On Tue, Mar 24, 2020 at 11:55:39AM +1100, Paul Mackerras wrote: > At present, on Power systems with Protected Execution Facility > hardware and an ultravisor, a KVM guest can transition to being a > secure guest at will. Userspace (QEMU) has no way of knowing > whether a host system is capable of running secure guests. This > will present a problem in future when the ultravisor is capable of > migrating secure guests from one host to another, because > virtualization management software will have no way to ensure that > secure guests only run in domains where all of the hosts can > support secure guests. > > This adds a VM capability which has two functions: (a) userspace > can query it to find out whether the host can support secure guests, > and (b) userspace can enable it for a guest, which allows that > guest to become a secure guest. If userspace does not enable it, > KVM will return an error when the ultravisor does the hypercall > that indicates that the guest is starting to transition to a > secure guest. The ultravisor will then abort the transition and > the guest will terminate. > > Signed-off-by: Paul Mackerras <paulus@xxxxxxxxxx> > --- > v2: Test that KVM uvmem code has initialized successfully as a > condition of reporting that we support secure guests. Reviewed-by: Ram Pai <linuxram@xxxxxxxxxx> I will send test results along with the qemu patch from Fabiano in a day or two. RP
