On Tue, Jun 09, 2020 at 12:44:39PM -0400, Michael S. Tsirkin wrote: > On Tue, Jun 09, 2020 at 06:28:39PM +0200, Halil Pasic wrote: > > On Tue, 9 Jun 2020 17:47:47 +0200 > > Claudio Imbrenda <imbre...@linux.ibm.com> wrote: > > > > > On Tue, 9 Jun 2020 11:41:30 +0200 > > > Halil Pasic <pa...@linux.ibm.com> wrote: > > > > > > [...] > > > > > > > I don't know. Janosch could answer that, but he is on vacation. Adding > > > > Claudio maybe he can answer. My understanding is, that while it might > > > > be possible, it is ugly at best. The ability to do a transition is > > > > indicated by a CPU model feature. Indicating the feature to the guest > > > > and then failing the transition sounds wrong to me. > > > > > > I agree. If the feature is advertised, then it has to work. I don't > > > think we even have an architected way to fail the transition for that > > > reason. > > > > > > What __could__ be done is to prevent qemu from even starting if an > > > incompatible device is specified together with PV. > > > > AFAIU, the "specified together with PV" is the problem here. Currently > > we don't "specify PV" but PV is just a capability that is managed by the > > CPU model (like so many other). > > So if we want to keep it user friendly, there could be > protection property with values on/off/auto, and auto > would poke at host capability to figure out whether > it's supported. > > Both virtio and CPU would inherit from that.
Right, that's what I have in mind for my 'host-trust-limitation'
property (a generalized version of the existing 'memory-encryption'
machine option). My draft patches already set virtio properties
accordingly, it should be possible to set (default) cpu properties as
well.
> This will allow other useful features such as ability
> to hide PV from guest, which could in turn be handy e.g.
> to allow migration to hosts without PV support,
> or if host wants to force ability to read guest memory
> e.g. for security.
>
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
