On 07/14/21 at 01:19pm, Philipp Rudo wrote:
Hi Baoquan,
On Wed, 14 Jul 2021 09:18:31 +0800
Baoquan He <bhe(a)redhat.com> wrote:
> Hi Philipp,
>
> On 07/13/21 at 11:59am, Philipp Rudo wrote:
> > "prot_virt" enables host protected virtual machines on s390. This
>
> This is a great patch, thanks.
thanks
> Since you have investigated and got some knowledge, could you help
> explain what is host protected virtual machines on s390? What is the
> difference between normal kvm guest on x86_64/arm64 and this on s390?
The "host protected virtual machines" come from Secure Execution on
s390 [1] which is similar to AMD SEV. With this the firmware manages
access to the guest memory such that a KVM host cannot access it (more
precisely, that the pages get encrypted before the host can access
them). In addition the guest image gets encrypted with a customer
specific key that is stored in hardware so the host cannot manipulate
the guest before executing it. Goal is to prevent malicious host
attacks.
Shall I update the commit message?
Yeah, if these can be added as background knowledge in the patch log, it
will be much better.
By the way, do you know why the host protected VM on s390 need a minimum
of ~2.5GB memory?
Thanks
Philipp
[1]
https://www.ibm.com/docs/en/linux-on-systems?topic=linux-introduction
>
> Thanks
> Baoquan
>
> > requires a minimum of ~2.5GB memory and thus exceeds what is typically
> > reserved for the crashkernel. Thus remove "prot_virt" from the
command
> > line for the 2nd kernel to prevent it to run out-of-memory.
> >
> > Signed-off-by: Philipp Rudo <prudo(a)redhat.com>
> > ---
> > kdump.sysconfig.s390x | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kdump.sysconfig.s390x b/kdump.sysconfig.s390x
> > index 439e462..234cfe9 100644
> > --- a/kdump.sysconfig.s390x
> > +++ b/kdump.sysconfig.s390x
> > @@ -17,7 +17,7 @@ KDUMP_COMMANDLINE=""
> > # This variable lets us remove arguments from the current kdump commandline
> > # as taken from either KDUMP_COMMANDLINE above, or from /proc/cmdline
> > # NOTE: some arguments such as crashkernel will always be removed
> > -KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug quiet
log_buf_len swiotlb vmcp_cma cma hugetlb_cma"
> > +KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug quiet
log_buf_len swiotlb vmcp_cma cma hugetlb_cma prot_virt"
> >
> > # This variable lets us append arguments to the current kdump commandline
> > # after processed by KDUMP_COMMANDLINE_REMOVE
> > --
> > 2.31.1
> > _______________________________________________
> > kexec mailing list -- kexec(a)lists.fedoraproject.org
> > To unsubscribe send an email to kexec-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedoraproject.org/archives/list/kexec@lists.fedoraproject.org
> > Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
>