From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Jim Cadden <jcadden@linux.vnet.ibm.com>
Cc: virtio-fs@redhat.com
Subject: Re: [Virtio-fs] virtiofs: Support for SEV encrypted guests
Date: Mon, 24 May 2021 09:10:29 +0100 [thread overview]
Message-ID: <YKtfdQBLLqUt7Ycx@work-vm> (raw)
In-Reply-To: <489d6710-2e39-8058-a7db-80166c603ce4@linux.vnet.ibm.com>
* Jim Cadden (jcadden@linux.vnet.ibm.com) wrote:
> Do you know if virtio-fs can support SEV encrypted guests?
>
> I work on a project adding SEV support into kata containers. So far, we've
> been unable to boot SEV guests
> with kata's virtio-fs option (and use virtio-9p instead):
>
> May 19 16:52:05 sev1 virtiofsd[74904]: [ID: 00074904] virtio_session_mount:
> Received vhost-user socket connection
> May 19 16:52:05 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Entry
> ...
> May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Got VU
> event
> May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] fv_panic:
> libvhost-user: Invalid vring_addr message
>
> I know that other virtio devices use iommu and DMA apis to share
> non-encrypted pages between the host
> and encrypted guest. Could something similar be done with virtiofsd andthe
> virtio-fs virtio device?
I guess if you can guarantee that everything is going through
non-encrypted pages with the iommu, there shouldn't be a difference?
My only other worry is whether SEV works with a shared-memory backing
(e.g. /dev/shm or memfd with mmap shared).
I know there's an existing bug saying that virtio-fs doesn't work with
viommu:
https://bugzilla.redhat.com/show_bug.cgi?id=1812886
so I suspect it's fall out from that; I think we just haven't
implemented the iommu compat code in the daemon.
> There are reported problems with vhost-user and SEV:
> https://bugzilla.redhat.com/show_bug.cgi?id=1797058
Yes, although it wasn't clear if that was just a performance problem or
not.
Dave
> Thanks for any insight,
> Jim
>
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://listman.redhat.com/mailman/listinfo/virtio-fs
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
prev parent reply other threads:[~2021-05-24 8:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 15:34 [Virtio-fs] virtiofs: Support for SEV encrypted guests Jim Cadden
2021-05-24 8:10 ` Dr. David Alan Gilbert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YKtfdQBLLqUt7Ycx@work-vm \
--to=dgilbert@redhat.com \
--cc=jcadden@linux.vnet.ibm.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.