From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C05EC001E0 for ; Fri, 20 Oct 2023 00:44:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2EFC38D01B3; Thu, 19 Oct 2023 20:44:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 29F218D01B0; Thu, 19 Oct 2023 20:44:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 119C88D01B3; Thu, 19 Oct 2023 20:44:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 00C198D01B0 for ; Thu, 19 Oct 2023 20:44:09 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B5A54A03F6 for ; Fri, 20 Oct 2023 00:44:09 +0000 (UTC) X-FDA: 81363993018.09.2E68669 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2051.outbound.protection.outlook.com [40.107.243.51]) by imf19.hostedemail.com (Postfix) with ESMTP id D6C0A1A0009 for ; Fri, 20 Oct 2023 00:44:06 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=1sPrYAhs; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf19.hostedemail.com: domain of Alexey.Kardashevskiy@amd.com designates 40.107.243.51 as permitted sender) smtp.mailfrom=Alexey.Kardashevskiy@amd.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1697762647; a=rsa-sha256; cv=pass; b=XN6NPS0nQ56tbnIjOCuibzK+TsXhYPVZ7HEXYjxQPchhnRHtwopWO/WT+UQVoXjr01HLKD hlD6z2wWCx/yc1yY68BWuijScyQd8iQCgnUirw/QQamD/owoFXHzYJ70gG8+bkR+BTQgQL HKb8sUsZUYXxxDVq4MF9v+tfrYUwS8E= ARC-Authentication-Results: i=2; imf19.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=1sPrYAhs; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf19.hostedemail.com: domain of Alexey.Kardashevskiy@amd.com designates 40.107.243.51 as permitted sender) smtp.mailfrom=Alexey.Kardashevskiy@amd.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697762647; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KMgIm/ehAmqey2MOX1hwVa7hqKrH9Ffe58BLMV/epXE=; b=wmJj9Kg63nTexnb8werahseTfMPXbMdwiO08cCvj4sbQh7MWEXJOifRXKZPjwsRexK8KLE bm1QYmE2jifQxFoiwW+VRY6seOvsmVFK5RgqmAGTiAz+42er3VxKlNVuAtnmS9D5TghPPo GrG2doN5uIidwyAGR7zW2Y/MbIAOaKE= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aYojC0vHRbqR8J1sAoEIlNzJnOuVLXqa1y+OWUcR4sJN4yzwbez7riQxus8YkyXlIS/L+Lh84/Z1uGIAg3GqIsoQu/5KkcCkOHRXjcr4KSlDKWP1vT++MrG8Zw9hL+BVbDtnT8NVw5JHnIrkbkDDLa7m1dCSC8lhydMslA+GeXWPj8rUubS+JYbSCIsyde46c5eg/MVeApBubnwq69LEJ74N82w4naI+I2cpzZu2ElvUBzTpZ5wg8M02A0+/UcqfjtzlSzuWfLN+F6KDKIS5GNTXSGSP5h+1SEZGHrzfSkOCfNJ6WDOqT3vzSsiBgX4lkmfcfR0GB20kIytoCEaNXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KMgIm/ehAmqey2MOX1hwVa7hqKrH9Ffe58BLMV/epXE=; b=WmJJliqxe0chLSPJX8BRR+GZm0nwlpY4d/I8PsN+bQWaLXbzM+u7XnJXgrb98TRbCNQAea0KSqMWotiPYoFjLQGy7dlY1okXfm7+1P8oztqEYRJqLqPZQZTQr1O2o4LKKzcBdZeA7ZHOKrPhoRVANLcnIir0GoXrLEdD0q9oIO351u1Ocm9GH46W+4f3+eZa+8ej5UW+6rCVAfSilb/a2BFTAkVfHBaPQBR2OWsQhljB2mGS10N6qcSrm/Nn7X8pD0uEsuvqYWuOBvRaLX+EcFtIOF4aq4ghB0E7KWsUv80SB53D0LE7EVhhg7Avg/GRJj3USntIkedJoackCz5TSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KMgIm/ehAmqey2MOX1hwVa7hqKrH9Ffe58BLMV/epXE=; b=1sPrYAhsPUKUBVFjX7yUg5AjR/dTsggy6I2lzci4ETuC3dH/iHGisPs2b5JReXs2sqBfuPPLtoXt+7Hm8X50QG0IeX6gB+iubmhtMvydHQQ5pM1FN4EsX/iyWIVsSYbE7Wpg9tkpol2pC3UFC2Bv+0SM/OAPcYIzc0xLQb0Rsyk= Received: from CH3PR12MB9194.namprd12.prod.outlook.com (2603:10b6:610:19f::7) by CH3PR12MB8728.namprd12.prod.outlook.com (2603:10b6:610:171::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.23; Fri, 20 Oct 2023 00:44:04 +0000 Received: from CH3PR12MB9194.namprd12.prod.outlook.com ([fe80::16da:8b28:d454:ad5a]) by CH3PR12MB9194.namprd12.prod.outlook.com ([fe80::16da:8b28:d454:ad5a%3]) with mapi id 15.20.6863.043; Fri, 20 Oct 2023 00:44:04 +0000 Message-ID: Date: Fri, 20 Oct 2023 11:43:38 +1100 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event Content-Language: en-US To: Sean Christopherson Cc: Dionna Amalie Glaze , Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-49-michael.roth@amd.com> <924b755a-977a-4476-9525-a7626d728e18@amd.com> <2034624b-579f-482e-8a7a-0dfc91740d7e@amd.com> From: Alexey Kardashevskiy In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: SY5P300CA0071.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:247::18) To CH3PR12MB9194.namprd12.prod.outlook.com (2603:10b6:610:19f::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR12MB9194:EE_|CH3PR12MB8728:EE_ X-MS-Office365-Filtering-Correlation-Id: 973f31b1-32e3-4094-3e40-08dbd105a8b8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: D4P6sAQxb4G7RbpGIE8cDnA2cZkDnzpzvjWd2RD8a9eGhytPSfwHqiK0yNZGlKd3gz96vupuBSt1en5gWN1WyNNHAJtULtG9F7YHBeQdC+uAl5SdCnwyGe9jRk4VMo91i1fEgW3In9nd4IowNBrdMLBdDYhODxISkDfRCgpnFI7lyBzaf8R6loGQPA1SxAcKDUZDi58lIn1ca1jM8Ykpk+ky8pUywVKhjqi56EnTQu2OsjOTlIkY8W9JVUMZ9Yhtjh7Qvz4jqa+y9muKjUUWhOGxsKpn3jncOKuXEk+8DBDNq6bYirgoGnE24+AlLDu5ikjuDWe6XnAtxF3TJg87vbFrm38p8UDvSW9bbuaqwch8KS+tiNu4eO32UzSYHPDfYDh4cT1aXpYnV6ZWLD4wLaX/aWjYeNn0PxPKd3lbT0Rpm6fthpQzmoS134h0JPSw31Sh5SCL0uS+PoayIjcmG5nBBIMgnuelXQL/MNfz3Bftdv64PptjjsX8GKyVY6KRh4HSEPaNBP1mIpWVu1PGI6bRD+LCL05lWyL5L6EMO77lAngCalZr8jFw+I9JyjifEW1lWgGGYUOL99nozPJF4ELCOwCV8Dy4wYwztkoLEmvXbBmQAv8igr3sUag9uPYiEt1h5MtYiasoPjd5S3RcLQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR12MB9194.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(396003)(39860400002)(376002)(136003)(230922051799003)(451199024)(1800799009)(186009)(64100799003)(31686004)(38100700002)(66946007)(316002)(6916009)(6486002)(5660300002)(8936002)(31696002)(54906003)(7416002)(7406005)(6666004)(83380400001)(8676002)(41300700001)(66476007)(2906002)(53546011)(6506007)(66556008)(6512007)(4326008)(2616005)(478600001)(26005)(36756003)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MVFxKzA1bXBYMkZJT2xLRXAvQlhRRDhSaUZGVVRyUnhYZUI2bEEzRllrQTFH?= =?utf-8?B?eUdDdkNUaWovK283amJBanMyUzRDSitpWjN5Sk1tUE9Oc1NlckpYcXdRcjgw?= =?utf-8?B?RG9Sc3FUU3VxMnVYTDJ0VzFFQU1GMk85R2ZRb2ZyOEtjMTlSVWh5WEhISVd2?= =?utf-8?B?ZE1oQU5GV2pLcWw3TEVYREZXTFZvRWIrVUNmc2hPb3loeDRNRlFtMkpPL1ZK?= =?utf-8?B?UkNkcVRWaE9DRmpFMmttWVhCRWRWT0p5YnVkZUx6aDRhd1pYMXBPRGY2cVBI?= =?utf-8?B?bkdUMjlXdXZPZkJ6cTNNMWdWbXJxeGViM0lpMWRJR0J5cmZHWmFwazUwalFN?= =?utf-8?B?WlpuaUJVNDNUQ3RMNVBHNXUwKzRDQXR0dWNhNy9DNWtvWEloeWlxMjczSWQx?= =?utf-8?B?cTFwcEJRY1hKOHJmMDNoa1hsa1NaT0d5MU8zL1dVaVFOVDIyVU9KbTlVSzZL?= =?utf-8?B?Y1lkNkZGdG5aMHdiY2R6RnEwOHVNSDBkTDZkVG5iVm9rRGZJejN2THFnaGU5?= =?utf-8?B?OHVEUWFidEZ1MjN0QzRUR05nQzY1SUlIbFZGc1BZNlQveVNoYXpMQnl6ZkJC?= =?utf-8?B?YkM3UXpNVXlzNXZ5WTFiUkpxVVpmbUlDK1FleFM4YmRjK1ViV3h3UmVlN1Vz?= =?utf-8?B?bUF0NmY1Ylk3aUR0V1dnUDNidDhpWWJIRktMcDRNUE56M1Jjb2xJMWhNajdC?= =?utf-8?B?ZEZFQkNmR2JDT1Y0T2xzdTk0LzBZUUdta0ZuSi9DMWYweDNRTW5ZRytxK3ZK?= =?utf-8?B?eVVaZkRQS3pQd3BBMmNha2xSTjFWYkVTT2wzZGJYa0NJaEo0cUhaY3psM2M2?= =?utf-8?B?M0RYNkZXZU1LRmpBbFdEbHgrZENrdUhIeFpMa1EydXJ0WVZ6TGJvWWJnR2Zn?= =?utf-8?B?T28vQ0Z3aCtjb1oxMU43aWJjNFp1bzZpYXBuSy9RSVZUMVFkVFhVOHBoRjI2?= =?utf-8?B?M2UrVWxpQmdhZnlGZFBQYTBDaVFRM094WFE5ZEQvYk9yeWlsZzBUeithajg3?= =?utf-8?B?OFJoOHFYMzRVZGEwcE9DdEFjeVBjdmVXYlVLMHNOUHBnZUovKzRwczJkS1FZ?= =?utf-8?B?ZUl2RDI3U2w1V3hsT1NhdDU2K2kxNXdraDN6QUxma3FNb0V2Zk16RFZ0c2Jk?= =?utf-8?B?UE53eTdrVWxkWlkxd3l4OStzSUFvazZna3ZmMXFCcFpjaFVibks0cS9zZHdv?= =?utf-8?B?N1lYWUJycTB2UXBhVlhiMlM5cE5NV1pRelFxbnZFRWVKV2ZQQysrUlNUcS82?= =?utf-8?B?VUZHU0ZQSjhYNVRWZDdENXdPZzZyMi85VS9wM1l3UUFNRnRSRjZ5YWJJMDhS?= =?utf-8?B?L09jT0ZpWWtNV3E5ajBBUGhaeW1zdDVjUm5PazZDSzBuTWVjeDRjSEgwQ0Fj?= =?utf-8?B?dW1VSEhEanVGc3YweEJGa2xTeW54enBmYk1CRElWRVFSWllOVUNzdjJWWHQ0?= =?utf-8?B?YWRWOWxYZ2o4R2dvQmhBUzN0U3lUVG5DR1M0NzdvTmc1UHhjSjFmYmxleEdr?= =?utf-8?B?M2pnWWJUTFpZV0VkQ2xUWThYRUY5czRpR1VyNTQzcHJKZjV5MFBkRFBZb1Ax?= =?utf-8?B?Z2NCbzl1WkdMYlI5WUl5R1RvNW5waG5hbFB3U0xZai94RFAxV0laaU1xSmly?= =?utf-8?B?dmsrcWxIaDRGRkp0RHI0eUljOUhMU2xtQWh0b3FwYlpFLy93OTltZG1QQ3R1?= =?utf-8?B?eVd4L0tseGdYZzRBRVM3Y1VDSHYyVlRPRjVsOS8xeEgrUlYwcVN5YVFHcXYx?= =?utf-8?B?eTNBK0ZCYk11bG5tNVJUTy90MHg1VTgwcFhXTkc1SEhxTkwwN2tkb0pwQUlT?= =?utf-8?B?TTlUeGZtaWdNc2piRU4yaVB2amxiZEhmcHpRelFPa0FsSDVacWlqVmp0YUs2?= =?utf-8?B?VnY3VUp4OGU5OGl4WjRuV2NQNWUwKy9yeXZ2RzFlT3FLUmNMQ1JaOG0vcUtN?= =?utf-8?B?dkdyN3EyWkJjeEcrRkFMa3luZG85MndyMFFVOXBUdFhYVzIwaElHenBLMkk2?= =?utf-8?B?QVRaZEROZzFHb2tBT2kwNCtzZTJ4aVYyWFRYNkM3WklCVG5WRjVWcDU0Qldw?= =?utf-8?B?dTJLWXFsK3puUzlXV0RsbEt6dXdBdXpaUmdZd1o5SVVvSGp0bzZPRnJNbG5F?= =?utf-8?Q?HjJCEwMN1jGUFatC+uV/cLVcV?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 973f31b1-32e3-4094-3e40-08dbd105a8b8 X-MS-Exchange-CrossTenant-AuthSource: CH3PR12MB9194.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2023 00:44:04.2063 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: l+AnVrzNXOViaXvY0K1pbIoFd5diF6xHdebfaD8K3j3buI9DH3BM4m5a1s/fvOrG1sXz7opTxkyozNTLYsqL2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8728 X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: D6C0A1A0009 X-Stat-Signature: erq61p68rdtaswu4g57mi9s65cczs41i X-HE-Tag: 1697762646-555171 X-HE-Meta: U2FsdGVkX19iIr+xN876/iJgVnM46gB9q7neAftum6E87V5kp31HBE67FnQfBsSCs2DzzHMb6q4WIhnY6Z5QFd6UVd6+5k3GHClsgNAXuI1fmnh9hFkhHR5qjIR8/gmocJ5BVPRzLHbOUcEx+yaQhTJT5jRSjSMR6N024xseKGkubbUUmaBL740bhpH0EnTekGzCpS3NfuAUsGhOevZqtScLrh3JjHcjpi9CObyGocK30X6OhN7bmnlDWP+KfyL6eZj8ZPGgKy01Wc9ytYPQTAyipWMmaOtQfyGNG001dCZ/4fPPjEkaeLL8YDIjvBqAtXDuilLy5eBKftyuZhDVlS4k20I/UMKCwrt/mvAOuF3fNS8pNQLRR/jwn+BPlMTlKnwz2jveADY5/76JO1llsTes1Z5bn+RHsGzqZxHO4C5NkA8c77VT8dHMsqBWull8wnCfIuuq+TO5gzvgxqvbEa379Ix7JDkzI6ZxbkD9fBKK0dRlBu84VvZPL+dMsTw9zuZYkUxXR0YdF5CCSB/zhdDXaCcJizRQHEmyzQebDnv0lbfDtSa07ZrUKvKatlGP4ciubPqyv7/AqrBFIOuy7ogW2wIDEd0cdr56//ATl1DQV2+a0+dpMpgmpnZdG2Q/U4fZUkAqc+QkP6LqfNRR2aub1zJG4IAVtlwVWa5Pwg7LzgXow359sE42ZKK9sXsL0jby/8V2Hbx2tJMpsuEFCvE/lDQT2XJ7Epr0pGlBFSIKWLim81vbS/q6t0KGJH6c6973ShuRi/Z4sLcW1hm94JVXDE6D6uO25uYbbLUecqj8RuFx+wQDRT1jxBFd28IVvRYfkb/QW/oFFRLuZGyizZY0VmOUSDXHySOlz5u75dghGye8JUooRvtTo6n/fhyW0hQgd+MgTn63yC/MSKgvnS+CRmdkAkg1z8ierSTtWG7KesOphEWbfevq02CuZ9ydWxKeR++MjJA3aRGknR/ rsecBPr0 XOigYXi/StVUnqpWIReUhuv4+SkBFQfiZe+X5R5H53RxoX5CP/HtCDKuB1Zm9lhjFjGM20Zu256yBV4KjZbabK8ttw//6d2jwDeMwWkjz3Yxa2/2AIVyM7iOoMkgthql07Zw/2dQWzvxqcMSUvbLKhUyzGYvQTJonOanI4L0gbooHS811KHkxxIM0ykP4flFYKZVpaLPytJITV+aNchSsHPKtd0hrLp9vndIb3pKr0njKJuzT8HExY30kSaiRIxVJpLvjP3ZK3xZD9DmHdO8ioG0p7dTYIW/HCfC2cGN4OSd3kRzB73jcO4Pv7vZy+GHzAZUMEZH8Rb2E3OeKsdtFG7tgtDOcSAqKWWDqwYjqeHbrZu3+8suBbxvorTSo4g53FVegzT8fbrJoQxNZ8L1Qa/rq51oHwfESS2HcQQ0o1GDQ7SNDYn1OXAgJww== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000044, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 20/10/23 11:13, Sean Christopherson wrote: > On Fri, Oct 20, 2023, Alexey Kardashevskiy wrote: >> >> On 20/10/23 01:57, Sean Christopherson wrote: >>> On Thu, Oct 19, 2023, Alexey Kardashevskiy wrote: >>>>> vcpu->arch.complete_userspace_io = snp_complete_ext_guest_request; >>>>> return 0; >>>>> } >>>> >>>> This should work the KVM stored certs nicely but not for the global certs. >>>> Although I am not all convinced that global certs is all that valuable but I >>>> do not know the history of that, happened before I joined so I let others to >>>> comment on that. Thanks, >>> >>> Aren't the global certs provided by userspace too though? If all certs are >>> ultimately controlled by userspace, I don't see any reason to make the kernel a >>> middle-man. >> >> The max blob size is 32KB or so and for 200 VMs it is: > > Not according to include/linux/psp-sev.h: > > #define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ > > Ugh, and I see in another patch: > > Also increase the SEV_FW_BLOB_MAX_SIZE another 4K page to allow space > for an extra certificate. > > -#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ > +#define SEV_FW_BLOB_MAX_SIZE 0x5000 /* 20KB */ > > That's gross and just asking for ABI problems, because then there's this: > > +:: > + > + struct kvm_sev_snp_set_certs { > + __u64 certs_uaddr; > + __u64 certs_len > + }; > + > +The certs_len field may not exceed SEV_FW_BLOB_MAX_SIZE. > >> - 6.5MB, all in the userspace so swappable vs >> - 32KB but in the kernel so not swappable. >> Sure, a box capable of running 200 VMs must have plenty of RAM but still :) > > That's making quite a few assumptions. > > 1) That the global cert will be 32KiB (which clearly isn't the case today). > 2) That every VM will want the global cert. > 3) That userspace can't figure out a way to share the global cert. > > Even in that absolutely worst case scenario, I am not remotely convinced that it > justifies taking on the necessary complexity to manage certs in-kernel. > >> Plus, GHCB now has to go via the userspace before talking to the PSP which >> was not the case so far (though I cannot think of immediate implication >> right now). > > Any argument along the lines of "because that's how we've always done it" is going > to fall on deaf ears. If there's a real performance bottleneck with kicking out > to userspace, then I'll happily work to figure out a solution. If. No, not performance, I was trying to imagine what can go wrong if multiple vcpus are making this call, all exiting to QEMU, in a loop, racing, something like this. -- Alexey