diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2024-03-18 14:41:10 -0400 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2024-04-23 17:35:25 +0200 |
| commit | 5c3131c392f84c660033d511ec39872d8beb4b1e (patch) | |
| tree | 90bee47c8da028b46a87c8f4d975b06397499a32 /target/i386 | |
| parent | 08b2d15cdd0d3fbbe37ce23bf192b770db3a7539 (diff) | |
| download | qemu-5c3131c392f84c660033d511ec39872d8beb4b1e.zip qemu-5c3131c392f84c660033d511ec39872d8beb4b1e.tar.gz qemu-5c3131c392f84c660033d511ec39872d8beb4b1e.tar.bz2 | |
KVM: track whether guest state is encrypted
So far, KVM has allowed KVM_GET/SET_* ioctls to execute even if the
guest state is encrypted, in which case they do nothing. For the new
API using VM types, instead, the ioctls will fail which is a safer and
more robust approach.
The new API will be the only one available for SEV-SNP and TDX, but it
is also usable for SEV and SEV-ES. In preparation for that, require
architecture-specific KVM code to communicate the point at which guest
state is protected (which must be after kvm_cpu_synchronize_post_init(),
though that might change in the future in order to suppor migration).
From that point, skip reading registers so that cpu->vcpu_dirty is
never true: if it ever becomes true, kvm_arch_put_registers() will
fail miserably.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'target/i386')
| -rw-r--r-- | target/i386/sev.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/target/i386/sev.c b/target/i386/sev.c index b8f79d3..c49a8fd 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -755,6 +755,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) if (ret) { exit(1); } + kvm_mark_guest_state_protected(); } /* query the measurement blob length */ |