On Tue, Apr 20, 2021, Paolo Bonzini wrote: > On 15/04/21 17:57, Ashish Kalra wrote: > > From: Ashish Kalra <ashish.kalra@xxxxxxx> > > > > This hypercall is used by the SEV guest to notify a change in the page > > encryption status to the hypervisor. The hypercall should be invoked > > only when the encryption attribute is changed from encrypted -> decrypted > > and vice versa. By default all guest pages are considered encrypted. > > > > The hypercall exits to userspace to manage the guest shared regions and > > integrate with the userspace VMM's migration code. > > I think this should be exposed to userspace as a capability, rather than as > a CPUID bit. Userspace then can enable the capability and set the CPUID bit > if it wants. > > The reason is that userspace could pass KVM_GET_SUPPORTED_CPUID to > KVM_SET_CPUID2 and the hypercall then would break the guest. Right, and that's partly why I was advocating that KVM emulate the MSR as a nop.
