| Message ID | 20210921150345.2221634-2-pgonda@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: SEV: Allow for mirroring of SEV-ES VMs | expand |
On Tue, Sep 21, 2021 at 8:03 AM Peter Gonda <pgonda@google.com> wrote: > > For mirroring SEV-ES the mirror VM will need more then just the ASID. > The FD and the handle are required to all the mirror to call psp > commands. The mirror VM will need to call KVM_SEV_LAUNCH_UPDATE_VMSA to > setup its vCPUs' VMSAs for SEV-ES. > > Signed-off-by: Peter Gonda <pgonda@google.com> > Cc: Marc Orr <marcorr@google.com> > Cc: Nathan Tempelman <natet@google.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Sean Christopherson <seanjc@google.com> > Cc: Steve Rutherford <srutherford@google.com> > Cc: Brijesh Singh <brijesh.singh@amd.com> > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > --- > arch/x86/kvm/svm/sev.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 75e0b21ad07c..08c53a4e060e 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -1715,8 +1715,7 @@ int svm_vm_copy_asid_from(struct kvm *kvm, unsigned int source_fd) > { > struct file *source_kvm_file; > struct kvm *source_kvm; > - struct kvm_sev_info *mirror_sev; > - unsigned int asid; > + struct kvm_sev_info source_sev, *mirror_sev; > int ret; > > source_kvm_file = fget(source_fd); > @@ -1739,7 +1738,8 @@ int svm_vm_copy_asid_from(struct kvm *kvm, unsigned int source_fd) > goto e_source_unlock; > } > > - asid = to_kvm_svm(source_kvm)->sev_info.asid; > + memcpy(&source_sev, &to_kvm_svm(source_kvm)->sev_info, > + sizeof(source_sev)); > > /* > * The mirror kvm holds an enc_context_owner ref so its asid can't > @@ -1759,8 +1759,16 @@ int svm_vm_copy_asid_from(struct kvm *kvm, unsigned int source_fd) > /* Set enc_context_owner and copy its encryption context over */ > mirror_sev = &to_kvm_svm(kvm)->sev_info; > mirror_sev->enc_context_owner = source_kvm; > - mirror_sev->asid = asid; > mirror_sev->active = true; > + mirror_sev->asid = source_sev.asid; > + mirror_sev->fd = source_sev.fd; > + mirror_sev->es_active = source_sev.es_active; > + mirror_sev->handle = source_sev.handle; > + /* > + * Do not copy ap_jump_table. Since the mirror does not share the same > + * KVM contexts as the original, and they may have different > + * memory-views. > + */ > > mutex_unlock(&kvm->lock); > return 0; > -- > 2.33.0.464.g1972c5931b-goog > Looks good. Thanks for doing this Peter. Reviewed-by: Nathan Tempelman <natet@google.com>
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 75e0b21ad07c..08c53a4e060e 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1715,8 +1715,7 @@ int svm_vm_copy_asid_from(struct kvm *kvm, unsigned int source_fd) { struct file *source_kvm_file; struct kvm *source_kvm; - struct kvm_sev_info *mirror_sev; - unsigned int asid; + struct kvm_sev_info source_sev, *mirror_sev; int ret; source_kvm_file = fget(source_fd); @@ -1739,7 +1738,8 @@ int svm_vm_copy_asid_from(struct kvm *kvm, unsigned int source_fd) goto e_source_unlock; } - asid = to_kvm_svm(source_kvm)->sev_info.asid; + memcpy(&source_sev, &to_kvm_svm(source_kvm)->sev_info, + sizeof(source_sev)); /* * The mirror kvm holds an enc_context_owner ref so its asid can't @@ -1759,8 +1759,16 @@ int svm_vm_copy_asid_from(struct kvm *kvm, unsigned int source_fd) /* Set enc_context_owner and copy its encryption context over */ mirror_sev = &to_kvm_svm(kvm)->sev_info; mirror_sev->enc_context_owner = source_kvm; - mirror_sev->asid = asid; mirror_sev->active = true; + mirror_sev->asid = source_sev.asid; + mirror_sev->fd = source_sev.fd; + mirror_sev->es_active = source_sev.es_active; + mirror_sev->handle = source_sev.handle; + /* + * Do not copy ap_jump_table. Since the mirror does not share the same + * KVM contexts as the original, and they may have different + * memory-views. + */ mutex_unlock(&kvm->lock); return 0;
For mirroring SEV-ES the mirror VM will need more then just the ASID. The FD and the handle are required to all the mirror to call psp commands. The mirror VM will need to call KVM_SEV_LAUNCH_UPDATE_VMSA to setup its vCPUs' VMSAs for SEV-ES. Signed-off-by: Peter Gonda <pgonda@google.com> Cc: Marc Orr <marcorr@google.com> Cc: Nathan Tempelman <natet@google.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Sean Christopherson <seanjc@google.com> Cc: Steve Rutherford <srutherford@google.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org --- arch/x86/kvm/svm/sev.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)