• [Xen-devel] KVM PV (was: Re: [PATCH v2 2/2] x86/lguest: remove lgue

    From George Dunlap@21:1/5 to Paolo Bonzini on Mon Oct 2 12:20:01 2017
    On Fri, Sep 29, 2017 at 5:39 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
    On 29/09/2017 17:47, Lai Jiangshan wrote:
    Hello, all

    An interesting (at least to me) thinking came up to me when I found
    that the lguest was removed. But I don't have enough knowledge
    to find out the answer nor energy to implement it in some time.

    Is it possible to implement kvm-pv which allows kvm to run on
    the boxes without hardware virtualization support, so that
    qemu/kvm can be used on clouds such as aws, azure?

    No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized hardware with event channels, grant tables and the like, but still using hardware extensions for MMU).

    That said, the main pain point for Xen's PV so far has been the fact
    that we expose the real pagetables directly to the guest, in order to
    avoid having to do use shadow pagetables. If you're willing to take
    the performance hit and use an existing shadow pagetable
    implementation from the start, it might not be so bad from a
    development perspective.

    Still, I'm betting it will be a lot more work than you expect. :-)

    -George

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From George Dunlap@21:1/5 to Paolo Bonzini on Mon Oct 2 12:40:01 2017
    On Sat, Sep 30, 2017 at 4:39 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:

    ----- Lai Jiangshan <jiangshanlai+lkml@gmail.com> ha scritto:
    On Sat, Sep 30, 2017 at 12:39 AM, Paolo Bonzini <pbonzini@redhat.com> wrote: >> > On 29/09/2017 17:47, Lai Jiangshan wrote:
    Hello, all

    An interesting (at least to me) thinking came up to me when I found
    that the lguest was removed. But I don't have enough knowledge
    to find out the answer nor energy to implement it in some time.

    Is it possible to implement kvm-pv which allows kvm to run on
    the boxes without hardware virtualization support, so that
    qemu/kvm can be used on clouds such as aws, azure?

    No, please don't. :) Even Xen is moving from PV to PVH (paravirtualized >> > hardware with event channels, grant tables and the like, but still using >> > hardware extensions for MMU).

    Rather, cloud providers should help getting nested virtualization ready
    for production use. At least for KVM it's not that far.


    Although I'm not business man, I don't think the top cloud provider[s]
    would allow nested virtualization, however mature nested virtualization
    is. Even xen-pv is unable to be nested in the aws and azure.

    A lot of new Windows features, like Credential Guard and Device Guard
    require hardware virtualization support, as do security products like
    Bromium. So it's not surprising that cloud providers are becoming
    more interested in nested hardware support.

    Check the contributors to KVM nested virtualization, you might be surprised.

    Nested Xen PV is not possible because the Xen hypervisor cannot run as a PV guest. It's a technical limitation.

    Minor correction: Xen can't run on AWS as a PV guest, but it can run
    as an L1 hypervisor inside any "fully virtualized" VM (as both AWS and
    Azure provide), and provide PV L2 guests.

    -George

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)