv.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c > index dc9eb6b..0c8a655c 100644 > --- a/arch/powerpc/kvm/book3s_hv.c > +++ b/arch/powerpc/kvm/book3s_hv.c > @@ -103,6 +103,10 @@ static bool indep_threads_mode = true; > module_param(indep_threads_mode, bool, S_IRUGO | S_IWUSR); > MODULE_PARM_DESC(indep_threads_mode, "Independent-threads mode (only on POWER9)"); > > +static bool one_vm_per_core; > +module_param(one_vm_per_core, bool, S_IRUGO | S_IWUSR); > +MODULE_PARM_DESC(one_vm_per_core, "Only run vCPUs from the same VM on a core (requires indep_threads_mode=N)"); > + > #ifdef CONFIG_KVM_XICS > static struct kernel_param_ops module_param_ops = { > .set = param_set_int, > @@ -2449,6 +2453,10 @@ static bool can_dynamic_split(struct kvmppc_vcore *vc, struct core_info *cip) > if (!cpu_has_feature(CPU_FTR_ARCH_207S)) > return false; > > + /* In one_vm_per_core mode, require all vcores to be from the same vm */ > + if (one_vm_per_core && vc->kvm != cip->vc[0]->kvm) > + return false; > + > /* Some POWER9 chips require all threads to be in the same MMU mode */ > if (no_mixing_hpt_and_radix && > kvm_is_radix(vc->kvm) != kvm_is_radix(cip->vc[0]->kvm)) >
On 11/10/18 21:19, Joseph Salisbury wrote: > From: Paul Mackerras <paulus@ozlabs.org> > > BugLink: https://bugs.launchpad.net/bugs/1792957 > > This adds a mode where the vcore scheduling logic in HV KVM limits itself > to scheduling only virtual cores from the same VM on any given physical > core. This is enabled via a new module parameter on the kvm-hv module > called "one_vm_per_core". For this to work on POWER9, it is necessary to > set indep_threads_mode=N. (On POWER8, hardware limitations mean that KVM > is never in independent threads mode, regardless of the indep_threads_mode > setting.) > > Thus the settings needed for this to work are: > > 1. The host is in SMT1 mode. > 2. On POWER8, the host is not in 2-way or 4-way static split-core mode. > 3. On POWER9, the indep_threads_mode parameter is N. > 4. The one_vm_per_core parameter is Y. > > With these settings, KVM can run up to 4 vcpus on a core at the same > time on POWER9, or up to 8 vcpus on POWER8 (depending on the guest > threading mode), and will ensure that all of the vcpus belong to the > same VM. > > This is intended for use in security-conscious settings where users are > concerned about possible side-channel attacks between threads which could > perhaps enable one VM to attack another VM on the same core, or the host. > > Signed-off-by: Paul Mackerras <paulus@ozlabs.org> > (cherry picked from commit aa2278644ae54ff762ce33f9c9563d759e9cca9f linux-next) > Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> > > --- > arch/powerpc/kvm/book3s_hv.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c > index dc9eb6b..0c8a655c 100644 > --- a/arch/powerpc/kvm/book3s_hv.c > +++ b/arch/powerpc/kvm/book3s_hv.c > @@ -103,6 +103,10 @@ static bool indep_threads_mode = true; > module_param(indep_threads_mode, bool, S_IRUGO | S_IWUSR); > MODULE_PARM_DESC(indep_threads_mode, "Independent-threads mode (only on POWER9)"); > > +static bool one_vm_per_core; > +module_param(one_vm_per_core, bool, S_IRUGO | S_IWUSR); > +MODULE_PARM_DESC(one_vm_per_core, "Only run vCPUs from the same VM on a core (requires indep_threads_mode=N)"); > + > #ifdef CONFIG_KVM_XICS > static struct kernel_param_ops module_param_ops = { > .set = param_set_int, > @@ -2449,6 +2453,10 @@ static bool can_dynamic_split(struct kvmppc_vcore *vc, struct core_info *cip) > if (!cpu_has_feature(CPU_FTR_ARCH_207S)) > return false; > > + /* In one_vm_per_core mode, require all vcores to be from the same vm */ > + if (one_vm_per_core && vc->kvm != cip->vc[0]->kvm) > + return false; > + > /* Some POWER9 chips require all threads to be in the same MMU mode */ > if (no_mixing_hpt_and_radix && > kvm_is_radix(vc->kvm) != kvm_is_radix(cip->vc[0]->kvm)) > Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c index dc9eb6b..0c8a655c 100644 --- a/arch/powerpc/kvm/book3s_hv.c +++ b/arch/powerpc/kvm/book3s_hv.c @@ -103,6 +103,10 @@ static bool indep_threads_mode = true; module_param(indep_threads_mode, bool, S_IRUGO | S_IWUSR); MODULE_PARM_DESC(indep_threads_mode, "Independent-threads mode (only on POWER9)"); +static bool one_vm_per_core; +module_param(one_vm_per_core, bool, S_IRUGO | S_IWUSR); +MODULE_PARM_DESC(one_vm_per_core, "Only run vCPUs from the same VM on a core (requires indep_threads_mode=N)"); + #ifdef CONFIG_KVM_XICS static struct kernel_param_ops module_param_ops = { .set = param_set_int, @@ -2449,6 +2453,10 @@ static bool can_dynamic_split(struct kvmppc_vcore *vc, struct core_info *cip) if (!cpu_has_feature(CPU_FTR_ARCH_207S)) return false; + /* In one_vm_per_core mode, require all vcores to be from the same vm */ + if (one_vm_per_core && vc->kvm != cip->vc[0]->kvm) + return false; + /* Some POWER9 chips require all threads to be in the same MMU mode */ if (no_mixing_hpt_and_radix && kvm_is_radix(vc->kvm) != kvm_is_radix(cip->vc[0]->kvm))