[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [virtio-dev] Re: [PATCH 0/5] virtio: introduce SUSPEND bit and vq state
On 9/21/2023 5:26 PM, Parav Pandit wrote:
From: Zhu, Lingshan <lingshan.zhu@intel.com> Sent: Thursday, September 21, 2023 2:49 PM TDISP devices can not be migrated for now, and the TDISP spec make clear examples of attacking models, your admin vq LM on the PF exactly match the model.I gave hint yesterday to you to consult Ravi at Intel who showed TDISP migration using a dedicated TVM using similar mechanism as admin command. But you sadly ignored... So let me make another attempt to explain, When in future TDISP device migration to be supported, the admin command will be done through a dedicated PF or a VF that resides in another trust domain, for example another TVM. Such admin virtio device will not be located in the hypervisor. Thereby, it will be secure. The admin commands pave the road to make this happen. Only thing changes is delegation of admin commands to another admin device instead of a PF.
if you plan to do it in future, then lets discuss in the future.And TDISP can be migrated in future does not mean admin vq LM is secure, I have repeated for so many times of the attacking model. and I will not repeat again.
we are discussing LM, right? Can TDISP help you here? TDISP spec gives examples of attacking models, and your admin vq matches it, I gave you quote of the spec yesterday.There are other solutions too that will arise. I have seen another one too, may be DPU. In all the 2 approaches, TDISP is migratable and spec will evolve as multiple vendors including Intel, AMD and others showed the path towards it without mediation. Virtio will be able to leverage that as well using admin commands. I want to emphasize again, do not keep repeating AQ in your comments. It is admin commands in proposal [1].
This thread is about live migration anyway, not TDISP.
see other threads, I propose to reuse the basic facilities of live migration in admin vq.As Michael also requested, I kindly request to co-operate on doing join technical work, shared ideas, knowledge and improve the spec. [1] 20230909142911.524407-7-parav@nvidia.com/T/#mf15b68617f772770c6bf79f70e8ddc6fea834cfa">https://lore.kernel.org/virtio-comment/20230909142911.524407-7-parav@nvidia.com/T/#mf15b68617f772770c6bf79f70e8ddc6fea834cfa
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]