From: Vipin Sharma <vipinsh@google.com> To: thomas.lendacky@amd.com, pbonzini@redhat.com, sean.j.christopherson@intel.com, tj@kernel.org, lizefan@huawei.com Cc: joro@8bytes.org, corbet@lwn.net, brijesh.singh@amd.com, jon.grimm@amd.com, eric.vantassell@amd.com, gingell@google.com, rientjes@google.com, kvm@vger.kernel.org, x86@kernel.org, cgroups@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Vipin Sharma <vipinsh@google.com>, Dionna Glaze <dionnaglaze@google.com>, Erdem Aktas <erdemaktas@google.com> Subject: [RFC Patch 2/2] KVM: SVM: SEV cgroup controller documentation Date: Mon, 21 Sep 2020 17:40:24 -0700 [thread overview] Message-ID: <20200922004024.3699923-3-vipinsh@google.com> (raw) In-Reply-To: <20200922004024.3699923-1-vipinsh@google.com> SEV cgroup controller documentation. Documentation for both cgroup versions, v1 and v2, of SEV cgroup controller. SEV controller is used to distribute and account SEV ASIDs usage by KVM on AMD processor. Signed-off-by: Vipin Sharma <vipinsh@google.com> Reviewed-by: David Rientjes <rientjes@google.com> Reviewed-by: Dionna Glaze <dionnaglaze@google.com> Reviewed-by: Erdem Aktas <erdemaktas@google.com> --- Documentation/admin-guide/cgroup-v1/sev.rst | 94 +++++++++++++++++++++ Documentation/admin-guide/cgroup-v2.rst | 56 +++++++++++- 2 files changed, 147 insertions(+), 3 deletions(-) create mode 100644 Documentation/admin-guide/cgroup-v1/sev.rst diff --git a/Documentation/admin-guide/cgroup-v1/sev.rst b/Documentation/admin-guide/cgroup-v1/sev.rst new file mode 100644 index 000000000000..04d0024360a1 --- /dev/null +++ b/Documentation/admin-guide/cgroup-v1/sev.rst @@ -0,0 +1,94 @@ +============== +SEV Controller +============== + +Overview +======== + +The SEV controller regulates the distribution of SEV ASIDs. SEV ASIDs are used +in creating encrypted VMs on AMD processors. SEV ASIDs are stateful and one +ASID is only used in one KVM object at a time. It cannot be used with other KVM +before unbinding it from the previous KVM. + +All SEV ASIDs are tracked by this controller and it allows for accounting and +distribution of this resource. + +How to Enable Controller +======================== + +- Enable memory encryption on AMD platform:: + + CONFIG_KVM_AMD_SEV=y + +- Enable SEV controller:: + + CONFIG_CGROUP_SEV=y + +- Above options will build SEV controller support in the kernel. + To mount sev controller:: + + mount -t cgroup -o sev none /sys/fs/cgroup/sev + +Interface Files +============== + + sev.current + A read-only single value file which exists on non-root cgroups. + + The total number of SEV ASIDs currently in use by the cgroup and its + descendants. + + sev.max + A read-write single value file which exists on non-root cgroups. The + default is "max". + + SEV ASIDs usage hard limit. If the cgroup's current SEV ASIDs usage + reach this limit then the new SEV VMs creation will return error + -EBUSY. This limit cannot be set lower than sev.current. + + sev.events + A read-only flat-keyed single value file which exists on non-root + cgroups. A value change in this file generates a file modified event. + + max + The number of times the cgroup's SEV ASIDs usage was about to + go over the max limit. This is a tally of SEV VM creation + failures in the cgroup. + +Hierarchy +========= + +SEV controller supports hierarchical accounting. It supports following +features: + +1. SEV ASID usage in the cgroup includes itself and its descendent cgroups. +2. SEV ASID usage can never exceed the max limit set in the cgroup and its + ancestor's chain up to the root. +3. SEV events keep a tally of SEV VM creation failures in the cgroup and not in + its child subtree. + +Suppose the following example hierarchy:: + + root + / \ + A B + | + C + +1. A will show the count of SEV ASID used in A and C. +2. C's SEV ASID usage may not exceed any of the max limits set in C, A, or + root. +3. A's event file lists only SEV VM creation failed in A, and not the ones in + C. + +Migration and SEV ASID ownership +================================ + +An SEV ASID is charged to the cgroup which instantiated it, and stays charged +to that cgroup until that SEV ASID is freed. Migrating a process to a different +cgroup do not move the SEV ASID charge to the destination cgroup where the +process has moved. + +Deletion of a cgroup with existing ASIDs charges will migrate those ASIDs to +the parent cgroup. + diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst index 6be43781ec7f..66b8bdee8ff3 100644 --- a/Documentation/admin-guide/cgroup-v2.rst +++ b/Documentation/admin-guide/cgroup-v2.rst @@ -63,8 +63,11 @@ v1 is available under :ref:`Documentation/admin-guide/cgroup-v1/index.rst <cgrou 5-7-1. RDMA Interface Files 5-8. HugeTLB 5.8-1. HugeTLB Interface Files - 5-8. Misc - 5-8-1. perf_event + 5-9 SEV + 5-9-1 SEV Interface Files + 5-9-2 SEV ASIDs Ownership + 5-10. Misc + 5-10-1. perf_event 5-N. Non-normative information 5-N-1. CPU controller root cgroup process behaviour 5-N-2. IO controller root cgroup process behaviour @@ -2109,6 +2112,54 @@ HugeTLB Interface Files are local to the cgroup i.e. not hierarchical. The file modified event generated on this file reflects only the local events. +SEV +--- + +The SEV controller regulates the distribution of SEV ASIDs. SEV ASIDs are used +in creating encrypted VMs on AMD processors. SEV ASIDs are stateful and one +ASID is only used in one KVM object at a time. It cannot be used with other KVM +before unbinding it from the previous KVM. + +All SEV ASIDs are tracked by this controller and it allows for accounting and +distribution of this resource. + +SEV Interface Files +~~~~~~~~~~~~~~~~~~~ + + sev.current + A read-only single value file which exists on non-root cgroups. + + The total number of SEV ASIDs currently in use by the cgroup and its + descendants. + + sev.max + A read-write single value file which exists on non-root cgroups. The + default is "max". + + SEV ASIDs usage hard limit. If the cgroup's current SEV ASIDs usage + reach this limit then the new SEV VMs creation will return error + -EBUSY. This limit cannot be set lower than sev.current. + + sev.events + A read-only flat-keyed single value file which exists on non-root + cgroups. A value change in this file generates a file modified event. + + max + The number of times the cgroup's SEV ASIDs usage was about to + go over the max limit. This is a tally of SEV VM creation + failures in the cgroup. + +SEV ASIDs Ownership +~~~~~~~~~~~~~~~~~~~ + +An SEV ASID is charged to the cgroup which instantiated it, and stays charged +to the cgroup until the ASID is freed. Migrating a process to a different +cgroup do not move the SEV ASID charge to the destination cgroup where the +process has moved. + +Deletion of a cgroup with existing ASIDs charges will migrate those ASIDs to +the parent cgroup. + Misc ---- @@ -2120,7 +2171,6 @@ automatically enabled on the v2 hierarchy so that perf events can always be filtered by cgroup v2 path. The controller can still be moved to a legacy hierarchy after v2 hierarchy is populated. - Non-normative information ------------------------- -- 2.28.0.681.g6f77f65b4e-goog
WARNING: multiple messages have this Message-ID (diff)
From: Vipin Sharma <vipinsh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> To: thomas.lendacky-5C7GfCeVMHo@public.gmane.org, pbonzini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, sean.j.christopherson-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org, tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org Cc: joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org, corbet-T1hC0tSOHrs@public.gmane.org, brijesh.singh-5C7GfCeVMHo@public.gmane.org, jon.grimm-5C7GfCeVMHo@public.gmane.org, eric.vantassell-5C7GfCeVMHo@public.gmane.org, gingell-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org, rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Vipin Sharma <vipinsh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Dionna Glaze <dionnaglaze-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Erdem Aktas <erdemaktas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> Subject: [RFC Patch 2/2] KVM: SVM: SEV cgroup controller documentation Date: Mon, 21 Sep 2020 17:40:24 -0700 [thread overview] Message-ID: <20200922004024.3699923-3-vipinsh@google.com> (raw) In-Reply-To: <20200922004024.3699923-1-vipinsh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> SEV cgroup controller documentation. Documentation for both cgroup versions, v1 and v2, of SEV cgroup controller. SEV controller is used to distribute and account SEV ASIDs usage by KVM on AMD processor. Signed-off-by: Vipin Sharma <vipinsh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> Reviewed-by: David Rientjes <rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> Reviewed-by: Dionna Glaze <dionnaglaze-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> Reviewed-by: Erdem Aktas <erdemaktas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> --- Documentation/admin-guide/cgroup-v1/sev.rst | 94 +++++++++++++++++++++ Documentation/admin-guide/cgroup-v2.rst | 56 +++++++++++- 2 files changed, 147 insertions(+), 3 deletions(-) create mode 100644 Documentation/admin-guide/cgroup-v1/sev.rst diff --git a/Documentation/admin-guide/cgroup-v1/sev.rst b/Documentation/admin-guide/cgroup-v1/sev.rst new file mode 100644 index 000000000000..04d0024360a1 --- /dev/null +++ b/Documentation/admin-guide/cgroup-v1/sev.rst @@ -0,0 +1,94 @@ +============== +SEV Controller +============== + +Overview +======== + +The SEV controller regulates the distribution of SEV ASIDs. SEV ASIDs are used +in creating encrypted VMs on AMD processors. SEV ASIDs are stateful and one +ASID is only used in one KVM object at a time. It cannot be used with other KVM +before unbinding it from the previous KVM. + +All SEV ASIDs are tracked by this controller and it allows for accounting and +distribution of this resource. + +How to Enable Controller +======================== + +- Enable memory encryption on AMD platform:: + + CONFIG_KVM_AMD_SEV=y + +- Enable SEV controller:: + + CONFIG_CGROUP_SEV=y + +- Above options will build SEV controller support in the kernel. + To mount sev controller:: + + mount -t cgroup -o sev none /sys/fs/cgroup/sev + +Interface Files +============== + + sev.current + A read-only single value file which exists on non-root cgroups. + + The total number of SEV ASIDs currently in use by the cgroup and its + descendants. + + sev.max + A read-write single value file which exists on non-root cgroups. The + default is "max". + + SEV ASIDs usage hard limit. If the cgroup's current SEV ASIDs usage + reach this limit then the new SEV VMs creation will return error + -EBUSY. This limit cannot be set lower than sev.current. + + sev.events + A read-only flat-keyed single value file which exists on non-root + cgroups. A value change in this file generates a file modified event. + + max + The number of times the cgroup's SEV ASIDs usage was about to + go over the max limit. This is a tally of SEV VM creation + failures in the cgroup. + +Hierarchy +========= + +SEV controller supports hierarchical accounting. It supports following +features: + +1. SEV ASID usage in the cgroup includes itself and its descendent cgroups. +2. SEV ASID usage can never exceed the max limit set in the cgroup and its + ancestor's chain up to the root. +3. SEV events keep a tally of SEV VM creation failures in the cgroup and not in + its child subtree. + +Suppose the following example hierarchy:: + + root + / \ + A B + | + C + +1. A will show the count of SEV ASID used in A and C. +2. C's SEV ASID usage may not exceed any of the max limits set in C, A, or + root. +3. A's event file lists only SEV VM creation failed in A, and not the ones in + C. + +Migration and SEV ASID ownership +================================ + +An SEV ASID is charged to the cgroup which instantiated it, and stays charged +to that cgroup until that SEV ASID is freed. Migrating a process to a different +cgroup do not move the SEV ASID charge to the destination cgroup where the +process has moved. + +Deletion of a cgroup with existing ASIDs charges will migrate those ASIDs to +the parent cgroup. + diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst index 6be43781ec7f..66b8bdee8ff3 100644 --- a/Documentation/admin-guide/cgroup-v2.rst +++ b/Documentation/admin-guide/cgroup-v2.rst @@ -63,8 +63,11 @@ v1 is available under :ref:`Documentation/admin-guide/cgroup-v1/index.rst <cgrou 5-7-1. RDMA Interface Files 5-8. HugeTLB 5.8-1. HugeTLB Interface Files - 5-8. Misc - 5-8-1. perf_event + 5-9 SEV + 5-9-1 SEV Interface Files + 5-9-2 SEV ASIDs Ownership + 5-10. Misc + 5-10-1. perf_event 5-N. Non-normative information 5-N-1. CPU controller root cgroup process behaviour 5-N-2. IO controller root cgroup process behaviour @@ -2109,6 +2112,54 @@ HugeTLB Interface Files are local to the cgroup i.e. not hierarchical. The file modified event generated on this file reflects only the local events. +SEV +--- + +The SEV controller regulates the distribution of SEV ASIDs. SEV ASIDs are used +in creating encrypted VMs on AMD processors. SEV ASIDs are stateful and one +ASID is only used in one KVM object at a time. It cannot be used with other KVM +before unbinding it from the previous KVM. + +All SEV ASIDs are tracked by this controller and it allows for accounting and +distribution of this resource. + +SEV Interface Files +~~~~~~~~~~~~~~~~~~~ + + sev.current + A read-only single value file which exists on non-root cgroups. + + The total number of SEV ASIDs currently in use by the cgroup and its + descendants. + + sev.max + A read-write single value file which exists on non-root cgroups. The + default is "max". + + SEV ASIDs usage hard limit. If the cgroup's current SEV ASIDs usage + reach this limit then the new SEV VMs creation will return error + -EBUSY. This limit cannot be set lower than sev.current. + + sev.events + A read-only flat-keyed single value file which exists on non-root + cgroups. A value change in this file generates a file modified event. + + max + The number of times the cgroup's SEV ASIDs usage was about to + go over the max limit. This is a tally of SEV VM creation + failures in the cgroup. + +SEV ASIDs Ownership +~~~~~~~~~~~~~~~~~~~ + +An SEV ASID is charged to the cgroup which instantiated it, and stays charged +to the cgroup until the ASID is freed. Migrating a process to a different +cgroup do not move the SEV ASID charge to the destination cgroup where the +process has moved. + +Deletion of a cgroup with existing ASIDs charges will migrate those ASIDs to +the parent cgroup. + Misc ---- @@ -2120,7 +2171,6 @@ automatically enabled on the v2 hierarchy so that perf events can always be filtered by cgroup v2 path. The controller can still be moved to a legacy hierarchy after v2 hierarchy is populated. - Non-normative information ------------------------- -- 2.28.0.681.g6f77f65b4e-goog
next prev parent reply other threads:[~2020-09-22 0:41 UTC|newest] Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-22 0:40 [RFC Patch 0/2] KVM: SVM: Cgroup support for SVM SEV ASIDs Vipin Sharma 2020-09-22 0:40 ` [RFC Patch 1/2] KVM: SVM: Create SEV cgroup controller Vipin Sharma 2020-09-22 1:04 ` Randy Dunlap 2020-09-22 1:04 ` Randy Dunlap 2020-09-22 1:22 ` Sean Christopherson 2020-09-22 16:05 ` Vipin Sharma 2020-09-22 16:05 ` Vipin Sharma 2020-11-03 16:39 ` James Bottomley 2020-11-03 18:10 ` Sean Christopherson 2020-11-03 22:43 ` James Bottomley 2020-09-22 7:54 ` kernel test robot 2020-09-22 0:40 ` Vipin Sharma [this message] 2020-09-22 0:40 ` [RFC Patch 2/2] KVM: SVM: SEV cgroup controller documentation Vipin Sharma 2020-09-22 1:48 ` [RFC Patch 0/2] KVM: SVM: Cgroup support for SVM SEV ASIDs Sean Christopherson 2020-09-22 21:14 ` Vipin Sharma 2020-09-22 21:14 ` Vipin Sharma [not found] ` <20200924192116.GC9649@linux.intel.com> 2020-09-24 19:55 ` Tom Lendacky 2020-09-24 19:55 ` Tom Lendacky 2020-09-25 22:22 ` Vipin Sharma 2020-10-02 20:48 ` Vipin Sharma 2020-11-03 2:06 ` Sean Christopherson 2020-11-14 0:26 ` David Rientjes 2020-11-24 19:16 ` Sean Christopherson 2020-11-24 19:49 ` Vipin Sharma 2020-11-24 19:49 ` Vipin Sharma 2020-11-24 20:18 ` David Rientjes 2020-11-24 21:08 ` Vipin Sharma 2020-11-24 21:27 ` Sean Christopherson 2020-11-24 21:27 ` Sean Christopherson 2020-11-24 22:21 ` Vipin Sharma 2020-11-24 23:18 ` Sean Christopherson 2020-11-27 18:01 ` Christian Borntraeger 2020-11-27 18:01 ` Christian Borntraeger 2020-10-01 18:08 ` Peter Gonda 2020-10-01 22:44 ` Tom Lendacky 2020-10-01 22:44 ` Tom Lendacky 2020-09-23 12:47 ` Paolo Bonzini 2020-09-23 12:47 ` Paolo Bonzini 2020-09-23 12:47 ` Paolo Bonzini 2020-09-28 9:12 ` Janosch Frank 2020-09-28 9:12 ` Janosch Frank 2020-09-28 9:21 ` Christian Borntraeger 2020-09-28 9:21 ` Christian Borntraeger
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200922004024.3699923-3-vipinsh@google.com \ --to=vipinsh@google.com \ --cc=brijesh.singh@amd.com \ --cc=cgroups@vger.kernel.org \ --cc=corbet@lwn.net \ --cc=dionnaglaze@google.com \ --cc=erdemaktas@google.com \ --cc=eric.vantassell@amd.com \ --cc=gingell@google.com \ --cc=jon.grimm@amd.com \ --cc=joro@8bytes.org \ --cc=kvm@vger.kernel.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=lizefan@huawei.com \ --cc=pbonzini@redhat.com \ --cc=rientjes@google.com \ --cc=sean.j.christopherson@intel.com \ --cc=thomas.lendacky@amd.com \ --cc=tj@kernel.org \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.