Re: [PATCH v6 14/14] KVM: x86: Add kexec support for SEV Live Migration.

From: Krish Sadhukhan
Date: Mon Apr 06 2020 - 14:38:22 EST

Next message: Peter Zijlstra: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Previous message: Kees Cook: "Re: [PATCH V3] kernel/hung_task.c: Introduce sysctl to print all traces when a hung task is detected"
In reply to: Ashish Kalra: "Re: [PATCH v6 14/14] KVM: x86: Add kexec support for SEV Live Migration."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/4/20 2:57 PM, Ashish Kalra wrote:

The host's page encryption bitmap is maintained for the guest to keep the encrypted/decrypted state
of the guest pages, therefore we need to explicitly mark all shared pages as encrypted again before
rebooting into the new guest kernel.

On Fri, Apr 03, 2020 at 05:55:52PM -0700, Krish Sadhukhan wrote:

On 3/29/20 11:23 PM, Ashish Kalra wrote:

From: Ashish Kalra <ashish.kalra@xxxxxxx>

Reset the host's page encryption bitmap related to kernel
specific page encryption status settings before we load a
new kernel by kexec. We cannot reset the complete
page encryption bitmap here as we need to retain the
UEFI/OVMF firmware specific settings.

Can the commit message mention why host page encryption needs to be reset ?
Since the theme of these patches is guest migration in-SEV context, it might
be useful to mention why the host context comes in here.

Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
---
arch/x86/kernel/kvm.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 8fcee0b45231..ba6cce3c84af 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -34,6 +34,7 @@
#include <asm/hypervisor.h>
#include <asm/tlb.h>
#include <asm/cpuidle_haltpoll.h>
+#include <asm/e820/api.h>
static int kvmapf = 1;
@@ -357,6 +358,33 @@ static void kvm_pv_guest_cpu_reboot(void *unused)
*/
if (kvm_para_has_feature(KVM_FEATURE_PV_EOI))
wrmsrl(MSR_KVM_PV_EOI_EN, 0);
+ /*
+ * Reset the host's page encryption bitmap related to kernel
+ * specific page encryption status settings before we load a
+ * new kernel by kexec. NOTE: We cannot reset the complete
+ * page encryption bitmap here as we need to retain the
+ * UEFI/OVMF firmware specific settings.
+ */
+ if (kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION) &&
+ (smp_processor_id() == 0)) {
+ unsigned long nr_pages;
+ int i;
+
+ for (i = 0; i < e820_table->nr_entries; i++) {
+ struct e820_entry *entry = &e820_table->entries[i];
+ unsigned long start_pfn, end_pfn;
+
+ if (entry->type != E820_TYPE_RAM)
+ continue;
+
+ start_pfn = entry->addr >> PAGE_SHIFT;
+ end_pfn = (entry->addr + entry->size) >> PAGE_SHIFT;
+ nr_pages = DIV_ROUND_UP(entry->size, PAGE_SIZE);
+
+ kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS,
+ entry->addr, nr_pages, 1);
+ }
+ }
kvm_pv_disable_apf();
kvm_disable_steal_time();
}

Thanks for the explanation. It will certainly help one understand the context better if you add it to the commit message.

Reviewed-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>

Next message: Peter Zijlstra: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Previous message: Kees Cook: "Re: [PATCH V3] kernel/hung_task.c: Introduce sysctl to print all traces when a hung task is detected"
In reply to: Ashish Kalra: "Re: [PATCH v6 14/14] KVM: x86: Add kexec support for SEV Live Migration."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]