* [Virtio-fs] virtiofs: Support for SEV encrypted guests
@ 2021-05-21 15:34 Jim Cadden
2021-05-24 8:10 ` Dr. David Alan Gilbert
0 siblings, 1 reply; 2+ messages in thread
From: Jim Cadden @ 2021-05-21 15:34 UTC (permalink / raw)
To: virtio-fs
Do you know if virtio-fs can support SEV encrypted guests?
I work on a project adding SEV support into kata containers. So far,
we've been unable to boot SEV guests
with kata's virtio-fs option (and use virtio-9p instead):
May 19 16:52:05 sev1 virtiofsd[74904]: [ID: 00074904]
virtio_session_mount: Received vhost-user socket connection
May 19 16:52:05 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Entry
...
May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Got
VU event
May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] fv_panic:
libvhost-user: Invalid vring_addr message
I know that other virtio devices use iommu and DMA apis to share
non-encrypted pages between the host
and encrypted guest. Could something similar be done with virtiofsd
andthe virtio-fs virtio device?
There are reported problems with vhost-user and SEV:
https://bugzilla.redhat.com/show_bug.cgi?id=1797058
Thanks for any insight,
Jim
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Virtio-fs] virtiofs: Support for SEV encrypted guests
2021-05-21 15:34 [Virtio-fs] virtiofs: Support for SEV encrypted guests Jim Cadden
@ 2021-05-24 8:10 ` Dr. David Alan Gilbert
0 siblings, 0 replies; 2+ messages in thread
From: Dr. David Alan Gilbert @ 2021-05-24 8:10 UTC (permalink / raw)
To: Jim Cadden; +Cc: virtio-fs
* Jim Cadden (jcadden@linux.vnet.ibm.com) wrote:
> Do you know if virtio-fs can support SEV encrypted guests?
>
> I work on a project adding SEV support into kata containers. So far, we've
> been unable to boot SEV guests
> with kata's virtio-fs option (and use virtio-9p instead):
>
> May 19 16:52:05 sev1 virtiofsd[74904]: [ID: 00074904] virtio_session_mount:
> Received vhost-user socket connection
> May 19 16:52:05 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Entry
> ...
> May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Got VU
> event
> May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] fv_panic:
> libvhost-user: Invalid vring_addr message
>
> I know that other virtio devices use iommu and DMA apis to share
> non-encrypted pages between the host
> and encrypted guest. Could something similar be done with virtiofsd andthe
> virtio-fs virtio device?
I guess if you can guarantee that everything is going through
non-encrypted pages with the iommu, there shouldn't be a difference?
My only other worry is whether SEV works with a shared-memory backing
(e.g. /dev/shm or memfd with mmap shared).
I know there's an existing bug saying that virtio-fs doesn't work with
viommu:
https://bugzilla.redhat.com/show_bug.cgi?id=1812886
so I suspect it's fall out from that; I think we just haven't
implemented the iommu compat code in the daemon.
> There are reported problems with vhost-user and SEV:
> https://bugzilla.redhat.com/show_bug.cgi?id=1797058
Yes, although it wasn't clear if that was just a performance problem or
not.
Dave
> Thanks for any insight,
> Jim
>
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://listman.redhat.com/mailman/listinfo/virtio-fs
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-24 8:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-21 15:34 [Virtio-fs] virtiofs: Support for SEV encrypted guests Jim Cadden
2021-05-24 8:10 ` Dr. David Alan Gilbert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.