diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2024-03-18 14:41:10 -0400 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2024-04-23 17:35:25 +0200 |
| commit | 5c3131c392f84c660033d511ec39872d8beb4b1e (patch) | |
| tree | 90bee47c8da028b46a87c8f4d975b06397499a32 /target/i386/monitor.c | |
| parent | 08b2d15cdd0d3fbbe37ce23bf192b770db3a7539 (diff) | |
| download | qemu-5c3131c392f84c660033d511ec39872d8beb4b1e.zip qemu-5c3131c392f84c660033d511ec39872d8beb4b1e.tar.gz qemu-5c3131c392f84c660033d511ec39872d8beb4b1e.tar.bz2 | |
KVM: track whether guest state is encrypted
So far, KVM has allowed KVM_GET/SET_* ioctls to execute even if the
guest state is encrypted, in which case they do nothing. For the new
API using VM types, instead, the ioctls will fail which is a safer and
more robust approach.
The new API will be the only one available for SEV-SNP and TDX, but it
is also usable for SEV and SEV-ES. In preparation for that, require
architecture-specific KVM code to communicate the point at which guest
state is protected (which must be after kvm_cpu_synchronize_post_init(),
though that might change in the future in order to suppor migration).
From that point, skip reading registers so that cpu->vcpu_dirty is
never true: if it ever becomes true, kvm_arch_put_registers() will
fail miserably.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'target/i386/monitor.c')
0 files changed, 0 insertions, 0 deletions