On Tue, Nov 19, 2024 at 8:54 PM Dionna Amalie Glaze
<dionnaglaze@xxxxxxxxxx> wrote:
>
> On Tue, Nov 19, 2024 at 5:51 AM Michael Roth <michael.roth@xxxxxxx> wrote:
> >
> > +struct kvm_exit_coco {
> > +#define KVM_EXIT_COCO_REQ_CERTS 0
> > +#define KVM_EXIT_COCO_MAX 1
> > + __u8 nr;
> > + __u8 pad0[7];
> > + __u32 ret;
> > + __u32 pad1;
> > + union {
> > + struct {
> > + __u64 gfn;
> > + __u32 npages;
>
> Should this not also include a vmm_err code to report to the guest? We
> need some way for user space to indicate that KVM should write the
> vmm_err to the upper 32 bits of exit_info_2.
> I don't think we have a snapshot of the GHCB accessible to userspace.
>
> I'm still not quite able to get a good test of this patch series
> ready. Making the certificate file accessible to the VMM process has
> been unfortunately challenging due to how we manage chroots and VMM
> upgrades.
> Still, I'm stuck in the VMM implementation of grabbing the file lock
> for the certificates and asking myself "how do I tell KVM to write
> exit_info_2 = (2 << 32) | (exit_info_2 & ((1 << 32)-1) before entering
> the guest?"
> A __u32 vmm_err field of this struct would nicely make its size 64-bit aligned..
retracted. I needed to look 2 lines lower. I need to stop working this late.
>
> --
> -Dionna Glaze, PhD, CISSP, CCSP (she/her)
--
-Dionna Glaze, PhD, CISSP, CCSP (she/her)
