Re: [PATCH] KVM: SEV: Disable KVM_CAP_VM_COPY_ENC_CONTEXT_FROM for SEV-ES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 14/09/21 20:49, Sean Christopherson wrote:
On Tue, Sep 14, 2021, Peter Gonda wrote:
I do not think so. You cannot call KVM_SEV_LAUNCH_UPDATE_VMSA on the mirror
because svm_mem_enc_op() blocks calls from the mirror. So either you have to
update vmsa from the mirror or have the original VM read through its mirror's
vCPUs when calling KVM_SEV_LAUNCH_UPDATE_VMSA. Not sure which way is better
but I don't see a way to do this without updating KVM.

Ah, right, I forgot all of the SEV ioctls are blocked on the mirror.  Put something
to that effect into the changelog to squash any argument about whether or not this
is the correct KVM behavior.

Indeed, at least KVM_SEV_LAUNCH_UPDATE_VMSA would have to be allowed in the mirror VM. Do you think anything else would be necessary?

Paolo




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux