Re: [RFC v2 00/18] Refactor configuration of guest memory protection

[Thiago Jung Bauermann]

Paolo Bonzini <pbonzini@redhat.com> writes:

> On 04/06/20 23:54, Thiago Jung Bauermann wrote:
>> QEMU could always create a PEF object, and if the command line defines
>> one, it will correspond to it. And if the command line doesn't define one,
>> then it would also work because the PEF object is already there.
>
> How would you start a non-protected VM?

In the case of POWER PEF even with the machine property and the
pef-guest object it's not guaranteed that the VM will be protected. They
allow the possibility of the VM being protected. The decision lies with
the guest. The Linux kernel will request being moved to "secure memory"
when the `svm=on` parameter is passed in the kernel command line.

To start a VM that doesn't have the possibility of being protected, one
would simply not use the guest-memory-protection property (or
host-trust-limitation, if that ends up being its name). Regardless of
whether there's a pef-guest object.

Sorry if the above is pedantic. I just want to make sure we're
communicating clearly.

> Currently it's the "-machine"
> property that decides that, and the argument requires an id
> corresponding to "-object".

If there's only one object, there's no need to specify its id.

I have the feeling I didn't understand your point. I hope these answers
clarify what I'm suggesting.

--
Thiago Jung Bauermann
IBM Linux Technology Center