From: Ackerley Tng <ackerleytng@google.com>
To: pbonzini@redhat.com, seanjc@google.com, tglx@linutronix.de,
x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org
Cc: mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
hpa@zytor.com, shuah@kernel.org, andrew.jones@linux.dev,
ricarkol@google.com, chao.p.peng@linux.intel.com,
tabba@google.com, jarkko@kernel.org, yu.c.zhang@linux.intel.com,
vannapurve@google.com, ackerleytng@google.com,
erdemaktas@google.com, mail@maciej.szmigiero.name,
vbabka@suse.cz, david@redhat.com, qperret@google.com,
michael.roth@amd.com, wei.w.wang@intel.com,
liam.merwick@oracle.com, isaku.yamahata@gmail.com,
kirill.shutemov@linux.intel.com
Subject: [RFC PATCH 08/11] KVM: x86: Let moving encryption context be configurable
Date: Mon, 7 Aug 2023 23:01:11 +0000 [thread overview]
Message-ID: <196a2130f155cbc0201cce06579f122352c8b236.1691446946.git.ackerleytng@google.com> (raw)
In-Reply-To: <cover.1691446946.git.ackerleytng@google.com>
SEV-capable VMs may also use the KVM_X86_SW_PROTECTED_VM type, but
they will still need architecture-specific handling to move encryption
context. Hence, we let moving of encryption context be configurable
and store that configuration in a flag.
Co-developed-by: Vishal Annapurve <vannapurve@google.com>
Signed-off-by: Vishal Annapurve <vannapurve@google.com>
Signed-off-by: Ackerley Tng <ackerleytng@google.com>
---
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/kvm/svm/sev.c | 2 ++
arch/x86/kvm/x86.c | 9 ++++++++-
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 71c1236e4f18..ab45a3d3c867 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1445,6 +1445,8 @@ struct kvm_arch {
*/
#define SPLIT_DESC_CACHE_MIN_NR_OBJECTS (SPTE_ENT_PER_PAGE + 1)
struct kvm_mmu_memory_cache split_desc_cache;
+
+ bool vm_move_enc_ctxt_supported;
};
struct kvm_vm_stat {
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index e0e206aa3e62..b09e6477e309 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -256,6 +256,8 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
goto e_no_asid;
sev->asid = asid;
+ kvm->arch.vm_move_enc_ctxt_supported = true;
+
ret = sev_platform_init(&argp->error);
if (ret)
goto e_free;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 75d48379d94d..a1a28dd77b94 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6351,7 +6351,14 @@ static int kvm_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
if (r)
goto out_mark_migration_done;
- r = static_call(kvm_x86_vm_move_enc_context_from)(kvm, source_kvm);
+ /*
+ * Different types of VMs will allow userspace to define if moving
+ * encryption context should be supported.
+ */
+ if (kvm->arch.vm_move_enc_ctxt_supported &&
+ kvm_x86_ops.vm_move_enc_context_from) {
+ r = static_call(kvm_x86_vm_move_enc_context_from)(kvm, source_kvm);
+ }
kvm_unlock_two_vms(kvm, source_kvm);
out_mark_migration_done:
--
2.41.0.640.ga95def55d0-goog
next prev parent reply other threads:[~2023-08-07 23:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-07 23:01 [RFC PATCH 00/11] New KVM ioctl to link a gmem inode to a new gmem file Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 01/11] KVM: guest_mem: Refactor out kvm_gmem_alloc_file() Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 02/11] KVM: guest_mem: Add ioctl KVM_LINK_GUEST_MEMFD Ackerley Tng
2023-08-18 23:20 ` Sean Christopherson
2023-08-07 23:01 ` [RFC PATCH 03/11] KVM: selftests: Add tests for KVM_LINK_GUEST_MEMFD ioctl Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 04/11] KVM: selftests: Test transferring private memory to another VM Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 05/11] KVM: x86: Refactor sev's flag migration_in_progress to kvm struct Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 06/11] KVM: x86: Refactor common code out of sev.c Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 07/11] KVM: x86: Refactor common migration preparation code out of sev_vm_move_enc_context_from Ackerley Tng
2023-08-07 23:01 ` Ackerley Tng [this message]
2023-08-10 14:03 ` [RFC PATCH 08/11] KVM: x86: Let moving encryption context be configurable Paolo Bonzini
2023-08-17 16:53 ` Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 09/11] KVM: x86: Handle moving of memory context for intra-host migration Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 10/11] KVM: selftests: Generalize migration functions from sev_migrate_tests.c Ackerley Tng
2023-08-07 23:01 ` [RFC PATCH 11/11] KVM: selftests: Add tests for migration of private mem Ackerley Tng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=196a2130f155cbc0201cce06579f122352c8b236.1691446946.git.ackerleytng@google.com \
--to=ackerleytng@google.com \
--cc=andrew.jones@linux.dev \
--cc=bp@alien8.de \
--cc=chao.p.peng@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=erdemaktas@google.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=jarkko@kernel.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mail@maciej.szmigiero.name \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qperret@google.com \
--cc=ricarkol@google.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=tabba@google.com \
--cc=tglx@linutronix.de \
--cc=vannapurve@google.com \
--cc=vbabka@suse.cz \
--cc=wei.w.wang@intel.com \
--cc=x86@kernel.org \
--cc=yu.c.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.