kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Hildenbrand <david@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: Cornelia Huck <cohuck@redhat.com>,
	qemu-devel@nongnu.org, brijesh.singh@amd.com, pair@us.ibm.com,
	pbonzini@redhat.com, dgilbert@redhat.com, frankja@linux.ibm.com,
	Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
	kvm@vger.kernel.org, qemu-ppc@nongnu.org, mst@redhat.com,
	mdroth@linux.vnet.ibm.com, Richard Henderson <rth@twiddle.net>,
	pasic@linux.ibm.com, Eduardo Habkost <ehabkost@redhat.com>,
	qemu-s390x@nongnu.org
Subject: Re: [PATCH v3 0/9] Generalize memory encryption models
Date: Fri, 26 Jun 2020 08:53:59 +0200	[thread overview]
Message-ID: <892533f8-cd3c-e282-58c2-4212eb3a84b8@redhat.com> (raw)
In-Reply-To: <20200626044259.GK172395@umbus.fritz.box>

>>>> Does this have any implications when probing with the 'none' machine?
>>>
>>> I'm not sure.  In your case, I guess the cpu bit would still show up
>>> as before, so it would tell you base feature availability, but not
>>> whether you can use the new configuration option.
>>>
>>> Since the HTL option is generic, you could still set it on the "none"
>>> machine, though it wouldn't really have any effect.  That is, if you
>>> could create a suitable object to point it at, which would depend on
>>> ... details.
>>>
>>
>> The important point is that we never want the (expanded) host cpu model
>> look different when either specifying or not specifying the HTL
>> property.
> 
> Ah, yes, I see your point.  So my current suggestion will satisfy
> that, basically it is:
> 
> cpu has unpack (inc. by default) && htl specified
> 	=> works (allowing secure), as expected

ack

> 
> !cpu has unpack && htl specified
> 	=> bails out with an error

ack

> 
> !cpu has unpack && !htl specified
> 	=> works for a non-secure guest, as expected
> 	=> guest will fail if it attempts to go secure

ack, behavior just like running on older hw without unpack

> 
> cpu has unpack && !htl specified
> 	=> works as expected for a non-secure guest (unpack feature is
> 	   present, but unused)
> 	=> secure guest may work "by accident", but only if all virtio
> 	   properties have the right values, which is the user's
> 	   problem
> 
> That last case is kinda ugly, but I think it's tolerable.

Right, we must not affect non-secure guests, and existing secure setups
(e.g., older qemu machines). Will have to think about this some more,
but does not sound too crazy.

Thanks!

-- 
Thanks,

David / dhildenb


  reply	other threads:[~2020-06-26  6:54 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-19  2:05 [PATCH v3 0/9] Generalize memory encryption models David Gibson
2020-06-19  2:05 ` [PATCH v3 1/9] host trust limitation: Introduce new host trust limitation interface David Gibson
2020-06-26 11:01   ` Dr. David Alan Gilbert
2020-07-14 19:26   ` Richard Henderson
2020-06-19  2:05 ` [PATCH v3 2/9] host trust limitation: Handle memory encryption via interface David Gibson
2020-06-19  2:05 ` [PATCH v3 3/9] host trust limitation: Move side effect out of machine_set_memory_encryption() David Gibson
2020-06-19  2:05 ` [PATCH v3 4/9] host trust limitation: Rework the "memory-encryption" property David Gibson
2020-07-14 19:36   ` Richard Henderson
2020-06-19  2:05 ` [PATCH v3 5/9] host trust limitation: Decouple kvm_memcrypt_*() helpers from KVM David Gibson
2020-06-19  2:05 ` [PATCH v3 6/9] host trust limitation: Add Error ** to HostTrustLimitation::kvm_init David Gibson
2020-06-19  2:06 ` [PATCH v3 7/9] spapr: Add PEF based host trust limitation David Gibson
2020-06-19  2:06 ` [PATCH v3 8/9] spapr: PEF: block migration David Gibson
2020-06-26 10:33   ` Dr. David Alan Gilbert
2020-07-05  7:38     ` David Gibson
2020-06-19  2:06 ` [PATCH v3 9/9] host trust limitation: Alter virtio default properties for protected guests David Gibson
2020-06-19 10:12   ` Daniel P. Berrangé
2020-06-19 11:46     ` Michael S. Tsirkin
2020-06-19 11:47       ` Michael S. Tsirkin
2020-06-19 12:16         ` Daniel P. Berrangé
2020-06-19 20:04           ` Halil Pasic
2020-06-24  7:55           ` Michael S. Tsirkin
2020-06-25  4:57             ` David Gibson
2020-06-25  5:02       ` David Gibson
2020-06-19 14:45     ` David Gibson
2020-06-19 15:05       ` Daniel P. Berrangé
2020-06-20  8:24         ` David Gibson
2020-06-22  9:09           ` Daniel P. Berrangé
2020-06-25  5:06             ` David Gibson
2020-06-19  2:42 ` [PATCH v3 0/9] Generalize memory encryption models no-reply
2020-06-19  8:28 ` David Hildenbrand
2020-06-19  9:45   ` Cornelia Huck
2020-06-19  9:56     ` David Hildenbrand
2020-06-19 10:05       ` Cornelia Huck
2020-06-19 10:10         ` David Hildenbrand
2020-06-22 12:02           ` Cornelia Huck
2020-06-25  5:25             ` David Gibson
2020-06-25  7:06               ` David Hildenbrand
2020-06-26  4:42                 ` David Gibson
2020-06-26  6:53                   ` David Hildenbrand [this message]
2020-06-26  9:01                     ` Janosch Frank
2020-06-26  9:32                       ` Daniel P. Berrangé
2020-06-26  9:49                         ` Janosch Frank
2020-06-26 10:29                           ` Dr. David Alan Gilbert
2020-06-26 10:58                             ` Daniel P. Berrangé
2020-06-26 12:49                               ` Janosch Frank
2020-07-01 11:59                                 ` Halil Pasic
2020-06-19  9:48   ` David Gibson
2020-06-19 10:04     ` David Hildenbrand
2020-06-25  5:42       ` David Gibson
2020-06-25  6:59         ` David Hildenbrand
2020-06-25  9:49           ` Cornelia Huck
2020-06-22 14:27 ` Christian Borntraeger
2020-06-24  7:06   ` Cornelia Huck
2020-06-25  5:47     ` David Gibson
2020-06-25  5:48       ` David Gibson
2020-06-25  5:44   ` David Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=892533f8-cd3c-e282-58c2-4212eb3a84b8@redhat.com \
    --to=david@redhat.com \
    --cc=brijesh.singh@amd.com \
    --cc=cohuck@redhat.com \
    --cc=david@gibson.dropbear.id.au \
    --cc=dgilbert@redhat.com \
    --cc=ehabkost@redhat.com \
    --cc=frankja@linux.ibm.com \
    --cc=kvm@vger.kernel.org \
    --cc=marcel.apfelbaum@gmail.com \
    --cc=mdroth@linux.vnet.ibm.com \
    --cc=mst@redhat.com \
    --cc=pair@us.ibm.com \
    --cc=pasic@linux.ibm.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    --cc=qemu-s390x@nongnu.org \
    --cc=rth@twiddle.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).