Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
MIME-Version: 1.0
References: <20211012204858.3614961-1-pgonda@google.com> <20211012204858.3614961-4-pgonda@google.com>
 <00cba883-204e-67ea-8dba-3e834af1aa6e@amd.com>
In-Reply-To: <00cba883-204e-67ea-8dba-3e834af1aa6e@amd.com>
From:   Peter Gonda <pgonda@google.com>
Date:   Wed, 20 Oct 2021 14:43:36 -0600
Message-ID: <CAMkAt6qRq-cUT5QYAZZZ26mTcBjfVXQzX8LCrD63omSRR=SJOA@mail.gmail.com>
Subject: Re: [PATCH 3/5 V10] KVM: SEV: Add support for SEV-ES intra host migration
To:     Tom Lendacky <thomas.lendacky@amd.com>
Cc:     kvm list <kvm@vger.kernel.org>, Marc Orr <marcorr@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        David Rientjes <rientjes@google.com>,
        "Dr . David Alan Gilbert" <dgilbert@redhat.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk

On Fri, Oct 15, 2021 at 3:36 PM Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
> On 10/12/21 3:48 PM, Peter Gonda wrote:
> > For SEV-ES to work with intra host migration the VMSAs, GHCB metadata,
> > and other SEV-ES info needs to be preserved along with the guest's
> > memory.
> >
> > Signed-off-by: Peter Gonda <pgonda@google.com>
> > Reviewed-by: Marc Orr <marcorr@google.com>
> > Cc: Marc Orr <marcorr@google.com>
> > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > Cc: Sean Christopherson <seanjc@google.com>
> > Cc: David Rientjes <rientjes@google.com>
> > Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
> > Cc: Brijesh Singh <brijesh.singh@amd.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
> > Cc: Wanpeng Li <wanpengli@tencent.com>
> > Cc: Jim Mattson <jmattson@google.com>
> > Cc: Joerg Roedel <joro@8bytes.org>
> > Cc: Thomas Gleixner <tglx@linutronix.de>
> > Cc: Ingo Molnar <mingo@redhat.com>
> > Cc: Borislav Petkov <bp@alien8.de>
> > Cc: "H. Peter Anvin" <hpa@zytor.com>
> > Cc: kvm@vger.kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > ---
> >   arch/x86/kvm/svm/sev.c | 48 +++++++++++++++++++++++++++++++++++++++++-
> >   1 file changed, 47 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > index 42ff1ccfe1dc..a486ab08a766 100644
> > --- a/arch/x86/kvm/svm/sev.c
> > +++ b/arch/x86/kvm/svm/sev.c
> > @@ -1600,6 +1600,46 @@ static void sev_migrate_from(struct kvm_sev_info *dst,
> >       list_replace_init(&src->regions_list, &dst->regions_list);
> >   }
> >
> > +static int sev_es_migrate_from(struct kvm *dst, struct kvm *src)
> > +{
> > +     int i;
> > +     struct kvm_vcpu *dst_vcpu, *src_vcpu;
> > +     struct vcpu_svm *dst_svm, *src_svm;
> > +
> > +     if (atomic_read(&src->online_vcpus) != atomic_read(&dst->online_vcpus))
> > +             return -EINVAL;
> > +
> > +     kvm_for_each_vcpu(i, src_vcpu, src) {
> > +             if (!src_vcpu->arch.guest_state_protected)
> > +                     return -EINVAL;
> > +     }
> > +
> > +     kvm_for_each_vcpu(i, src_vcpu, src) {
> > +             src_svm = to_svm(src_vcpu);
> > +             dst_vcpu = kvm_get_vcpu(dst, i);
> > +             dst_svm = to_svm(dst_vcpu);
> > +
> > +             /*
> > +              * Transfer VMSA and GHCB state to the destination.  Nullify and
> > +              * clear source fields as appropriate, the state now belongs to
> > +              * the destination.
> > +              */
> > +             dst_vcpu->vcpu_id = src_vcpu->vcpu_id;
> > +             memcpy(&dst_svm->sev_es, &src_svm->sev_es,
> > +                    sizeof(dst_svm->sev_es));
> > +             dst_svm->vmcb->control.ghcb_gpa =
> > +                             src_svm->vmcb->control.ghcb_gpa;
> > +             dst_svm->vmcb->control.vmsa_pa = __pa(dst_svm->sev_es.vmsa);
> > +             dst_vcpu->arch.guest_state_protected = true;
>
> Maybe just add a blank line here to separate the setting and clearing
> (only if you have to do another version).
>
> > +             src_svm->vmcb->control.ghcb_gpa = 0;
> > +             src_svm->vmcb->control.vmsa_pa = 0;
> > +             src_vcpu->arch.guest_state_protected = false;
>
> In the previous patch you were clearing some of the fields that are now in
> the vcpu_sev_es_state. Did you want to memset that to zero now?

Oops, making that an easy memset was one of the pros of the |sev_es|
refactor. Will fix and add newline in V11.

>
> Thanks,
> Tom
>
> > +     }
> > +     to_kvm_svm(src)->sev_info.es_active = false;
> > +
> > +     return 0;
> > +}
> > +