From: Sean Christopherson <seanjc@google.com>
To: Isaku Yamahata <isaku.yamahata@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
isaku.yamahata@intel.com, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>, "H . Peter Anvin" <hpa@zytor.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
erdemaktas@google.com, Connor Kuehl <ckuehl@redhat.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
Sean Christopherson <sean.j.christopherson@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>
Subject: Re: [RFC PATCH v3 14/59] KVM: x86: Add vm_type to differentiate legacy VMs from protected VMs
Date: Fri, 3 Dec 2021 16:14:42 +0000 [thread overview]
Message-ID: <YapCclOiQXWGXVEr@google.com> (raw)
In-Reply-To: <20211201193737.GB1166703@private.email.ne.jp>
On Wed, Dec 01, 2021, Isaku Yamahata wrote:
> On Mon, Nov 29, 2021 at 05:35:34PM +0000,
> Sean Christopherson <seanjc@google.com> wrote:
>
> > On Thu, Nov 25, 2021, Thomas Gleixner wrote:
> > > On Wed, Nov 24 2021 at 16:19, isaku yamahata wrote:
> > > > From: Sean Christopherson <sean.j.christopherson@intel.com>
> > > >
> > > > Add a capability to effectively allow userspace to query what VM types
> > > > are supported by KVM.
> > >
> > > I really don't see why this has to be named legacy. There are enough
> > > reasonable use cases which are perfectly fine using the non-encrypted
> > > muck. Just because there is a new hyped feature does not make anything
> > > else legacy.
> >
> > Yeah, this was brought up in the past. The current proposal is to use
> > KVM_X86_DEFAULT_VM[1], though at one point the plan was to use a generic
> > KVM_VM_TYPE_DEFAULT for all architectures[2], not sure what happened to that idea.
> >
> > [1] https://lore.kernel.org/all/YY6aqVkHNEfEp990@google.com/
> > [2] https://lore.kernel.org/all/YQsjQ5aJokV1HZ8N@google.com/
>
> Currently <feature>_{unsupported, disallowed} are added and the check is
> sprinkled and warn in the corresponding low level tdx code. It helped to
> detect dubious behavior of guest or qemu.
KVM shouldn't log a message or WARN unless the issue is detected at a late sanity
check, i.e. where failure indicates a KVM bug. Other than that, I agree that KVM
should reject ioctls() that directly violate the rules of a confidential VM with
an appropriate error code. I don't think KVM should reject everything though,
e.g. if the guest attempts to send an SMI, dropping the request on the floor is
the least awful option because we can't communicate an error to the guest without
making up our own architecture, and exiting to userspace with -EINVAL from deep
in KVM would be both painful to implement and an overreaction since doing so would
likely kill the guest.
> The other approach is to silently ignore them (SMI, INIT, IRQ etc) without
> such check. The pros is, the code would be simpler and it's what SEV does today.
> the cons is, it would bes hard to track down such cases and the user would
> be confused. For example, when user requests reset/SMI, it's silently ignored.
> The some check would still be needed.
> Any thoughts?
>
> --
> Isaku Yamahata <isaku.yamahata@gmail.com>
next prev parent reply other threads:[~2021-12-03 16:14 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-25 0:19 [RFC PATCH v3 00/59] KVM: X86: TDX support isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 01/59] x86/mktme: move out MKTME related constatnts/macro to msr-index.h isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 03/59] KVM: TDX: Define TDX architectural definitions isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 04/59] KVM: TDX: Add TDX "architectural" error codes isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 05/59] KVM: TDX: add a helper function for kvm to call seamcall isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 06/59] KVM: TDX: Add C wrapper functions for TDX SEAMCALLs isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 07/59] KVM: TDX: Add helper functions to print TDX SEAMCALL error isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 08/59] KVM: Export kvm_io_bus_read for use by TDX for PV MMIO isaku.yamahata
2021-11-25 17:14 ` Thomas Gleixner
2021-11-25 0:19 ` [RFC PATCH v3 09/59] KVM: Enable hardware before doing arch VM initialization isaku.yamahata
2021-11-25 19:02 ` Thomas Gleixner
2021-11-25 0:19 ` [RFC PATCH v3 10/59] KVM: x86: Split core of hypercall emulation to helper function isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 11/59] KVM: x86: Export kvm_mmio tracepoint for use by TDX for PV MMIO isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 12/59] KVM: x86/mmu: Zap only leaf SPTEs for deleted/moved memslot by default isaku.yamahata
2021-11-25 19:04 ` Thomas Gleixner
2021-11-25 0:19 ` [RFC PATCH v3 13/59] KVM: Add max_vcpus field in common 'struct kvm' isaku.yamahata
2021-11-25 19:06 ` Thomas Gleixner
2021-11-25 0:19 ` [RFC PATCH v3 14/59] KVM: x86: Add vm_type to differentiate legacy VMs from protected VMs isaku.yamahata
2021-11-25 19:08 ` Thomas Gleixner
2021-11-29 17:35 ` Sean Christopherson
2021-12-01 19:37 ` Isaku Yamahata
2021-12-03 16:14 ` Sean Christopherson [this message]
2021-11-25 0:19 ` [RFC PATCH v3 15/59] KVM: x86: Introduce "protected guest" concept and block disallowed ioctls isaku.yamahata
2021-11-25 19:26 ` Thomas Gleixner
2021-11-25 0:19 ` [RFC PATCH v3 16/59] KVM: x86: Add per-VM flag to disable direct IRQ injection isaku.yamahata
2021-11-25 19:31 ` Thomas Gleixner
2021-11-29 2:49 ` Lai Jiangshan
2021-11-25 0:20 ` [RFC PATCH v3 17/59] KVM: x86: Add flag to disallow #MC injection / KVM_X86_SETUP_MCE isaku.yamahata
2021-11-25 19:33 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 18/59] KVM: x86: Add flag to mark TSC as immutable (for TDX) isaku.yamahata
2021-11-25 19:40 ` Thomas Gleixner
2021-11-29 18:05 ` Sean Christopherson
2021-11-25 0:20 ` [RFC PATCH v3 19/59] KVM: Add per-VM flag to mark read-only memory as unsupported isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 20/59] KVM: Add per-VM flag to disable dirty logging of memslots for TDs isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 21/59] KVM: x86: Add per-VM flag to disable in-kernel I/O APIC and level routes isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 22/59] KVM: x86: add per-VM flags to disable SMI/INIT/SIPI isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 23/59] KVM: x86: Allow host-initiated WRMSR to set X2APIC regardless of CPUID isaku.yamahata
2021-11-25 19:41 ` Thomas Gleixner
2021-11-26 8:18 ` Paolo Bonzini
2021-11-29 21:21 ` Sean Christopherson
2021-11-25 0:20 ` [RFC PATCH v3 24/59] KVM: x86: Add kvm_x86_ops .cache_gprs() and .flush_gprs() isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 25/59] KVM: x86: Add support for vCPU and device-scoped KVM_MEMORY_ENCRYPT_OP isaku.yamahata
2021-11-25 19:42 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 26/59] KVM: x86: Introduce vm_teardown() hook in kvm_arch_vm_destroy() isaku.yamahata
2021-11-25 19:46 ` Thomas Gleixner
2021-11-25 20:54 ` Paolo Bonzini
2021-11-25 21:11 ` Thomas Gleixner
2021-11-29 18:16 ` Sean Christopherson
2021-11-25 0:20 ` [RFC PATCH v3 27/59] KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched behavior isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 28/59] KVM: x86: Check for pending APICv interrupt in kvm_vcpu_has_events() isaku.yamahata
2021-11-25 20:50 ` Paolo Bonzini
2021-11-29 19:20 ` Sean Christopherson
2021-11-25 0:20 ` [RFC PATCH v3 29/59] KVM: x86: Add option to force LAPIC expiration wait isaku.yamahata
2021-11-25 19:53 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 30/59] KVM: x86: Add guest_supported_xss placholder isaku.yamahata
2021-11-25 19:55 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 31/59] KVM: x86: Add infrastructure for stolen GPA bits isaku.yamahata
2021-11-25 20:00 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 32/59] KVM: x86/mmu: Explicitly check for MMIO spte in fast page fault isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 33/59] KVM: x86/mmu: Ignore bits 63 and 62 when checking for "present" SPTEs isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 34/59] KVM: x86/mmu: Allow non-zero init value for shadow PTE isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 35/59] KVM: x86/mmu: Return old SPTE from mmu_spte_clear_track_bits() isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 36/59] KVM: x86/mmu: Frame in support for private/inaccessible shadow pages isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 37/59] KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 38/59] KVM: x86/mmu: Allow per-VM override of the TDP max page level isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 39/59] KVM: VMX: Modify NMI and INTR handlers to take intr_info as param isaku.yamahata
2021-11-25 20:06 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 40/59] KVM: VMX: Move NMI/exception handler to common helper isaku.yamahata
2021-11-25 20:06 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 41/59] KVM: VMX: Split out guts of EPT violation to common/exposed function isaku.yamahata
2021-11-25 20:07 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 42/59] KVM: VMX: Define EPT Violation architectural bits isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 43/59] KVM: VMX: Define VMCS encodings for shared EPT pointer isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 44/59] KVM: VMX: Add 'main.c' to wrap VMX and TDX isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 45/59] KVM: VMX: Move setting of EPT MMU masks to common VT-x code isaku.yamahata
2021-11-25 20:08 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 46/59] KVM: VMX: Move register caching logic to common code isaku.yamahata
2021-11-25 20:11 ` Thomas Gleixner
2021-11-25 20:17 ` Paolo Bonzini
2021-11-29 18:23 ` Sean Christopherson
2021-11-29 18:28 ` Paolo Bonzini
2021-11-25 0:20 ` [RFC PATCH v3 47/59] KVM: TDX: Define TDCALL exit reason isaku.yamahata
2021-11-25 20:19 ` Thomas Gleixner
2021-11-29 18:36 ` Sean Christopherson
2021-11-25 0:20 ` [RFC PATCH v3 48/59] KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 49/59] KVM: VMX: Add macro framework to read/write VMCS for VMs and TDs isaku.yamahata
2021-11-25 20:24 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 50/59] KVM: VMX: Move AR_BYTES encoder/decoder helpers to common.h isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 51/59] KVM: VMX: MOVE GDT and IDT accessors to common code isaku.yamahata
2021-11-25 20:25 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 52/59] KVM: VMX: Move .get_interrupt_shadow() implementation to common VMX code isaku.yamahata
2021-11-25 20:26 ` Thomas Gleixner
2021-11-25 0:20 ` [RFC PATCH v3 53/59] KVM: x86: Add a helper function to restore 4 host MSRs on exit to user space isaku.yamahata
2021-11-25 20:34 ` Thomas Gleixner
2021-11-26 9:19 ` Chao Gao
2021-11-26 9:40 ` Paolo Bonzini
2021-11-29 7:08 ` Lai Jiangshan
2021-11-29 9:26 ` Chao Gao
2021-11-30 4:58 ` Lai Jiangshan
2021-11-30 8:19 ` Chao Gao
2021-11-30 11:18 ` Lai Jiangshan
2021-11-25 0:20 ` [RFC PATCH v3 54/59] KVM: X86: Introduce initial_tsc_khz in struct kvm_arch isaku.yamahata
2021-11-25 20:48 ` Paolo Bonzini
2021-11-25 21:05 ` Thomas Gleixner
2021-11-25 22:13 ` Paolo Bonzini
2021-11-25 22:59 ` Thomas Gleixner
2021-11-25 23:26 ` Thomas Gleixner
2021-11-26 7:56 ` Paolo Bonzini
2021-11-29 23:38 ` Sean Christopherson
2021-11-25 0:20 ` [RFC PATCH v3 55/59] KVM: TDX: Add "basic" support for building and running Trust Domains isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 56/59] KVM: TDX: Protect private mapping related SEAMCALLs with spinlock isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 57/59] KVM, x86/mmu: Support TDX private mapping for TDP MMU isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 58/59] KVM: TDX: exit to user space on GET_QUOTE, SETUP_EVENT_NOTIFY_INTERRUPT isaku.yamahata
2021-11-25 0:20 ` [RFC PATCH v3 59/59] Documentation/virtual/kvm: Add Trust Domain Extensions(TDX) isaku.yamahata
2021-11-25 2:12 ` [RFC PATCH v3 00/59] KVM: X86: TDX support Xiaoyao Li
2021-11-30 18:51 ` Sean Christopherson
2021-12-01 13:22 ` Kai Huang
2021-12-01 19:08 ` Isaku Yamahata
2021-12-01 19:32 ` Sean Christopherson
2021-12-01 20:28 ` Kai Huang
2021-12-01 15:05 ` Paolo Bonzini
2021-12-01 20:16 ` Kai Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YapCclOiQXWGXVEr@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=ckuehl@redhat.com \
--cc=erdemaktas@google.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).