Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 11/15/21 12:44 PM, Sean Christopherson wrote:
On Mon, Nov 15, 2021, Brijesh Singh wrote:

On 11/12/21 2:37 PM, Sean Christopherson wrote:
This is the direction KVM TDX support is headed, though it's obviously still a WIP.


Just curious, in this approach, how do you propose handling the host
kexec/kdump? If a kexec/kdump occurs while the VM is still active, the new
kernel will encounter the #PF (RMP violation) because some pages are still
marked 'private' in the RMP table.

There are two basic options: a) eagerly purge the RMP or b) lazily fixup the RMP
on #PF.  Either approach can be made to work.  I'm not opposed to fixing up the RMP
on #PF in the kexec/kdump case, I'm opposed to blindly updating the RMP on _all_
RMP #PFs, i.e. the kernel should modify the RMP if and only if it knows that doing
so is correct.  E.g. a naive lazy-fixup solution would be to track which pages have
been sanitized and adjust the RMP on #PF to a page that hasn't yet been sanitized.


Yap, I think option #a will require the current kernel to iterate through the entire memory and make it shared before booting the kexec kernel. It may bring another ask to track the guest private/shared on the host to minimize the iterations.

thanks



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux