Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp955536pxf; Thu, 8 Apr 2021 17:44:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxIQ9c1Fkap++KfnlD8bCli4F7ZWtuTJTQkxE34uTxbYRIKTKRDqZc53zSTJons1oNcZKZh X-Received: by 2002:a05:6402:4301:: with SMTP id m1mr15349368edc.210.1617929040058; Thu, 08 Apr 2021 17:44:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617929040; cv=none; d=google.com; s=arc-20160816; b=fW+NIcjoWl39E1CzsIH7kO1ZnNQyASUZs1L54ne/Rywu5/euF5XHEfVKKq0A9MttIz 9LMtO3+NTIsjnJoehglyaOrb72yA8oNV1G/HOb5+ExaJOwslkEed0HvDU+L6OfXK7T0u GCLJAj1mxPib68bemDtJv9KeacYbXjLQM3yYw4CVSL1lhfQ2z3PGFSeXnfhGA2irIvYG zTn6czt5ZdkbR8LCAK2WFzhmrcW+I+5bGqNHc9MvG5y3FI4cqFmkIhmFTQ9ZJGhzGoDI opSyVZYEuUr5VZD/QiJQyso/aFKTyrqtls8k2eJ8jwcMd+5CwdOoDaWv+b8tXHBgf509 xB5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=4EqcqyyLGjnPnO8hO13ub4Spc+gSKPbDlePKZOyB7VI=; b=b5CI8g4B7EJiDCYTZao9fOs8wuJ7zDXixL410utIbQfgI+8wDF4DL+Ah2k/QErSu6L psxje62YNHoLsYGiS8CRgxdl9q1CpxiQ2lmcgkSgRtzM3RCq92DytNKIwmUL35p1L2+/ pFmJbBnsI1O/JlJ0pUldKRaK+CF2KMerDmLTE/c03e3fGAcu4gzq0WCtiLUKk6deHL6K 2Hf4BBSFISok9uRbvUgBhAT/S+5kQQ6K2znlBq97sa0naq9mMRpS9EVRRjHy0BFLeDPf aDkQPZg925X0Pm4aYU2nrC/RqU1q1rFo1dGnSTJHMC/rBXOlupkFrJP7zzmGerxQae4+ RMZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XZ5RvS6S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d13si980300edz.524.2021.04.08.17.43.36; Thu, 08 Apr 2021 17:44:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XZ5RvS6S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233115AbhDIAmE (ORCPT + 99 others); Thu, 8 Apr 2021 20:42:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232426AbhDIAmC (ORCPT ); Thu, 8 Apr 2021 20:42:02 -0400 Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F3DDC061760 for ; Thu, 8 Apr 2021 17:41:51 -0700 (PDT) Received: by mail-io1-xd2b.google.com with SMTP id e186so4168533iof.7 for ; Thu, 08 Apr 2021 17:41:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4EqcqyyLGjnPnO8hO13ub4Spc+gSKPbDlePKZOyB7VI=; b=XZ5RvS6S7qnhCuLT3IeOva06TKLRiIDjAQ9Uvxkg73Fx4yBb/0LMCn0kbBsmELOvhZ 4eHWymQ370lLtgR7TU3lgL2JoFcsgNmOR1SXfzob/Pt0Vee+hJiWHVdxqhmC7rjGKNq4 XDJur2k1/oUYJdYnfQYqITOFSAYIJvXgU15G2c9v999iMee3UANiaob8TVYnhtgjoymg I0X2Df4odDYIaqhsi4uI+NWUwbaBbu37zjzo4Z64xktKRqbQfV6hf1wjyyZjhl41xlZH B4Sf8BsznJ5LFEIGYiv1eDubkR1PHo8qhSnDpkK+1KVD4zipa4tn3fWMzNrZNO+U8nLY QMvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4EqcqyyLGjnPnO8hO13ub4Spc+gSKPbDlePKZOyB7VI=; b=sRw9uT3M98ey+ppzo9ki+uyExYVJNnzCj/jySibhQy5fbTcE4+f/u/c6v1CqYPKZZM OPxM2QMvZwj2XItpO4ThiJxdOk3p1Y2fwzxOy9IVklVCPGmEPcLBTmjahuiVgZniOOpu ARikwGJ5+FfWqLnqwn5XsVGsm5XX0+0odEjr/FJ/lD+TrG4SXm/2QEp7OOGBr0kRK6H8 llXgv4NaV0edVr9091vXP8LfEhYgxGI2t2DtkXt8WYw+LY4x6jwrLhmAHcq4wLhW1j1x sp1wVFJXyH8AfDB5kL2RflkwAIEHJYdNIAva3gKZyHgfmB3d7+AwOk+OKUoB8xQkw0LR nQWA== X-Gm-Message-State: AOAM532A5748CP0e1dOTqWl71RERVnIPOPtQmLLAfVQMVgbGBmOjWupg 3ZyMd3IYxsN4eaAVHWVLyL7MHrxTNDHJlOZ3LsAgvA== X-Received: by 2002:a5e:8c16:: with SMTP id n22mr9083188ioj.156.1617928910195; Thu, 08 Apr 2021 17:41:50 -0700 (PDT) MIME-Version: 1.0 References: <20210316014027.3116119-1-natet@google.com> <20210402115813.GB17630@ashkalra_ubuntu_server> <87bdd3a6-f5eb-91e4-9442-97dfef231640@redhat.com> <936fa1e7755687981bdbc3bad9ecf2354c748381.camel@linux.ibm.com> In-Reply-To: From: Steve Rutherford Date: Thu, 8 Apr 2021 17:41:14 -0700 Message-ID: Subject: Re: [RFC v2] KVM: x86: Support KVM VMs sharing SEV context To: jejb@linux.ibm.com Cc: Paolo Bonzini , Ashish Kalra , Nathan Tempelman , Tom Lendacky , X86 ML , KVM list , LKML , Sean Christopherson , David Rientjes , Brijesh Singh , dovmurik@linux.vnet.ibm.com, lersek@redhat.com, frankeh@us.ibm.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 8, 2021 at 2:15 PM James Bottomley wrote: > > On Thu, 2021-04-08 at 12:48 -0700, Steve Rutherford wrote: > > On Thu, Apr 8, 2021 at 10:43 AM James Bottomley > > wrote: > > > On Fri, 2021-04-02 at 16:20 +0200, Paolo Bonzini wrote: > > > > On 02/04/21 13:58, Ashish Kalra wrote: > > > > > Hi Nathan, > > > > > > > > > > Will you be posting a corresponding Qemu patch for this ? > > > > > > > > Hi Ashish, > > > > > > > > as far as I know IBM is working on QEMU patches for guest-based > > > > migration helpers. > > > > > > Yes, that's right, we'll take on this part. > > > > > > > However, it would be nice to collaborate on the low-level > > > > (SEC/PEI) firmware patches to detect whether a CPU is part of the > > > > primary VM or the mirror. If Google has any OVMF patches already > > > > done for that, it would be great to combine it with IBM's SEV > > > > migration code and merge it into upstream OVMF. > > > > > > We've reached the stage with our prototyping where not having the > > > OVMF support is blocking us from working on QEMU. If we're going > > > to have to reinvent the wheel in OVMF because Google is unwilling > > > to publish the patches, can you at least give some hints about how > > > you did it? > > > > > > Thanks, > > > > > > James > > > > Hey James, > > It's not strictly necessary to modify OVMF to make SEV VMs live > > migrate. If we were to modify OVMF, we would contribute those changes > > upstream. > > Well, no, we already published an OVMF RFC to this list that does > migration. However, the mirror approach requires a different boot > mechanism for the extra vCPU in the mirror. I assume you're doing this > bootstrap through OVMF so the hypervisor can interrogate it to get the > correct entry point? That's the code we're asking to see because > that's what replaces our use of the MP service in the RFC. > > James Hey James, The intention would be to have a separate, stand-alone firmware-like binary run by the mirror. Since the VMM is in control of where it places that binary in the guest physical address space and the initial configuration of the vCPUs, it can point the vCPUs at an entry point contained within that binary, rather than at the standard x86 reset vector. Thanks, Steve