| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170913210734.grfwb26rwudgbm2s@pd.tnic>
Date: Wed, 13 Sep 2017 23:07:34 +0200
From: Borislav Petkov <bp@...e.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org, kvm@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Joerg Roedel <joro@...tes.org>,
"Michael S . Tsirkin" <mst@...hat.com>,
Paolo Bonzini <pbonzini@...hat.com>,
\"Radim Krčmář\" <rkrcmar@...hat.com>,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [RFC Part2 PATCH v3 16/26] KVM: SVM: Add support for SEV
LAUNCH_UPDATE_DATA command
On Wed, Sep 13, 2017 at 02:45:37PM -0500, Brijesh Singh wrote:
> Actually I don't know what should be sane upper bound in this case --
> typically we encrypt the guest BIOS using LAUNCH_UPDATE_DATA command.
> I have heard that some user may want to create a pre-encrypted image
> (which may contains guest BIOS + kernel + initrd) -- this can be huge.
>
> For SEV guest, we have been needing to pin the memory hence how about if
> we limit the number of pages to pin with rlimit ? The rlimit check can
> also include the guest RAM pinning.
rlimit sounds like a sensible thing to do. It would be interesting to
hear what the general policy is wrt guest sizes that KVM folk do ...
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists