RE: [RFC PATCH 0/6] KVM: guest memory: Misc enhacnement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Vishal Annapurve <vannapurve@xxxxxxxxxx>
> Sent: Monday, June 19, 2023 2:55 PM
> To: Zhi Wang <zhi.wang.linux@xxxxxxxxx>
> Cc: Yamahata, Isaku <isaku.yamahata@xxxxxxxxx>; kvm@xxxxxxxxxxxxxxx;
> linux-kernel@xxxxxxxxxxxxxxx; isaku.yamahata@xxxxxxxxx; Paolo Bonzini
> <pbonzini@xxxxxxxxxx>; Aktas, Erdem <erdemaktas@xxxxxxxxxx>;
> Christopherson,, Sean <seanjc@xxxxxxxxxx>; Shahar, Sagi
> <sagis@xxxxxxxxxx>; David Matlack <dmatlack@xxxxxxxxxx>; Huang, Kai
> <kai.huang@xxxxxxxxx>; Chen, Bo2 <chen.bo@xxxxxxxxx>; linux-
> coco@xxxxxxxxxxxxxxx; Chao Peng <chao.p.peng@xxxxxxxxxxxxxxx>; Ackerley
> Tng <ackerleytng@xxxxxxxxxx>; Michael Roth <michael.roth@xxxxxxx>
> Subject: Re: [RFC PATCH 0/6] KVM: guest memory: Misc enhacnement
> 
> On Mon, Jun 19, 2023 at 1:11 PM Zhi Wang <zhi.wang.linux@xxxxxxxxx>
> wrote:
> >
> > On Mon, 19 Jun 2023 12:11:50 -0700
> > Vishal Annapurve <vannapurve@xxxxxxxxxx> wrote:
> >
> > > On Thu, Jun 15, 2023 at 1:12___PM <isaku.yamahata@xxxxxxxxx> wrote:
> > > > ...
> > > >
> > > > * VM type: Now we have KVM_X86_PROTECTED_VM. How do we
> proceed?
> > > >   - Keep KVM_X86_PROTECTED_VM for its use. Introduce
> KVM_X86_TDX_VM
> > > >   - Use KVM_X86_PROTECTED_VM for TDX. (If necessary, introduce
> another type in
> > > >     the future)
> > > >   - any other way?
> > >
> > > There are selftests posted[1] in context of this work, which rely on
> > > KVM_X86_PROTECTED_VM being just the software-only
> > > psuedo-confidential VMs. In future there might be more work to
> > > expand this usecase to full-scale VMs. So it would be better to
> > > treat protected VMs as a separate type which can be used on any
> > > platform without the need of enabling TDX/SEV functionality.
> > >
> >
> > Out of curiosity, is this really a valid case in practice except selftest?
> > It sounds to me whenever KVM_X86_PROTECTED_VM is used, it has to be
> > tied with a platform-specific CC type.
> 
> Protected VM effort is about being able to have guest memory ranges not
> mapped into Userspace VMM and so are unreachable for most of the cases
> from KVM as well. Non-CC VMs can use this support to mitigate any
> unintended accesses from userspace VMM/KVM possibly using enlightened
> kernels.

"PROTECTED" seems to be not very close to what you mean here. "PROTECTED_MEM" ?
What case of non-CC VMs may use this feature in reality?  Or do you have any expected cases?

> 
> Exact implementation of such a support warrants more discussion but it
> should be in the line of sight here as a future work item.
> 
> 
> 
> 
> >
> > > TDX VM type can possibly serve as a specialized type of protected VM
> > > with additional arch specific capabilities enabled.
> > >
> > > [1] - https://github.com/sean-jc/linux/commits/x86/kvm_gmem_solo
> >





[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux