On 06.03.2020 10:22, Ilia Zykov wrote: > Hello, > > this page - https://blog.netbsd.org/tnf/entry/from_zero_to_nvmm says: > > “One thing you may have noticed from Fig. A, is that the complex emulation machinery is not in the kernel, but in USERLAND. This is an excellent security property of NVMM, because it reduces the risk for the host in case of bug or vulnerability – the host kernel remains unaffected –, and also has the advantage of making the machinery easily fuzzable. Currently, this property is NOT FOUND in other hypervisors such as KVM, HAXM or Bhyve, and I hope we'll be able to preserve it as we move forward with more backends.” > > I don't understand what does it mean “emulation machinery is not in the kernel, but in USERLAND ... this property is NOT FOUND in other hypervisors such as KVM ..."? > After all, qemu-kvm also runs in userland and does the same thing. What is the difference between qemu-kvm(without virtio) and qemu-nvmm? > I'm more interested there are architectural differences, not implementation differences. > > Kvm's guest code start point is in kernel space (but it is isolated from the main part by using VT-x / AMD-V). Take a look at slide 9 on this page: http://www.linux-kongress.org/2010/slides/KVM-Architecture-LK2010.pdf > But nvmm, does the same. Or nvmm returns in userspace before execute the main guest code? I don't undestand. > > The kvm mane loop is: > open("/dev/kvm") > ioctl(KVM_CREATE_VM) > ioctl(KVM_CREATE_VCPU) > for (;;) { > ioctl(KVM_RUN) > switch (exit_reason) { > case KVM_EXIT_IO: /* ... */ > case KVM_EXIT_HLT: /* ... */ > } > } > But nvmm, does the same. > struct nvmm_exit exit; > while (1) { > nvmm_vcpu_run(&mach, 0, &exit); > switch (exit.reason) { > case NVMM_EXIT_NONE: > break; /* nothing to do */ > case ... /* completed as needed */ > } > } > Tell me, please, where am I mistaken? > I would really appreciate any clarification. > Thank you. > A hypervisor backend shall implement instruction decoder for MMIO/PIO operations. NVMM performs this emulation in userspace, while others like HAXM perform this inside the kernel. There are pros and cons but it is a distinct property of NVMM, but it is definitely a more secure approach.
Attachment:
signature.asc
Description: OpenPGP digital signature