[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] i386/sev: Don't allow automatic fallback to legacy KVM_SE
From: |
Daniel P . Berrangé |
Subject: |
Re: [PATCH v2] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT |
Date: |
Wed, 10 Jul 2024 08:15:11 +0100 |
User-agent: |
Mutt/2.2.12 (2023-09-09) |
On Tue, Jul 09, 2024 at 11:10:05PM -0500, Michael Roth wrote:
> Currently if the 'legacy-vm-type' property of the sev-guest object is
> 'on', QEMU will attempt to use the newer KVM_SEV_INIT2 kernel
> interface in conjunction with the newer KVM_X86_SEV_VM and
> KVM_X86_SEV_ES_VM KVM VM types.
>
> This can lead to measurement changes if, for instance, an SEV guest was
> created on a host that originally had an older kernel that didn't
> support KVM_SEV_INIT2, but is booted on the same host later on after the
> host kernel was upgraded.
>
> Instead, if legacy-vm-type is 'off', QEMU should fail if the
> KVM_SEV_INIT2 interface is not provided by the current host kernel.
> Modify the fallback handling accordingly.
>
> In the future, VMSA features and other flags might be added to QEMU
> which will require legacy-vm-type to be 'off' because they will rely
> on the newer KVM_SEV_INIT2 interface. It may be difficult to convey to
> users what values of legacy-vm-type are compatible with which
> features/options, so as part of this rework, switch legacy-vm-type to a
> tri-state OnOffAuto option. 'auto' in this case will automatically
> switch to using the newer KVM_SEV_INIT2, but only if it is required to
> make use of new VMSA features or other options only available via
> KVM_SEV_INIT2.
>
> Defining 'auto' in this way would avoid inadvertantly breaking
> compatibility with older kernels since it would only be used in cases
> where users opt into newer features that are only available via
> KVM_SEV_INIT2 and newer kernels, and provide better default behavior
> than the legacy-vm-type=off behavior that was previously in place, so
> make it the default for 9.1+ machine types.
>
> Cc: Daniel P. Berrangé <berrange@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> cc: kvm@vger.kernel.org
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
> v2:
> - switch to OnOffAuto for legacy-vm-type 'property'
> - make 'auto' the default for 9.1+, which will automatically use
> KVM_SEV_INIT2 when strictly required by a particular set of options,
> but will otherwise keep using the legacy interface.
>
> hw/i386/pc.c | 2 +-
> qapi/qom.json | 18 ++++++----
> target/i386/sev.c | 85 +++++++++++++++++++++++++++++++++++++++--------
> 3 files changed, 83 insertions(+), 22 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|