Re: [PATCH RFC v3 00/49] Add AMD Secure Nested Paging (SEV-SNP) support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 3/20/24 09:38, Michael Roth wrote:

These patches implement SEV-SNP base support along with CPUID enforcement
support for QEMU, and are also available at:

   https://github.com/amdese/qemu/commits/snp-v3-rfc

they are based on top of the following patchset from Paolo:

   "[PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support"
   https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg04663.html


Patch Layout
------------

01-05: Various changes needed to handle new header files in kvm-next tree
        and some hacks to get a functional header sync in place for building
        this series.
06-18: These are patches directly plucked from Xiaoyao's TDX v5 patchset[1]
        that implement common dependencies between SNP/TDX like base
        guest_memfd, KVM_EXIT_MEMORY_FAULT handling (with a small FIXUP), and
        mechanisms to disable SMM. We would've also needed some of the basic
        infrastructure for handling specifying VM types for KVM_CREATE, but
        much of that is now part of the sevinit2 series this patchset is based
        on. Ideally all these patches, once stable, could be maintained in a
        common tree so that future SNP/TDX patchsets can be more easily
        iterated on/reviewed.
19-20: Patches introduced by this series that are  possible candidate for a
        common tree.
        shared/private pages when things like VFIO are in use.
21-32: Introduction of sev-snp-guest object and various configuration
        requirements for SNP.
33-36: Handling for various KVM_EXIT_VMGEXIT events that are handled in
        userspace.
37-49: Support for creating a cryptographic "launch" context and populating
        various OVMF metadata pages, BIOS regions, and vCPU/VMSA pages with
        the initial encrypted/measured/validated launch data prior to
        launching the SNP guest.
I reviewed the non-SEV bits of patches 21-46 and it looks nicely self-contained. That's pretty much expected but still good news.
I didn't look closely at the SEV-SNP code for obvious reasons (it's only been one hour :)), except for the object-oriented aesthetics which I have remarked upon. However, they seem to be in good shape.
I will now focus on reviewing patches 6-20. This way we can prepare a common tree for SEV_INIT2/SNP/TDX, for both vendors to build upon.
Thanks for posting this, and thanks to the Intel people too for the previous work on the guest_memfd parts! 

Paolo
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux