From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Cornelia Huck" <cohuck@redhat.com>,
kvm-devel <kvm@vger.kernel.org>,
"David Hildenbrand" <david@redhat.com>,
"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
"Aleksandar Rikalo" <aleksandar.rikalo@syrmia.com>,
"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
"Huacai Chen" <chenhuacai@kernel.org>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Hervé Poussineau" <hpoussin@reactos.org>,
"Leif Lindholm" <leif@nuviainc.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Alistair Francis" <alistair@alistair23.me>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Greg Kurz" <groug@kaod.org>,
"QEMU Developers" <qemu-devel@nongnu.org>,
qemu-s390x <qemu-s390x@nongnu.org>,
qemu-arm <qemu-arm@nongnu.org>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Radoslaw Biernacki" <rad@semihalf.com>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
qemu-ppc <qemu-ppc@nongnu.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Aurelien Jarno" <aurelien@aurel32.net>
Subject: Re: [PATCH 2/7] hw/boards: Introduce 'kvm_supported' field to MachineClass
Date: Fri, 19 Feb 2021 12:10:27 +0000 [thread overview]
Message-ID: <YC+qs7R140qAWnJY@redhat.com> (raw)
In-Reply-To: <CAFEAcA-A=TG43w2yNfrDwCgYYNZBEa25cM_yYgREfQyKa=PZEQ@mail.gmail.com>
On Fri, Feb 19, 2021 at 12:08:05PM +0000, Peter Maydell wrote:
> On Fri, 19 Feb 2021 at 11:58, Daniel P. Berrangé <berrange@redhat.com> wrote:
> > Is the behaviour reported really related to KVM specifically, as opposed
> > to all hardware based virt backends ?
> >
> > eg is it actually a case of some machine types being "tcg_only" ?
>
> Interesting question. At least for Arm the major items are:
> * does the accelerator support emulation of EL3/TrustZone?
> (KVM doesn't; this is the proximate cause of the assertion
> failure if you try to enable KVM for the raspi boards.)
> * does the board type require a particular CPU type which
> KVM doesn't/can't support?
> Non-KVM accelerators could at least in theory have different answers
> to those questions, though in practice I think they do not.
>
> I think my take is that we probably should mark the boards
> as 'tcg-only' vs 'not-tcg-only', because in practice that's
> the interesting distinction. Specifically, our security policy
> https://qemu.readthedocs.io/en/latest/system/security.html
> draws a boundary between "virtualization use case" and
> "emulated", so it's really helpful to be able to say clearly
> "this board model does not support virtualization, and therefore
> any bugs in it or its devices are simply outside the realm of
> being security issues" when doing analysis of the codebase or
> when writing or reviewing new code.
Oh, yes, that is useful to correlate with.
> If we ever have support for some new accelerator type where there's
> a board type distinction between KVM and that new accelerator and
> it makes sense to try to say "this board is supported by the new
> thing even though it won't work with KVM", the folks interested in
> adding that new accelerator will have the motivation to look
> into exactly which boards they want to enable support for and
> can add a funky_accelerator_supported flag or whatever at that time.
>
> Summary: we should name this machine class field
> "virtualization_supported" and check it in all the virtualization
> accelerators (kvm, hvf, whpx, xen).
Agreed.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2021-02-19 12:36 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-19 11:44 [PATCH 0/7] hw/kvm: Exit gracefully when KVM is not supported Philippe Mathieu-Daudé
2021-02-19 11:44 ` [PATCH 1/7] accel/kvm: Check MachineClass kvm_type() return value Philippe Mathieu-Daudé
2021-02-19 11:44 ` [PATCH 2/7] hw/boards: Introduce 'kvm_supported' field to MachineClass Philippe Mathieu-Daudé
2021-02-19 11:57 ` Daniel P. Berrangé
2021-02-19 12:08 ` Peter Maydell
2021-02-19 12:10 ` Daniel P. Berrangé [this message]
2021-02-19 15:52 ` Leif Lindholm
2021-02-19 11:44 ` [PATCH 3/7] hw/arm: Set kvm_supported for KVM-compatible machines Philippe Mathieu-Daudé
2021-02-19 11:44 ` [PATCH 4/7] hw/mips: " Philippe Mathieu-Daudé
2021-02-19 11:44 ` [RFC PATCH 5/7] hw/ppc: " Philippe Mathieu-Daudé
2021-02-19 11:44 ` [PATCH 6/7] hw/s390x: Set kvm_supported to s390-ccw-virtio machines Philippe Mathieu-Daudé
2021-02-19 11:44 ` [PATCH 7/7] accel/kvm: Exit gracefully when KVM is not supported Philippe Mathieu-Daudé
2021-02-19 11:55 ` [PATCH 0/7] hw/kvm: " Peter Maydell
2021-02-19 12:09 ` Philippe Mathieu-Daudé
2021-02-19 12:00 ` Daniel P. Berrangé
2021-02-19 12:15 ` Philippe Mathieu-Daudé
2021-02-19 12:18 ` Daniel P. Berrangé
2021-02-19 13:10 ` Philippe Mathieu-Daudé
2021-02-19 12:34 ` Claudio Fontana
2021-02-19 17:36 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YC+qs7R140qAWnJY@redhat.com \
--to=berrange@redhat.com \
--cc=aleksandar.rikalo@syrmia.com \
--cc=alistair@alistair23.me \
--cc=aurelien@aurel32.net \
--cc=borntraeger@de.ibm.com \
--cc=chenhuacai@kernel.org \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=edgar.iglesias@gmail.com \
--cc=ehabkost@redhat.com \
--cc=f4bug@amsat.org \
--cc=groug@kaod.org \
--cc=hpoussin@reactos.org \
--cc=kvm@vger.kernel.org \
--cc=leif@nuviainc.com \
--cc=mark.cave-ayland@ilande.co.uk \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rad@semihalf.com \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).