From: Paolo Bonzini <pbonzini@redhat.com>
To: Michael Roth <michael.roth@amd.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
seanjc@google.com, aik@amd.com, isaku.yamahata@intel.com
Subject: Re: [PATCH 09/10] KVM: SEV: introduce KVM_SEV_INIT2 operation
Date: Thu, 15 Feb 2024 14:44:47 +0100 [thread overview]
Message-ID: <ddabdb1f-9b33-4576-a47f-f19fe5ca6b7e@redhat.com> (raw)
In-Reply-To: <20240215013415.bmlsmt7tmebmgtkh@amd.com>
On 2/15/24 02:34, Michael Roth wrote:
>> + struct struct kvm_sev_init {
> Missing the vm_type param here.
It can go away in the struct actually. Also, "struct struct".
>> +If the ``KVM_X86_SEV_VMSA_FEATURES`` attribute does not exist, the hypervisor only
>> +supports KVM_SEV_INIT and KVM_SEV_ES_INIT. In that case the set of VMSA features is
>> +undefined.
>
> It's hard to imagine userspace implementation support for querying
> KVM_X86_SEV_VMSA_FEATURES but still insisting on KVM_SEV_INIT.
... except for backwards compatibility with old kernels. For example,
the VMM could first invoke HAS_DEVICE_ATTR, and then fall back to
KVM_SEV_INIT after checking that the user did not explicitly request or
forbid one or more VMSA features.
> Maybe it
> would be better to just lock in that VMSA_FEATURES at what is currently
> supported: DEBUG_SWAP=on/off depending on the kvm_amd module param, and
> then for all other features require opt-in via KVM_SEV_INIT2, and then
> bake that into the documentation. That way way they could still reference
> this documentation to properly calculate measurements for older/existing
> VMM implementations.
Thinking more about it, I think all features including debug_swap should
be disabled with the old SEV_INIT/SEV_ES_INIT. Because the features
need to match between the VMM and the measurement calculation, they need
to be added explicitly on e.g. the QEMU command line.
Paolo
next prev parent reply other threads:[~2024-02-15 13:44 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-09 18:37 [PATCH 00/10] KVM: SEV: allow customizing VMSA features Paolo Bonzini
2024-02-09 18:37 ` [PATCH 01/10] KVM: SEV: fix compat ABI for KVM_MEMORY_ENCRYPT_OP Paolo Bonzini
2024-02-14 22:50 ` Michael Roth
2024-02-09 18:37 ` [PATCH 02/10] KVM: introduce new vendor op for KVM_GET_DEVICE_ATTR Paolo Bonzini
2024-02-14 22:57 ` Michael Roth
2024-02-09 18:37 ` [PATCH 03/10] Documentation: kvm/sev: separate description of firmware Paolo Bonzini
2024-02-14 23:23 ` Michael Roth
2024-02-09 18:37 ` [PATCH 04/10] KVM: SEV: publish supported VMSA features Paolo Bonzini
2024-02-14 23:49 ` Michael Roth
2024-02-09 18:37 ` [PATCH 05/10] KVM: SEV: store VMSA features in kvm_sev_info Paolo Bonzini
2024-02-15 0:03 ` Michael Roth
2024-02-09 18:37 ` [PATCH 06/10] KVM: x86: define standard behavior for bits 0/1 of VM type Paolo Bonzini
2024-02-09 18:37 ` [PATCH 07/10] KVM: x86: Add is_vm_type_supported callback Paolo Bonzini
2024-02-15 0:33 ` Michael Roth
2024-02-15 13:35 ` Paolo Bonzini
2024-02-09 18:37 ` [PATCH 08/10] KVM: SEV: define VM types for SEV and SEV-ES Paolo Bonzini
2024-02-15 1:19 ` Michael Roth
2024-02-15 13:40 ` Paolo Bonzini
2024-02-09 18:37 ` [PATCH 09/10] KVM: SEV: introduce KVM_SEV_INIT2 operation Paolo Bonzini
2024-02-15 1:34 ` Michael Roth
2024-02-15 13:44 ` Paolo Bonzini [this message]
2024-02-15 14:44 ` Michael Roth
2024-02-15 17:28 ` Paolo Bonzini
2024-02-15 17:54 ` Michael Roth
2024-02-15 18:08 ` Paolo Bonzini
2024-02-15 20:44 ` Michael Roth
2024-02-15 11:07 ` Alexey Kardashevskiy
2024-02-15 21:14 ` Tom Lendacky
2024-02-09 18:37 ` [PATCH 10/10] selftests: kvm: add tests for KVM_SEV_INIT2 Paolo Bonzini
2024-02-09 18:37 ` [PATCH 11/10] selftests: kvm: switch sev_migrate_tests to KVM_SEV_INIT2 Paolo Bonzini
2024-02-09 19:40 ` [PATCH 00/10] KVM: SEV: allow customizing VMSA features Sean Christopherson
2024-02-09 22:40 ` Paolo Bonzini
2024-02-13 2:46 ` Sean Christopherson
2024-02-13 14:44 ` Paolo Bonzini
2024-02-17 1:40 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ddabdb1f-9b33-4576-a47f-f19fe5ca6b7e@redhat.com \
--to=pbonzini@redhat.com \
--cc=aik@amd.com \
--cc=isaku.yamahata@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).