[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <07da6b9a-29c5-59cc-518c-0356126f2181@oracle.com>
Date: Mon, 6 Apr 2020 11:37:42 -0700
From: Krish Sadhukhan <krish.sadhukhan@...cle.com>
To: Ashish Kalra <ashish.kalra@....com>
Cc: pbonzini@...hat.com, tglx@...utronix.de, mingo@...hat.com,
hpa@...or.com, joro@...tes.org, bp@...e.de,
thomas.lendacky@....com, x86@...nel.org, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, rientjes@...gle.com,
srutherford@...gle.com, luto@...nel.org, brijesh.singh@....com
Subject: Re: [PATCH v6 14/14] KVM: x86: Add kexec support for SEV Live
Migration.
On 4/4/20 2:57 PM, Ashish Kalra wrote:
> The host's page encryption bitmap is maintained for the guest to keep the encrypted/decrypted state
> of the guest pages, therefore we need to explicitly mark all shared pages as encrypted again before
> rebooting into the new guest kernel.
>
> On Fri, Apr 03, 2020 at 05:55:52PM -0700, Krish Sadhukhan wrote:
>> On 3/29/20 11:23 PM, Ashish Kalra wrote:
>>> From: Ashish Kalra <ashish.kalra@....com>
>>>
>>> Reset the host's page encryption bitmap related to kernel
>>> specific page encryption status settings before we load a
>>> new kernel by kexec. We cannot reset the complete
>>> page encryption bitmap here as we need to retain the
>>> UEFI/OVMF firmware specific settings.
>>
>> Can the commit message mention why host page encryption needs to be reset ?
>> Since the theme of these patches is guest migration in-SEV context, it might
>> be useful to mention why the host context comes in here.
>>
>>> Signed-off-by: Ashish Kalra <ashish.kalra@....com>
>>> ---
>>> arch/x86/kernel/kvm.c | 28 ++++++++++++++++++++++++++++
>>> 1 file changed, 28 insertions(+)
>>>
>>> diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
>>> index 8fcee0b45231..ba6cce3c84af 100644
>>> --- a/arch/x86/kernel/kvm.c
>>> +++ b/arch/x86/kernel/kvm.c
>>> @@ -34,6 +34,7 @@
>>> #include <asm/hypervisor.h>
>>> #include <asm/tlb.h>
>>> #include <asm/cpuidle_haltpoll.h>
>>> +#include <asm/e820/api.h>
>>> static int kvmapf = 1;
>>> @@ -357,6 +358,33 @@ static void kvm_pv_guest_cpu_reboot(void *unused)
>>> */
>>> if (kvm_para_has_feature(KVM_FEATURE_PV_EOI))
>>> wrmsrl(MSR_KVM_PV_EOI_EN, 0);
>>> + /*
>>> + * Reset the host's page encryption bitmap related to kernel
>>> + * specific page encryption status settings before we load a
>>> + * new kernel by kexec. NOTE: We cannot reset the complete
>>> + * page encryption bitmap here as we need to retain the
>>> + * UEFI/OVMF firmware specific settings.
>>> + */
>>> + if (kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION) &&
>>> + (smp_processor_id() == 0)) {
>>> + unsigned long nr_pages;
>>> + int i;
>>> +
>>> + for (i = 0; i < e820_table->nr_entries; i++) {
>>> + struct e820_entry *entry = &e820_table->entries[i];
>>> + unsigned long start_pfn, end_pfn;
>>> +
>>> + if (entry->type != E820_TYPE_RAM)
>>> + continue;
>>> +
>>> + start_pfn = entry->addr >> PAGE_SHIFT;
>>> + end_pfn = (entry->addr + entry->size) >> PAGE_SHIFT;
>>> + nr_pages = DIV_ROUND_UP(entry->size, PAGE_SIZE);
>>> +
>>> + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS,
>>> + entry->addr, nr_pages, 1);
>>> + }
>>> + }
>>> kvm_pv_disable_apf();
>>> kvm_disable_steal_time();
>>> }
Thanks for the explanation. It will certainly help one understand the
context better if you add it to the commit message.
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@...cle.com>
Powered by blists - more mailing lists