LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Gerd Hoffmann <kraxel@redhat.com>
To: "Wang, Wei W" <wei.w.wang@intel.com>
Cc: Jason Wang <jasowang@redhat.com>,
	"Yamahata, Isaku" <isaku.yamahata@intel.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"srutherford@google.com" <srutherford@google.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"virtualization@lists.linux-foundation.org" 
	<virtualization@lists.linux-foundation.org>,
	"erdemaktas@google.com" <erdemaktas@google.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	"Kleen, Andi" <andi.kleen@intel.com>,
	"kuba@kernel.org" <kuba@kernel.org>,
	"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: [RFC] hypercall-vsock: add a new vsock transport
Date: Thu, 25 Nov 2021 13:04:25 +0100	[thread overview]
Message-ID: <20211125120425.s7kzzuvtdhqgyf3g@sirius.home.kraxel.org> (raw)
In-Reply-To: <58911901bd7b4bc3a99642214106bc2f@intel.com>

On Thu, Nov 25, 2021 at 08:43:55AM +0000, Wang, Wei W wrote:
> On Thursday, November 25, 2021 2:38 PM, Jason Wang wrote:
> > > We thought about virtio-mmio. There are some barriers:
> > > 1) It wasn't originally intended for x86 machines. The only machine
> > > type in QEMU that supports it (to run on x86) is microvm. But
> > > "microvm" doesn’t support TDX currently, and adding this support might
> > need larger effort.
> > 
> > Can you explain why microvm needs larger effort? It looks to me it fits for TDX
> > perfectly since it has less attack surface.
> 
> The main thing is TDVF doesn’t support microvm so far (the based OVMF
> support for microvm is still under their community discussion).

Initial microvm support (direct kernel boot only) is merged in upstream
OVMF.  Better device support is underway: virtio-mmio patches are out
for review, patches for pcie support exist.

TDX patches for OVMF are under review upstream, I havn't noticed
anything which would be a blocker for microvm.  If it doesn't work
out-of-the-box it should be mostly wiring up things needed on guest
(ovmf) and/or host (qemu) side.

(same goes for sev btw).

> Do you guys think it is possible to add virtio-mmio support for q35?
> (e.g. create a special platform bus in some fashion for memory mapped devices)
> Not sure if the effort would be larger.

I'd rather explore the microvm path than making q35 even more
frankenstein than it already is.

Also the pcie host bridge is present in q35 no matter what, so one of
the reasons to use virtio-mmio ("we can reduce the attach surface by
turning off pcie") goes away.

take care,
  Gerd


  reply	other threads:[~2021-11-25 12:06 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <71d7b0463629471e9d4887d7fcef1d8d@intel.com>
2021-11-10  9:34 ` Stefan Hajnoczi
2021-11-11  8:02   ` Wang, Wei W
2021-11-10 10:50 ` Michael S. Tsirkin
2021-11-11  7:58   ` Wang, Wei W
2021-11-11 15:19     ` Michael S. Tsirkin
2021-11-25  6:37     ` Jason Wang
2021-11-25  8:43       ` Wang, Wei W
2021-11-25 12:04         ` Gerd Hoffmann [this message]
2021-11-10 11:17 ` Stefano Garzarella
2021-11-10 21:45   ` Paraschiv, Andra-Irina
2021-11-11  8:14   ` Wang, Wei W
2021-11-11  8:24     ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211125120425.s7kzzuvtdhqgyf3g@sirius.home.kraxel.org \
    --to=kraxel@redhat.com \
    --cc=andi.kleen@intel.com \
    --cc=davem@davemloft.net \
    --cc=erdemaktas@google.com \
    --cc=isaku.yamahata@intel.com \
    --cc=jasowang@redhat.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=srutherford@google.com \
    --cc=stefanha@redhat.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=wei.w.wang@intel.com \
    --subject='Re: [RFC] hypercall-vsock: add a new vsock transport' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).