On Wed, Sep 13, 2017 at 02:45:37PM -0500, Brijesh Singh wrote:
> Actually I don't know what should be sane upper bound in this case --
> typically we encrypt the guest BIOS using LAUNCH_UPDATE_DATA command.
> I have heard that some user may want to create a pre-encrypted image
> (which may contains guest BIOS + kernel + initrd) -- this can be huge.
>
> For SEV guest, we have been needing to pin the memory hence how about if
> we limit the number of pages to pin with rlimit ? The rlimit check can
> also include the guest RAM pinning.
rlimit sounds like a sensible thing to do. It would be interesting to
hear what the general policy is wrt guest sizes that KVM folk do ...
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
