Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp6951591rwd; Mon, 19 Jun 2023 15:34:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5UaxT+wuAcpVlhb0Ebeh6ieFcRpOPZV8qnKo5k6RfotHujYt3f14Zmoiz6OH3ceOBSAO8X X-Received: by 2002:a05:6808:1587:b0:39e:b675:4b68 with SMTP id t7-20020a056808158700b0039eb6754b68mr9636715oiw.25.1687214051962; Mon, 19 Jun 2023 15:34:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687214051; cv=none; d=google.com; s=arc-20160816; b=tmLyp/irQByYDJYCu/Icm4OAV9XvvLMIsnrVoNxIRHg9A7KATME9bJ6MyDkkCLQeCW vf5PpCp1KtcLKIULS7TonJeZ1rvKMpzO+1pk3NgTiJnOrCu4za34Xwjhs93C+iNFXgwf h/sxCyWnSeMOGKrkCgybqXu5O1PMyeOKjhKMAMRRkFBoN73Nm2cjUNE2EZx9ZVZafSAc 76EyztZNzlb2rvXigoeUIIQ+IR6bBTpigg/pw88u0s6MWP4S2SgKG3rr3XlcQmss1CUa bSqn2U6/gdycvshkrbg7e282aV4zgif/NKS9a/+3Kl+/VFUkv04uFJtMEgTgW/WzQwRN fmqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=RdzLczGyyyiIYNvTKN6t+nBWF1GzRjK5CWv52ZbiRPw=; b=crZ43UW6GPdu/GlnVONFYbUJ7WduDkLDY17vtvxbsl77xJ3DtGiNZ/8eHz8kRBSsFq UwFp9VaBRPFem4XWyDLAnf2RvINSemR4flACqoTzEynAVzkoPdQa9rBBKfZzEvpqKczj kYojAP/a5pduPx1s9Tsx4OK0MxGdqKMRJKONNKpyQWD2wq4ZU+7kKbEZvMHG5zLnI2Fp d2Ias19u+N1GxpQrubpht+HotbAHfYPRXJo/oZBbeAaGjDXYelkodms3AEfK7E22xiqK jU02btuvg2us3pndzp1jK+nBjx5XlhV7lyWWAPzgHoBAOmk78dpogSQHJ/FQLpHkw+Be E0tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=APeY+OLA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x25-20020aa79579000000b006590bb60328si363962pfq.173.2023.06.19.15.33.58; Mon, 19 Jun 2023 15:34:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=APeY+OLA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229864AbjFSVzX (ORCPT + 99 others); Mon, 19 Jun 2023 17:55:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229538AbjFSVzW (ORCPT ); Mon, 19 Jun 2023 17:55:22 -0400 Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B013E2 for ; Mon, 19 Jun 2023 14:55:21 -0700 (PDT) Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-62ff1cdf079so30966066d6.0 for ; Mon, 19 Jun 2023 14:55:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1687211720; x=1689803720; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=RdzLczGyyyiIYNvTKN6t+nBWF1GzRjK5CWv52ZbiRPw=; b=APeY+OLAeUM0ntetAp1LDxTmd/ZT8qV36vebhZ6/VcMwk4uMUUhR800CSyT18vQlKW uZrNQ0FXmnmG48copWury88dMkDTPzBwzMO4eHtQcqLUzVlqVbWLjqVkFWoHN7/9nYt4 gdgeN6/4LPgoMA6mnX7E+CKl7ob64ZJ233kC5FH2SyFdQUNGKTK5tvC1N0UIsrq+T6yn HK2AWxXZShhWSMaNeyZIHkrZSssRKkui9N5KvRKfbAdA0nA9UQ3gK6+SPuyPkaTf9Xh8 yEtrMZykMHE2W08gpiQ9liyy7c+0Bi4srhjg+nU5OCAJPdoY1CcNDc3e2kdTORGk8eX3 j7lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687211720; x=1689803720; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RdzLczGyyyiIYNvTKN6t+nBWF1GzRjK5CWv52ZbiRPw=; b=GmSNYUzKwJI1xtTjs1VxhFepkBtg8GmtAHZ2sK/PjXllrqDwBttxNUDLqEgcuXdbLN n1cGGYXFVqK5HLAIerbhAEGWJB3Zbx6vFn7g3BqXPBXtRHstCle6xK0kz4ON8PbrxRZp nrhjcfDaP0UFOjxLHEmSdslvZNWAzVN/FTpwxm4C5iUxll0PEonwLstzi89g7KElaWp7 wCxc5dW+fB+WQzD+BJKLj0uOdTORDXpa0FllpSO8pWSls3IULM2uHejnDSucYwsISk4q SnbdC4cY4Z57JzddNsl+V6lzh0aHFC/GYL92w18BnTf7QO3vYGH0hM65OdLrhvJwNrLt tOGw== X-Gm-Message-State: AC+VfDy8upOtvo+qw6yFj2ZHeUlPwE7xlYThgyt8K2BAgF1qRrVDu4ZP zuGmnD9A0AtmFimZsP832EUbstczumr+ShyJR0VGWg== X-Received: by 2002:a05:6214:21ec:b0:615:a18b:d5af with SMTP id p12-20020a05621421ec00b00615a18bd5afmr13033287qvj.35.1687211720528; Mon, 19 Jun 2023 14:55:20 -0700 (PDT) MIME-Version: 1.0 References: <20230619231142.0000134a.zhi.wang.linux@gmail.com> In-Reply-To: <20230619231142.0000134a.zhi.wang.linux@gmail.com> From: Vishal Annapurve Date: Mon, 19 Jun 2023 14:55:09 -0700 Message-ID: Subject: Re: [RFC PATCH 0/6] KVM: guest memory: Misc enhacnement To: Zhi Wang Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , David Matlack , Kai Huang , chen.bo@intel.com, linux-coco@lists.linux.dev, Chao Peng , Ackerley Tng , Michael Roth Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 19, 2023 at 1:11=E2=80=AFPM Zhi Wang = wrote: > > On Mon, 19 Jun 2023 12:11:50 -0700 > Vishal Annapurve wrote: > > > On Thu, Jun 15, 2023 at 1:12___PM wrote: > > > ... > > > > > > * VM type: Now we have KVM_X86_PROTECTED_VM. How do we proceed? > > > - Keep KVM_X86_PROTECTED_VM for its use. Introduce KVM_X86_TDX_VM > > > - Use KVM_X86_PROTECTED_VM for TDX. (If necessary, introduce anothe= r type in > > > the future) > > > - any other way? > > > > There are selftests posted[1] in context of this work, which rely on > > KVM_X86_PROTECTED_VM being just the software-only psuedo-confidential > > VMs. In future there might be more work to expand this usecase to > > full-scale VMs. So it would be better to treat protected VMs as a > > separate type which can be used on any platform without the need of > > enabling TDX/SEV functionality. > > > > Out of curiosity, is this really a valid case in practice except selftest= ? > It sounds to me whenever KVM_X86_PROTECTED_VM is used, it has to be tied > with a platform-specific CC type. Protected VM effort is about being able to have guest memory ranges not mapped into Userspace VMM and so are unreachable for most of the cases from KVM as well. Non-CC VMs can use this support to mitigate any unintended accesses from userspace VMM/KVM possibly using enlightened kernels. Exact implementation of such a support warrants more discussion but it should be in the line of sight here as a future work item. > > > TDX VM type can possibly serve as a specialized type of protected VM > > with additional arch specific capabilities enabled. > > > > [1] - https://github.com/sean-jc/linux/commits/x86/kvm_gmem_solo >