| Message ID | 20240320083945.991426-30-michael.roth@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add AMD Secure Nested Paging (SEV-SNP) support | expand |
On Wed, Mar 20, 2024 at 03:39:25AM -0500, Michael Roth wrote: > SEV/SEV-ES rely on pinned memory to back guest RAM so discarding > isn't actually possible. With SNP, only guest_memfd pages are used > for private guest memory, so discarding of shared memory is still > possible, so only disable discard for SEV/SEV-ES. > > Signed-off-by: Michael Roth <michael.roth@amd.com> > --- > target/i386/sev.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/target/i386/sev.c b/target/i386/sev.c > index 134e8f7c22..43e6c0172f 100644 > --- a/target/i386/sev.c > +++ b/target/i386/sev.c > @@ -888,10 +888,18 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) > uint32_t host_cbitpos; > struct sev_user_data_status status = {}; > > - ret = ram_block_discard_disable(true); > - if (ret) { > - error_report("%s: cannot disable RAM discard", __func__); > - return -1; > + /* > + * SEV/SEV-ES rely on pinned memory to back guest RAM so discarding > + * isn't actually possible. With SNP, only guest_memfd pages are used > + * for private guest memory, so discarding of shared memory is still > + * possible.. > + */ > + if (!sev_snp_enabled()) { > + ret = ram_block_discard_disable(true); > + if (ret) { > + error_report("%s: cannot disable RAM discard", __func__); > + return -1; > + } > } Pre-existing code bug, but this method must use 'error_setg' to fill the 'Error **errp' parameter. With regards, Daniel
diff --git a/target/i386/sev.c b/target/i386/sev.c index 134e8f7c22..43e6c0172f 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -888,10 +888,18 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) uint32_t host_cbitpos; struct sev_user_data_status status = {}; - ret = ram_block_discard_disable(true); - if (ret) { - error_report("%s: cannot disable RAM discard", __func__); - return -1; + /* + * SEV/SEV-ES rely on pinned memory to back guest RAM so discarding + * isn't actually possible. With SNP, only guest_memfd pages are used + * for private guest memory, so discarding of shared memory is still + * possible.. + */ + if (!sev_snp_enabled()) { + ret = ram_block_discard_disable(true); + if (ret) { + error_report("%s: cannot disable RAM discard", __func__); + return -1; + } } sev_common->state = SEV_STATE_UNINIT;
SEV/SEV-ES rely on pinned memory to back guest RAM so discarding isn't actually possible. With SNP, only guest_memfd pages are used for private guest memory, so discarding of shared memory is still possible, so only disable discard for SEV/SEV-ES. Signed-off-by: Michael Roth <michael.roth@amd.com> --- target/i386/sev.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)