[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC v2 0/4] HVM x86 deprivileged mode operations

To: Fabio Fantoni <fabio.fantoni@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Ben Catterall <Ben.Catterall@xxxxxxxxxx>
Date: Tue, 8 Sep 2015 11:58:05 +0100
Cc: keir@xxxxxxx, jbeulich@xxxxxxxx, george.dunlap@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, tim@xxxxxxx, Aravind.Gopalakrishnan@xxxxxxx, suravee.suthikulpanit@xxxxxxx, boris.ostrovsky@xxxxxxxxxx, ian.campbell@xxxxxxxxxx
Delivery-date: Tue, 08 Sep 2015 10:58:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>


Hi Fabio,

On 04/09/15 11:46, Fabio Fantoni wrote:
[snip]


Sorry for my stupid questions:
Is there a test with benchmark using qemu instead for know how is
different? Qemu seems that emulate also some istructions cases that xen
hypervisor doesn't for now, or I'm wrong?

So, QEMU emulates devices for HVM guests. Now, letting the portiooperation through to QEMU to emulate takes about 20e-6 seconds. But,that includes the time QEMU takes to actually emulate the port operationso is not the 'pure' overhead. I need to do more detailed analysis toget that figure.

Is there any possible hardware technology or set of instructions for
improve the operations also deprivileged or transition from Xen is
obliged to control even mappings memory access?

We're using sysret and syscall already to do the transition which arethe fast system call operations. I don't have actual benchmark valuesfor their execution time though. We map the depriv code, stack and datasections into the monitor table when initialising the HVM guest (usermode mapping) so Xen doesn't need to worry about those mappings whilstexecuting a depriv operation.

Is there any possible future hardware technology or set of instructions
for take needed informations from hypervisor for executing directly all
needed checks, them if ok and any possible exceptions/protections or
delegate this to xen for each instruction with a tremendous impact on
the efficiency can not be improved?

I'm not quite sure what you're asking here, sorry! Are you asking if wecan take an HVM guest instruction, analyse it to determine if it's safeto execute and then execute it rather than emulating it? If so:

QEMU handles device emulation and this is deliberately not done in Xento reduce the attack surface of the hypervisor and keep it minimal. Wedo need to analyse instructions at some points (x86 emulate) but this iserror prone (there's a paper or two on exploits of this feature). Thisis one of the reasons for considering a depriv mode in the first pace,by moving such code into a deprivileged area, we can prevent a bug inthis code from leading to hypervisor compromise. I'm not aware of anyfuture hardware or set of instructions but that doesn't mean therearen't/won't be!

If I said only absurd things because of my knowledge too low about sorry
for having wasted your time.

Thanks for any reply and sorry for my bad english.

np, I hope I've understood correctly!


Performance testing
-------------------
Performance testing indicates that the overhead for this deprivileged
mode
depend heavily upon the processor. This overhead is the cost of moving
into
deprivileged mode and then fully back out of deprivileged mode. The
conclusions
are that the overheads are not negligible and that operations using this
mechanism would benefit from being long running or be high risk
components. It
will need to be evaluated on a case-by-case basis.

I performed 100000 writes to a single I/O port on an Intel 2.2GHz Xeon
E5-2407 0 processor and an AMD Opteron 2376. This was done from a
python script
within the HVM guest using time.time() and running Debian Jessie. Each
write was
trapped to cause a vmexit and the time for each write was calculated.
The port
operation is bypassed so that no portio is actually performed. Thus, the
differences in the measurements below can be taken as the pure
overhead. These
experiments were repeated. Note that only the host and this HVM guest
were
running (both Debian Jessie) during the experiments.

Intel Intel 2.2GHz Xeon E5-2407 0 processor:
--------------------------------------------
1.55e-06 seconds was the average time for performing the write without
the
          deprivileged code running.

5.75e-06 seconds was the average time for performing the write with the
          deprivileged code running.

So approximately 351% overhead

AMD Opteron 2376:
-----------------
1.74e-06 seconds was the average time for performing the write without
the
          deprivileged code running.
3.10e-06 seconds was the average time for performing the write with an
entry and
          exit from deprvileged mode.

So approximately 178% overhead.

Signed-off-by: Ben Catterall <Ben.Catterall@xxxxxxxxxx>


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH RFC v2 0/4] HVM x86 deprivileged mode operations
  - From: Ben Catterall
- Re: [Xen-devel] [PATCH RFC v2 0/4] HVM x86 deprivileged mode operations
  - From: Fabio Fantoni

Prev by Date: Re: [Xen-devel] Notes from Xen BoF at Debconf15
Next by Date: Re: [Xen-devel] [PATCH v4 18/20] net/xen-netback: Make it running on 64KB page granularity
Previous by thread: Re: [Xen-devel] [PATCH RFC v2 0/4] HVM x86 deprivileged mode operations
Next by thread: Re: [Xen-devel] [Xen-users] Changing netback tx interrupts affinity on Dom0
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.