On 27.09.2022 17:22, Paolo Bonzini wrote:
Some users of KVM implement the UEFI variable store through a paravirtual device that does not require the "SMM lockbox" component of edk2; allow them to compile out system management mode, which is not a full implementation especially in how it interacts with nested virtualization. Suggested-by: Sean Christopherson <seanjc@xxxxxxxxxx> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> --- The patch isn't pretty. I could skip all the changes to add WARNs to called functions, but the point of adding the config symbol is to make sure that those functions, and all the baggage they bring, are dead.
Out of curiosity: why the SMM support is so special that it's worth to add a dedicated Kconfig entry for it? After all, the current typical way to disable stuff (for testing, etc) in KVM is to provide this possibility via a kvm module parameter. This way it also can be switched on or off without having to rebuild the kernel. Looking at the patch it doesn't seem to disable that much of code (like, significantly slim down the binary) and where it does disable something it mostly relies on compiler dead code removal rather than explicit #ifdefs (which would guarantee that the disabled code did not end in the binary). Thanks, Maciej
