| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Feb 2021 10:18:21 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Nathan Tempelman <natet@...gle.com>
Cc: thomas.lendacky@....com, x86@...nel.org, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, srutherford@...gle.com,
seanjc@...gle.com, rientjes@...gle.com, brijesh.singh@....com,
Ashish.Kalra@....com, Nathaniel McCallum <npmccallum@...hat.com>
Subject: Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context
[CCing Nathaniel McCallum]
On 24/02/21 09:59, Nathan Tempelman wrote:
>
> +7.23 KVM_CAP_VM_COPY_ENC_CONTEXT_TO
> +-----------------------------------
> +
> +Architectures: x86 SEV enabled
> +Type: system
vm ioctl, not system (/dev/kvm). But, see below.
> +Parameters: args[0] is the fd of the kvm to mirror encryption context to
> +Returns: 0 on success; ENOTTY on error
> +
> +This capability enables userspace to copy encryption context from a primary
> +vm to the vm indicated by the fd.
> +
> +This is intended to support in-guest workloads scheduled by the host. This
> +allows the in-guest workload to maintain its own NPTs and keeps the two vms
> +from accidentally clobbering each other with interrupts and the like (separate
> +APIC/MSRs/etc).
From purely an API design standpoint, I think I'd prefer a "set context
from" API (the other way round) to match the existing KVM_SEV_INIT.
Apart from this, the code is very nice and I would have no issues
merging this in 5.12 even after the merge window.
As an aside, do you happen to have SEV selftests at Google? I would
gladly volunteer to write the selftest myself for this ioctl given the
infrastructure.
Thanks,
Paolo
Powered by blists - more mailing lists