On Tue, Aug 06, 2024 at 11:46:13AM +0100, Daniel P. Berrangé wrote: > On Fri, Jun 21, 2024 at 12:06:01PM +0200, Michal Prívozník wrote: > > On 6/20/24 17:19, Jonathon Jongsma wrote: > > > On 6/20/24 6:22 AM, Michal Privoznik wrote: > > >> SEV-SNP support just landed in QEMU. Here is the first round of patches > > >> to incorporate support into libvirt. > > >> > > >> TODOs (aka problems of future me): > > >> > > >> - Teach tools/virt-qemu-sev-validate how to deal with SEV-SNP > > >> - Try to find a SEV-SNP machine a test these patches in real worl > > >> - Write a kbase article on attestation with SEV-SNP > > > > > > None of the CPU models that we currently have in libvirt allow you to > > > run an SNP guest. That was the impetus behind my versioned CPU model > > > series: > > > https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/thread/2GLISAQLU3ZTX7KSD732LM3CXU74JFEH/#2OZAJNGSVVNDQ4EZBITMOD2QJBX5NHWG > > > > > > I've been meaning to push that series forward again, but hadn't gotten > > > to it yet. > > > > I'm not that familiar with all gotchas, but should the following just work? > > > > <cpu mode='host-passthrough' migratable='off'/> > > > > AFAIK, migration with SEV-SNP is not implemented yet. > > It seems it is not that easy. Users are reporting seeing this error: > > SEV-SNP: CPUID validation failed for function 0x8000001d, index: 0x3, provided: eax:0x00000163, ebx: 0x03c0003f, ecx: 0x00003fff, edx: 0x00000006, expected: eax:0x00000163, ebx: 0x03c0003f, ecx: 0x00003fff, edx: 0x00000002 > > 0x8000001d is the cache info reporting CPUID function, and index 3 is > the l3 cache info. > > EPYC-v4, EPYC-Rome-v3, EPYC-Milan-v2 and EPYC-Genoa all have special > cache settings defined in QEMU which disables the 'complex_indexing' > bit which is 0x4 in edx. > > I suggested cache passthrough > > <cpu mode='host-passthrough' migratable='off'> <cache mode='passthrough'/></cpu> > > but it was reported this doesn't work, suggesting the host still has > the 'complex_indexing' bit. > > IOW, as it exists now, libvirt appears incapable of running SNP > guests except on Genoa, where we don't need a newer CPU version :-( It turns out this is machine type dependent. Host passthrough avoids the cache issue if using the forthcoming >= 9.1 machine type versions, so that's OK, modulo some further bugs on the QEMU side wrt host passthrough & CPUID filtering. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
