[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Vir
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object |
Date: |
Tue, 13 Mar 2018 19:49:45 +0000 |
User-agent: |
Mutt/1.9.2 (2017-12-15) |
* Eduardo Habkost (address@hidden) wrote:
> On Tue, Mar 13, 2018 at 08:04:51PM +0100, Paolo Bonzini wrote:
> > On 13/03/2018 19:49, Eduardo Habkost wrote:
> > >>>
> > >>> Exactly, in other words these two options are part of the guest
> > >>> ABI, and QEMU promises to never make the guest ABI depend on the
> > >>> host hardware unless you're using "-cpu host".
> > >>
> > >> This is not entirely true; while MAXPHYADDR is constant downstream
> > >> unless using "-cpu host", in practice that behavior is wrong and a guest
> > >> could misbehave if passed a MAXPHYADDR that is different from the host's.
> > >>
> > >> I think this is the same, and management software will have to live with
> > >> it.
> > >
> > > I think they are very far from being equivalent.
> >
> > Right, I only meant to say that guest ABI actually does depend on the
> > host hardware, even outside of "-cpu host".
> >
> > > But if you tell the guest the wrong C-bit location, guests are
> > > likely to rely on it and break. Migration between hosts with
> > > different C-bit locations won't work, will it?
> >
> > It won't---but as long as the destination hosts fails fast when the
> > C-bit location is wrong, it's okay. What matters is that we don't run
> > guest code with the wrong C bit, as you noted.
>
> Are you proposing we change the default to simply use cbitpos
> from the host?
Hmm I don't like that idea; as an option that's fine, as the only
way it's not.
> I would agree with this only if we make QEMU able to prevent live
> migration to a host with mismatching cbitpos.
Yeh; especially since I suspect debugging stuff with a failed SEV
migration like that is going to be really hard.
Dave
> --
> Eduardo
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
- [Qemu-devel] [PATCH v12 06/28] kvm: update kvm.h to include memory encryption ioctls, (continued)
- [Qemu-devel] [PATCH v12 06/28] kvm: update kvm.h to include memory encryption ioctls, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 07/28] docs: add AMD Secure Encrypted Virtualization (SEV), Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Brijesh Singh, 2018/03/08
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Daniel P . Berrangé, 2018/03/08
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Brijesh Singh, 2018/03/08
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Eduardo Habkost, 2018/03/08
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Paolo Bonzini, 2018/03/13
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Eduardo Habkost, 2018/03/13
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Paolo Bonzini, 2018/03/13
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Eduardo Habkost, 2018/03/13
- Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object,
Dr. David Alan Gilbert <=
[Qemu-devel] [PATCH v12 09/28] qmp: add query-sev command, Brijesh Singh, 2018/03/08
[Qemu-devel] [PATCH v12 10/28] include: add psp-sev.h header file, Brijesh Singh, 2018/03/08
[Qemu-devel] [PATCH v12 12/28] sev/i386: register the guest memory range which may contain encrypted data, Brijesh Singh, 2018/03/08
[Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context, Brijesh Singh, 2018/03/08
[Qemu-devel] [PATCH v12 13/28] kvm: introduce memory encryption APIs, Brijesh Singh, 2018/03/08