Re: [PATCH] kvm/sev: make SEV/SEV-ES asids configurable
From: José Pekkarinen
Date: Tue Oct 10 2023 - 16:32:58 EST
On 2023-10-10 19:49, Peter Gonda wrote:
On Tue, Oct 10, 2023 at 5:22 AM José Pekkarinen
<jose.pekkarinen@xxxxxxxxxxx> wrote:
There are bioses that doesn't allow to configure the
number of asids allocated for SEV/SEV-ES, for those
cases, the default behaviour allocates all the asids
for SEV, leaving no room for SEV-ES to have some fun.
If the user request SEV-ES to be enabled, it will
find the kernel just run out of resources and ignored
user request. This following patch will address this
issue by making the number of asids for SEV/SEV-ES
configurable over kernel module parameters.
All this patch does is introduce an error case right? Because if the
BIOS hasn't actually configured those SEV-ES asids and KVM tries to
use an SEV as an SEV-ES asid commands to the ASP will fail, right?
What happens when you try to create an SEV-ES VM with this patch, when
the BIOS hasn't allocated any SEV-ES asids?
It still doesn't enable SEV-ES since the cpu exposes
min_sev_asids as 1, and there is a check to bail out in
the hardware setup function, so definitely this is not
fixing anything. I may not being understanding something
here though, since my BIOS doesn't seem to have any options
nor hints about SEV-ES, so I'm not quite sure it really
does something to provide the functionality. For the records
it is a Supermicro H11SSL-NC.
Thanks!
José.