From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: "Singh, Brijesh" <brijesh.singh@amd.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>
Subject: Re: [PATCH v3 00/11] Add AMD SEV guest live migration support
Date: Fri, 12 Jul 2019 11:52:15 -0400 [thread overview]
Message-ID: <20190712155215.GA12840@char.us.oracle.com> (raw)
In-Reply-To: <20190710201244.25195-1-brijesh.singh@amd.com>
On Wed, Jul 10, 2019 at 08:12:59PM +0000, Singh, Brijesh wrote:
> The series add support for AMD SEV guest live migration commands. To protect the
> confidentiality of an SEV protected guest memory while in transit we need to
> use the SEV commands defined in SEV API spec [1].
>
> SEV guest VMs have the concept of private and shared memory. Private memory
> is encrypted with the guest-specific key, while shared memory may be encrypted
> with hypervisor key. The commands provided by the SEV FW are meant to be used
> for the private memory only. The patch series introduces a new hypercall.
> The guest OS can use this hypercall to notify the page encryption status.
> If the page is encrypted with guest specific-key then we use SEV command during
> the migration. If page is not encrypted then fallback to default.
>
I am bit lost. Why can't the hypervisor keep track of hypervisor key pages
and treat all other pages as owned by the guest and hence using the guest-specific
key?
next prev parent reply other threads:[~2019-07-12 15:50 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-10 20:12 [PATCH v3 00/11] Add AMD SEV guest live migration support Singh, Brijesh
2019-07-10 20:13 ` [PATCH v3 01/11] KVM: SVM: Add KVM_SEV SEND_START command Singh, Brijesh
2019-08-22 10:08 ` Borislav Petkov
2019-08-22 13:23 ` Singh, Brijesh
2019-11-12 18:35 ` Peter Gonda
2019-11-12 22:27 ` Brijesh Singh
2019-11-14 19:27 ` Peter Gonda
2019-11-19 14:06 ` Brijesh Singh
2019-07-10 20:13 ` [PATCH v3 02/11] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Singh, Brijesh
2019-08-22 12:02 ` Borislav Petkov
2019-08-22 13:27 ` Singh, Brijesh
2019-08-22 13:34 ` Borislav Petkov
2019-11-12 22:23 ` Peter Gonda
2019-07-10 20:13 ` [PATCH v3 03/11] KVM: SVM: Add KVM_SEV_SEND_FINISH command Singh, Brijesh
2019-08-26 13:29 ` Borislav Petkov
2019-07-10 20:13 ` [PATCH v3 04/11] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Singh, Brijesh
2019-07-10 20:13 ` [PATCH v3 05/11] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Singh, Brijesh
2019-08-27 12:09 ` Borislav Petkov
2019-11-14 21:02 ` Peter Gonda
2019-07-10 20:13 ` [PATCH v3 06/11] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Singh, Brijesh
2019-08-27 12:19 ` Borislav Petkov
2019-07-10 20:13 ` [PATCH v3 07/11] KVM: x86: Add AMD SEV specific Hypercall3 Singh, Brijesh
2019-07-10 20:13 ` [PATCH v3 08/11] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Singh, Brijesh
2019-07-21 20:57 ` David Rientjes
2019-07-22 17:12 ` Cfir Cohen
2019-07-23 15:31 ` Singh, Brijesh
2019-07-23 15:16 ` Singh, Brijesh
2019-11-25 19:07 ` Peter Gonda
2019-07-10 20:13 ` [PATCH v3 09/11] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Singh, Brijesh
2019-08-29 16:26 ` Borislav Petkov
2019-08-29 16:41 ` Singh, Brijesh
2019-08-29 16:56 ` Borislav Petkov
2019-07-10 20:13 ` [PATCH v3 10/11] mm: x86: Invoke hypercall when page encryption status is changed Singh, Brijesh
2019-08-29 16:52 ` Borislav Petkov
2019-08-29 18:07 ` Borislav Petkov
2019-08-29 18:21 ` Thomas Gleixner
2019-08-29 18:32 ` Thomas Gleixner
2019-07-10 20:13 ` [PATCH v3 11/11] KVM: x86: Introduce KVM_SET_PAGE_ENC_BITMAP ioctl Singh, Brijesh
2019-11-15 1:22 ` Steve Rutherford
2019-11-15 1:39 ` Steve Rutherford
2019-07-12 15:52 ` Konrad Rzeszutek Wilk [this message]
2019-07-12 16:31 ` [PATCH v3 00/11] Add AMD SEV guest live migration support Singh, Brijesh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190712155215.GA12840@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=brijesh.singh@amd.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).