From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: natet@google.com
Cc: Ashish.Kalra@amd.com, brijesh.singh@amd.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, pbonzini@redhat.com,
rientjes@google.com, seanjc@google.com, srutherford@google.com,
thomas.lendacky@amd.com, x86@kernel.org,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
DOV MURIK <Dov.Murik1@il.ibm.com>
Subject: Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context
Date: Thu, 25 Feb 2021 09:53:26 -0800 [thread overview]
Message-ID: <7cb132ce522728f7689618832a65e31e37788201.camel@HansenPartnership.com> (raw)
In-Reply-To: <20210224085915.28751-1-natet@google.com>
> Add a capability for userspace to mirror SEV encryption context from
> one vm to another. On our side, this is intended to support a
> Migration Helper vCPU, but it can also be used generically to support
> other in-guest workloads scheduled by the host. The intention is for
> the primary guest and the mirror to have nearly identical memslots.
So this causes a cloned VM that you can boot up another CPU into but
the boot path must have been already present? In essence we've already
been thinking about something like this to get migration running inside
OVMF:
https://lore.kernel.org/qemu-devel/8b824c44-6a51-c3a7-6596-921dc47fea39@linux.ibm.com/
It sounds like this mechanism can be used to boot a vCPU through a
mirror VM after the fact, which is very compatible with the above whose
mechanism is simply to steal a VCPU to hold in reset until it's
activated. However, you haven't published how you activate the entity
inside the VM ... do you have patches for this so we can see the
internal capture mechanism and mirror VM boot path?
> The primary benefits of this are that:
> 1) The VMs do not share KVM contexts (think APIC/MSRs/etc), so they
> can't accidentally clobber each other.
> 2) The VMs can have different memory-views, which is necessary for
> post-copy migration (the migration vCPUs on the target need to read
> and write to pages, when the primary guest would VMEXIT).
>
> This does not change the threat model for AMD SEV. Any memory
> involved is still owned by the primary guest and its initial state is
> still attested to through the normal SEV_LAUNCH_* flows. If userspace
> wanted to circumvent SEV, they could achieve the same effect by
> simply attaching a vCPU to the primary VM.
> This patch deliberately leaves userspace in charge of the memslots
> for the mirror, as it already has the power to mess with them in the
> primary guest.
Well it does alter the threat model in that previously the
configuration, including the CPU configuration, was fixed after launch
and attestation. Now the CSP can alter the configuration via a mirror.
I'm not sure I have a threat for this, but it definitely alters the
model.
> This patch does not support SEV-ES (much less SNP), as it does not
> handle handing off attested VMSAs to the mirror.
One of the reasons for doing the sequestered vcpu is that -ES and -SNP
require the initial CPU state to be part of the attestation, so with
them you can't add CPU state after the fact. I think you could use
this model if you declare the vCPU in the mirror in the initial
attested VMSA, but that's conjecture at this stage.
> For additional context, we need a Migration Helper because SEV PSP
> migration is far too slow for our live migration on its own. Using an
> in-guest migrator lets us speed this up significantly.
We have the same problem here at IBM, hence the RFC referred to above.
James
next prev parent reply other threads:[~2021-02-25 17:55 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-24 8:59 [RFC] KVM: x86: Support KVM VMs sharing SEV context Nathan Tempelman
2021-02-24 9:18 ` Paolo Bonzini
2021-02-24 16:58 ` Sean Christopherson
2021-02-25 11:26 ` Paolo Bonzini
2021-02-24 17:37 ` Sean Christopherson
2021-02-25 3:55 ` Steve Rutherford
2021-03-12 23:47 ` Nathan Tempelman
2021-03-16 17:52 ` Sean Christopherson
2021-03-16 17:58 ` Paolo Bonzini
2021-03-16 18:08 ` Sean Christopherson
2021-02-25 3:44 ` Steve Rutherford
2021-02-25 14:57 ` Tom Lendacky
2021-02-25 18:49 ` Steve Rutherford
2021-03-05 22:36 ` Ashish Kalra
2021-03-09 17:45 ` Sean Christopherson
2021-02-25 17:53 ` James Bottomley [this message]
2021-02-25 18:18 ` Ashish Kalra
2021-02-25 20:33 ` Paolo Bonzini
2021-02-26 13:30 ` Ashish Kalra
2021-02-25 20:36 ` Paolo Bonzini
2021-03-05 14:04 ` Ashish Kalra
2021-03-05 15:13 ` Paolo Bonzini
2021-03-05 20:43 ` Nathan Tempelman
2021-03-11 15:30 ` Tobin Feldman-Fitzthum
2021-03-11 16:29 ` Paolo Bonzini
2021-03-15 17:05 ` Tobin Feldman-Fitzthum
2021-03-15 17:29 ` Paolo Bonzini
2021-05-24 21:29 ` Kalra, Ashish
2021-05-27 15:51 ` Kalra, Ashish
2021-06-01 8:26 ` Kalra, Ashish
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7cb132ce522728f7689618832a65e31e37788201.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=Ashish.Kalra@amd.com \
--cc=Dov.Murik1@il.ibm.com \
--cc=brijesh.singh@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=natet@google.com \
--cc=pbonzini@redhat.com \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=srutherford@google.com \
--cc=thomas.lendacky@amd.com \
--cc=tobin@ibm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).