From: David Rientjes <rientjes@google.com>
To: Vipin Sharma <vipinsh@google.com>
Cc: Sean Christopherson <seanjc@google.com>,
Janosch Frank <frankja@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Lendacky@google.com, Thomas <thomas.lendacky@amd.com>,
pbonzini@redhat.com, tj@kernel.org, lizefan@huawei.com,
joro@8bytes.org, corbet@lwn.net, Singh@google.com,
Brijesh <brijesh.singh@amd.com>,
Grimm@google.com, Jon <jon.grimm@amd.com>,
VanTassell@google.com, Eric <eric.vantassell@amd.com>,
gingell@google.com, kvm@vger.kernel.org, x86@kernel.org,
cgroups@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC Patch 0/2] KVM: SVM: Cgroup support for SVM SEV ASIDs
Date: Tue, 24 Nov 2020 12:18:45 -0800 (PST) [thread overview]
Message-ID: <alpine.DEB.2.23.453.2011241215400.3594395@chino.kir.corp.google.com> (raw)
In-Reply-To: <20201124194904.GA45519@google.com>
On Tue, 24 Nov 2020, Vipin Sharma wrote:
> > > Looping Janosch and Christian back into the thread.
> > >
> > > I interpret this suggestion as
> > > encryption.{sev,sev_es,keyids}.{max,current,events} for AMD and Intel
> >
> > I think it makes sense to use encryption_ids instead of simply encryption, that
> > way it's clear the cgroup is accounting ids as opposed to restricting what
> > techs can be used on yes/no basis.
> >
Agreed.
> > > offerings, which was my thought on this as well.
> > >
> > > Certainly the kernel could provide a single interface for all of these and
> > > key value pairs depending on the underlying encryption technology but it
> > > seems to only introduce additional complexity in the kernel in string
> > > parsing that can otherwise be avoided. I think we all agree that a single
> > > interface for all encryption keys or one-value-per-file could be done in
> > > the kernel and handled by any userspace agent that is configuring these
> > > values.
> > >
> > > I think Vipin is adding a root level file that describes how many keys we
> > > have available on the platform for each technology. So I think this comes
> > > down to, for example, a single encryption.max file vs
> > > encryption.{sev,sev_es,keyid}.max. SEV and SEV-ES ASIDs are provisioned
> >
> > Are you suggesting that the cgroup omit "current" and "events"? I agree there's
> > no need to enumerate platform total, but not knowing how many of the allowed IDs
> > have been allocated seems problematic.
> >
>
> We will be showing encryption_ids.{sev,sev_es}.{max,current}
> I am inclined to not provide "events" as I am not using it, let me know
> if this file is required, I can provide it then.
>
> I will provide an encryption_ids.{sev,sev_es}.stat file, which shows
> total available ids on the platform. This one will be useful for
> scheduling jobs in the cloud infrastructure based on total supported
> capacity.
>
Makes sense. I assume the stat file is only at the cgroup root level
since it would otherwise be duplicating its contents in every cgroup under
it. Probably not very helpful for child cgroup to see stat = 509 ASIDs
but max = 100 :)
next prev parent reply other threads:[~2020-11-24 20:18 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-22 0:40 [RFC Patch 0/2] KVM: SVM: Cgroup support for SVM SEV ASIDs Vipin Sharma
2020-09-22 0:40 ` [RFC Patch 1/2] KVM: SVM: Create SEV cgroup controller Vipin Sharma
2020-09-22 1:04 ` Randy Dunlap
2020-09-22 1:04 ` Randy Dunlap
2020-09-22 1:22 ` Sean Christopherson
2020-09-22 16:05 ` Vipin Sharma
2020-09-22 16:05 ` Vipin Sharma
2020-11-03 16:39 ` James Bottomley
2020-11-03 18:10 ` Sean Christopherson
2020-11-03 22:43 ` James Bottomley
2020-09-22 7:54 ` kernel test robot
2020-09-22 0:40 ` [RFC Patch 2/2] KVM: SVM: SEV cgroup controller documentation Vipin Sharma
2020-09-22 0:40 ` Vipin Sharma
2020-09-22 1:48 ` [RFC Patch 0/2] KVM: SVM: Cgroup support for SVM SEV ASIDs Sean Christopherson
2020-09-22 21:14 ` Vipin Sharma
2020-09-22 21:14 ` Vipin Sharma
[not found] ` <20200924192116.GC9649@linux.intel.com>
2020-09-24 19:55 ` Tom Lendacky
2020-09-24 19:55 ` Tom Lendacky
2020-09-25 22:22 ` Vipin Sharma
2020-10-02 20:48 ` Vipin Sharma
2020-11-03 2:06 ` Sean Christopherson
2020-11-14 0:26 ` David Rientjes
2020-11-24 19:16 ` Sean Christopherson
2020-11-24 19:49 ` Vipin Sharma
2020-11-24 19:49 ` Vipin Sharma
2020-11-24 20:18 ` David Rientjes [this message]
2020-11-24 21:08 ` Vipin Sharma
2020-11-24 21:27 ` Sean Christopherson
2020-11-24 21:27 ` Sean Christopherson
2020-11-24 22:21 ` Vipin Sharma
2020-11-24 23:18 ` Sean Christopherson
2020-11-27 18:01 ` Christian Borntraeger
2020-11-27 18:01 ` Christian Borntraeger
2020-10-01 18:08 ` Peter Gonda
2020-10-01 22:44 ` Tom Lendacky
2020-10-01 22:44 ` Tom Lendacky
2020-09-23 12:47 ` Paolo Bonzini
2020-09-23 12:47 ` Paolo Bonzini
2020-09-23 12:47 ` Paolo Bonzini
2020-09-28 9:12 ` Janosch Frank
2020-09-28 9:12 ` Janosch Frank
2020-09-28 9:21 ` Christian Borntraeger
2020-09-28 9:21 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.23.453.2011241215400.3594395@chino.kir.corp.google.com \
--to=rientjes@google.com \
--cc=Grimm@google.com \
--cc=Lendacky@google.com \
--cc=Singh@google.com \
--cc=VanTassell@google.com \
--cc=borntraeger@de.ibm.com \
--cc=brijesh.singh@amd.com \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=eric.vantassell@amd.com \
--cc=frankja@linux.ibm.com \
--cc=gingell@google.com \
--cc=jon.grimm@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
--cc=tj@kernel.org \
--cc=vipinsh@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.