Re: Upstream QEMU guest support policy ? Re: [PATCH v3 0/2] spapr: Use vIOMMU translation for virtio by default

[Michael S. Tsirkin]

On Thu, Mar 12, 2020 at 12:10:49PM +1100, David Gibson wrote:
> On Wed, Mar 11, 2020 at 03:33:59AM -0400, Michael S. Tsirkin wrote:
> > On Wed, Mar 11, 2020 at 12:12:47PM +1100, David Gibson wrote:
> > > I am wondering if we have to introduce an "svm=on" flag anyway.  It's
> > > pretty ugly, since all it would be doing is changing defaults here and
> > > there for compatibilty with a possible future SVM transition, but
> > > maybe it's the best we can do :/.
> > 
> > Frankly I'm surprised there's no way for the hypervisor to block VM
> > transition to secure mode. To me an inability to disable DRM looks like
> > a security problem.
> 
> Uh.. I don't immediately see how it's a security problem, though I'm
> certainly convinced it's a problem in other ways.

Well for one it breaks introspection, allowing guests to hide
malicious code from hypervisors.

> > Does not the ultravisor somehow allow
> > enabling/disabling this functionality from the hypervisor?
> 
> Not at present, but as mentioned on the other thread, Paul and I came
> up with a tentative plan to change that.
> 
> > It would be
> > even better if the hypervisor could block the guest from poking at the
> > ultravisor completely but I guess that would be too much to hope for.
> 
> Yeah, probably :/.
> 
> -- 
> David Gibson                  | I'll have my music baroque, and my code
> david AT gibson.dropbear.id.au        | minimalist, thank you.  NOT _the_ 
> _other_
>                               | _way_ _around_!
> http://www.ozlabs.org/~dgibson