Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE

Next message: Pedro Falcato: "Re: [PATCH] vfs: missing inode operation should return a consistent error code"
Previous message: Boris Brezillon: "Re: [PATCH v2 5/7] drm/panfrost: Make reset sequence deal with an active HWPerf session"
In reply to: Sean Christopherson: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Next in thread: Sean Christopherson: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jörg Rödel

Date: Wed Jun 17 2026 - 10:45:03 EST

On Wed, Jun 17, 2026 at 06:37:52AM -0700, Sean Christopherson wrote:
> Ok, so it took us a few times to learn our lesson. I still don't see that as a
> strong argument for new uAPI, especially not for VMSA pages. I am very firmly
> of the opinion that letting anything but the host kernel configure the VMSA is
> beyond stupid, but unfortunately we're stuck with AP_CREATION. Expanding that
> surface has a very, very, VERY high bar to get over.

The strongest argument in my view (and the main reason we are doing this) is
actually the predictable launch measurement. On SEV-SNP this is a requirement
to use platform VM-identity features like the ID Block.

-Joerg