Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1299257rwl; Fri, 7 Apr 2023 13:20:26 -0700 (PDT) X-Google-Smtp-Source: AKy350bp0ypGblRHfv/aNDjortLOm1HQVPLTD3HT4Hk7oD06FMUCtW7nrfURrHARb9BCc4cZ2P6t X-Received: by 2002:aa7:dac3:0:b0:504:8173:6240 with SMTP id x3-20020aa7dac3000000b0050481736240mr1418178eds.37.1680898825941; Fri, 07 Apr 2023 13:20:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680898825; cv=none; d=google.com; s=arc-20160816; b=oKRk9wA8Lf2AMuG6SVj3UVTFOnP2fLWfDw8kvdZw/9WXEySvSWvulmUgDz9QTYZjdY iWqMjMmhTs2Qt5RsnBczcCooisGcwRgBO6WnDjjBBJxtlS8u/2AmdT6/kC932Ws8TbL/ kpoqfyUqzC8+k/BGEFyPb3tvl3hf2ukX/Vm/nzKmB8Ydx9uAw0CsiUyXFPQkBtRRP0Rv X3hmkdtCmjDUfv95hFckIvOrcnNH4mvMyVFZihwFD8GMvpk2wCz6LrRC9g7bKaRWed1X jFebro+jBdnMKmM8Y4NknbFkldxLRSLFfqDenFRt+y28z/VUMEWRhBAx6xNtos8sqo41 nnkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :dkim-signature; bh=GJQMWpvn8MVU8sNDXW5eTLeruYhzG+Ay4iiSsRa6PWQ=; b=sI7IMNub0r85JCieaZqeqc7vRXdVEy0JBA6WmmTNSqS+AROQIqv8k3KCNXyzg937kL ua9YivY++RI7qiYb7UnAv3hpskoUbnTud0A8dPQmI04ER8luvQh2gmMXRiJ+V19p84ii K1VyYPSM/peu/gmgHjs3dN1E8SAb9pr7BaX8ahf2G//G1Olp6X2936UoRQTamzC9JvVa KHPzWIHAqcNmq/yvQk9Z4V+ln7jyACkiFY+fkHRV/IRYGzVIjZTyqq4aVvz4dij2IIlf sKCuXp80MDYL4bTFPIp1KZs5JQudvgstq8YpyIhtoZmWKGDgnTast5WhJmid83/KQuQ9 a6dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jEiQebud; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d4-20020aa7d5c4000000b0050480cd72e1si1012910eds.107.2023.04.07.13.20.00; Fri, 07 Apr 2023 13:20:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jEiQebud; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230112AbjDGUTw (ORCPT + 99 others); Fri, 7 Apr 2023 16:19:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229848AbjDGUTt (ORCPT ); Fri, 7 Apr 2023 16:19:49 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08ADE10F1 for ; Fri, 7 Apr 2023 13:19:48 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-5458201ab8cso437396227b3.23 for ; Fri, 07 Apr 2023 13:19:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680898787; x=1683490787; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=GJQMWpvn8MVU8sNDXW5eTLeruYhzG+Ay4iiSsRa6PWQ=; b=jEiQebudI/8hsSRlocLarfn/xkRFCxpYqPvHtoha3Hl+wF+TJpDQ05DC3RXdBygwSp rsryuYUExNymDw1GYNOvnTjR0tFtZE6TJSkkVeej2ZKZkVOdBKwWHBaqUrd5PVyMnDy1 i/5C3jCCyg/vNG7LrqWT5naKwBBPljkhlfT6/Uy7dZK2T4LB++JFJxXD3B7i30O0v0rX in/FSgxZfBmtVD7Df8CXP/XI0LW9uFdRx/dmqTKnw8bpW3iyOj4tDobgaUMPbV2zau9p QAmVMue1KLby4Kq40/h8QCBz2N1Apw8C7W97lArdoFwfD76FKE5wWd8S81iV7ZIY47h2 nu8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680898787; x=1683490787; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=GJQMWpvn8MVU8sNDXW5eTLeruYhzG+Ay4iiSsRa6PWQ=; b=tmIyttnOWYgQ0ksnhuxSQkrEFuzGpExvVCdlRzlDbBbj1T4s3zHq54ceafSOWG3YfO ud8JhBHXs2G1OZ71ovh4JgOXqSmVMib18IjfLrDhjC6/jRQ0Y74scasV8vT5y3QfyS3M e20rgwW3NPPFkygUR/nUt2DrfKLS/01BJBpgfS4Iy408V407Y/ZzhbnwMEcwAloeRBPL 5cv4aUmrDZcF6dGrHEAW1b4pj8nhmY6ArKnEsB+d3Uh2HVlbhvqpSYAcNtiNylhU2TJ9 u/U37N/wqEL3KFDMzBZ6ndEXfA5oOEHCjDH/0n59bglUI1SnpWcgvL/u81GLwr9IIpls RQPA== X-Gm-Message-State: AAQBX9fUBSeZEEJFBno/etvQ6+aJlIMKFbwCs2CYd9T+KB7EVyEnxBeA ly7rMizUgUUppnqXhD2nchMsxEWe9Q== X-Received: from sagi.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:241b]) (user=sagis job=sendgmr) by 2002:a25:d6c8:0:b0:b8b:fd23:5028 with SMTP id n191-20020a25d6c8000000b00b8bfd235028mr2415459ybg.3.1680898787294; Fri, 07 Apr 2023 13:19:47 -0700 (PDT) Date: Fri, 7 Apr 2023 20:19:16 +0000 Mime-Version: 1.0 X-Mailer: git-send-email 2.40.0.577.gac1e443424-goog Message-ID: <20230407201921.2703758-1-sagis@google.com> Subject: [RFC PATCH 0/5] Add TDX intra host migration support From: Sagi Shahar To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Sean Christopherson , Paolo Bonzini , Isaku Yamahata , Erdem Aktas , David Matlack , Kai Huang , Zhi Wang , Chao Peng , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Sagi Shahar Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset adds support for TDX intra host migration using the same API which was added for SEV intra host migration here: https://lore.kernel.org/all/20211021174303.385706-1-pgonda@google.com/ This patchset relies on the latest TDX patches from Intel: - fd-based approach for supporing KVM v10 and https://lore.kernel.org/lkml/20221202061347.1070246-1-chao.p.peng@linux.intel.com/ - TDX host kernel support v10 https://lore.kernel.org/lkml/cover.1678111292.git.kai.huang@intel.com/ - KVM TDX basic feature support v13 https://lore.kernel.org/cover.1678643051.git.isaku.yamahata@intel.com The tree can be found at https://github.com/googleprodkernel/linux-cc/tree/copyless and is based on Intel's tdx tree at https://github.com/intel/tdx/tree/kvm-upstream In the TDX case, we need to transfer the VM state from multiple sources: * HKID and encrypted VM state is transfered between the kvm_tdx objects. * Encrypted and runtime state is transfered between the vcpu_tdx objects. * The EPT table backing TD's private memory is transfered at the kvm-mmu level. This is needed since the secure EPT table managed by the TD module remains the same after the migration so moving the current private EPT table eliminates the need to rebuild the private EPT table to match the secure EPT table on the destination. * Information regarding the current shared/private memory is trasfered using the mem_attr_array stored at the kvm object. * Additional information derived from shared/private memory state is trasfered at the memslot level. Tested with selftests locally. I will attach the self test in the next version after we send the new TDX selftest framework patches based on KVM TDX basic feature support v13. Sagi Shahar (5): KVM: Split tdp_mmu_pages to private and shared lists KVM: SEV: Refactor common code out of sev_vm_move_enc_context_from KVM: TDX: Add base implementation for tdx_vm_move_enc_context_from KVM: TDX: Implement moving private pages between 2 TDs KVM: TDX: Add core logic for TDX intra-host migration arch/x86/include/asm/kvm_host.h | 5 +- arch/x86/kvm/mmu.h | 2 + arch/x86/kvm/mmu/mmu.c | 60 ++++++++ arch/x86/kvm/mmu/tdp_mmu.c | 88 +++++++++++- arch/x86/kvm/mmu/tdp_mmu.h | 3 + arch/x86/kvm/svm/sev.c | 175 +++-------------------- arch/x86/kvm/vmx/main.c | 10 ++ arch/x86/kvm/vmx/tdx.c | 245 ++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/tdx.h | 2 + arch/x86/kvm/vmx/x86_ops.h | 5 + arch/x86/kvm/x86.c | 166 ++++++++++++++++++++++ arch/x86/kvm/x86.h | 16 +++ 12 files changed, 613 insertions(+), 164 deletions(-) -- 2.40.0.348.gf938b09366-goog