On Tue, Apr 20, 2021 at 05:31:07PM +, Sean Christopherson wrote:
> On Tue, Apr 20, 2021, Paolo Bonzini wrote:
> > From ef78673f78e3f2eedc498c1fbf9271146caa83cb Mon Sep 17 00:00:00 2001
> > From: Ashish Kalra
> > Date: Thu, 15 Apr 2021 15:57:02 +
> > Su
duce KVM_GET_SHARED_PAGES_LIST
> ioctl
>
> On Thu, Feb 04, 2021, Ashish Kalra wrote:
> > From: Brijesh Singh
> >
> > The ioctl is used to retrieve a guest's shared pages list.
>
> >What's the performance hit to boot time if KVM_HC_PAGE_ENC_STATUS i
Hello Steve,
On Mon, Feb 08, 2021 at 02:50:14PM -0800, Steve Rutherford wrote:
> Hi Ashish,
>
> On Sun, Feb 7, 2021 at 4:29 PM Ashish Kalra wrote:
> >
> > Hello Steve,
> >
> > On Sat, Feb 06, 2021 at 01:56:46PM +, Ashish Kalra wrote:
> > > Hello Ste
From: Ashish Kalra
The series add support for AMD SEV guest live migration commands. To protect the
confidentiality of an SEV protected guest memory while in transit we need to
use the SEV commands defined in SEV API spec [1].
SEV guest VMs have the concept of private and shared memory. Private
.@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 27
arch/x86/kvm/svm/sev.c| 125 +
: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23 +++
2 files changed, 31 inserti
ov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by : Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24
arch/x86/kvm/svm/sev.c
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Joerg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-m
...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24 ++
arch/x86/kvm/svm/sev.c| 79 +++
include/uapi/linux/kvm.h
: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23
el
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Co-developed-by: Ashish Kalra
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/hypercalls.rst | 15 +++
arch/x86/include/asm/kvm_host.h
.org
Reviewed-by: Steve Rutherford
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/kvm_para.h | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_pa
vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Co-developed-by: Ashish Kalra
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/api.rst | 24
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/kvm/svm/sev.c | 49 ++
.@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Co-developed-by: Ashish Kalra
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/api.rst | 20 +-
arch/x86/include/asm/kvm_host.h | 2 +
arch/x86/kvm/svm/sev.c | 70 +++
From: Ashish Kalra
The guest support for detecting and enabling SEV Live migration
feature uses the following logic :
- kvm_init_plaform() invokes check_kvm_sev_migration() which
checks if its booted under the EFI
- If not EFI,
i) check for the KVM_FEATURE_CPUID
ii) if CPUID
From: Ashish Kalra
Introduce a new AMD Memory Encryption GUID which is currently
used for defining a new UEFI environment variable which indicates
UEFI/OVMF support for the SEV live migration feature. This variable
is setup when UEFI/OVMF detects host/hypervisor support for SEV
live migration
From: Ashish Kalra
Reset the host's shared pages list related to kernel
specific page encryption status settings before we load a
new kernel by kexec. We cannot reset the complete
shared pages list here as we need to retain the
UEFI/OVMF firmware specific settings.
The host's shared
From: Ashish Kalra
For all unencrypted guest memory regions such as S/W IOTLB
bounce buffers and for guest regions marked as "__bss_decrypted",
ensure that DBG_DECRYPT API calls are bypassed.
The guest memory regions encryption status is referenced using the
shared pages list.
Sig
"Radim Krčmář"
Cc: Joerg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/paravirt.h | 10
From: Ashish Kalra
Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
for host-side support for SEV live migration. Also add a new custom
MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
feature.
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm
Hello Tom,
On Thu, Feb 04, 2021 at 10:14:37AM -0600, Tom Lendacky wrote:
> On 2/3/21 6:39 PM, Ashish Kalra wrote:
> > From: Brijesh Singh
> >
> > The ioctl is used to retrieve a guest's shared pages list.
> >
>
> ...
>
> >
Hello Steve,
On Thu, Feb 04, 2021 at 04:56:35PM -0800, Steve Rutherford wrote:
> On Wed, Feb 3, 2021 at 4:39 PM Ashish Kalra wrote:
> >
> > From: Ashish Kalra
> >
> > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > for host-side support f
Hello Steve,
On Thu, Feb 04, 2021 at 05:44:27PM -0800, Steve Rutherford wrote:
> On Wed, Feb 3, 2021 at 4:38 PM Ashish Kalra wrote:
> >
> > From: Brijesh Singh
> >
> > This hypercall is used by the SEV guest to notify a change in the page
> > encryption status
>> > For additional context, we need a Migration Helper because SEV PSP
>> > migration is far too slow for our live migration on its own. Using an
>> > in-guest migrator lets us speed this up significantly.
>>
>> We have the same problem here at IBM, hence the RFC referred to above.
>>
I do beli
On Wed, Feb 24, 2021 at 10:22:33AM -0800, Sean Christopherson wrote:
> On Wed, Feb 24, 2021, Ashish Kalra wrote:
> > # Samples: 19K of event 'kvm:kvm_hypercall'
> > # Event count (approx.): 19573
> > #
> > # Overhead Comm
On Thu, Feb 25, 2021 at 09:33:09PM +0100, Paolo Bonzini wrote:
> On 25/02/21 19:18, Ashish Kalra wrote:
> > I do believe that some of these alternative SEV live migration support
> > or Migration helper (MH) solutions will still use SEV PSP migration for
> > migrating the MH
Hello Steve,
On Thu, Feb 25, 2021 at 02:59:27PM -0800, Steve Rutherford wrote:
> On Thu, Feb 25, 2021 at 12:20 PM Ashish Kalra wrote:
> >
> > On Wed, Feb 24, 2021 at 10:22:33AM -0800, Sean Christopherson wrote:
> > > On Wed, Feb 24, 2021, Ashish Kalra wrote:
> &g
Hello All,
Any other feedback, review or comments on this patch-set ?
Thanks,
Ashish
On Tue, May 05, 2020 at 09:13:49PM +, Ashish Kalra wrote:
> From: Ashish Kalra
>
> The series add support for AMD SEV guest live migration commands. To protect
> the
> confidentiality of a
From: Ashish Kalra
Need to add "inline" to swiotlb_adjust_size() when
CONFIG_SWIOTLB is not defined.
Signed-off-by: Ashish Kalra
---
include/linux/swiotlb.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h
index 07
Posted a fix for this.
Thanks,
Ashish
On Fri, Dec 11, 2020 at 01:02:08PM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the swiotlb tree, today's linux-next build (arm
> multi_v7_defconfig) produced this warning:
>
> In file included from arch/arm/mm/init.c:24:
> include/linux/swiot
/12/20 01:34, Sean Christopherson wrote:
> >>>> On Tue, Dec 01, 2020, Ashish Kalra wrote:
> >>>>> From: Brijesh Singh
> >>>>>
> >>>>> KVM hypercall framework relies on alternative framework to patch the
> >>>>> VMCALL -
Hello Dov,
On Sun, Dec 06, 2020 at 01:02:47PM +0200, Dov Murik wrote:
>
>
> On 01/12/2020 2:47, Ashish Kalra wrote:
> > From: Brijesh Singh
> >
> > The ioctl can be used to retrieve page encryption bitmap for a given
> > gfn range.
> >
> > Return
Hello Boris,
On Mon, Dec 07, 2020 at 01:10:07PM +0100, Borislav Petkov wrote:
> On Thu, Dec 03, 2020 at 03:25:59AM +0000, Ashish Kalra wrote:
> > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> > index 1bcfbcd2bfd7..46549bd3d840 100644
> > --- a/arch
From: Ashish Kalra
For SEV, all DMA to and from guest has to use shared (un-encrypted) pages.
SEV uses SWIOTLB to make this happen without requiring changes to device
drivers. However, depending on workload being run, the default 64MB of
SWIOTLB might not be enough and SWIOTLB may run out of
From: Ashish Kalra
The series add support for AMD SEV guest live migration commands. To protect the
confidentiality of an SEV protected guest memory while in transit we need to
use the SEV commands defined in SEV API spec [1].
SEV guest VMs have the concept of private and shared memory. Private
.@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 27
arch/x86/kvm/svm/sev.c| 125 +
: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Joerg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-m
ov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by : Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24
arch/x86/kvm/svm/sev.c
: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23
...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Venu Busireddy
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24 ++
arch/x86/kvm/svm/sev.c
.org
Reviewed-by: Steve Rutherford
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/kvm_para.h | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_pa
ernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/api.rst | 27 +
arch/x86/include/asm/kvm_host.h | 2 +
arch/x86/kvm/svm/sev.c | 70 +
arch/x86/k
"Radim Krčmář"
Cc: Joerg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/paravirt.h | 10
d-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/hypercalls.rst | 15 +
arch/x86/include/asm/kvm_host.h | 2 +
arch/x86/kvm/svm/sev.c| 90 +++
arch/x86/kvm/svm/svm.c| 2 +
arch/x86/kvm/svm/svm.h
From: Ashish Kalra
For all explicitly unecrypted guest memory regions such as S/W IOTLB
bounce buffers, dma_decrypted() allocated regions and for guest regions
marked as "__bss_decrypted", ensure that DBG_DECRYPT API calls are
bypassed for such regions. The guest memory regions encrypt
From: Ashish Kalra
Ensure that _bss_decrypted section variables such as hv_clock_boot and
wall_clock are marked as decrypted in the page encryption bitmap if
sev live migration is supported.
Signed-off-by: Ashish Kalra
---
arch/x86/kernel/kvmclock.c | 12
1 file changed, 12
From: Ashish Kalra
Add support for static allocation of the unified Page encryption bitmap by
extending kvm_arch_commit_memory_region() callack to add svm specific x86_ops
which can read the userspace provided memory region/memslots and calculate
the amount of guest RAM managed by the KVM and
k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/api.rst | 44 +
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/kvm/svm
From: Ashish Kalra
Introduce a new AMD Memory Encryption GUID which is currently
used for defining a new UEFI enviroment variable which indicates
UEFI/OVMF support for the SEV live migration feature. This variable
is setup when UEFI/OVMF detects host/hypervisor support for SEV
live migration and
From: Ashish Kalra
The guest support for detecting and enabling SEV Live migration
feature uses the following logic :
- kvm_init_plaform() checks if its booted under the EFI
- If not EFI,
i) check for the KVM_FEATURE_CPUID
ii) if CPUID reports that migration is support then
From: Ashish Kalra
Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
for host-side support for SEV live migration. Also add a new custom
MSR_KVM_SEV_LIVE_MIG_EN for guest to enable the SEV live migration
feature.
Signed-off-by: Ashish Kalra
---
Documentation/virt/kvm/cpuid.rst
From: Ashish Kalra
Reset the host's page encryption bitmap related to kernel
specific page encryption status settings before we load a
new kernel by kexec. We cannot reset the complete
page encryption bitmap here as we need to retain the
UEFI/OVMF firmware specific settings.
The host&#
ional complexity.
>
> Does anyone view the memory donation model as worth the complexity?
> Does anyone think the simplicity of the bitmap is a better tradeoff
> compared to an unencrypted region list?
> Or have other ideas that are not mentioned here?
>
>
> On Wed, Jan 6,
On Thu, Jan 07, 2021 at 09:26:25AM -0800, Sean Christopherson wrote:
> On Thu, Jan 07, 2021, Ashish Kalra wrote:
> > Hello Steve,
> >
> > On Wed, Jan 06, 2021 at 05:01:33PM -0800, Steve Rutherford wrote:
> > > Avoiding an rbtree for such a small (but unstable) list s
> On Thu, Jan 07, 2021 at 01:34:14AM +0000, Ashish Kalra wrote:
> > Hello Steve,
> >
> > My thoughts here ...
> >
> > On Wed, Jan 06, 2021 at 05:01:33PM -0800, Steve Rutherford wrote:
> > > Avoiding an rbtree for such a small (but unstable) l
On Thu, Mar 11, 2021 at 12:48:07PM -0800, Steve Rutherford wrote:
> On Thu, Mar 11, 2021 at 10:15 AM Ashish Kalra wrote:
> >
> > On Wed, Mar 03, 2021 at 06:54:41PM +, Will Deacon wrote:
> > > [+Marc]
> > >
> > > On Tue, Mar 02, 2021 at 02:55:43PM +000
On Wed, Feb 24, 2021 at 08:59:15AM +, Nathan Tempelman wrote:
> Add a capability for userspace to mirror SEV encryption context from
> one vm to another. On our side, this is intended to support a
> Migration Helper vCPU, but it can also be used generically to support
> other in-guest workloads
On Thu, Feb 25, 2021 at 10:49:00AM -0800, Steve Rutherford wrote:
> On Thu, Feb 25, 2021 at 6:57 AM Tom Lendacky wrote:
> > >> +int svm_vm_copy_asid_to(struct kvm *kvm, unsigned int mirror_kvm_fd)
> > >> +{
> > >> + struct file *mirror_kvm_file;
> > >> + struct kvm *mirror_kvm;
> > >>
On Wed, Mar 03, 2021 at 06:54:41PM +, Will Deacon wrote:
> [+Marc]
>
> On Tue, Mar 02, 2021 at 02:55:43PM +0000, Ashish Kalra wrote:
> > On Fri, Feb 26, 2021 at 09:44:41AM -0800, Sean Christopherson wrote:
> > > On Fri, Feb 26, 2021, Ashish Kalra wrote:
> > >
From: Ashish Kalra
The series add support for AMD SEV guest live migration commands. To protect the
confidentiality of an SEV protected guest memory while in transit we need to
use the SEV commands defined in SEV API spec [1].
SEV guest VMs have the concept of private and shared memory. Private
nux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 27
arch/x86/kvm/svm/sev.c| 125 ++
include/linux
cky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by : Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24
arch/x86/kvm/svm/sev.c| 122 ++
in
.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23 +++
2 files changed, 31
Cc: Paolo Bonzini
Cc: Joerg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 29 +++
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24 ++
arch/x86/kvm/svm/sev.c| 79 +++
include/uapi/linux/kvm.h
.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23 +++
2 files changed, 31
ord
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/kvm_para.h | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h
index 338119852512..bc1b11d057fc 1006
From: Ashish Kalra
This hypercall is used by the SEV guest to notify a change in the page
encryption status to the hypervisor. The hypercall should be invoked
only when the encryption attribute is changed from encrypted -> decrypted
and vice versa. By default all guest pages are conside
rg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/paravirt.h | 10 ++
From: Ashish Kalra
Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
for host-side support for SEV live migration. Also add a new custom
MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
feature.
MSR is handled by userspace using MSR filters.
Signed-off-by
From: Ashish Kalra
Introduce a new AMD Memory Encryption GUID which is currently
used for defining a new UEFI environment variable which indicates
UEFI/OVMF support for the SEV live migration feature. This variable
is setup when UEFI/OVMF detects host/hypervisor support for SEV
live migration
From: Ashish Kalra
The guest support for detecting and enabling SEV Live migration
feature uses the following logic :
- kvm_init_plaform() invokes check_kvm_sev_migration() which
checks if its booted under the EFI
- If not EFI,
i) check for the KVM_FEATURE_CPUID
ii) if CPUID
From: Ashish Kalra
The series add support for AMD SEV guest live migration commands. To protect the
confidentiality of an SEV protected guest memory while in transit we need to
use the SEV commands defined in SEV API spec [1].
SEV guest VMs have the concept of private and shared memory. Private
nux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 27
arch/x86/kvm/svm/sev.c| 125 ++
include/linux
.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23 +++
2 files changed, 31 insertions(+)
diff --git a/Document
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24 ++
arch/x86/kvm/svm/sev.c| 79 +++
include/uapi/linux/kvm.h | 9 +++
3 files ch
From: Ashish Kalra
This hypercall is used by the SEV guest to notify a change in the page
encryption status to the hypervisor. The hypercall should be invoked
only when the encryption attribute is changed from encrypted -> decrypted
and vice versa. By default all guest pages are conside
ord
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/kvm_para.h | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h
index 338119852512..bc1b11d057fc 1006
cky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by : Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 24
arch/x86/kvm/svm/sev.c| 122 ++
in
From: Ashish Kalra
The guest support for detecting and enabling SEV Live migration
feature uses the following logic :
- kvm_init_plaform() invokes check_kvm_sev_migration() which
checks if its booted under the EFI
- If not EFI,
i) check for the KVM_FEATURE_CPUID
ii) if CPUID
Cc: Paolo Bonzini
Cc: Joerg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 29 +++
arch/x86/kvm
.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Steve Rutherford
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
.../virt/kvm/amd-memory-encryption.rst| 8 +++
arch/x86/kvm/svm/sev.c| 23 +++
2 files changed, 31
rg Roedel
Cc: Borislav Petkov
Cc: Tom Lendacky
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Venu Busireddy
Signed-off-by: Brijesh Singh
Signed-off-by: Ashish Kalra
---
arch/x86/include/asm/paravirt.h | 10 +
arch/x86/include/asm/paravirt
From: Ashish Kalra
Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
for host-side support for SEV live migration. Also add a new custom
MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration
feature.
MSR is handled by userspace using MSR filters.
Signed-off-by
From: Ashish Kalra
Introduce a new AMD Memory Encryption GUID which is currently
used for defining a new UEFI environment variable which indicates
UEFI/OVMF support for the SEV live migration feature. This variable
is setup when UEFI/OVMF detects host/hypervisor support for SEV
live migration
From: Ashish Kalra
Reset the host's shared pages list related to kernel
specific page encryption status settings before we load a
new kernel by kexec. We cannot reset the complete
shared pages list here as we need to retain the
UEFI/OVMF firmware specific settings.
The host's shared
On Mon, Apr 12, 2021 at 05:25:15PM -0700, Steve Rutherford wrote:
> On Mon, Apr 12, 2021 at 12:46 PM Ashish Kalra wrote:
> >
> > From: Ashish Kalra
> >
> > The guest support for detecting and enabling SEV Live migration
> > feature uses the following logic :
>
On Mon, Apr 12, 2021 at 06:23:32PM -0700, Steve Rutherford wrote:
> On Mon, Apr 12, 2021 at 5:22 PM Steve Rutherford
> wrote:
> >
> > On Mon, Apr 12, 2021 at 12:48 PM Ashish Kalra wrote:
> > >
> > > From: Ashish Kalra
> > >
> > >
On Mon, Apr 12, 2021 at 07:25:03PM -0700, Steve Rutherford wrote:
> On Mon, Apr 12, 2021 at 6:48 PM Ashish Kalra wrote:
> >
> > On Mon, Apr 12, 2021 at 06:23:32PM -0700, Steve Rutherford wrote:
> > > On Mon, Apr 12, 2021 at 5:22 PM Steve Rutherford
> > > wrot
Hello Steve,
On Mon, Apr 05, 2021 at 06:39:03PM -0700, Steve Rutherford wrote:
> On Mon, Apr 5, 2021 at 7:30 AM Ashish Kalra wrote:
> >
> > From: Ashish Kalra
> >
> > Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check
> > for host-side support f
Hello Paolo,
On Tue, Apr 06, 2021 at 03:47:59PM +0200, Paolo Bonzini wrote:
> On 06/04/21 15:26, Ashish Kalra wrote:
> > > It's a little unintuitive to see KVM_MSR_RET_FILTERED here, since
> > > userspace can make this happen on its own without having an entry in
>
On Tue, Apr 06, 2021 at 03:48:20PM +, Sean Christopherson wrote:
> On Mon, Apr 05, 2021, Ashish Kalra wrote:
> > From: Ashish Kalra
>
> ...
>
> > diff --git a/arch/x86/include/asm/kvm_host.h
> > b/arch/x86/include/asm/kvm_host.h
> > index 3768819693e5
On Tue, Apr 06, 2021 at 06:22:48AM +, Ashish Kalra wrote:
> On Mon, Apr 05, 2021 at 01:42:42PM -0700, Steve Rutherford wrote:
> > On Mon, Apr 5, 2021 at 7:28 AM Ashish Kalra wrote:
> > >
> > > From: Ashish Kalra
> > >
> > > This hypercall is us
On Tue, Apr 06, 2021 at 03:48:20PM +, Sean Christopherson wrote:
> On Mon, Apr 05, 2021, Ashish Kalra wrote:
> > From: Ashish Kalra
>
> ...
>
> > diff --git a/arch/x86/include/asm/kvm_host.h
> > b/arch/x86/include/asm/kvm_host.h
> > index 3768819693e5
Hello Steve,
On Thu, Apr 01, 2021 at 06:40:06PM -0700, Steve Rutherford wrote:
> On Fri, Mar 19, 2021 at 11:00 AM Ashish Kalra wrote:
> >
> > On Thu, Mar 11, 2021 at 12:48:07PM -0800, Steve Rutherford wrote:
> > > On Thu, Mar 11, 2021 at 10:15 AM Ashish Kalra
> &g
Hi Nathan,
Will you be posting a corresponding Qemu patch for this ?
Thanks,
Ashish
On Tue, Mar 16, 2021 at 01:40:27AM +, Nathan Tempelman wrote:
> Add a capability for userspace to mirror SEV encryption context from
> one vm to another. On our side, this is intended to support a
> Migration
Upon running sparse, "warning: dubious: !x | !y" is brought to notice
for this file. Logical and bitwise OR are basically the same in this
context so it doesn't cause a runtime bug. But let's change it to
logical OR to make it cleaner and silence the Sparse warning.
Signed-
On Sat, Apr 17, 2021 at 09:31:32PM +, David Laight wrote:
> From: Mauro Carvalho Chehab
> > Sent: 17 April 2021 19:56
> >
> > Em Sat, 17 Apr 2021 21:06:27 +0530
> > Ashish Kalra escreveu:
> >
> > > Upon running sparse, "warning: dubious: !x
On Sat, Apr 17, 2021 at 08:56:13PM +0200, Mauro Carvalho Chehab wrote:
> Em Sat, 17 Apr 2021 21:06:27 +0530
> Ashish Kalra escreveu:
>
> > Upon running sparse, "warning: dubious: !x | !y" is brought to notice
> > for this file. Logical and bitwise OR are basical
1 - 100 of 242 matches
Mail list logo
