Re: [PATCH 0/6] Add RMPOPT support.

Next message: Gary Guo: "Re: [PATCH] rust: pin-init: replace clippy `expect` with `allow`"
Previous message: redacherkaoui: "[PATCH] x86/boot/compressed: Fix signedness of rdfs8()"
In reply to: Kalra, Ashish: "Re: [PATCH 0/6] Add RMPOPT support."
Next in thread: Kalra, Ashish: "Re: [PATCH 0/6] Add RMPOPT support."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dave Hansen

Date: Wed Feb 18 2026 - 10:04:08 EST

On 2/17/26 20:12, Kalra, Ashish wrote:
>> That's not awful.
>>
>> To be honest, though, I think this is misdesigned. Shouldn't the CPU
>> *boot* in a state where it is optimized? Why should software have to
>> tell it that coming out of reset, there is no SEV-SNP memory?
> When the CPU boots, the RMP checks are not done and therefore the CPU
> is booting in a state where it is optimized.
>
> The RMP checks are not enabled till SEV-SNP is enabled and SNP is enabled
> during kernel boot (as part of iommu_snp_enable() -> snp_rmptable_init()).
>
> Once SNP is enabled as part of kernel boot, hypervisor and non-SNP guests are
> subject to RMP checks on writes to provide integrity of SEV-SNP guest memory.
>
> Therefore, we need to enable these RMP optimizations after SNP has been
> enabled to indicate which 1GB regions of memory are known to not contain any
> SEV-SNP guest memory.

They are known not to contain any SEV-SNP guest memory at the moment
snp_rmptable_init() finishes, no?