Re: [RFC Part2 PATCH v3 16/26] KVM: SVM: Add support for SEV LAUNCH_UPDATE_DATA command

From: Borislav Petkov
Date: Wed Sep 13 2017 - 17:07:50 EST

Next message: kbuild test robot: "[tip:WIP.x86/apic 10/54] drivers//gpio/gpio-xgene-sb.c:224:14: error: initialization from incompatible pointer type"
Previous message: Borislav Petkov: "Re: [RFC Part2 PATCH v3 15/26] KVM: SVM: Add support for SEV LAUNCH_START command"
In reply to: Brijesh Singh: "Re: [RFC Part2 PATCH v3 16/26] KVM: SVM: Add support for SEV LAUNCH_UPDATE_DATA command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 13, 2017 at 02:45:37PM -0500, Brijesh Singh wrote:
> Actually I don't know what should be sane upper bound in this case --
> typically we encrypt the guest BIOS using LAUNCH_UPDATE_DATA command.
> I have heard that some user may want to create a pre-encrypted image
> (which may contains guest BIOS + kernel + initrd) -- this can be huge.
>
> For SEV guest, we have been needing to pin the memory hence how about if
> we limit the number of pages to pin with rlimit ? The rlimit check can
> also include the guest RAM pinning.

rlimit sounds like a sensible thing to do. It would be interesting to
hear what the general policy is wrt guest sizes that KVM folk do ...

--
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
--

Next message: kbuild test robot: "[tip:WIP.x86/apic 10/54] drivers//gpio/gpio-xgene-sb.c:224:14: error: initialization from incompatible pointer type"
Previous message: Borislav Petkov: "Re: [RFC Part2 PATCH v3 15/26] KVM: SVM: Add support for SEV LAUNCH_START command"
In reply to: Brijesh Singh: "Re: [RFC Part2 PATCH v3 16/26] KVM: SVM: Add support for SEV LAUNCH_UPDATE_DATA command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]