On 12/7/21 12:06 PM, Mike Rapoport wrote:
>> An ABI that says "everything is encrypted" is pretty meaningless and
>> only useful for this one, special case.
>>
>> A per-node ABI is useful for this case and is also useful going forward
>> if folks want to target allocations from applications to NUMA nodes
>> which have encryption capabilities. The ABI in this set is useful for
>> the immediate case and is useful to other folks.
> I don't mind per-node ABI, I'm just concerned that having a small region
> without the encryption flag set will render the entire node "not
> encryptable". This may happen because a bug in firmware, a user that shoot
> themself in a leg with weird memmap= or some hidden gem in interaction
> between e820, EFI and memblock that we still didn't discover.
That's a good point. But, that seems more in the realm of a
pr_{info,warn}_once() than something deserving of its own specific ABI.
If we have a 100GB of a node that supports encryption, and 4k that
causes the whole thing to be considered un-encryptable, a warning is be
appropriate and feasible.
