Re: [Part1 PATCH v4 16/17] X86/KVM: Unencrypt shared per-cpu variables when SEV is active

From: Borislav Petkov
Date: Wed Sep 20 2017 - 03:39:37 EST


On Tue, Sep 19, 2017 at 09:00:39AM -0500, Brijesh Singh wrote:
> Yes, we can revisit it later to optimize it.

Yeah, it will become pretty fugly if we need to do more decrypted pages
sharing between hv and guest. And if they have to be perCPU, it becomes
nastier.

So we definitely should think about having a proper design for this
page-sized sharing. For example, if you do a single shared page and then
you copy the actual data between host and guest, the former becomes a
bounce buffer of sorts which adds that additional copying penalty. Yuck.

So we really should think about this more...

--
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
--