RE: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU

From:	Yao, Yuan
Subject:	RE: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU
Date:	Thu, 2 Sep 2021 23:23:50 +0000

>-----Original Message-----
>From: Ashish Kalra <Ashish.Kalra@amd.com>
>Sent: Thursday, September 02, 2021 22:05
>To: yuan.yao@linux.intel.com
>Cc: Thomas.Lendacky@amd.com; armbru@redhat.com; ashish.kalra@amd.com; 
>brijesh.singh@amd.com;
>dgilbert@redhat.com; ehabkost@redhat.com; Yamahata, Isaku 
><isaku.yamahata@intel.com>; kvm@vger.kernel.org;
>mst@redhat.com; mtosatti@redhat.com; pbonzini@redhat.com; 
>qemu-devel@nongnu.org; Yao, Yuan
><yuan.yao@intel.com>
>Subject: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU
>
>> - We introduce another new vm level ioctl focus on the encrypted
>>     guest memory accessing:
>>
>>     KVM_MEMORY_ENCRYPT_{READ,WRITE}_MEMORY
>>
>>     struct kvm_rw_memory rw;
>>     rw.addr = gpa_OR_hva;
>>     rw.buf = (__u64)src;
>>     rw.len = len;
>>     kvm_vm_ioctl(kvm_state,
>>                  KVM_MEMORY_ENCRYPT_{READ,WRITE}_MEMORY,
>>                  &rw);
>>
>>     This new ioctl has more neutral and general name for its
>>     purpose, the debugging support of AMD SEV and INTEL TDX
>>     can be covered by a unify QEMU implementation on x86 with this
>>     ioctl. Although only INTEL TD guest is supported in this series,
>>     AMD SEV could be also supported with implementation of this
>>     ioctl in KVM, plus small modifications in QEMU to enable the
>>     unify part.
>
>A general comment, we have sev_ioctl() interface for SEV guests and
>probably this new vm level ioctl will not work for us.
>
>It probably makes more sense to do this TDX/SEV level abstraction
>using the Memory Region's ram_debug_ops, which can point these to
>TDX specific vm level ioctl and SEV specific ioctl at the lowest
>level of this interface.
>
Hi Ashish,

Yes, this new ioctl is now working as the low-level interface for 
Memory Region's ram_debug_ops. SEV can use 
kvm_setup_set_memory_region_debug_ops() to install a new
callback to KVM for installing SEV only low-level implementation,
then call kvm_set_memory_region_debug_ops() to do Memory
Region's ram_debug_ops installation later.


>Thanks,
>Ashish

[Prev in Thread]

Current Thread

[Next in Thread]

[RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU, Ashish Kalra, 2021/09/02
- RE: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU, Yao, Yuan <=
  - Re: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU, Ashish Kalra, 2021/09/07

Prev by Date: Re: [RFC 0/5] VirtIO RDMA
Next by Date: Re: USB-MSD non-functional after merging v5.1 to v6.x (seems to be internal USB stack issue?)
Previous by thread: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU
Next by thread: Re: [RFC][PATCH v1 00/10] Enable encrypted guest memory access in QEMU
Index(es):
- Date
- Thread