| Message ID | 20230407201921.2703758-1-sagis@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp514030vqo;
Fri, 7 Apr 2023 13:32:24 -0700 (PDT)
X-Google-Smtp-Source:
AKy350Y0rUgsO6Byz5IG7k9idPFQGwuJb6Rbq0eJfdtT0HwfUjUHJrOWNPD+sRlrVwp0yD/J07nm
X-Received: by 2002:a17:906:2b51:b0:8a6:e075:e364 with SMTP id
b17-20020a1709062b5100b008a6e075e364mr597901ejg.26.1680899543923;
Fri, 07 Apr 2023 13:32:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680899543; cv=none;
d=google.com; s=arc-20160816;
b=OvD2hBC7i/af2UD7rMvzyUlvr4TJwKWQ594g5shxkdFOmm3n34qk4depk3E4qWllkG
YKw2ohVKW5Yo054SJOYdoHCvLLYbH9TFbIVa1ejW8g6qbqN0ZzHZieQpZcpwbYrt1Lxd
L2aUnU62eGuWc5ppZwWnPu5R7bUj4mbuG9PNXziksm9XsSMrfUKH0RErNSYbaGsPbhk2
KnGT119wA73SVK5U/pesL+FmEJc8Qpiv3xEVYWHf3odeGYJRhp17MlY/l2L65eBSnlkv
KB1OXJYH5/dgnIB0z6042P3kft6i28YfolFE21Xm63GXlYThGZAqswK5LayMfzlZrdxl
4bOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:dkim-signature;
bh=GJQMWpvn8MVU8sNDXW5eTLeruYhzG+Ay4iiSsRa6PWQ=;
b=sI7IMNub0r85JCieaZqeqc7vRXdVEy0JBA6WmmTNSqS+AROQIqv8k3KCNXyzg937kL
ua9YivY++RI7qiYb7UnAv3hpskoUbnTud0A8dPQmI04ER8luvQh2gmMXRiJ+V19p84ii
K1VyYPSM/peu/gmgHjs3dN1E8SAb9pr7BaX8ahf2G//G1Olp6X2936UoRQTamzC9JvVa
KHPzWIHAqcNmq/yvQk9Z4V+ln7jyACkiFY+fkHRV/IRYGzVIjZTyqq4aVvz4dij2IIlf
sKCuXp80MDYL4bTFPIp1KZs5JQudvgstq8YpyIhtoZmWKGDgnTast5WhJmid83/KQuQ9
a6dA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=jEiQebud;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
w14-20020a17090633ce00b00947ad579408si697885eja.695.2023.04.07.13.32.00;
Fri, 07 Apr 2023 13:32:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=jEiQebud;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230135AbjDGUTx (ORCPT <rfc822;a1648639935@gmail.com>
+ 99 others); Fri, 7 Apr 2023 16:19:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45004 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229848AbjDGUTt (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 7 Apr 2023 16:19:49 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
[IPv6:2607:f8b0:4864:20::1149])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08ADE10F1
for <linux-kernel@vger.kernel.org>;
Fri, 7 Apr 2023 13:19:48 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id
00721157ae682-5458201ab8cso437396227b3.23
for <linux-kernel@vger.kernel.org>;
Fri, 07 Apr 2023 13:19:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112; t=1680898787; x=1683490787;
h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
:date:message-id:reply-to;
bh=GJQMWpvn8MVU8sNDXW5eTLeruYhzG+Ay4iiSsRa6PWQ=;
b=jEiQebudI/8hsSRlocLarfn/xkRFCxpYqPvHtoha3Hl+wF+TJpDQ05DC3RXdBygwSp
rsryuYUExNymDw1GYNOvnTjR0tFtZE6TJSkkVeej2ZKZkVOdBKwWHBaqUrd5PVyMnDy1
i/5C3jCCyg/vNG7LrqWT5naKwBBPljkhlfT6/Uy7dZK2T4LB++JFJxXD3B7i30O0v0rX
in/FSgxZfBmtVD7Df8CXP/XI0LW9uFdRx/dmqTKnw8bpW3iyOj4tDobgaUMPbV2zau9p
QAmVMue1KLby4Kq40/h8QCBz2N1Apw8C7W97lArdoFwfD76FKE5wWd8S81iV7ZIY47h2
nu8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1680898787; x=1683490787;
h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=GJQMWpvn8MVU8sNDXW5eTLeruYhzG+Ay4iiSsRa6PWQ=;
b=tmIyttnOWYgQ0ksnhuxSQkrEFuzGpExvVCdlRzlDbBbj1T4s3zHq54ceafSOWG3YfO
ud8JhBHXs2G1OZ71ovh4JgOXqSmVMib18IjfLrDhjC6/jRQ0Y74scasV8vT5y3QfyS3M
e20rgwW3NPPFkygUR/nUt2DrfKLS/01BJBpgfS4Iy408V407Y/ZzhbnwMEcwAloeRBPL
5cv4aUmrDZcF6dGrHEAW1b4pj8nhmY6ArKnEsB+d3Uh2HVlbhvqpSYAcNtiNylhU2TJ9
u/U37N/wqEL3KFDMzBZ6ndEXfA5oOEHCjDH/0n59bglUI1SnpWcgvL/u81GLwr9IIpls
RQPA==
X-Gm-Message-State: AAQBX9fUBSeZEEJFBno/etvQ6+aJlIMKFbwCs2CYd9T+KB7EVyEnxBeA
ly7rMizUgUUppnqXhD2nchMsxEWe9Q==
X-Received: from sagi.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:241b])
(user=sagis job=sendgmr) by 2002:a25:d6c8:0:b0:b8b:fd23:5028 with SMTP id
n191-20020a25d6c8000000b00b8bfd235028mr2415459ybg.3.1680898787294; Fri, 07
Apr 2023 13:19:47 -0700 (PDT)
Date: Fri, 7 Apr 2023 20:19:16 +0000
Mime-Version: 1.0
X-Mailer: git-send-email 2.40.0.577.gac1e443424-goog
Message-ID: <20230407201921.2703758-1-sagis@google.com>
Subject: [RFC PATCH 0/5] Add TDX intra host migration support
From: Sagi Shahar <sagis@google.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
David Matlack <dmatlack@google.com>,
Kai Huang <kai.huang@intel.com>,
Zhi Wang <zhi.wang.linux@gmail.com>,
Chao Peng <chao.p.peng@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Sagi Shahar <sagis@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-7.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1762550920262213615?=
X-GMAIL-MSGID: =?utf-8?q?1762550920262213615?=
|
| Series |
Add TDX intra host migration support
|
|
Message
Sagi Shahar
April 7, 2023, 8:19 p.m. UTC
This patchset adds support for TDX intra host migration using the same API which was added for SEV intra host migration here: https://lore.kernel.org/all/20211021174303.385706-1-pgonda@google.com/ This patchset relies on the latest TDX patches from Intel: - fd-based approach for supporing KVM v10 and https://lore.kernel.org/lkml/20221202061347.1070246-1-chao.p.peng@linux.intel.com/ - TDX host kernel support v10 https://lore.kernel.org/lkml/cover.1678111292.git.kai.huang@intel.com/ - KVM TDX basic feature support v13 https://lore.kernel.org/cover.1678643051.git.isaku.yamahata@intel.com The tree can be found at https://github.com/googleprodkernel/linux-cc/tree/copyless and is based on Intel's tdx tree at https://github.com/intel/tdx/tree/kvm-upstream In the TDX case, we need to transfer the VM state from multiple sources: * HKID and encrypted VM state is transfered between the kvm_tdx objects. * Encrypted and runtime state is transfered between the vcpu_tdx objects. * The EPT table backing TD's private memory is transfered at the kvm-mmu level. This is needed since the secure EPT table managed by the TD module remains the same after the migration so moving the current private EPT table eliminates the need to rebuild the private EPT table to match the secure EPT table on the destination. * Information regarding the current shared/private memory is trasfered using the mem_attr_array stored at the kvm object. * Additional information derived from shared/private memory state is trasfered at the memslot level. Tested with selftests locally. I will attach the self test in the next version after we send the new TDX selftest framework patches based on KVM TDX basic feature support v13. Sagi Shahar (5): KVM: Split tdp_mmu_pages to private and shared lists KVM: SEV: Refactor common code out of sev_vm_move_enc_context_from KVM: TDX: Add base implementation for tdx_vm_move_enc_context_from KVM: TDX: Implement moving private pages between 2 TDs KVM: TDX: Add core logic for TDX intra-host migration arch/x86/include/asm/kvm_host.h | 5 +- arch/x86/kvm/mmu.h | 2 + arch/x86/kvm/mmu/mmu.c | 60 ++++++++ arch/x86/kvm/mmu/tdp_mmu.c | 88 +++++++++++- arch/x86/kvm/mmu/tdp_mmu.h | 3 + arch/x86/kvm/svm/sev.c | 175 +++-------------------- arch/x86/kvm/vmx/main.c | 10 ++ arch/x86/kvm/vmx/tdx.c | 245 ++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/tdx.h | 2 + arch/x86/kvm/vmx/x86_ops.h | 5 + arch/x86/kvm/x86.c | 166 ++++++++++++++++++++++ arch/x86/kvm/x86.h | 16 +++ 12 files changed, 613 insertions(+), 164 deletions(-)
Comments
On Fri, 7 Apr 2023 20:19:16 +0000 Sagi Shahar <sagis@google.com> wrote: Hi: Is there any userspace using these APIs? I cant find them in AMD-QEMU repo and upstream QEMU repo. It would nice to first take a look on how userspace is going to use it. > This patchset adds support for TDX intra host migration using the same > API which was added for SEV intra host migration here: > https://lore.kernel.org/all/20211021174303.385706-1-pgonda@google.com/ > > This patchset relies on the latest TDX patches from Intel: > - fd-based approach for supporing KVM v10 and > https://lore.kernel.org/lkml/20221202061347.1070246-1-chao.p.peng@linux.intel.com/ > - TDX host kernel support v10 > https://lore.kernel.org/lkml/cover.1678111292.git.kai.huang@intel.com/ > - KVM TDX basic feature support v13 > https://lore.kernel.org/cover.1678643051.git.isaku.yamahata@intel.com > > The tree can be found at https://github.com/googleprodkernel/linux-cc/tree/copyless > and is based on Intel's tdx tree at https://github.com/intel/tdx/tree/kvm-upstream > > In the TDX case, we need to transfer the VM state from multiple sources: > > * HKID and encrypted VM state is transfered between the kvm_tdx > objects. > * Encrypted and runtime state is transfered between the vcpu_tdx > objects. > * The EPT table backing TD's private memory is transfered at the > kvm-mmu level. This is needed since the secure EPT table managed by > the TD module remains the same after the migration so moving the > current private EPT table eliminates the need to rebuild the private > EPT table to match the secure EPT table on the destination. > * Information regarding the current shared/private memory is trasfered > using the mem_attr_array stored at the kvm object. > * Additional information derived from shared/private memory state is > trasfered at the memslot level. > > Tested with selftests locally. I will attach the self test in the next > version after we send the new TDX selftest framework patches based on > KVM TDX basic feature support v13. > > Sagi Shahar (5): > KVM: Split tdp_mmu_pages to private and shared lists > KVM: SEV: Refactor common code out of sev_vm_move_enc_context_from > KVM: TDX: Add base implementation for tdx_vm_move_enc_context_from > KVM: TDX: Implement moving private pages between 2 TDs > KVM: TDX: Add core logic for TDX intra-host migration > > arch/x86/include/asm/kvm_host.h | 5 +- > arch/x86/kvm/mmu.h | 2 + > arch/x86/kvm/mmu/mmu.c | 60 ++++++++ > arch/x86/kvm/mmu/tdp_mmu.c | 88 +++++++++++- > arch/x86/kvm/mmu/tdp_mmu.h | 3 + > arch/x86/kvm/svm/sev.c | 175 +++-------------------- > arch/x86/kvm/vmx/main.c | 10 ++ > arch/x86/kvm/vmx/tdx.c | 245 ++++++++++++++++++++++++++++++++ > arch/x86/kvm/vmx/tdx.h | 2 + > arch/x86/kvm/vmx/x86_ops.h | 5 + > arch/x86/kvm/x86.c | 166 ++++++++++++++++++++++ > arch/x86/kvm/x86.h | 16 +++ > 12 files changed, 613 insertions(+), 164 deletions(-) >
On Fri, Apr 14, 2023 at 12:04 AM Zhi Wang <zhi.wang.linux@gmail.com> wrote: > > On Fri, 7 Apr 2023 20:19:16 +0000 > Sagi Shahar <sagis@google.com> wrote: > > Hi: > > Is there any userspace using these APIs? I cant find them in AMD-QEMU repo > and upstream QEMU repo. It would nice to first take a look on how userspace > is going to use it. > We are using a different userspace VMM internally so we didn't make changes to QEMU. I've uploaded our selftests which exercise these APIs to our public GitHub so you can take a look there: https://github.com/googleprodkernel/linux-cc/commit/62c8dba4c3cf06e375018077a6d9f491c933dc6d Note that these are a slightly older version based on TDX V10 API. They also use the KVM_CAP_VM_COPY_ENC_CONTEXT_FROM instead of KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM > > This patchset adds support for TDX intra host migration using the same > > API which was added for SEV intra host migration here: > > https://lore.kernel.org/all/20211021174303.385706-1-pgonda@google.com/ > > > > This patchset relies on the latest TDX patches from Intel: > > - fd-based approach for supporing KVM v10 and > > https://lore.kernel.org/lkml/20221202061347.1070246-1-chao.p.peng@linux.intel.com/ > > - TDX host kernel support v10 > > https://lore.kernel.org/lkml/cover.1678111292.git.kai.huang@intel.com/ > > - KVM TDX basic feature support v13 > > https://lore.kernel.org/cover.1678643051.git.isaku.yamahata@intel.com > > > > The tree can be found at https://github.com/googleprodkernel/linux-cc/tree/copyless > > and is based on Intel's tdx tree at https://github.com/intel/tdx/tree/kvm-upstream > > > > In the TDX case, we need to transfer the VM state from multiple sources: > > > > * HKID and encrypted VM state is transfered between the kvm_tdx > > objects. > > * Encrypted and runtime state is transfered between the vcpu_tdx > > objects. > > * The EPT table backing TD's private memory is transfered at the > > kvm-mmu level. This is needed since the secure EPT table managed by > > the TD module remains the same after the migration so moving the > > current private EPT table eliminates the need to rebuild the private > > EPT table to match the secure EPT table on the destination. > > * Information regarding the current shared/private memory is trasfered > > using the mem_attr_array stored at the kvm object. > > * Additional information derived from shared/private memory state is > > trasfered at the memslot level. > > > > Tested with selftests locally. I will attach the self test in the next > > version after we send the new TDX selftest framework patches based on > > KVM TDX basic feature support v13. > > > > Sagi Shahar (5): > > KVM: Split tdp_mmu_pages to private and shared lists > > KVM: SEV: Refactor common code out of sev_vm_move_enc_context_from > > KVM: TDX: Add base implementation for tdx_vm_move_enc_context_from > > KVM: TDX: Implement moving private pages between 2 TDs > > KVM: TDX: Add core logic for TDX intra-host migration > > > > arch/x86/include/asm/kvm_host.h | 5 +- > > arch/x86/kvm/mmu.h | 2 + > > arch/x86/kvm/mmu/mmu.c | 60 ++++++++ > > arch/x86/kvm/mmu/tdp_mmu.c | 88 +++++++++++- > > arch/x86/kvm/mmu/tdp_mmu.h | 3 + > > arch/x86/kvm/svm/sev.c | 175 +++-------------------- > > arch/x86/kvm/vmx/main.c | 10 ++ > > arch/x86/kvm/vmx/tdx.c | 245 ++++++++++++++++++++++++++++++++ > > arch/x86/kvm/vmx/tdx.h | 2 + > > arch/x86/kvm/vmx/x86_ops.h | 5 + > > arch/x86/kvm/x86.c | 166 ++++++++++++++++++++++ > > arch/x86/kvm/x86.h | 16 +++ > > 12 files changed, 613 insertions(+), 164 deletions(-) > > >