On Mon, Jun 17, 2019 at 6:40 PM Andy Lutomirski <[email protected]> wrote: > > On Mon, Jun 17, 2019 at 6:34 PM Lendacky, Thomas > <[email protected]> wrote: > > > > On 6/17/19 6:59 PM, Kai Huang wrote: > > > On Mon, 2019-06-17 at 11:27 -0700, Dave Hansen wrote: > > > > > > > And yes from my reading (better to have AMD guys to confirm) SEV guest > > > uses anonymous memory, but it > > > also pins all guest memory (by calling GUP from KVM -- SEV specifically > > > introduced 2 KVM ioctls for > > > this purpose), since SEV architecturally cannot support swapping, > > > migraiton of SEV-encrypted guest > > > memory, because SME/SEV also uses physical address as "tweak", and > > > there's no way that kernel can > > > get or use SEV-guest's memory encryption key. In order to swap/migrate > > > SEV-guest memory, we need SGX > > > EPC eviction/reload similar thing, which SEV doesn't have today. > > > > Yes, all the guest memory is currently pinned by calling GUP when creating > > an SEV guest. > > Ick. > > What happens if QEMU tries to read the memory? Does it just see > ciphertext? Is cache coherency lost if QEMU writes it?
I should add: is the current interface that SEV uses actually good, or should the kernel try to do something differently? I've spent exactly zero time looking at SEV APIs or at how QEMU manages its memory.
