On 05.05.20 14:34, Dave Hansen wrote:[...] >> I'm not sure what exactly the requirements for your use case are; if those >> are significantly differently, maybe we can work together to find an >> approach that works for both? > > I'm actually trying to figure out what to do with AMD's SEV. The > current state isn't great and, for instance, allows userspace to read > guest ciphertext. But, the pages come and go out of the encrypted state > at the behest of the guest, and the kernel needs *some* mapping for the > pages to do things like instruction emulation. > > I started looking at s390 because someone said there was a similar > problem there and suggested the hooks might work. I couldn't figure out > how they worked comprehensively on s390, and that's how we got here. We are certainly not married to our approach. I would happily extend/change this to anything that works for your case and the s390 case. So can you outline your requirements a bit more?
