Re: What is the difference between nvmm-netbsd and kvm-linux?

Fri, 06 Mar 2020 01:37:37 -0800 

On 06.03.2020 10:22, Ilia Zykov wrote:
> Hello,
> 
> this page - https://blog.netbsd.org/tnf/entry/from_zero_to_nvmm says:
> 
> “One thing you may have noticed from Fig. A, is that the complex emulation 
> machinery is not in the kernel, but in USERLAND. This is an excellent 
> security property of NVMM, because it reduces the risk for the host in case 
> of bug or vulnerability – the host kernel remains unaffected –, and also has 
> the advantage of making the machinery easily fuzzable. Currently, this 
> property is NOT FOUND in other hypervisors such as KVM, HAXM or Bhyve, and I 
> hope we'll be able to preserve it as we move forward with more backends.”
> 
> I don't understand what does it mean “emulation machinery is not in the 
> kernel, but in USERLAND ... this property is NOT FOUND in other hypervisors 
> such as KVM ..."?
> After all, qemu-kvm also runs in userland and does the same thing. What is 
> the difference between qemu-kvm(without virtio) and qemu-nvmm?
> I'm more interested there are architectural differences, not implementation 
> differences.
> 
> Kvm's guest code start point is in kernel space (but it is isolated from the 
> main part by using VT-x / AMD-V). Take a look at slide 9 on this page: 
> http://www.linux-kongress.org/2010/slides/KVM-Architecture-LK2010.pdf
> But nvmm, does the same. Or nvmm returns in userspace before execute the main 
> guest code? I don't undestand.
> 
> The kvm mane loop is:
> open("/dev/kvm")
> ioctl(KVM_CREATE_VM)
> ioctl(KVM_CREATE_VCPU)
> for (;;) {
>      ioctl(KVM_RUN)
>      switch (exit_reason) {
>      case KVM_EXIT_IO:  /* ... */
>      case KVM_EXIT_HLT: /* ... */
>      }
> }
> But nvmm, does the same.
> struct nvmm_exit exit;
>       while (1) {
>               nvmm_vcpu_run(&mach, 0, &exit);
>               switch (exit.reason) {
>               case NVMM_EXIT_NONE:
>                       break; /* nothing to do */
>               case ... /* completed as needed */
>               }
>       }
> Tell me, please, where am I mistaken?
> I would really appreciate any clarification.
> Thank you.
> 

A hypervisor backend shall implement instruction decoder for MMIO/PIO
operations. NVMM performs this emulation in userspace, while others like
HAXM perform this inside the kernel.

There are pros and cons but it is a distinct property of NVMM, but it is
definitely a more secure approach.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to