Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp170338ybv; Wed, 12 Feb 2020 21:44:36 -0800 (PST) X-Google-Smtp-Source: APXvYqzItFakbPWn28Qj1o5AuJODGHZbU9HiI5WgYXztSDaBOaNnSSPRG0c9zL90jJVgws3XSPDI X-Received: by 2002:a9d:7586:: with SMTP id s6mr11916540otk.342.1581572676372; Wed, 12 Feb 2020 21:44:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581572676; cv=none; d=google.com; s=arc-20160816; b=EM0lE+HZfIAGU29Xdw0XWso8jDAO6GAOC8ixMgZJ4GQSEQBKz7xF+A6ge8NxIZdW7e wbAZH2KcUb8YEciORLxMV5L5RsrmIlyuTjd82t4c3VW/R0qvgqPApDWhRIU9m6b9hvib L5NIIkZf5PNvrxsfETN+7QsBz1yU7UT9ip8XU4p7G+HIDI2QVLMiF3wmFAg+bRTjcObK r6yXa1SlooeIfMbZFn6BIwG1ZsD2WEqAJ8lgFtr5EXfvQn+za05jQr1f5iNejy0Zy5Hr N3rdOk2U3JjtBdZVyN27WSNoMjFb5dWY8nkf9LgyzUlOK4yw7XBT+et/5oDcJJbUAM85 5Leg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=7TkUZ1DEFIT8ne30S2utu+27DANLGMDgFrQjIV5E3uM=; b=bejBHtcWUaGG8ctPBXr++3xPX/PkSkfgNS8DAIW+eSOshSZbC5W+AWwIR1NANKvQWH WiaXHtPdw1DbwxdUoA+JSI+M42Us27yjRQigOfg3a4vvepG0d5Tg8hKK1PDTpFM/+TM2 V1kzljF35AZUfMRtQ8KD2Ks3gdjoUbkkeIRPyAXk5caZwRW83LMPPUSo9WC8tgnYSTOf OQinmW95/tNIyLQz9/N9+zZVJxgxatEUZRFgYRkGRq6cVYSMCVHE1Ly/46Oxfgx6pkK7 imRNSJ3kp4Mlqv3cgPaE/0woy6ENJDWgVXuNo9n4EIDlvfDIhDNYsAMFOQE4YnG6YE1U BEBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tQMa4cy5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a5si646487oti.22.2020.02.12.21.44.24; Wed, 12 Feb 2020 21:44:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tQMa4cy5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729482AbgBMFn4 (ORCPT + 99 others); Thu, 13 Feb 2020 00:43:56 -0500 Received: from mail.kernel.org ([198.145.29.99]:57636 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725773AbgBMFnz (ORCPT ); Thu, 13 Feb 2020 00:43:55 -0500 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EBA8724676 for ; Thu, 13 Feb 2020 05:43:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581572634; bh=MeLA6KBsKMNopTpVt73O8Wl7j6vH4TfNZlX2CyoSvrA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=tQMa4cy5y61Eqk2HT4RhEU9VuwdcKmwmLV+Pm9dxWTPAgh9MYuU7dVQnXUxZ6Wux+ vU0nBwtQNGI/ps/3y0l8NVCzoimDaot739BC7xRFDHA1CrZZaxhPkyNd4Uk3cUJsEa qbP/QS7COcKS5XVFIhtTOXEk2C2TyXgbaXJgMsxY= Received: by mail-wm1-f49.google.com with SMTP id a6so5157458wme.2 for ; Wed, 12 Feb 2020 21:43:53 -0800 (PST) X-Gm-Message-State: APjAAAXmy+vRXocsm/oW/lNRbDBEgY41zA831DDp+6krg1TZC+xc7mVh n2QfCOBi//+kyQ5TRNb5eI2a729XP3wwHqnx1ft7tA== X-Received: by 2002:a1c:bb82:: with SMTP id l124mr3454795wmf.176.1581572632244; Wed, 12 Feb 2020 21:43:52 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Andy Lutomirski Date: Wed, 12 Feb 2020 21:43:41 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 00/12] SEV Live Migration Patchset. To: Ashish Kalra Cc: Paolo Bonzini , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Radim Krcmar , Joerg Roedel , Borislav Petkov , Tom Lendacky , David Rientjes , X86 ML , kvm list , LKML , Peter Zijlstra , Dave Hansen Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 12, 2020 at 5:14 PM Ashish Kalra wrote: > > From: Ashish Kalra > > This patchset adds support for SEV Live Migration on KVM/QEMU. I skimmed this all and I don't see any description of how this all works. Does any of this address the mess in svm_register_enc_region()? Right now, when QEMU (or a QEMU alternative) wants to allocate some memory to be used for guest encrypted pages, it mmap()s some memory and the kernel does get_user_pages_fast() on it. The pages are kept pinned for the lifetime of the mapping. This is not at all okay. Let's see: - The memory is pinned and it doesn't play well with the Linux memory management code. You just wrote a big patch set to migrate the pages to a whole different machines, but we apparently can't even migrate them to a different NUMA node or even just a different address. And good luck swapping it out. - The memory is still mapped in the QEMU process, and that mapping is incoherent with actual guest access to the memory. It's nice that KVM clflushes it so that, in principle, everything might actually work, but this is gross. We should not be exposing incoherent mappings to userspace. Perhaps all this fancy infrastructure you're writing for migration and all this new API surface could also teach the kernel how to migrate pages from a guest *to the same guest* so we don't need to pin pages forever. And perhaps you could put some thought into how to improve the API so that it doesn't involve nonsensical incoherent mappings. (To be blunt: if I had noticed how the SEV code worked before it was merged, I would have NAKed it. It's too late now to retroactively remove it from the kernel, but perhaps we could try not to pile more complexity on top of the unfortunate foundation we have.)