| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2020 18:04:04 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: Vipin Sharma <vipinsh@...gle.com>, thomas.lendacky@....com,
pbonzini@...hat.com, sean.j.christopherson@...el.com,
tj@...nel.org, lizefan@...wei.com
Cc: joro@...tes.org, corbet@....net, brijesh.singh@....com,
jon.grimm@....com, eric.vantassell@....com, gingell@...gle.com,
rientjes@...gle.com, kvm@...r.kernel.org, x86@...nel.org,
cgroups@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org,
Dionna Glaze <dionnaglaze@...gle.com>,
Erdem Aktas <erdemaktas@...gle.com>
Subject: Re: [RFC Patch 1/2] KVM: SVM: Create SEV cgroup controller.
Hi,
On 9/21/20 5:40 PM, Vipin Sharma wrote:
> diff --git a/init/Kconfig b/init/Kconfig
> index d6a0b31b13dc..1a57c362b803 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1101,6 +1101,20 @@ config CGROUP_BPF
> BPF_CGROUP_INET_INGRESS will be executed on the ingress path of
> inet sockets.
>
> +config CGROUP_SEV
> + bool "SEV ASID controller"
> + depends on KVM_AMD_SEV
> + default n
> + help
> + Provides a controller for AMD SEV ASIDs. This controller limits and
> + shows the total usage of SEV ASIDs used in encrypted VMs on AMD
> + processors. Whenever a new encrypted VM is created using SEV on an
> + AMD processor, this controller will check the current limit in the
> + cgroup to which the task belongs and will deny the SEV ASID if the
> + cgroup has already reached its limit.
> +
> + Say N if unsure.
Something here (either in the bool prompt string or the help text) should
let a reader know w.t.h. SEV means.
Without having to look in other places...
thanks.
--
~Randy
Powered by blists - more mailing lists