From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Ashish Kalra <Ashish.Kalra@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Lendacky <Thomas.Lendacky@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Eduardo Habkost <ehabkost@redhat.com>,
kvm-devel <kvm@vger.kernel.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
ssg.sos.patches@amd.com, Markus Armbruster <armbru@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH 01/11] memattrs: add debug attribute
Date: Tue, 1 Dec 2020 18:57:17 +0000 [thread overview]
Message-ID: <20201201185717.GN4338@work-vm> (raw)
In-Reply-To: <CAFEAcA_cdixD7jvu68snUU=PN2xQow1W2goKjshfdF9jGb2dBQ@mail.gmail.com>
* Peter Maydell (peter.maydell@linaro.org) wrote:
> On Tue, 1 Dec 2020 at 11:51, Dr. David Alan Gilbert <dgilbert@redhat.com> wrote:
> >
> > * Peter Maydell (peter.maydell@linaro.org) wrote:
> > > On Mon, 16 Nov 2020 at 19:28, Ashish Kalra <Ashish.Kalra@amd.com> wrote:
> > > >
> > > > From: Brijesh Singh <brijesh.singh@amd.com>
> > > >
> > > > From: Brijesh Singh <brijesh.singh@amd.com>
> > > >
> > > > Extend the MemTxAttrs to include a 'debug' flag. The flag can be used as
> > > > general indicator that operation was triggered by the debugger.
> > > >
> > > > A subsequent patch will set the debug=1 when issuing a memory access
> > > > from the gdbstub or HMP commands. This is a prerequisite to support
> > > > debugging an encrypted guest. When a request with debug=1 is seen, the
> > > > encryption APIs will be used to access the guest memory.
> > >
> > > So, what counts as "debug" here, and why are debug requests
> > > special? If "debug=1" means "can actually get at the guest memory",
> > > why wouldn't every device model want to use it?
> >
> > SEV has a flag that the guest-owner can set on a VM to enable debug;
> > it's rare for it to be enabled; so it's not suitable for use by normal
> > devices. It's only there for debug if the guest owner allows you to.
>
> So if I do a memory transaction with debug=1 then I should expect
> that it might come back with a failure status (meaning "this VM
> doesn't permit debug") and I should handle that error ?
I think that's probably true.
Dave
> thanks
> -- PMM
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Thomas Lendacky <Thomas.Lendacky@amd.com>,
Ashish Kalra <Ashish.Kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Eduardo Habkost <ehabkost@redhat.com>,
kvm-devel <kvm@vger.kernel.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
ssg.sos.patches@amd.com, Paolo Bonzini <pbonzini@redhat.com>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH 01/11] memattrs: add debug attribute
Date: Tue, 1 Dec 2020 18:57:17 +0000 [thread overview]
Message-ID: <20201201185717.GN4338@work-vm> (raw)
In-Reply-To: <CAFEAcA_cdixD7jvu68snUU=PN2xQow1W2goKjshfdF9jGb2dBQ@mail.gmail.com>
* Peter Maydell (peter.maydell@linaro.org) wrote:
> On Tue, 1 Dec 2020 at 11:51, Dr. David Alan Gilbert <dgilbert@redhat.com> wrote:
> >
> > * Peter Maydell (peter.maydell@linaro.org) wrote:
> > > On Mon, 16 Nov 2020 at 19:28, Ashish Kalra <Ashish.Kalra@amd.com> wrote:
> > > >
> > > > From: Brijesh Singh <brijesh.singh@amd.com>
> > > >
> > > > From: Brijesh Singh <brijesh.singh@amd.com>
> > > >
> > > > Extend the MemTxAttrs to include a 'debug' flag. The flag can be used as
> > > > general indicator that operation was triggered by the debugger.
> > > >
> > > > A subsequent patch will set the debug=1 when issuing a memory access
> > > > from the gdbstub or HMP commands. This is a prerequisite to support
> > > > debugging an encrypted guest. When a request with debug=1 is seen, the
> > > > encryption APIs will be used to access the guest memory.
> > >
> > > So, what counts as "debug" here, and why are debug requests
> > > special? If "debug=1" means "can actually get at the guest memory",
> > > why wouldn't every device model want to use it?
> >
> > SEV has a flag that the guest-owner can set on a VM to enable debug;
> > it's rare for it to be enabled; so it's not suitable for use by normal
> > devices. It's only there for debug if the guest owner allows you to.
>
> So if I do a memory transaction with debug=1 then I should expect
> that it might come back with a failure status (meaning "this VM
> doesn't permit debug") and I should handle that error ?
I think that's probably true.
Dave
> thanks
> -- PMM
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2020-12-01 18:59 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 18:48 [PATCH 00/11] Add QEMU debug support for SEV guests Ashish Kalra
2020-11-16 18:48 ` Ashish Kalra
2020-11-16 18:48 ` [PATCH 01/11] memattrs: add debug attribute Ashish Kalra
2020-11-16 18:48 ` Ashish Kalra
2020-12-01 11:03 ` Dr. David Alan Gilbert
2020-12-01 11:03 ` Dr. David Alan Gilbert
2020-12-01 11:43 ` Peter Maydell
2020-12-01 11:43 ` Peter Maydell
2020-12-01 11:50 ` Dr. David Alan Gilbert
2020-12-01 11:50 ` Dr. David Alan Gilbert
2020-12-01 11:56 ` Peter Maydell
2020-12-01 11:56 ` Peter Maydell
2020-12-01 18:57 ` Dr. David Alan Gilbert [this message]
2020-12-01 18:57 ` Dr. David Alan Gilbert
2020-11-16 18:49 ` [PATCH 02/11] exec: Add new MemoryDebugOps Ashish Kalra
2020-11-16 18:49 ` Ashish Kalra
2020-12-01 11:37 ` Dr. David Alan Gilbert
2020-12-01 11:37 ` Dr. David Alan Gilbert
2020-12-01 11:48 ` Peter Maydell
2020-12-01 11:48 ` Peter Maydell
2020-12-01 14:27 ` Ashish Kalra
2020-12-01 14:27 ` Ashish Kalra
2020-12-01 14:38 ` Peter Maydell
2020-12-01 14:38 ` Peter Maydell
2020-12-01 14:49 ` Ashish Kalra
2020-12-01 14:49 ` Ashish Kalra
2020-11-16 18:49 ` [PATCH 03/11] exec: add ram_debug_ops support Ashish Kalra
2020-11-16 18:49 ` Ashish Kalra
2020-12-01 12:08 ` Peter Maydell
2020-12-01 12:08 ` Peter Maydell
2020-12-01 14:43 ` Ashish Kalra
2020-12-01 14:43 ` Ashish Kalra
2020-11-16 18:50 ` [PATCH 04/11] exec: Add address_space_read and address_space_write debug helpers Ashish Kalra
2020-11-16 18:50 ` Ashish Kalra
2020-11-16 18:51 ` [PATCH 05/11] exec: add debug version of physical memory read and write API Ashish Kalra
2020-11-16 18:51 ` Ashish Kalra
2020-11-24 5:42 ` Dov Murik
2020-11-24 5:42 ` Dov Murik
2020-11-16 18:51 ` [PATCH 06/11] monitor/i386: use debug APIs when accessing guest memory Ashish Kalra
2020-11-16 18:51 ` Ashish Kalra
2020-12-01 11:54 ` Peter Maydell
2020-12-01 11:54 ` Peter Maydell
2020-12-01 12:05 ` Peter Maydell
2020-12-01 12:05 ` Peter Maydell
2020-11-16 18:51 ` [PATCH 07/11] kvm: introduce debug memory encryption API Ashish Kalra
2020-11-16 18:51 ` Ashish Kalra
2020-11-16 18:52 ` [PATCH 08/11] sev/i386: add debug encrypt and decrypt commands Ashish Kalra
2020-11-16 18:52 ` Ashish Kalra
2020-11-16 18:52 ` [PATCH 09/11] hw/i386: set ram_debug_ops when memory encryption is enabled Ashish Kalra
2020-11-16 18:52 ` Ashish Kalra
2020-11-16 18:52 ` [PATCH 10/11] sev/i386: add SEV specific MemoryDebugOps Ashish Kalra
2020-11-16 18:52 ` Ashish Kalra
2020-11-16 18:53 ` [PATCH 11/11] target/i386: clear C-bit when walking SEV guest page table Ashish Kalra
2020-11-16 18:53 ` Ashish Kalra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201201185717.GN4338@work-vm \
--to=dgilbert@redhat.com \
--cc=Ashish.Kalra@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=armbru@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=ehabkost@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=ssg.sos.patches@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.