Re: [PATCH 0/6] Add RMPOPT support.

Next message: Frank Li: "Re: [PATCH 0/4] ARM: dts: TQMa6: modify for use in bootloaders"
Previous message: Tejun Heo: "Re: [PATCH] cgroup: free cset links on find_css_set() failure"
In reply to: Dave Hansen: "Re: [PATCH 0/6] Add RMPOPT support."
Next in thread: Dave Hansen: "Re: [PATCH 0/6] Add RMPOPT support."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kalra, Ashish

Date: Wed Feb 18 2026 - 12:04:48 EST

On 2/18/2026 9:03 AM, Dave Hansen wrote:
> On 2/17/26 20:12, Kalra, Ashish wrote:
>>> That's not awful.
>>>
>>> To be honest, though, I think this is misdesigned. Shouldn't the CPU
>>> *boot* in a state where it is optimized? Why should software have to
>>> tell it that coming out of reset, there is no SEV-SNP memory?
>> When the CPU boots, the RMP checks are not done and therefore the CPU
>> is booting in a state where it is optimized.
>>
>> The RMP checks are not enabled till SEV-SNP is enabled and SNP is enabled
>> during kernel boot (as part of iommu_snp_enable() -> snp_rmptable_init()).
>>
>> Once SNP is enabled as part of kernel boot, hypervisor and non-SNP guests are
>> subject to RMP checks on writes to provide integrity of SEV-SNP guest memory.
>>
>> Therefore, we need to enable these RMP optimizations after SNP has been
>> enabled to indicate which 1GB regions of memory are known to not contain any
>> SEV-SNP guest memory.
>
> They are known not to contain any SEV-SNP guest memory at the moment
> snp_rmptable_init() finishes, no?

Yes, but RMP checks are still performed and they affect performance.

Testing a bit in the per‑CPU RMPOPT table to avoid RMP checks significantly improves performance.

Thanks,
Ashish