Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option

From: Paolo Bonzini
Date: Tue Oct 03 2017 - 06:50:25 EST

Next message: Javier GonzÃlez: "Re: [PATCH 0/9] recovery robustness improvements"
Previous message: Michal Hocko: "Re: [v9 2/5] mm: implement mem_cgroup_scan_tasks() for the root memory cgroup"
In reply to: Brijesh Singh: "Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/10/2017 17:07, Brijesh Singh wrote:
>
>
> Yep, that will work just fine. There are couple of ways we can limit
> hypervisor from creating the SEV guest 1) clear the X86_FEATURE_SEV bit
> when mem_encrypt=sme is passed or 2) parse the mem_encrypt=xxx in
> kvm-amd.ko
> and fail the KVM_SEV_INIT when mem_encrpt=sme or mem_encrypt=off.

Stupid question ahead: if it's just about guests, why bother with
mem_encrypt=xxx at all? kvm_amd should have a sev parameter anyway, you
can just do kvm_amd.sev=0 to disable it.

Paolo

Next message: Javier GonzÃlez: "Re: [PATCH 0/9] recovery robustness improvements"
Previous message: Michal Hocko: "Re: [v9 2/5] mm: implement mem_cgroup_scan_tasks() for the root memory cgroup"
In reply to: Brijesh Singh: "Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]