Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION... | kvm

[PATCH v10 00/17] Add AMD SEV guest live migration support · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 01/16] KVM: SVM: Add KVM_SEV SEND_START command · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 02/16] KVM: SVM: Add KVM_SEND_UPDATE_DATA command · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 03/16] KVM: SVM: Add KVM_SEV_SEND_FINISH command · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 04/16] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 05/16] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 06/16] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 07/16] KVM: x86: Add AMD SEV specific Hypercall3 · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 08/16] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
Re: [PATCH v10 08/16] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall · Tom Lendacky <thomas.lendacky@amd.com> · 2021-02-04
Re: [PATCH v10 08/16] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall · Steve Rutherford <hidden> · 2021-02-05
Re: [PATCH v10 08/16] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-05
[PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Tom Lendacky <thomas.lendacky@amd.com> · 2021-02-04
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-04
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-02-17
RE: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · "Kalra, Ashish" <Ashish.Kalra@amd.com> · 2021-02-17
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-02-17
RE: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · "Kalra, Ashish" <Ashish.Kalra@amd.com> · 2021-02-18
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-02-18
RE: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · "Kalra, Ashish" <Ashish.Kalra@amd.com> · 2021-02-18
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-02-18
RE: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · "Kalra, Ashish" <Ashish.Kalra@amd.com> · 2021-02-18
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-24
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-02-24
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-25
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Steve Rutherford <hidden> · 2021-02-25
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Steve Rutherford <hidden> · 2021-02-25
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-26
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-02-26
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-02
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-02
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Will Deacon <will@kernel.org> · 2021-03-03
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-04
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-09
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-11
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Steve Rutherford <hidden> · 2021-03-11
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-19
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Steve Rutherford <hidden> · 2021-04-02
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-04-02
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-08
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-03-08
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-08
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Brijesh Singh <hidden> · 2021-03-08
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Ashish Kalra <ashish.kalra@amd.com> · 2021-03-08
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Steve Rutherford <hidden> · 2021-03-08
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-03-09
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · "Kalra, Ashish" <Ashish.Kalra@amd.com> · 2021-03-10
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Steve Rutherford <hidden> · 2021-03-10
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Steve Rutherford <hidden> · 2021-03-08
Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl · Sean Christopherson <seanjc@google.com> · 2021-02-17
[PATCH v10 11/16] KVM: x86: Introduce KVM_SET_SHARED_PAGES_LIST ioctl · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 13/16] EFI: Introduce the new AMD Memory Encryption GUID. · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 14/16] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature. · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
Re: [PATCH v10 14/16] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature. · Sean Christopherson <seanjc@google.com> · 2021-02-18
[PATCH v10 16/16] KVM: SVM: Bypass DBG_DECRYPT API calls for unencrypted guest memory. · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
Re: [PATCH v10 16/16] KVM: SVM: Bypass DBG_DECRYPT API calls for unencrypted guest memory. · kernel test robot <hidden> · 2021-02-09
[PATCH v10 09/16] mm: x86: Invoke hypercall when page encryption status is changed · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
[PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Steve Rutherford <hidden> · 2021-02-05
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-05
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Steve Rutherford <hidden> · 2021-02-06
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-06
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-06
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-06
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-08
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Steve Rutherford <hidden> · 2021-02-08
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Ashish Kalra <ashish.kalra@amd.com> · 2021-02-10
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Steve Rutherford <hidden> · 2021-02-10
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Steve Rutherford <hidden> · 2021-02-10
Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. · Sean Christopherson <seanjc@google.com> · 2021-02-16
[PATCH v10 15/16] KVM: x86: Add kexec support for SEV Live Migration. · Ashish Kalra <Ashish.Kalra@amd.com> · 2021-02-04
Re: [PATCH v10 15/16] KVM: x86: Add kexec support for SEV Live Migration. · kernel test robot <hidden> · 2021-02-04

Re: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR.

From: Steve Rutherford <hidden>
Date: 2021-02-10 22:07:30
Also in: lkml

On Wed, Feb 10, 2021 at 2:01 PM Steve Rutherford [off-list ref] wrote:

Hi Ashish,

On Wed, Feb 10, 2021 at 12:37 PM Ashish Kalra [off-list ref] wrote:

quoted

Hello Steve,

We can remove the implicit enabling of this live migration feature
from svm_vcpu_after_set_cpuid() callback invoked afer KVM_SET_CPUID2
ioctl, and let this feature flag be controlled by the userspace
VMM/qemu.

Userspace can set this feature flag explicitly by calling the
KVM_SET_CPUID2 ioctl and enable this feature whenever it is ready to
do so.

I have tested this as part of Qemu code :

int kvm_arch_init_vcpu(CPUState *cs)
{
...
...
        c->function = KVM_CPUID_FEATURES | kvm_base;
        c->eax = env->features[FEAT_KVM];
        c->eax |= (1 << KVM_FEATURE_SEV_LIVE_MIGRATION);
...
...

    r = kvm_vcpu_ioctl(cs, KVM_SET_CPUID2, &cpuid_data);
...

Let me know if this addresses your concerns.

Removing implicit enablement is one part of the equation.
The other two are:
1) Host userspace being able to ask the kernel if it supports SEV Live Migration
2) Host userspace being able to disable access to the MSR/hypercall

Feature flagging for paravirt features is pretty complicated, since
you need all three parties to negotiate (host userspace/host
kernel/guest), and every single one has veto power. In the end, the
feature should only be available to the guest if every single party
says yes.

For an example of how to handle 1), the new feature flag could be
checked when asking the kernel which cpuid bits it supports by adding
it to the list of features that the kernel mentions in
KVM_GET_SUPPORTED_CPUID.

For example (in KVM's arch/x86/kvm/cpuid.c):
case KVM_CPUID_FEATURES:
==========
entry->eax = (1 << KVM_FEATURE_CLOCKSOURCE) |
    (1 << KVM_FEATURE_NOP_IO_DELAY) |
...
    (1 << KVM_FEATURE_PV_SCHED_YIELD) |
+  (1 << KVM_FEATURE_ASYNC_PF_INT) |
-   (1 << KVM_FEATURE_ASYNC_PF_INT);
+  (1 << KVM_FEATURE_SEV_LIVE_MIGRATION);
==========

Without this, userspace has to infer if the kernel it is on supports that flag.

For an example of how to handle 2), in the new msr handler, KVM should
throw a GP `if (!guest_pv_has(vcpu, KVM_FEATURE_SEV_LIVE_MIGRATION))`
(it can do this by returning th. The issue here is "what if the guest

Correction: (it can do this by returning 1).

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help