Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption

From: Dave Hansen
Date: Tue Dec 07 2021 - 15:13:56 EST

Next message: Sebastian Andrzej Siewior: "Re: [ANNOUNCE] 5.10.83-rt58"
Previous message: Peter Gonda: "Re: [PATCH 08/12] selftests: sev_migrate_tests: add tests for KVM_CAP_VM_COPY_ENC_CONTEXT_FROM"
In reply to: Mike Rapoport: "Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/7/21 12:06 PM, Mike Rapoport wrote:
>> An ABI that says "everything is encrypted" is pretty meaningless and
>> only useful for this one, special case.
>>
>> A per-node ABI is useful for this case and is also useful going forward
>> if folks want to target allocations from applications to NUMA nodes
>> which have encryption capabilities. The ABI in this set is useful for
>> the immediate case and is useful to other folks.
> I don't mind per-node ABI, I'm just concerned that having a small region
> without the encryption flag set will render the entire node "not
> encryptable". This may happen because a bug in firmware, a user that shoot
> themself in a leg with weird memmap= or some hidden gem in interaction
> between e820, EFI and memblock that we still didn't discover.

That's a good point. But, that seems more in the realm of a
pr_{info,warn}_once() than something deserving of its own specific ABI.

If we have a 100GB of a node that supports encryption, and 4k that
causes the whole thing to be considered un-encryptable, a warning is be
appropriate and feasible.

Next message: Sebastian Andrzej Siewior: "Re: [ANNOUNCE] 5.10.83-rt58"
Previous message: Peter Gonda: "Re: [PATCH 08/12] selftests: sev_migrate_tests: add tests for KVM_CAP_VM_COPY_ENC_CONTEXT_FROM"
In reply to: Mike Rapoport: "Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]