LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Stefan Hajnoczi <stefanha@redhat.com>
To: "Wang, Wei W" <wei.w.wang@intel.com>
Cc: "sgarzare@redhat.com" <sgarzare@redhat.com>,
	"davem@davemloft.net" <davem@davemloft.net>,
	"kuba@kernel.org" <kuba@kernel.org>,
	"mst@redhat.com" <mst@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	"kys@microsoft.com" <kys@microsoft.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"virtualization@lists.linux-foundation.org" 
	<virtualization@lists.linux-foundation.org>,
	"Yamahata, Isaku" <isaku.yamahata@intel.com>,
	"Nakajima, Jun" <jun.nakajima@intel.com>,
	"Kleen, Andi" <andi.kleen@intel.com>,
	Andra Paraschiv <andraprs@amazon.com>
Subject: Re: [RFC] hypercall-vsock: add a new vsock transport
Date: Wed, 10 Nov 2021 09:34:32 +0000	[thread overview]
Message-ID: <YYuSKEqj3UMLNAfw@stefanha-x1.localdomain> (raw)
In-Reply-To: <71d7b0463629471e9d4887d7fcef1d8d@intel.com>

[-- Attachment #1: Type: text/plain, Size: 1708 bytes --]

On Wed, Nov 10, 2021 at 07:12:36AM +0000, Wang, Wei W wrote:
> We plan to add a new vsock transport based on hypercall (e.g. vmcall on Intel CPUs).
> It transports AF_VSOCK packets between the guest and host, which is similar to
> virtio-vsock, vmci-vsock and hyperv-vsock.
> 
> Compared to the above listed vsock transports which are designed for high performance,
> the main advantages of hypercall-vsock are:
> 
> 1)       It is VMM agnostic. For example, one guest working on hypercall-vsock can run on
> 
> either KVM, Hyperv, or VMware.
> 
> 2)       It is simpler. It doesn't rely on any complex bus enumeration
> 
> (e.g. virtio-pci based vsock device may need the whole implementation of PCI).
> 
> An example usage is the communication between MigTD and host (Page 8 at
> https://static.sched.com/hosted_files/kvmforum2021/ef/TDX%20Live%20Migration_Wei%20Wang.pdf).
> MigTD communicates to host to assist the migration of the target (user) TD.
> MigTD is part of the TCB, so its implementation is expected to be as simple as possible
> (e.g. bare mental implementation without OS, no PCI driver support).

AF_VSOCK is designed to allow multiple transports, so why not. There is
a cost to developing and maintaining a vsock transport though.

I think Amazon Nitro enclaves use virtio-vsock and I've CCed Andra in
case she has thoughts on the pros/cons and how to minimize the trusted
computing base.

If simplicity is the top priority then VIRTIO's MMIO transport without
indirect descriptors and using the packed virtqueue layout reduces the
size of the implementation:
https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.html#x1-1440002

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

       reply	other threads:[~2021-11-10  9:34 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <71d7b0463629471e9d4887d7fcef1d8d@intel.com>
2021-11-10  9:34 ` Stefan Hajnoczi [this message]
2021-11-11  8:02   ` Wang, Wei W
2021-11-10 10:50 ` Michael S. Tsirkin
2021-11-11  7:58   ` Wang, Wei W
2021-11-11 15:19     ` Michael S. Tsirkin
2021-11-25  6:37     ` Jason Wang
2021-11-25  8:43       ` Wang, Wei W
2021-11-25 12:04         ` Gerd Hoffmann
2021-11-10 11:17 ` Stefano Garzarella
2021-11-10 21:45   ` Paraschiv, Andra-Irina
2021-11-11  8:14   ` Wang, Wei W
2021-11-11  8:24     ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YYuSKEqj3UMLNAfw@stefanha-x1.localdomain \
    --to=stefanha@redhat.com \
    --cc=andi.kleen@intel.com \
    --cc=andraprs@amazon.com \
    --cc=davem@davemloft.net \
    --cc=isaku.yamahata@intel.com \
    --cc=jun.nakajima@intel.com \
    --cc=kuba@kernel.org \
    --cc=kys@microsoft.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=sgarzare@redhat.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=wei.w.wang@intel.com \
    --subject='Re: [RFC] hypercall-vsock: add a new vsock transport' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).