Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2052279pxu; Tue, 24 Nov 2020 15:58:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJxAi9fXlkUMnTA4yn65pPvPWB/ds8BMrm4/AiW8W8sNoW7nlUg1CLV4V1zmVqhddhABvEiH X-Received: by 2002:a17:907:2089:: with SMTP id pv9mr906753ejb.34.1606262320904; Tue, 24 Nov 2020 15:58:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606262320; cv=none; d=google.com; s=arc-20160816; b=r+wG9OtlC8xbXV8L9tZNpg1NEWO8ga7l8aPsAU3qVfqtrMY4Td7tgnXQf2DE7afVB4 ljSC9nUPT/2QBrn1UuHb25Bt6zPO40OzGGFc4KEFsr6+qziofTG9FgxaoXbEuAO7smBm 9U+RqjemXHgc1Kyu9U8KbS7I8thQ7Wm+NkGdbQ6Kjbee3cg1th5TaI4YAGR2ZMjv2Ot5 2jQRGa2k3yJc4BN8aEThGzylPjSSktZ6LGOynIkc2bBwKYWR7nsZGHKpFFobMdy50b4H Ow0QwwasC3lZbxHwsDEWRM0RouB0tGkXNpDXLPZnQE+z7m1eabj4V+2WPr5PTZfwv6Rk KvDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=G8S42ykz8GQE/h+DytjaAc53070LGayg6/X2MaLnGo4=; b=n5krZiQpmJkh5uJkVcOTtKYITYPem9V96A2B/kwJ9NHkGC14pNejR7RGm4i71JX3u5 BagLmG+7qAOO38f3rZ0hC4mD2oDLLsk/Kk13HWvDj8B2iAjzSZuefQhdJ+qpCkuoggVw 4430i8oSDuNp6Q7xeskLgUCjx9A0wpZzcidT+H7MU072/gjFmmH4wvQsEHuwPKjpv9rf g5Umz+n4Cb+J82xypbICDBVhuDs+dHZzX+hx44a1uy9b4MlL5I1YtgCethuU3lYLjmQN gslf1ml+dsbF/7vakiwaC80UJYJYa2Z46K+39rKkqrz5K/h332454aokRWKNT9kbPXGz LW+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=rsCmTT9A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gy5si277360ejb.207.2020.11.24.15.58.18; Tue, 24 Nov 2020 15:58:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=rsCmTT9A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729610AbgKXVI1 (ORCPT + 99 others); Tue, 24 Nov 2020 16:08:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729549AbgKXVIZ (ORCPT ); Tue, 24 Nov 2020 16:08:25 -0500 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1879C061A4E for ; Tue, 24 Nov 2020 13:08:23 -0800 (PST) Received: by mail-pl1-x644.google.com with SMTP id 5so11321927plj.8 for ; Tue, 24 Nov 2020 13:08:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=G8S42ykz8GQE/h+DytjaAc53070LGayg6/X2MaLnGo4=; b=rsCmTT9AmQu1r6IL0afCU1Zq05tKOxlvyj55zg3e4zT5rVbfFAzSLQgCuoRaQFu7v1 +kXtZGJWUWplCRgQf3TWQeCyNjjdvRtdAEaKGVx4/otabfhCDdgsO9E3hhc+BEAQlovK ECp6s3ALBjkJ2dmlobjtCpJCJgDkZRTNhu73PVHr/ems2HMqXhcwXxEBUn1DuhffMmYk O3Zi9AY50iDVUSy9NV4U/2qXROdtB0fYp9q/ZkXZCQR/DOB39OmRESUFJ8p3Wz6DOm5h 0qOzDg2UcQEiXlHCSAsHLiPvIVMvu8zXyfFbOnBYwNvHcHLX3KTg6SkKzAZDN26Nqk1Y 6h4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=G8S42ykz8GQE/h+DytjaAc53070LGayg6/X2MaLnGo4=; b=tHc8XiXVTzIsBRJxD5RV/XGSb35tVTZUWsvlmVWtoCP2oYccHjRV7PFU0WQ0flhUtg czofs5svjl5puziIOsFhoGTkCG2aKntXVFi4DzeJIIAu5KZoZNsSOHFT6pKqWpcSW8Ib uDyhq0mw9EEkwLBYlAzgb469i34ZuyHMDeIB4XiA3STmrjAf6Igu6KFu6YVgHopKsolm N/HlMkIN8aQuDZ/VFXF8sdBhTWWqb3N+m7zSlPFYdXd7PPpTg2/efVo6VUwlIOP+kgsV RTh1+ZAV9ca1nLNX8z/cPPXxDNmFeEbgNqmWcb1y9P8wVVlONM9PWYVqVD1g9UJEvELB +R9A== X-Gm-Message-State: AOAM530iLaTE9Pd9rc6nJpbqyJ1TX4zul0k82En/19mye/Y79uLqHfXR x8WfRReQBYgOJRA0u3fTsQofug== X-Received: by 2002:a17:902:8b8c:b029:d6:df70:fa21 with SMTP id ay12-20020a1709028b8cb02900d6df70fa21mr147419plb.15.1606252102945; Tue, 24 Nov 2020 13:08:22 -0800 (PST) Received: from google.com ([2620:0:1008:10:1ea0:b8ff:fe75:b885]) by smtp.gmail.com with ESMTPSA id r15sm119898pjp.51.2020.11.24.13.08.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Nov 2020 13:08:22 -0800 (PST) Date: Tue, 24 Nov 2020 13:08:17 -0800 From: Vipin Sharma To: David Rientjes Cc: Sean Christopherson , Janosch Frank , Christian Borntraeger , Thomas , pbonzini@redhat.com, tj@kernel.org, lizefan@huawei.com, joro@8bytes.org, corbet@lwn.net, Brijesh , Jon , Eric , gingell@google.com, kvm@vger.kernel.org, x86@kernel.org, cgroups@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC Patch 0/2] KVM: SVM: Cgroup support for SVM SEV ASIDs Message-ID: <20201124210817.GA65542@google.com> References: <20201124191629.GB235281@google.com> <20201124194904.GA45519@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 24, 2020 at 12:18:45PM -0800, David Rientjes wrote: > On Tue, 24 Nov 2020, Vipin Sharma wrote: > > > > > Looping Janosch and Christian back into the thread. > > > > > > > > I interpret this suggestion as > > > > encryption.{sev,sev_es,keyids}.{max,current,events} for AMD and Intel > > > > > > I think it makes sense to use encryption_ids instead of simply encryption, that > > > way it's clear the cgroup is accounting ids as opposed to restricting what > > > techs can be used on yes/no basis. > > > > > Agreed. > > > > > offerings, which was my thought on this as well. > > > > > > > > Certainly the kernel could provide a single interface for all of these and > > > > key value pairs depending on the underlying encryption technology but it > > > > seems to only introduce additional complexity in the kernel in string > > > > parsing that can otherwise be avoided. I think we all agree that a single > > > > interface for all encryption keys or one-value-per-file could be done in > > > > the kernel and handled by any userspace agent that is configuring these > > > > values. > > > > > > > > I think Vipin is adding a root level file that describes how many keys we > > > > have available on the platform for each technology. So I think this comes > > > > down to, for example, a single encryption.max file vs > > > > encryption.{sev,sev_es,keyid}.max. SEV and SEV-ES ASIDs are provisioned > > > > > > Are you suggesting that the cgroup omit "current" and "events"? I agree there's > > > no need to enumerate platform total, but not knowing how many of the allowed IDs > > > have been allocated seems problematic. > > > > > > > We will be showing encryption_ids.{sev,sev_es}.{max,current} > > I am inclined to not provide "events" as I am not using it, let me know > > if this file is required, I can provide it then. > > > > I will provide an encryption_ids.{sev,sev_es}.stat file, which shows > > total available ids on the platform. This one will be useful for > > scheduling jobs in the cloud infrastructure based on total supported > > capacity. > > > > Makes sense. I assume the stat file is only at the cgroup root level > since it would otherwise be duplicating its contents in every cgroup under > it. Probably not very helpful for child cgroup to see stat = 509 ASIDs > but max = 100 :) Yes, only at root.