On Fri, Jun 21, 2024 at 12:06:01PM +0200, Michal Prívozník wrote: > On 6/20/24 17:19, Jonathon Jongsma wrote: > > On 6/20/24 6:22 AM, Michal Privoznik wrote: > >> SEV-SNP support just landed in QEMU. Here is the first round of patches > >> to incorporate support into libvirt. > >> > >> TODOs (aka problems of future me): > >> > >> - Teach tools/virt-qemu-sev-validate how to deal with SEV-SNP > >> - Try to find a SEV-SNP machine a test these patches in real worl > >> - Write a kbase article on attestation with SEV-SNP > > > > None of the CPU models that we currently have in libvirt allow you to > > run an SNP guest. That was the impetus behind my versioned CPU model > > series: > > https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/thread/2GLISAQLU3ZTX7KSD732LM3CXU74JFEH/#2OZAJNGSVVNDQ4EZBITMOD2QJBX5NHWG > > > > I've been meaning to push that series forward again, but hadn't gotten > > to it yet. > > I'm not that familiar with all gotchas, but should the following just work? > > <cpu mode='host-passthrough' migratable='off'/> > > AFAIK, migration with SEV-SNP is not implemented yet. It seems it is not that easy. Users are reporting seeing this error: SEV-SNP: CPUID validation failed for function 0x8000001d, index: 0x3, provided: eax:0x00000163, ebx: 0x03c0003f, ecx: 0x00003fff, edx: 0x00000006, expected: eax:0x00000163, ebx: 0x03c0003f, ecx: 0x00003fff, edx: 0x00000002 0x8000001d is the cache info reporting CPUID function, and index 3 is the l3 cache info. EPYC-v4, EPYC-Rome-v3, EPYC-Milan-v2 and EPYC-Genoa all have special cache settings defined in QEMU which disables the 'complex_indexing' bit which is 0x4 in edx. I suggested cache passthrough <cpu mode='host-passthrough' migratable='off'> <cache mode='passthrough'/></cpu> but it was reported this doesn't work, suggesting the host still has the 'complex_indexing' bit. IOW, as it exists now, libvirt appears incapable of running SNP guests except on Genoa, where we don't need a newer CPU version :-( With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
