On Mon, Jul 31, 2023 at 12:21:42PM -0400, Xiaoyao Li wrote:
> This is the first RFC version of enabling KVM gmem[1] as the backend for
> private memory of KVM_X86_PROTECTED_VM.
>
> It adds the support to create a specific KVM_X86_PROTECTED_VM type VM,
> and introduces 'private' property for memory backend. When the vm type
> is KVM_X86_PROTECTED_VM and memory backend has private enabled as below,
> it will call KVM gmem ioctl to allocate private memory for the backend.
>
> $qemu -object memory-backend-ram,id=mem0,size=1G,private=on \
> -machine q35,kvm-type=sw-protected-vm,memory-backend=mem0 \
> ...
>
> Unfortunately this patch series fails the boot of OVMF at very early
> stage due to triple fault because KVM doesn't support emulate string IO
> to private memory. We leave it as an open to be discussed.
>
> There are following design opens that need to be discussed:
>
> 1. how to determine the vm type?
>
> a. like this series, specify the vm type via machine property
> 'kvm-type'
> b. check the memory backend, if any backend has 'private' property
> set, the vm-type is set to KVM_X86_PROTECTED_VM.
>
> 2. whether 'private' property is needed if we choose 1.b as design
>
> with 1.b, QEMU can decide whether the memory region needs to be
> private (allocates gmem fd for it) or not, on its own.
>
> 3. What is KVM_X86_SW_PROTECTED_VM going to look like? What's the
> purose of it and what's the requirement on it. I think it's the
> questions for KVM folks than QEMU folks.
>
> Any other idea/open/question is welcomed.
>
>
> Beside, TDX QEMU implemetation is based on this series to provide
> private gmem for TD private memory, which can be found at [2].
> And it can work corresponding KVM [3] to boot TDX guest.
We already have a general purpose configuration mechanism for
confidential guests. The -machine argument has a property
confidential-guest-support=$OBJECT-ID, for pointing to an
object that implements the TYPE_CONFIDENTIAL_GUEST_SUPPORT
interface in QEMU. This is implemented with SEV, PPC PEF
mode, and s390 protvirt.
I would expect TDX to follow this same design ie
qemu-system-x86_64 \
-object tdx-guest,id=tdx0,..... \
-machine q35,confidential-guest-support=tdx0 \
...
and not require inventing the new 'kvm-type' attribute at least.
For the memory backend though, I'm not so sure - possibly that
might be something that still wants an extra property to identify
the type of memory to allocate, since we use memory-backend-ram
for a variety of use cases. Or it could be an entirely new object
type such as "memory-backend-gmem"
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
