Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
On Thu, Feb 04, 2021, Ashish Kalra wrote:
> diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> b/arch/x86/include/uapi/asm/kvm_para.h
> index 950afebfba88..f6bfa138874f 100644
> --- a/arch/x86/include/uapi/asm/kvm_para.h
> +++ b/arch/x86/include/uapi/asm/kvm_para.h
> @@ -33,6 +33,7 @@
> #define KVM_FEATURE_PV_SCHED_YIELD 13
> #define KVM_FEATURE_ASYNC_PF_INT 14
> #define KVM_FEATURE_MSI_EXT_DEST_ID 15
> +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
>
> #define KVM_HINTS_REALTIME 0
>
> @@ -54,6 +55,7 @@
> #define MSR_KVM_POLL_CONTROL 0x4b564d05
> #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
>
> struct kvm_steal_time {
> __u64 steal;
> @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> #define KVM_PV_EOI_DISABLED 0x0
>
> +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
> +
> #endif /* _UAPI_ASM_X86_KVM_PARA_H */
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index b0d324aed515..93f42b3d3e33 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned
> long gpa,
> return ret;
> }
>
> +void sev_update_migration_flags(struct kvm *kvm, u64 data)
> +{
I don't see the point for a helper. It's actually going to make the code
less readable once proper error handling is added. Given that it's not static
and exposed via svm.h, without an external user, I assume this got left behind
when the implicit enabling was removed.
> + struct kvm_sev_info *sev = _kvm_svm(kvm)->sev_info;
> +
> + if (!sev_guest(kvm))
I 100% agree with Steve, this needs to check guest_cpuid_has() in addition to
sev_guest(). And it should return '1', i.e. signal #GP to the guest, not
silently eat the bad WRMSR.
> + return;
> +
> + sev->live_migration_enabled = !!(data & KVM_SEV_LIVE_MIGRATION_ENABLED);
The value needs to be checked as well, i.e. all bits except LIVE_MIGRATION...
should to be reserved to zero.
> +}
> +
> int svm_get_shared_pages_list(struct kvm *kvm,
> struct kvm_shared_pages_list *list)
> {
> @@ -1639,6 +1649,9 @@ int svm_get_shared_pages_list(struct kvm *kvm,
> if (!sev_guest(kvm))
> return -ENOTTY;
>
> + if (!sev->live_migration_enabled)
> + return -EINVAL;
EINVAL is a weird return value for something that is controlled by the guest,
especially since it's possible for the guest to support migration, just not
yet. EBUSY maybe? EOPNOTSUPP?
> +
> if (!list->size)
> return -EINVAL;
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 58f89f83caab..43ea5061926f 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -2903,6 +2903,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct
> msr_data *msr)
> svm->msr_decfg = data;
> break;
> }
> + case MSR_KVM_SEV_LIVE_MIGRATION:
> + sev_update_migration_flags(vcpu->kvm, data);
> + break;
There shuld be a svm_get_msr() entry as well, I don't see any reason to prevent
the guest from reading the MSR.
> case MSR_IA32_APICBASE:
> if (kvm_vcpu_apicv_active(vcpu))
> avic_update_vapic_bar(to_svm(vcpu), data);
> @@ -3976,6 +3979,19 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu
> *vcpu)
> vcpu->arch.cr3_lm_rsvd_bits &= ~(1UL << (best->ebx &
> 0x3f));
> }
>
> + /*
> + * If SEV guest then enable the Live migration feature.
> + */
> + if (sev_guest(vcpu->kvm)) {
> + struct kvm_cpuid_entry2 *best;
> +
> + best = kvm_find_cpuid_entry(vcpu, KVM_CPUID_FEATURES, 0);
> + if (!best)
> + return;
> +
> + best->eax |= (1 << KVM_FEATURE_SEV_LIVE_MIGRATION);
Again echoing Steve's concern, userspace is the ultimate authority on what
features are exposed to the VM. I don't see any motivation for forcing live
migration to be enabled.
And as I believe was pointed out elsewhere, this bit needs to be advertised to
userspace via kvm_cpu_caps.
> + }
> +
> if (!kvm_vcpu_apicv_active(vcpu))
> return;
>
> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index 066ca2a9f1e6..e1bffc11e425 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -79,6 +79,7 @@ struct kvm_sev_info {
> unsigned long pages_locked; /* Number of pages locked */
> struct list_head regions_list; /* List of registered regions */
> u64 ap_jump_table; /* SEV-ES AP Jump Table address */
> + bool live_migration_enabled;
> /* List and count of shared pages */
> int shared_pages_list_count;
> struct list_head shared_pages_list;
> @@ -592,6 +593,7 @@ int
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
On Wed, Feb 10, 2021 at 2:01 PM Steve Rutherford wrote:
>
> Hi Ashish,
>
> On Wed, Feb 10, 2021 at 12:37 PM Ashish Kalra wrote:
> >
> > Hello Steve,
> >
> > We can remove the implicit enabling of this live migration feature
> > from svm_vcpu_after_set_cpuid() callback invoked afer KVM_SET_CPUID2
> > ioctl, and let this feature flag be controlled by the userspace
> > VMM/qemu.
> >
> > Userspace can set this feature flag explicitly by calling the
> > KVM_SET_CPUID2 ioctl and enable this feature whenever it is ready to
> > do so.
> >
> > I have tested this as part of Qemu code :
> >
> > int kvm_arch_init_vcpu(CPUState *cs)
> > {
> > ...
> > ...
> > c->function = KVM_CPUID_FEATURES | kvm_base;
> > c->eax = env->features[FEAT_KVM];
> > c->eax |= (1 << KVM_FEATURE_SEV_LIVE_MIGRATION);
> > ...
> > ...
> >
> > r = kvm_vcpu_ioctl(cs, KVM_SET_CPUID2, _data);
> > ...
> >
> > Let me know if this addresses your concerns.
> Removing implicit enablement is one part of the equation.
> The other two are:
> 1) Host userspace being able to ask the kernel if it supports SEV Live
> Migration
> 2) Host userspace being able to disable access to the MSR/hypercall
>
> Feature flagging for paravirt features is pretty complicated, since
> you need all three parties to negotiate (host userspace/host
> kernel/guest), and every single one has veto power. In the end, the
> feature should only be available to the guest if every single party
> says yes.
>
> For an example of how to handle 1), the new feature flag could be
> checked when asking the kernel which cpuid bits it supports by adding
> it to the list of features that the kernel mentions in
> KVM_GET_SUPPORTED_CPUID.
>
> For example (in KVM's arch/x86/kvm/cpuid.c):
> case KVM_CPUID_FEATURES:
> ==
> entry->eax = (1 << KVM_FEATURE_CLOCKSOURCE) |
> (1 << KVM_FEATURE_NOP_IO_DELAY) |
> ...
> (1 << KVM_FEATURE_PV_SCHED_YIELD) |
> + (1 << KVM_FEATURE_ASYNC_PF_INT) |
> - (1 << KVM_FEATURE_ASYNC_PF_INT);
> + (1 << KVM_FEATURE_SEV_LIVE_MIGRATION);
> ==
>
> Without this, userspace has to infer if the kernel it is on supports that
> flag.
>
> For an example of how to handle 2), in the new msr handler, KVM should
> throw a GP `if (!guest_pv_has(vcpu, KVM_FEATURE_SEV_LIVE_MIGRATION))`
> (it can do this by returning th. The issue here is "what if the guest
Correction: (it can do this by returning 1).
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hi Ashish,
On Wed, Feb 10, 2021 at 12:37 PM Ashish Kalra wrote:
>
> Hello Steve,
>
> We can remove the implicit enabling of this live migration feature
> from svm_vcpu_after_set_cpuid() callback invoked afer KVM_SET_CPUID2
> ioctl, and let this feature flag be controlled by the userspace
> VMM/qemu.
>
> Userspace can set this feature flag explicitly by calling the
> KVM_SET_CPUID2 ioctl and enable this feature whenever it is ready to
> do so.
>
> I have tested this as part of Qemu code :
>
> int kvm_arch_init_vcpu(CPUState *cs)
> {
> ...
> ...
> c->function = KVM_CPUID_FEATURES | kvm_base;
> c->eax = env->features[FEAT_KVM];
> c->eax |= (1 << KVM_FEATURE_SEV_LIVE_MIGRATION);
> ...
> ...
>
> r = kvm_vcpu_ioctl(cs, KVM_SET_CPUID2, _data);
> ...
>
> Let me know if this addresses your concerns.
Removing implicit enablement is one part of the equation.
The other two are:
1) Host userspace being able to ask the kernel if it supports SEV Live Migration
2) Host userspace being able to disable access to the MSR/hypercall
Feature flagging for paravirt features is pretty complicated, since
you need all three parties to negotiate (host userspace/host
kernel/guest), and every single one has veto power. In the end, the
feature should only be available to the guest if every single party
says yes.
For an example of how to handle 1), the new feature flag could be
checked when asking the kernel which cpuid bits it supports by adding
it to the list of features that the kernel mentions in
KVM_GET_SUPPORTED_CPUID.
For example (in KVM's arch/x86/kvm/cpuid.c):
case KVM_CPUID_FEATURES:
==
entry->eax = (1 << KVM_FEATURE_CLOCKSOURCE) |
(1 << KVM_FEATURE_NOP_IO_DELAY) |
...
(1 << KVM_FEATURE_PV_SCHED_YIELD) |
+ (1 << KVM_FEATURE_ASYNC_PF_INT) |
- (1 << KVM_FEATURE_ASYNC_PF_INT);
+ (1 << KVM_FEATURE_SEV_LIVE_MIGRATION);
==
Without this, userspace has to infer if the kernel it is on supports that flag.
For an example of how to handle 2), in the new msr handler, KVM should
throw a GP `if (!guest_pv_has(vcpu, KVM_FEATURE_SEV_LIVE_MIGRATION))`
(it can do this by returning th. The issue here is "what if the guest
ignores CPUID and calls the MSR/hypercall anyway". This is a less
important issue as it requires the guest to be malicious, but still
worth resolving. Additionally, the hypercall itself should check if
the MSR has been toggled by the guest.
Thanks,
Steve
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hello Steve, On Mon, Feb 08, 2021 at 02:50:14PM -0800, Steve Rutherford wrote: > Hi Ashish, > > On Sun, Feb 7, 2021 at 4:29 PM Ashish Kalra wrote: > > > > Hello Steve, > > > > On Sat, Feb 06, 2021 at 01:56:46PM +, Ashish Kalra wrote: > > > Hello Steve, > > > > > > On Sat, Feb 06, 2021 at 05:46:17AM +, Ashish Kalra wrote: > > > > Hello Steve, > > > > > > > > Continued response to your queries, especially related to userspace > > > > control of SEV live migration feature : > > > > > > > > On Fri, Feb 05, 2021 at 06:54:21PM -0800, Steve Rutherford wrote: > > > > > On Thu, Feb 4, 2021 at 7:08 PM Ashish Kalra > > > > > wrote: > > > > > > > > > > > > Hello Steve, > > > > > > > > > > > > On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote: > > > > > > > On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra > > > > > > > wrote: > > > > > > > > > > > > > > > > From: Ashish Kalra > > > > > > > > > > > > > > > > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to > > > > > > > > check > > > > > > > > for host-side support for SEV live migration. Also add a new > > > > > > > > custom > > > > > > > > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live > > > > > > > > migration > > > > > > > > feature. > > > > > > > > > > > > > > > > Signed-off-by: Ashish Kalra > > > > > > > > --- > > > > > > > > Documentation/virt/kvm/cpuid.rst | 5 + > > > > > > > > Documentation/virt/kvm/msr.rst | 12 > > > > > > > > arch/x86/include/uapi/asm/kvm_para.h | 4 > > > > > > > > arch/x86/kvm/svm/sev.c | 13 + > > > > > > > > arch/x86/kvm/svm/svm.c | 16 > > > > > > > > arch/x86/kvm/svm/svm.h | 2 ++ > > > > > > > > 6 files changed, 52 insertions(+) > > > > > > > > > > > > > > > > diff --git a/Documentation/virt/kvm/cpuid.rst > > > > > > > > b/Documentation/virt/kvm/cpuid.rst > > > > > > > > index cf62162d4be2..0bdb6cdb12d3 100644 > > > > > > > > --- a/Documentation/virt/kvm/cpuid.rst > > > > > > > > +++ b/Documentation/virt/kvm/cpuid.rst > > > > > > > > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 > > > > > > > > guest checks this feature bit > > > > > > > > before using > > > > > > > > extended destination > > > > > > > > ID bits in MSI > > > > > > > > address bits 11-5. > > > > > > > > > > > > > > > > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks > > > > > > > > this feature bit before > > > > > > > > + using the page > > > > > > > > encryption state > > > > > > > > + hypercall to > > > > > > > > notify the page state > > > > > > > > + change > > > > > > > > + > > > > > > > > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn > > > > > > > > if no guest-side > > > > > > > > per-cpu warps > > > > > > > > are expected in > > > > > > > > kvmclock > > > > > > > > diff --git a/Documentation/virt/kvm/msr.rst > > > > > > > > b/Documentation/virt/kvm/msr.rst > > > > > > > > index e37a14c323d2..020245d16087 100644 > > > > > > > > --- a/Documentation/virt/kvm/msr.rst > > > > > > > > +++ b/Documentation/virt/kvm/msr.rst > > > > > > > > @@ -376,3 +376,15 @@ data: > > > > > > > > write '1' to bit 0 of the MSR, this causes the host to > > > > > > > > re-scan its queue > > > > > > > > and check if there are more notifications pending. The > > > > > > > > MSR is available > > > > > > > > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID. > > > > > > > > + > > > > > > > > +MSR_KVM_SEV_LIVE_MIGRATION: > > > > > > > > +0x4b564d08 > > > > > > > > + > > > > > > > > + Control SEV Live Migration features. > > > > > > > > + > > > > > > > > +data: > > > > > > > > +Bit 0 enables (1) or disables (0) host-side SEV Live > > > > > > > > Migration feature, > > > > > > > > +in other words, this is guest->host communication that > > > > > > > > it's properly > > > > > > > > +handling the shared pages list. > > > > > > > > + > > > > > > > > +All other bits are reserved. > > > > > > > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > > b/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > > index 950afebfba88..f6bfa138874f 100644 > > > > > > > > --- a/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > > +++ b/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > > @@ -33,6 +33,7 @@ > > > > > > > > #define KVM_FEATURE_PV_SCHED_YIELD 13 > > > > > > > > #define KVM_FEATURE_ASYNC_PF_INT 14 > > > > > > > > #define KVM_FEATURE_MSI_EXT_DEST_ID15 > > > > > > > > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16 > > > > > > > > > > > > > > > > #define
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hi Ashish, On Sun, Feb 7, 2021 at 4:29 PM Ashish Kalra wrote: > > Hello Steve, > > On Sat, Feb 06, 2021 at 01:56:46PM +, Ashish Kalra wrote: > > Hello Steve, > > > > On Sat, Feb 06, 2021 at 05:46:17AM +, Ashish Kalra wrote: > > > Hello Steve, > > > > > > Continued response to your queries, especially related to userspace > > > control of SEV live migration feature : > > > > > > On Fri, Feb 05, 2021 at 06:54:21PM -0800, Steve Rutherford wrote: > > > > On Thu, Feb 4, 2021 at 7:08 PM Ashish Kalra > > > > wrote: > > > > > > > > > > Hello Steve, > > > > > > > > > > On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote: > > > > > > On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra > > > > > > wrote: > > > > > > > > > > > > > > From: Ashish Kalra > > > > > > > > > > > > > > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check > > > > > > > for host-side support for SEV live migration. Also add a new > > > > > > > custom > > > > > > > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live > > > > > > > migration > > > > > > > feature. > > > > > > > > > > > > > > Signed-off-by: Ashish Kalra > > > > > > > --- > > > > > > > Documentation/virt/kvm/cpuid.rst | 5 + > > > > > > > Documentation/virt/kvm/msr.rst | 12 > > > > > > > arch/x86/include/uapi/asm/kvm_para.h | 4 > > > > > > > arch/x86/kvm/svm/sev.c | 13 + > > > > > > > arch/x86/kvm/svm/svm.c | 16 > > > > > > > arch/x86/kvm/svm/svm.h | 2 ++ > > > > > > > 6 files changed, 52 insertions(+) > > > > > > > > > > > > > > diff --git a/Documentation/virt/kvm/cpuid.rst > > > > > > > b/Documentation/virt/kvm/cpuid.rst > > > > > > > index cf62162d4be2..0bdb6cdb12d3 100644 > > > > > > > --- a/Documentation/virt/kvm/cpuid.rst > > > > > > > +++ b/Documentation/virt/kvm/cpuid.rst > > > > > > > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 > > > > > > > guest checks this feature bit > > > > > > > before using > > > > > > > extended destination > > > > > > > ID bits in MSI > > > > > > > address bits 11-5. > > > > > > > > > > > > > > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this > > > > > > > feature bit before > > > > > > > + using the page > > > > > > > encryption state > > > > > > > + hypercall to > > > > > > > notify the page state > > > > > > > + change > > > > > > > + > > > > > > > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if > > > > > > > no guest-side > > > > > > > per-cpu warps are > > > > > > > expected in > > > > > > > kvmclock > > > > > > > diff --git a/Documentation/virt/kvm/msr.rst > > > > > > > b/Documentation/virt/kvm/msr.rst > > > > > > > index e37a14c323d2..020245d16087 100644 > > > > > > > --- a/Documentation/virt/kvm/msr.rst > > > > > > > +++ b/Documentation/virt/kvm/msr.rst > > > > > > > @@ -376,3 +376,15 @@ data: > > > > > > > write '1' to bit 0 of the MSR, this causes the host to > > > > > > > re-scan its queue > > > > > > > and check if there are more notifications pending. The > > > > > > > MSR is available > > > > > > > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID. > > > > > > > + > > > > > > > +MSR_KVM_SEV_LIVE_MIGRATION: > > > > > > > +0x4b564d08 > > > > > > > + > > > > > > > + Control SEV Live Migration features. > > > > > > > + > > > > > > > +data: > > > > > > > +Bit 0 enables (1) or disables (0) host-side SEV Live > > > > > > > Migration feature, > > > > > > > +in other words, this is guest->host communication that > > > > > > > it's properly > > > > > > > +handling the shared pages list. > > > > > > > + > > > > > > > +All other bits are reserved. > > > > > > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > b/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > index 950afebfba88..f6bfa138874f 100644 > > > > > > > --- a/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > +++ b/arch/x86/include/uapi/asm/kvm_para.h > > > > > > > @@ -33,6 +33,7 @@ > > > > > > > #define KVM_FEATURE_PV_SCHED_YIELD 13 > > > > > > > #define KVM_FEATURE_ASYNC_PF_INT 14 > > > > > > > #define KVM_FEATURE_MSI_EXT_DEST_ID15 > > > > > > > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16 > > > > > > > > > > > > > > #define KVM_HINTS_REALTIME 0 > > > > > > > > > > > > > > @@ -54,6 +55,7 @@ > > > > > > > #define MSR_KVM_POLL_CONTROL 0x4b564d05 > > > > > > > #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 > > > > > > > #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 > > > > > > > +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08 > > > > >
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hello Steve,
On Sat, Feb 06, 2021 at 01:56:46PM +, Ashish Kalra wrote:
> Hello Steve,
>
> On Sat, Feb 06, 2021 at 05:46:17AM +, Ashish Kalra wrote:
> > Hello Steve,
> >
> > Continued response to your queries, especially related to userspace
> > control of SEV live migration feature :
> >
> > On Fri, Feb 05, 2021 at 06:54:21PM -0800, Steve Rutherford wrote:
> > > On Thu, Feb 4, 2021 at 7:08 PM Ashish Kalra wrote:
> > > >
> > > > Hello Steve,
> > > >
> > > > On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote:
> > > > > On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra
> > > > > wrote:
> > > > > >
> > > > > > From: Ashish Kalra
> > > > > >
> > > > > > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > > > > > for host-side support for SEV live migration. Also add a new custom
> > > > > > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live
> > > > > > migration
> > > > > > feature.
> > > > > >
> > > > > > Signed-off-by: Ashish Kalra
> > > > > > ---
> > > > > > Documentation/virt/kvm/cpuid.rst | 5 +
> > > > > > Documentation/virt/kvm/msr.rst | 12
> > > > > > arch/x86/include/uapi/asm/kvm_para.h | 4
> > > > > > arch/x86/kvm/svm/sev.c | 13 +
> > > > > > arch/x86/kvm/svm/svm.c | 16
> > > > > > arch/x86/kvm/svm/svm.h | 2 ++
> > > > > > 6 files changed, 52 insertions(+)
> > > > > >
> > > > > > diff --git a/Documentation/virt/kvm/cpuid.rst
> > > > > > b/Documentation/virt/kvm/cpuid.rst
> > > > > > index cf62162d4be2..0bdb6cdb12d3 100644
> > > > > > --- a/Documentation/virt/kvm/cpuid.rst
> > > > > > +++ b/Documentation/virt/kvm/cpuid.rst
> > > > > > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15
> > > > > > guest checks this feature bit
> > > > > > before using
> > > > > > extended destination
> > > > > > ID bits in MSI
> > > > > > address bits 11-5.
> > > > > >
> > > > > > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this
> > > > > > feature bit before
> > > > > > + using the page
> > > > > > encryption state
> > > > > > + hypercall to notify
> > > > > > the page state
> > > > > > + change
> > > > > > +
> > > > > > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if
> > > > > > no guest-side
> > > > > > per-cpu warps are
> > > > > > expected in
> > > > > > kvmclock
> > > > > > diff --git a/Documentation/virt/kvm/msr.rst
> > > > > > b/Documentation/virt/kvm/msr.rst
> > > > > > index e37a14c323d2..020245d16087 100644
> > > > > > --- a/Documentation/virt/kvm/msr.rst
> > > > > > +++ b/Documentation/virt/kvm/msr.rst
> > > > > > @@ -376,3 +376,15 @@ data:
> > > > > > write '1' to bit 0 of the MSR, this causes the host to
> > > > > > re-scan its queue
> > > > > > and check if there are more notifications pending. The MSR
> > > > > > is available
> > > > > > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
> > > > > > +
> > > > > > +MSR_KVM_SEV_LIVE_MIGRATION:
> > > > > > +0x4b564d08
> > > > > > +
> > > > > > + Control SEV Live Migration features.
> > > > > > +
> > > > > > +data:
> > > > > > +Bit 0 enables (1) or disables (0) host-side SEV Live
> > > > > > Migration feature,
> > > > > > +in other words, this is guest->host communication that
> > > > > > it's properly
> > > > > > +handling the shared pages list.
> > > > > > +
> > > > > > +All other bits are reserved.
> > > > > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> > > > > > b/arch/x86/include/uapi/asm/kvm_para.h
> > > > > > index 950afebfba88..f6bfa138874f 100644
> > > > > > --- a/arch/x86/include/uapi/asm/kvm_para.h
> > > > > > +++ b/arch/x86/include/uapi/asm/kvm_para.h
> > > > > > @@ -33,6 +33,7 @@
> > > > > > #define KVM_FEATURE_PV_SCHED_YIELD 13
> > > > > > #define KVM_FEATURE_ASYNC_PF_INT 14
> > > > > > #define KVM_FEATURE_MSI_EXT_DEST_ID15
> > > > > > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
> > > > > >
> > > > > > #define KVM_HINTS_REALTIME 0
> > > > > >
> > > > > > @@ -54,6 +55,7 @@
> > > > > > #define MSR_KVM_POLL_CONTROL 0x4b564d05
> > > > > > #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> > > > > > #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> > > > > > +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
> > > > > >
> > > > > > struct kvm_steal_time {
> > > > > > __u64 steal;
> > > > > > @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> > > > > > #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> > > > > > #define KVM_PV_EOI_DISABLED 0x0
> > > > > >
> > > > > > +#define
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hello Steve,
On Sat, Feb 06, 2021 at 05:46:17AM +, Ashish Kalra wrote:
> Hello Steve,
>
> Continued response to your queries, especially related to userspace
> control of SEV live migration feature :
>
> On Fri, Feb 05, 2021 at 06:54:21PM -0800, Steve Rutherford wrote:
> > On Thu, Feb 4, 2021 at 7:08 PM Ashish Kalra wrote:
> > >
> > > Hello Steve,
> > >
> > > On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote:
> > > > On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra
> > > > wrote:
> > > > >
> > > > > From: Ashish Kalra
> > > > >
> > > > > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > > > > for host-side support for SEV live migration. Also add a new custom
> > > > > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
> > > > > feature.
> > > > >
> > > > > Signed-off-by: Ashish Kalra
> > > > > ---
> > > > > Documentation/virt/kvm/cpuid.rst | 5 +
> > > > > Documentation/virt/kvm/msr.rst | 12
> > > > > arch/x86/include/uapi/asm/kvm_para.h | 4
> > > > > arch/x86/kvm/svm/sev.c | 13 +
> > > > > arch/x86/kvm/svm/svm.c | 16
> > > > > arch/x86/kvm/svm/svm.h | 2 ++
> > > > > 6 files changed, 52 insertions(+)
> > > > >
> > > > > diff --git a/Documentation/virt/kvm/cpuid.rst
> > > > > b/Documentation/virt/kvm/cpuid.rst
> > > > > index cf62162d4be2..0bdb6cdb12d3 100644
> > > > > --- a/Documentation/virt/kvm/cpuid.rst
> > > > > +++ b/Documentation/virt/kvm/cpuid.rst
> > > > > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15
> > > > > guest checks this feature bit
> > > > > before using extended
> > > > > destination
> > > > > ID bits in MSI
> > > > > address bits 11-5.
> > > > >
> > > > > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this
> > > > > feature bit before
> > > > > + using the page
> > > > > encryption state
> > > > > + hypercall to notify
> > > > > the page state
> > > > > + change
> > > > > +
> > > > > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no
> > > > > guest-side
> > > > > per-cpu warps are
> > > > > expected in
> > > > > kvmclock
> > > > > diff --git a/Documentation/virt/kvm/msr.rst
> > > > > b/Documentation/virt/kvm/msr.rst
> > > > > index e37a14c323d2..020245d16087 100644
> > > > > --- a/Documentation/virt/kvm/msr.rst
> > > > > +++ b/Documentation/virt/kvm/msr.rst
> > > > > @@ -376,3 +376,15 @@ data:
> > > > > write '1' to bit 0 of the MSR, this causes the host to
> > > > > re-scan its queue
> > > > > and check if there are more notifications pending. The MSR is
> > > > > available
> > > > > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
> > > > > +
> > > > > +MSR_KVM_SEV_LIVE_MIGRATION:
> > > > > +0x4b564d08
> > > > > +
> > > > > + Control SEV Live Migration features.
> > > > > +
> > > > > +data:
> > > > > +Bit 0 enables (1) or disables (0) host-side SEV Live
> > > > > Migration feature,
> > > > > +in other words, this is guest->host communication that it's
> > > > > properly
> > > > > +handling the shared pages list.
> > > > > +
> > > > > +All other bits are reserved.
> > > > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> > > > > b/arch/x86/include/uapi/asm/kvm_para.h
> > > > > index 950afebfba88..f6bfa138874f 100644
> > > > > --- a/arch/x86/include/uapi/asm/kvm_para.h
> > > > > +++ b/arch/x86/include/uapi/asm/kvm_para.h
> > > > > @@ -33,6 +33,7 @@
> > > > > #define KVM_FEATURE_PV_SCHED_YIELD 13
> > > > > #define KVM_FEATURE_ASYNC_PF_INT 14
> > > > > #define KVM_FEATURE_MSI_EXT_DEST_ID15
> > > > > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
> > > > >
> > > > > #define KVM_HINTS_REALTIME 0
> > > > >
> > > > > @@ -54,6 +55,7 @@
> > > > > #define MSR_KVM_POLL_CONTROL 0x4b564d05
> > > > > #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> > > > > #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> > > > > +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
> > > > >
> > > > > struct kvm_steal_time {
> > > > > __u64 steal;
> > > > > @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> > > > > #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> > > > > #define KVM_PV_EOI_DISABLED 0x0
> > > > >
> > > > > +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
> > > > > +
> > > > > #endif /* _UAPI_ASM_X86_KVM_PARA_H */
> > > > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > > > > index b0d324aed515..93f42b3d3e33 100644
> > > > > --- a/arch/x86/kvm/svm/sev.c
> > > > > +++ b/arch/x86/kvm/svm/sev.c
> > > > > @@ -1627,6 +1627,16 @@ int
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hello Steve,
Continued response to your queries, especially related to userspace
control of SEV live migration feature :
On Fri, Feb 05, 2021 at 06:54:21PM -0800, Steve Rutherford wrote:
> On Thu, Feb 4, 2021 at 7:08 PM Ashish Kalra wrote:
> >
> > Hello Steve,
> >
> > On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote:
> > > On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra wrote:
> > > >
> > > > From: Ashish Kalra
> > > >
> > > > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > > > for host-side support for SEV live migration. Also add a new custom
> > > > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
> > > > feature.
> > > >
> > > > Signed-off-by: Ashish Kalra
> > > > ---
> > > > Documentation/virt/kvm/cpuid.rst | 5 +
> > > > Documentation/virt/kvm/msr.rst | 12
> > > > arch/x86/include/uapi/asm/kvm_para.h | 4
> > > > arch/x86/kvm/svm/sev.c | 13 +
> > > > arch/x86/kvm/svm/svm.c | 16
> > > > arch/x86/kvm/svm/svm.h | 2 ++
> > > > 6 files changed, 52 insertions(+)
> > > >
> > > > diff --git a/Documentation/virt/kvm/cpuid.rst
> > > > b/Documentation/virt/kvm/cpuid.rst
> > > > index cf62162d4be2..0bdb6cdb12d3 100644
> > > > --- a/Documentation/virt/kvm/cpuid.rst
> > > > +++ b/Documentation/virt/kvm/cpuid.rst
> > > > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 guest
> > > > checks this feature bit
> > > > before using extended
> > > > destination
> > > > ID bits in MSI address
> > > > bits 11-5.
> > > >
> > > > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this
> > > > feature bit before
> > > > + using the page
> > > > encryption state
> > > > + hypercall to notify the
> > > > page state
> > > > + change
> > > > +
> > > > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no
> > > > guest-side
> > > > per-cpu warps are
> > > > expected in
> > > > kvmclock
> > > > diff --git a/Documentation/virt/kvm/msr.rst
> > > > b/Documentation/virt/kvm/msr.rst
> > > > index e37a14c323d2..020245d16087 100644
> > > > --- a/Documentation/virt/kvm/msr.rst
> > > > +++ b/Documentation/virt/kvm/msr.rst
> > > > @@ -376,3 +376,15 @@ data:
> > > > write '1' to bit 0 of the MSR, this causes the host to re-scan
> > > > its queue
> > > > and check if there are more notifications pending. The MSR is
> > > > available
> > > > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
> > > > +
> > > > +MSR_KVM_SEV_LIVE_MIGRATION:
> > > > +0x4b564d08
> > > > +
> > > > + Control SEV Live Migration features.
> > > > +
> > > > +data:
> > > > +Bit 0 enables (1) or disables (0) host-side SEV Live Migration
> > > > feature,
> > > > +in other words, this is guest->host communication that it's
> > > > properly
> > > > +handling the shared pages list.
> > > > +
> > > > +All other bits are reserved.
> > > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> > > > b/arch/x86/include/uapi/asm/kvm_para.h
> > > > index 950afebfba88..f6bfa138874f 100644
> > > > --- a/arch/x86/include/uapi/asm/kvm_para.h
> > > > +++ b/arch/x86/include/uapi/asm/kvm_para.h
> > > > @@ -33,6 +33,7 @@
> > > > #define KVM_FEATURE_PV_SCHED_YIELD 13
> > > > #define KVM_FEATURE_ASYNC_PF_INT 14
> > > > #define KVM_FEATURE_MSI_EXT_DEST_ID15
> > > > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
> > > >
> > > > #define KVM_HINTS_REALTIME 0
> > > >
> > > > @@ -54,6 +55,7 @@
> > > > #define MSR_KVM_POLL_CONTROL 0x4b564d05
> > > > #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> > > > #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> > > > +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
> > > >
> > > > struct kvm_steal_time {
> > > > __u64 steal;
> > > > @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> > > > #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> > > > #define KVM_PV_EOI_DISABLED 0x0
> > > >
> > > > +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
> > > > +
> > > > #endif /* _UAPI_ASM_X86_KVM_PARA_H */
> > > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > > > index b0d324aed515..93f42b3d3e33 100644
> > > > --- a/arch/x86/kvm/svm/sev.c
> > > > +++ b/arch/x86/kvm/svm/sev.c
> > > > @@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm,
> > > > unsigned long gpa,
> > > > return ret;
> > > > }
> > > >
> > > > +void sev_update_migration_flags(struct kvm *kvm, u64 data)
> > > > +{
> > > > + struct kvm_sev_info *sev = _kvm_svm(kvm)->sev_info;
> > > > +
> > > > + if (!sev_guest(kvm))
>
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hello Steve,
Let me first answer those queries which i can do immediately ...
On Fri, Feb 05, 2021 at 06:54:21PM -0800, Steve Rutherford wrote:
> On Thu, Feb 4, 2021 at 7:08 PM Ashish Kalra wrote:
> >
> > Hello Steve,
> >
> > On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote:
> > > On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra wrote:
> > > >
> > > > From: Ashish Kalra
> > > >
> > > > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > > > for host-side support for SEV live migration. Also add a new custom
> > > > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
> > > > feature.
> > > >
> > > > Signed-off-by: Ashish Kalra
> > > > ---
> > > > Documentation/virt/kvm/cpuid.rst | 5 +
> > > > Documentation/virt/kvm/msr.rst | 12
> > > > arch/x86/include/uapi/asm/kvm_para.h | 4
> > > > arch/x86/kvm/svm/sev.c | 13 +
> > > > arch/x86/kvm/svm/svm.c | 16
> > > > arch/x86/kvm/svm/svm.h | 2 ++
> > > > 6 files changed, 52 insertions(+)
> > > >
> > > > diff --git a/Documentation/virt/kvm/cpuid.rst
> > > > b/Documentation/virt/kvm/cpuid.rst
> > > > index cf62162d4be2..0bdb6cdb12d3 100644
> > > > --- a/Documentation/virt/kvm/cpuid.rst
> > > > +++ b/Documentation/virt/kvm/cpuid.rst
> > > > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 guest
> > > > checks this feature bit
> > > > before using extended
> > > > destination
> > > > ID bits in MSI address
> > > > bits 11-5.
> > > >
> > > > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this
> > > > feature bit before
> > > > + using the page
> > > > encryption state
> > > > + hypercall to notify the
> > > > page state
> > > > + change
> > > > +
> > > > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no
> > > > guest-side
> > > > per-cpu warps are
> > > > expected in
> > > > kvmclock
> > > > diff --git a/Documentation/virt/kvm/msr.rst
> > > > b/Documentation/virt/kvm/msr.rst
> > > > index e37a14c323d2..020245d16087 100644
> > > > --- a/Documentation/virt/kvm/msr.rst
> > > > +++ b/Documentation/virt/kvm/msr.rst
> > > > @@ -376,3 +376,15 @@ data:
> > > > write '1' to bit 0 of the MSR, this causes the host to re-scan
> > > > its queue
> > > > and check if there are more notifications pending. The MSR is
> > > > available
> > > > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
> > > > +
> > > > +MSR_KVM_SEV_LIVE_MIGRATION:
> > > > +0x4b564d08
> > > > +
> > > > + Control SEV Live Migration features.
> > > > +
> > > > +data:
> > > > +Bit 0 enables (1) or disables (0) host-side SEV Live Migration
> > > > feature,
> > > > +in other words, this is guest->host communication that it's
> > > > properly
> > > > +handling the shared pages list.
> > > > +
> > > > +All other bits are reserved.
> > > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> > > > b/arch/x86/include/uapi/asm/kvm_para.h
> > > > index 950afebfba88..f6bfa138874f 100644
> > > > --- a/arch/x86/include/uapi/asm/kvm_para.h
> > > > +++ b/arch/x86/include/uapi/asm/kvm_para.h
> > > > @@ -33,6 +33,7 @@
> > > > #define KVM_FEATURE_PV_SCHED_YIELD 13
> > > > #define KVM_FEATURE_ASYNC_PF_INT 14
> > > > #define KVM_FEATURE_MSI_EXT_DEST_ID15
> > > > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
> > > >
> > > > #define KVM_HINTS_REALTIME 0
> > > >
> > > > @@ -54,6 +55,7 @@
> > > > #define MSR_KVM_POLL_CONTROL 0x4b564d05
> > > > #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> > > > #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> > > > +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
> > > >
> > > > struct kvm_steal_time {
> > > > __u64 steal;
> > > > @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> > > > #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> > > > #define KVM_PV_EOI_DISABLED 0x0
> > > >
> > > > +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
> > > > +
> > > > #endif /* _UAPI_ASM_X86_KVM_PARA_H */
> > > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > > > index b0d324aed515..93f42b3d3e33 100644
> > > > --- a/arch/x86/kvm/svm/sev.c
> > > > +++ b/arch/x86/kvm/svm/sev.c
> > > > @@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm,
> > > > unsigned long gpa,
> > > > return ret;
> > > > }
> > > >
> > > > +void sev_update_migration_flags(struct kvm *kvm, u64 data)
> > > > +{
> > > > + struct kvm_sev_info *sev = _kvm_svm(kvm)->sev_info;
> > > > +
> > > > + if (!sev_guest(kvm))
> > > > + return;
> > >
> > >
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
On Thu, Feb 4, 2021 at 7:08 PM Ashish Kalra wrote:
>
> Hello Steve,
>
> On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote:
> > On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra wrote:
> > >
> > > From: Ashish Kalra
> > >
> > > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > > for host-side support for SEV live migration. Also add a new custom
> > > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
> > > feature.
> > >
> > > Signed-off-by: Ashish Kalra
> > > ---
> > > Documentation/virt/kvm/cpuid.rst | 5 +
> > > Documentation/virt/kvm/msr.rst | 12
> > > arch/x86/include/uapi/asm/kvm_para.h | 4
> > > arch/x86/kvm/svm/sev.c | 13 +
> > > arch/x86/kvm/svm/svm.c | 16
> > > arch/x86/kvm/svm/svm.h | 2 ++
> > > 6 files changed, 52 insertions(+)
> > >
> > > diff --git a/Documentation/virt/kvm/cpuid.rst
> > > b/Documentation/virt/kvm/cpuid.rst
> > > index cf62162d4be2..0bdb6cdb12d3 100644
> > > --- a/Documentation/virt/kvm/cpuid.rst
> > > +++ b/Documentation/virt/kvm/cpuid.rst
> > > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 guest
> > > checks this feature bit
> > > before using extended
> > > destination
> > > ID bits in MSI address
> > > bits 11-5.
> > >
> > > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this feature
> > > bit before
> > > + using the page encryption
> > > state
> > > + hypercall to notify the
> > > page state
> > > + change
> > > +
> > > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no
> > > guest-side
> > > per-cpu warps are
> > > expected in
> > > kvmclock
> > > diff --git a/Documentation/virt/kvm/msr.rst
> > > b/Documentation/virt/kvm/msr.rst
> > > index e37a14c323d2..020245d16087 100644
> > > --- a/Documentation/virt/kvm/msr.rst
> > > +++ b/Documentation/virt/kvm/msr.rst
> > > @@ -376,3 +376,15 @@ data:
> > > write '1' to bit 0 of the MSR, this causes the host to re-scan
> > > its queue
> > > and check if there are more notifications pending. The MSR is
> > > available
> > > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
> > > +
> > > +MSR_KVM_SEV_LIVE_MIGRATION:
> > > +0x4b564d08
> > > +
> > > + Control SEV Live Migration features.
> > > +
> > > +data:
> > > +Bit 0 enables (1) or disables (0) host-side SEV Live Migration
> > > feature,
> > > +in other words, this is guest->host communication that it's
> > > properly
> > > +handling the shared pages list.
> > > +
> > > +All other bits are reserved.
> > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> > > b/arch/x86/include/uapi/asm/kvm_para.h
> > > index 950afebfba88..f6bfa138874f 100644
> > > --- a/arch/x86/include/uapi/asm/kvm_para.h
> > > +++ b/arch/x86/include/uapi/asm/kvm_para.h
> > > @@ -33,6 +33,7 @@
> > > #define KVM_FEATURE_PV_SCHED_YIELD 13
> > > #define KVM_FEATURE_ASYNC_PF_INT 14
> > > #define KVM_FEATURE_MSI_EXT_DEST_ID15
> > > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
> > >
> > > #define KVM_HINTS_REALTIME 0
> > >
> > > @@ -54,6 +55,7 @@
> > > #define MSR_KVM_POLL_CONTROL 0x4b564d05
> > > #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> > > #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> > > +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
> > >
> > > struct kvm_steal_time {
> > > __u64 steal;
> > > @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> > > #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> > > #define KVM_PV_EOI_DISABLED 0x0
> > >
> > > +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
> > > +
> > > #endif /* _UAPI_ASM_X86_KVM_PARA_H */
> > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > > index b0d324aed515..93f42b3d3e33 100644
> > > --- a/arch/x86/kvm/svm/sev.c
> > > +++ b/arch/x86/kvm/svm/sev.c
> > > @@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm,
> > > unsigned long gpa,
> > > return ret;
> > > }
> > >
> > > +void sev_update_migration_flags(struct kvm *kvm, u64 data)
> > > +{
> > > + struct kvm_sev_info *sev = _kvm_svm(kvm)->sev_info;
> > > +
> > > + if (!sev_guest(kvm))
> > > + return;
> >
> > This should assert that userspace wanted the guest to be able to make
> > these calls (see more below).
> >
> > >
> > > +
> > > + sev->live_migration_enabled = !!(data &
> > > KVM_SEV_LIVE_MIGRATION_ENABLED);
> > > +}
> > > +
> > > int svm_get_shared_pages_list(struct kvm *kvm,
> > > struct kvm_shared_pages_list *list)
> > > {
> > > @@ -1639,6
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
Hello Steve,
On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote:
> On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra wrote:
> >
> > From: Ashish Kalra
> >
> > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > for host-side support for SEV live migration. Also add a new custom
> > MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
> > feature.
> >
> > Signed-off-by: Ashish Kalra
> > ---
> > Documentation/virt/kvm/cpuid.rst | 5 +
> > Documentation/virt/kvm/msr.rst | 12
> > arch/x86/include/uapi/asm/kvm_para.h | 4
> > arch/x86/kvm/svm/sev.c | 13 +
> > arch/x86/kvm/svm/svm.c | 16
> > arch/x86/kvm/svm/svm.h | 2 ++
> > 6 files changed, 52 insertions(+)
> >
> > diff --git a/Documentation/virt/kvm/cpuid.rst
> > b/Documentation/virt/kvm/cpuid.rst
> > index cf62162d4be2..0bdb6cdb12d3 100644
> > --- a/Documentation/virt/kvm/cpuid.rst
> > +++ b/Documentation/virt/kvm/cpuid.rst
> > @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 guest
> > checks this feature bit
> > before using extended
> > destination
> > ID bits in MSI address bits
> > 11-5.
> >
> > +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this feature
> > bit before
> > + using the page encryption
> > state
> > + hypercall to notify the
> > page state
> > + change
> > +
> > KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no
> > guest-side
> > per-cpu warps are expected
> > in
> > kvmclock
> > diff --git a/Documentation/virt/kvm/msr.rst b/Documentation/virt/kvm/msr.rst
> > index e37a14c323d2..020245d16087 100644
> > --- a/Documentation/virt/kvm/msr.rst
> > +++ b/Documentation/virt/kvm/msr.rst
> > @@ -376,3 +376,15 @@ data:
> > write '1' to bit 0 of the MSR, this causes the host to re-scan its
> > queue
> > and check if there are more notifications pending. The MSR is
> > available
> > if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
> > +
> > +MSR_KVM_SEV_LIVE_MIGRATION:
> > +0x4b564d08
> > +
> > + Control SEV Live Migration features.
> > +
> > +data:
> > +Bit 0 enables (1) or disables (0) host-side SEV Live Migration
> > feature,
> > +in other words, this is guest->host communication that it's
> > properly
> > +handling the shared pages list.
> > +
> > +All other bits are reserved.
> > diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> > b/arch/x86/include/uapi/asm/kvm_para.h
> > index 950afebfba88..f6bfa138874f 100644
> > --- a/arch/x86/include/uapi/asm/kvm_para.h
> > +++ b/arch/x86/include/uapi/asm/kvm_para.h
> > @@ -33,6 +33,7 @@
> > #define KVM_FEATURE_PV_SCHED_YIELD 13
> > #define KVM_FEATURE_ASYNC_PF_INT 14
> > #define KVM_FEATURE_MSI_EXT_DEST_ID15
> > +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
> >
> > #define KVM_HINTS_REALTIME 0
> >
> > @@ -54,6 +55,7 @@
> > #define MSR_KVM_POLL_CONTROL 0x4b564d05
> > #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> > #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> > +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
> >
> > struct kvm_steal_time {
> > __u64 steal;
> > @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> > #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> > #define KVM_PV_EOI_DISABLED 0x0
> >
> > +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
> > +
> > #endif /* _UAPI_ASM_X86_KVM_PARA_H */
> > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > index b0d324aed515..93f42b3d3e33 100644
> > --- a/arch/x86/kvm/svm/sev.c
> > +++ b/arch/x86/kvm/svm/sev.c
> > @@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned
> > long gpa,
> > return ret;
> > }
> >
> > +void sev_update_migration_flags(struct kvm *kvm, u64 data)
> > +{
> > + struct kvm_sev_info *sev = _kvm_svm(kvm)->sev_info;
> > +
> > + if (!sev_guest(kvm))
> > + return;
>
> This should assert that userspace wanted the guest to be able to make
> these calls (see more below).
>
> >
> > +
> > + sev->live_migration_enabled = !!(data &
> > KVM_SEV_LIVE_MIGRATION_ENABLED);
> > +}
> > +
> > int svm_get_shared_pages_list(struct kvm *kvm,
> > struct kvm_shared_pages_list *list)
> > {
> > @@ -1639,6 +1649,9 @@ int svm_get_shared_pages_list(struct kvm *kvm,
> > if (!sev_guest(kvm))
> > return -ENOTTY;
> >
> > + if (!sev->live_migration_enabled)
> > + return -EINVAL;
> > +
> > if (!list->size)
> > return -EINVAL;
> >
> > diff --git
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra wrote:
>
> From: Ashish Kalra
>
> Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> for host-side support for SEV live migration. Also add a new custom
> MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
> feature.
>
> Signed-off-by: Ashish Kalra
> ---
> Documentation/virt/kvm/cpuid.rst | 5 +
> Documentation/virt/kvm/msr.rst | 12
> arch/x86/include/uapi/asm/kvm_para.h | 4
> arch/x86/kvm/svm/sev.c | 13 +
> arch/x86/kvm/svm/svm.c | 16
> arch/x86/kvm/svm/svm.h | 2 ++
> 6 files changed, 52 insertions(+)
>
> diff --git a/Documentation/virt/kvm/cpuid.rst
> b/Documentation/virt/kvm/cpuid.rst
> index cf62162d4be2..0bdb6cdb12d3 100644
> --- a/Documentation/virt/kvm/cpuid.rst
> +++ b/Documentation/virt/kvm/cpuid.rst
> @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 guest
> checks this feature bit
> before using extended
> destination
> ID bits in MSI address bits
> 11-5.
>
> +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this feature bit
> before
> + using the page encryption
> state
> + hypercall to notify the page
> state
> + change
> +
> KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no
> guest-side
> per-cpu warps are expected in
> kvmclock
> diff --git a/Documentation/virt/kvm/msr.rst b/Documentation/virt/kvm/msr.rst
> index e37a14c323d2..020245d16087 100644
> --- a/Documentation/virt/kvm/msr.rst
> +++ b/Documentation/virt/kvm/msr.rst
> @@ -376,3 +376,15 @@ data:
> write '1' to bit 0 of the MSR, this causes the host to re-scan its
> queue
> and check if there are more notifications pending. The MSR is
> available
> if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
> +
> +MSR_KVM_SEV_LIVE_MIGRATION:
> +0x4b564d08
> +
> + Control SEV Live Migration features.
> +
> +data:
> +Bit 0 enables (1) or disables (0) host-side SEV Live Migration
> feature,
> +in other words, this is guest->host communication that it's properly
> +handling the shared pages list.
> +
> +All other bits are reserved.
> diff --git a/arch/x86/include/uapi/asm/kvm_para.h
> b/arch/x86/include/uapi/asm/kvm_para.h
> index 950afebfba88..f6bfa138874f 100644
> --- a/arch/x86/include/uapi/asm/kvm_para.h
> +++ b/arch/x86/include/uapi/asm/kvm_para.h
> @@ -33,6 +33,7 @@
> #define KVM_FEATURE_PV_SCHED_YIELD 13
> #define KVM_FEATURE_ASYNC_PF_INT 14
> #define KVM_FEATURE_MSI_EXT_DEST_ID15
> +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
>
> #define KVM_HINTS_REALTIME 0
>
> @@ -54,6 +55,7 @@
> #define MSR_KVM_POLL_CONTROL 0x4b564d05
> #define MSR_KVM_ASYNC_PF_INT 0x4b564d06
> #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
> +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
>
> struct kvm_steal_time {
> __u64 steal;
> @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
> #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> #define KVM_PV_EOI_DISABLED 0x0
>
> +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
> +
> #endif /* _UAPI_ASM_X86_KVM_PARA_H */
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index b0d324aed515..93f42b3d3e33 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned
> long gpa,
> return ret;
> }
>
> +void sev_update_migration_flags(struct kvm *kvm, u64 data)
> +{
> + struct kvm_sev_info *sev = _kvm_svm(kvm)->sev_info;
> +
> + if (!sev_guest(kvm))
> + return;
This should assert that userspace wanted the guest to be able to make
these calls (see more below).
>
> +
> + sev->live_migration_enabled = !!(data &
> KVM_SEV_LIVE_MIGRATION_ENABLED);
> +}
> +
> int svm_get_shared_pages_list(struct kvm *kvm,
> struct kvm_shared_pages_list *list)
> {
> @@ -1639,6 +1649,9 @@ int svm_get_shared_pages_list(struct kvm *kvm,
> if (!sev_guest(kvm))
> return -ENOTTY;
>
> + if (!sev->live_migration_enabled)
> + return -EINVAL;
> +
> if (!list->size)
> return -EINVAL;
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 58f89f83caab..43ea5061926f 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -2903,6 +2903,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct
> msr_data *msr)
> svm->msr_decfg = data;
> break;
> }
> + case
[PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.
From: Ashish Kalra
Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
for host-side support for SEV live migration. Also add a new custom
MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
feature.
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/cpuid.rst | 5 +
Documentation/virt/kvm/msr.rst | 12
arch/x86/include/uapi/asm/kvm_para.h | 4
arch/x86/kvm/svm/sev.c | 13 +
arch/x86/kvm/svm/svm.c | 16
arch/x86/kvm/svm/svm.h | 2 ++
6 files changed, 52 insertions(+)
diff --git a/Documentation/virt/kvm/cpuid.rst b/Documentation/virt/kvm/cpuid.rst
index cf62162d4be2..0bdb6cdb12d3 100644
--- a/Documentation/virt/kvm/cpuid.rst
+++ b/Documentation/virt/kvm/cpuid.rst
@@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID15 guest checks
this feature bit
before using extended
destination
ID bits in MSI address bits
11-5.
+KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this feature bit
before
+ using the page encryption state
+ hypercall to notify the page
state
+ change
+
KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no guest-side
per-cpu warps are expected in
kvmclock
diff --git a/Documentation/virt/kvm/msr.rst b/Documentation/virt/kvm/msr.rst
index e37a14c323d2..020245d16087 100644
--- a/Documentation/virt/kvm/msr.rst
+++ b/Documentation/virt/kvm/msr.rst
@@ -376,3 +376,15 @@ data:
write '1' to bit 0 of the MSR, this causes the host to re-scan its queue
and check if there are more notifications pending. The MSR is available
if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.
+
+MSR_KVM_SEV_LIVE_MIGRATION:
+0x4b564d08
+
+ Control SEV Live Migration features.
+
+data:
+Bit 0 enables (1) or disables (0) host-side SEV Live Migration feature,
+in other words, this is guest->host communication that it's properly
+handling the shared pages list.
+
+All other bits are reserved.
diff --git a/arch/x86/include/uapi/asm/kvm_para.h
b/arch/x86/include/uapi/asm/kvm_para.h
index 950afebfba88..f6bfa138874f 100644
--- a/arch/x86/include/uapi/asm/kvm_para.h
+++ b/arch/x86/include/uapi/asm/kvm_para.h
@@ -33,6 +33,7 @@
#define KVM_FEATURE_PV_SCHED_YIELD 13
#define KVM_FEATURE_ASYNC_PF_INT 14
#define KVM_FEATURE_MSI_EXT_DEST_ID15
+#define KVM_FEATURE_SEV_LIVE_MIGRATION 16
#define KVM_HINTS_REALTIME 0
@@ -54,6 +55,7 @@
#define MSR_KVM_POLL_CONTROL 0x4b564d05
#define MSR_KVM_ASYNC_PF_INT 0x4b564d06
#define MSR_KVM_ASYNC_PF_ACK 0x4b564d07
+#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08
struct kvm_steal_time {
__u64 steal;
@@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data {
#define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
#define KVM_PV_EOI_DISABLED 0x0
+#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0)
+
#endif /* _UAPI_ASM_X86_KVM_PARA_H */
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index b0d324aed515..93f42b3d3e33 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned
long gpa,
return ret;
}
+void sev_update_migration_flags(struct kvm *kvm, u64 data)
+{
+ struct kvm_sev_info *sev = _kvm_svm(kvm)->sev_info;
+
+ if (!sev_guest(kvm))
+ return;
+
+ sev->live_migration_enabled = !!(data & KVM_SEV_LIVE_MIGRATION_ENABLED);
+}
+
int svm_get_shared_pages_list(struct kvm *kvm,
struct kvm_shared_pages_list *list)
{
@@ -1639,6 +1649,9 @@ int svm_get_shared_pages_list(struct kvm *kvm,
if (!sev_guest(kvm))
return -ENOTTY;
+ if (!sev->live_migration_enabled)
+ return -EINVAL;
+
if (!list->size)
return -EINVAL;
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 58f89f83caab..43ea5061926f 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2903,6 +2903,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct
msr_data *msr)
svm->msr_decfg = data;
break;
}
+ case MSR_KVM_SEV_LIVE_MIGRATION:
+ sev_update_migration_flags(vcpu->kvm, data);
+ break;
case MSR_IA32_APICBASE:
if (kvm_vcpu_apicv_active(vcpu))
avic_update_vapic_bar(to_svm(vcpu), data);
@@ -3976,6 +3979,19 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu
*vcpu)
vcpu->arch.cr3_lm_rsvd_bits &= ~(1UL << (best->ebx &
0x3f));
}
