Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE

Next message: Mika Westerberg: "Re: [PATCH net] net: thunderbolt: Fix frags[] overflow by bounding frame_count"
Previous message: Ricardo Pardini via B4 Relay: "[PATCH v4 2/3] arm64: dts: rockchip: describe PCIe RTL8125 Ethernet on NanoPC-T6"
In reply to: J&#xF6;rg R&#xF6;del: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Next in thread: J&#xF6;rg R&#xF6;del: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Wed Jun 17 2026 - 09:00:50 EST

On Wed, Jun 17, 2026, Jörg Rödel wrote:
> On Tue, Jun 16, 2026 at 10:55:28AM -0700, Sean Christopherson wrote:
> > Isn't this essentially the same thing as hot-plugging vCPUs after launch? I
> > have yet to review it in depth (sorry Jethro), but it looks a *lot* simpler.
>
> Replacing the VMSA after launch (as supported with the AP_CREATE GHCB call) is
> different because this has no influence on the launch measurement.
>
> The point of providing an initial VMSA is to get a predictable launch
> measurement which is independent of the number of VCPUs the guest has.
>
> With the current code KVM will create its own VMSA for each created VCPU and
> measure it into the guests initial image. This makes predicting the initial
> launch measurement difficult (as it depends on KVM internals) and fragile because
> KVM-internal changes always carry a risk to change the launch measurement

The same holds true for userspace.

> (which has happened a couple of times already).

Examples? The SEV features thing jumps to mind, but I don't recall any others
off the top of my head.