Hi Baoquan,
On Wed, 14 Jul 2021 09:18:31 +0800
Baoquan He <bhe(a)redhat.com> wrote:
Hi Philipp,
On 07/13/21 at 11:59am, Philipp Rudo wrote:
> "prot_virt" enables host protected virtual machines on s390. This
This is a great patch, thanks.
thanks
Since you have investigated and got some knowledge, could you help
explain what is host protected virtual machines on s390? What is the
difference between normal kvm guest on x86_64/arm64 and this on s390?
The "host protected virtual machines" come from Secure Execution on
s390 [1] which is similar to AMD SEV. With this the firmware manages
access to the guest memory such that a KVM host cannot access it (more
precisely, that the pages get encrypted before the host can access
them). In addition the guest image gets encrypted with a customer
specific key that is stored in hardware so the host cannot manipulate
the guest before executing it. Goal is to prevent malicious host
attacks.
Shall I update the commit message?
Thanks
Philipp
[1]
https://www.ibm.com/docs/en/linux-on-systems?topic=linux-introduction
Thanks
Baoquan
> requires a minimum of ~2.5GB memory and thus exceeds what is typically
> reserved for the crashkernel. Thus remove "prot_virt" from the command
> line for the 2nd kernel to prevent it to run out-of-memory.
>
> Signed-off-by: Philipp Rudo <prudo(a)redhat.com>
> ---
> kdump.sysconfig.s390x | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kdump.sysconfig.s390x b/kdump.sysconfig.s390x
> index 439e462..234cfe9 100644
> --- a/kdump.sysconfig.s390x
> +++ b/kdump.sysconfig.s390x
> @@ -17,7 +17,7 @@ KDUMP_COMMANDLINE=""
> # This variable lets us remove arguments from the current kdump commandline
> # as taken from either KDUMP_COMMANDLINE above, or from /proc/cmdline
> # NOTE: some arguments such as crashkernel will always be removed
> -KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug quiet log_buf_len
swiotlb vmcp_cma cma hugetlb_cma"
> +KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug quiet log_buf_len
swiotlb vmcp_cma cma hugetlb_cma prot_virt"
>
> # This variable lets us append arguments to the current kdump commandline
> # after processed by KDUMP_COMMANDLINE_REMOVE
> --
> 2.31.1
> _______________________________________________
> kexec mailing list -- kexec(a)lists.fedoraproject.org
> To unsubscribe send an email to kexec-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/kexec@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure