On Fri, Feb 9, 2024 at 8:40 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > On Fri, Feb 09, 2024, Paolo Bonzini wrote: > > The idea that no parameter would ever be necessary when enabling SEV or > > SEV-ES for a VM was decidedly optimistic. > > That implies there was a conscious decision regarding the uAPI. AFAICT, all of > the SEV uAPIs are direct reflections of the PSP invocations. Which is why I'm > being so draconian about the SNP uAPIs; this time around, we need to actually > design something. You liked that word, heh? :) The part that I am less sure about, is that it's actually _possible_ to design something. If you end up with a KVM_CREATE_VM2 whose arguments are uint32_t flags; uint32_t vm_type; uint64_t arch_mishmash_0; /* Intel only */ uint64_t arch_mishmash_1; /* AMD only */ uint64_t arch_mishmash_2; /* Intel only */ uint64_t arch_mishmash_3; /* AMD only */ and half of the flags are Intel only, the other half are AMD only... do you actually gain anything over a vendor-specific ioctl? Case in point being that the SEV VMSA features would be one of the fields above, and they would obviously not be available for TDX. kvm_run is a different story because it's the result of mmap, and not a ioctl. But in this case we have: - pretty generic APIs like UPDATE_DATA and MEASURE that should just be renamed to remove SEV references. Even DBG_DECRYPT and DBG_ENCRYPT fall in this category - APIs that seem okay but may depend on specific initialization flows, for example LAUNCH_UPDATE_VMSA. One example of the problems with initialization flows is LAUNCH_FINISH, which seems pretty tame but is different between SEV{,-ES} and SNP. Another example could be CPUID which is slightly different between vendors. - APIs that are currently vendor-specific, but where a second version has a chance of being cross-vendor, for example LAUNCH_SECRET or GET_ATTESTATION_REPORT. Or maybe not. - others that have no hope, because they include so many pieces of vendor-specific data that there's hardly anything to share. INIT is one of them. I guess you could fit the Intel CPUID square hole into AMD's CPUID round peg or vice versa, but there's really little in common between the two. I think we should try to go for the first three, but realistically will have to stop at the first one in most cases. Honestly, this unified API effort should have started years ago if we wanted to go there. I see where you're coming from, but the benefits are marginal (like the amount of userspace code that could be reused) and the effort huge in comparison. And especially, it's much worse to get an attempt at a unified API wrong, than to have N different APIs. This is not a free-for-all, there are definitely some KVM_MEMORY_ENCRYPT_OP that can be shared between SEV and TDX. The series also adds VM type support for SEV which fixes a poor past choice. I don't think there's much to gain from sharing the whole INIT phase though. Paolo