libvirt users - Apr 2019 - SEV machines and memory pinning

Hello,

I am working on implementing SEV support in OpenStack. There are some 
questions that came up in the discussion of the spec [0]

[0] https://review.openstack.org/#/c/641994/

As far as i understand, the memory for SEV machines need to be pinned so 
that it doesn't migrate to swap and page migration. ROMS, UEFI pflash 
and video RAM should be pinned too.

Initially we planned to use hard_limit of <memtune> element to pin the 
memory. However, from the discussion in the spec it seems that there is 
no way to determine a good enough value and that hard_limit should not 
be used at all.

What should be used then?

There is a suggestion to use something like this:

   <memoryBacking>
     <hugepages>
       <page size="2" unit="M" nodeset="1"/>
     </hugepages>
     <nosharepages/>
     <locked/>
     <source type="file"/>
     <access mode="shared"/>
     <allocation mode="immediate"/>
   </memoryBacking>

Will it work? Are there any caveats we should remember about with this 
config? If we can use it, is there anything that would be redundant or 
not necessary for our case?

On Wed, Apr 03, 2019 at 07:59:13PM +0200, Boris Bobrov
wrote:
> Hello,
> 
> I am working on implementing SEV support in OpenStack. There are some
> questions that came up in the discussion of the spec [0]
> 
> [0] https://review.openstack.org/#/c/641994/
> 
> As far as i understand, the memory for SEV machines need to be pinned so
> that it doesn't migrate to swap and page migration. ROMS, UEFI pflash
and
> video RAM should be pinned too.
> 
> Initially we planned to use hard_limit of <memtune> element to pin
the
> memory. However, from the discussion in the spec it seems that there is no
> way to determine a good enough value and that hard_limit should not be used
> at all.
> 
> What should be used then?
> 
> There is a suggestion to use something like this:
> 
>   <memoryBacking>
>     <hugepages>
>       <page size="2" unit="M"
nodeset="1"/>
>     </hugepages>
>     <nosharepages/>
>     <locked/>
>     <source type="file"/>
>     <access mode="shared"/>
>     <allocation mode="immediate"/>
>   </memoryBacking>
> 
> Will it work? Are there any caveats we should remember about with this
> config? If we can use it, is there anything that would be redundant or not
> necessary for our case?
AFAIK from the SEV pov only the <locked/> element is required.

This extra things where just suggested on the openstack review
becasue it was suggested to make it dependant on use of huge
pages in Nova.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|