Re: [PATCH v3 10/11] mm: x86: Invoke hypercall when page encryption status is changed

From: Thomas Gleixner
Date: Thu Aug 29 2019 - 14:21:51 EST


On Thu, 29 Aug 2019, Borislav Petkov wrote:

> On Wed, Jul 10, 2019 at 08:13:11PM +0000, Singh, Brijesh wrote:
> > @@ -2060,6 +2067,14 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
> > */
> > cpa_flush(&cpa, 0);
> >
> > + /*
> > + * When SEV is active, notify hypervisor that a given memory range is mapped
> > + * encrypted or decrypted. Hypervisor will use this information during
> > + * the VM migration.
> > + */
> > + if (sev_active())
> > + set_memory_enc_dec_hypercall(addr, numpages << PAGE_SHIFT, enc);
>
> Btw, tglx has a another valid design concern here: why isn't this a
> pv_ops thing? So that it is active only when the hypervisor is actually
> present?
>
> I know, I know, this will run on SEV guests only because it is all
> (hopefully) behind "if (sev_active())" checks but the clean and accepted
> design is a paravirt call, I'd say.

No. sev_active() has nothing to do with guest mode. It tells whether SEV is
active or not. So yes, this calls into this function on both guest and
host. The latter is beyond pointless.

Thanks,

tglx