Re: [PATCH v3 0/9] Generalize memory encryption models

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> However, once we have multiple options to protect a guest (memory
>> encryption, unmapping guest pages ,...) the name will no longer really
>> suffice to configure QEMU, no?
> 
> That's why it takes a parameter.  It points to an object which can
> itself have more properties to configure the details.  SEV already
> needs that set up, though for both PEF and s390 PV we could pre-create
> a standard htl object.

Ah, okay, that's the "platform specific object which configures and
manages the specific details". It would have been nice in the cover
letter to show some examples of how that would look like.

So it's wrapping architecture-specific data in a common parameter. Hmm.

> 
>>> For now this series covers just AMD SEV and POWER PEF.  I'm hoping it
>>> can be extended to cover the Intel and s390 mechanisms as well,
>>> though.
>>
>> The only approach on s390x to not glue command line properties to the
>> cpu model would be to remove the CPU model feature and replace it by the
>> command line parameter. But that would, of course, be an incompatible break.
> 
> I don't really understand why you're so against setting the cpu
> default parameters from the machine.  The machine already sets basic
> configuration for all sorts of devices in the VM, that's kind of what
> it's for.

It's a general design philosophy that the CPU model (especially the host
CPU model) does not depend on other command line parameters (except the
accelerator, and I think in corner cases on the machine). Necessary for
reliable host model probing by libvirt, for example.

We also don't have similar things for nested virt.

> 
>> How do upper layers actually figure out if memory encryption etc is
>> available? on s390x, it's simply via the expanded host CPU model.
> 
> Haven't really tackled that yet.  But one way that works for multiple
> systems has got to be better than a separate one for each, right?

I think that's an important piece. Especially once multiple different
approaches are theoretically available one wants to sense from upper layers.

At least on s390x, it really is like just another CPU-visible feature
that tells the guest that it can switch to protected mode.

-- 
Thanks,

David / dhildenb




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux