Re: [RFC v2] KVM: x86: Support KVM VMs sharing SEV context

From: Steve Rutherford
Date: Thu Apr 08 2021 - 20:41:54 EST

Next message: Steve Rutherford: "Re: [PATCH] KVM: SVM: Add support for KVM_SEV_SEND_CANCEL command"
Previous message: David Miller: "Re: [PATCH v3 net-next] net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)"
In reply to: James Bottomley: "Re: [RFC v2] KVM: x86: Support KVM VMs sharing SEV context"
Next in thread: James Bottomley: "Re: [RFC v2] KVM: x86: Support KVM VMs sharing SEV context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 8, 2021 at 2:15 PM James Bottomley <jejb@xxxxxxxxxxxxx> wrote:
>
> On Thu, 2021-04-08 at 12:48 -0700, Steve Rutherford wrote:
> > On Thu, Apr 8, 2021 at 10:43 AM James Bottomley <jejb@xxxxxxxxxxxxx>
> > wrote:
> > > On Fri, 2021-04-02 at 16:20 +0200, Paolo Bonzini wrote:
> > > > On 02/04/21 13:58, Ashish Kalra wrote:
> > > > > Hi Nathan,
> > > > >
> > > > > Will you be posting a corresponding Qemu patch for this ?
> > > >
> > > > Hi Ashish,
> > > >
> > > > as far as I know IBM is working on QEMU patches for guest-based
> > > > migration helpers.
> > >
> > > Yes, that's right, we'll take on this part.
> > >
> > > > However, it would be nice to collaborate on the low-level
> > > > (SEC/PEI) firmware patches to detect whether a CPU is part of the
> > > > primary VM or the mirror. If Google has any OVMF patches already
> > > > done for that, it would be great to combine it with IBM's SEV
> > > > migration code and merge it into upstream OVMF.
> > >
> > > We've reached the stage with our prototyping where not having the
> > > OVMF support is blocking us from working on QEMU. If we're going
> > > to have to reinvent the wheel in OVMF because Google is unwilling
> > > to publish the patches, can you at least give some hints about how
> > > you did it?
> > >
> > > Thanks,
> > >
> > > James
> >
> > Hey James,
> > It's not strictly necessary to modify OVMF to make SEV VMs live
> > migrate. If we were to modify OVMF, we would contribute those changes
> > upstream.
>
> Well, no, we already published an OVMF RFC to this list that does
> migration. However, the mirror approach requires a different boot
> mechanism for the extra vCPU in the mirror. I assume you're doing this
> bootstrap through OVMF so the hypervisor can interrogate it to get the
> correct entry point? That's the code we're asking to see because
> that's what replaces our use of the MP service in the RFC.
>
> James

Hey James,
The intention would be to have a separate, stand-alone firmware-like
binary run by the mirror. Since the VMM is in control of where it
places that binary in the guest physical address space and the initial
configuration of the vCPUs, it can point the vCPUs at an entry point
contained within that binary, rather than at the standard x86 reset
vector.

Thanks,
Steve

Next message: Steve Rutherford: "Re: [PATCH] KVM: SVM: Add support for KVM_SEV_SEND_CANCEL command"
Previous message: David Miller: "Re: [PATCH v3 net-next] net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)"
In reply to: James Bottomley: "Re: [RFC v2] KVM: x86: Support KVM VMs sharing SEV context"
Next in thread: James Bottomley: "Re: [RFC v2] KVM: x86: Support KVM VMs sharing SEV context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]