Skip to content

Commit 1f05833

Browse files
bonzinibonzini
committed
Merge branch 'kvm-sev-move-context' into kvm-master
Add support for AMD SEV and SEV-ES intra-host migration support. Intra host migration provides a low-cost mechanism for userspace VMM upgrades. In the common case for intra host migration, we can rely on the normal ioctls for passing data from one VMM to the next. SEV, SEV-ES, and other confidential compute environments make most of this information opaque, and render KVM ioctls such as "KVM_GET_REGS" irrelevant. As a result, we need the ability to pass this opaque metadata from one VMM to the next. The easiest way to do this is to leave this data in the kernel, and transfer ownership of the metadata from one KVM VM (or vCPU) to the next. In-kernel hand off makes it possible to move any data that would be unsafe/impossible for the kernel to hand directly to userspace, and cannot be reproduced using data that can be handed to userspace. Signed-off-by: Paolo Bonzini <[email protected]>
2 parents b9ecb9a + 6a58150 commit 1f05833

File tree

15 files changed

+550
-81
lines changed

15 files changed

+550
-81
lines changed

Documentation/virt/kvm/api.rst

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6911,6 +6911,20 @@ MAP_SHARED mmap will result in an -EINVAL return.
69116911
When enabled the VMM may make use of the ``KVM_ARM_MTE_COPY_TAGS`` ioctl to
69126912
perform a bulk copy of tags to/from the guest.
69136913

6914+
7.29 KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM
6915+
-------------------------------------
6916+
6917+
Architectures: x86 SEV enabled
6918+
Type: vm
6919+
Parameters: args[0] is the fd of the source vm
6920+
Returns: 0 on success
6921+
6922+
This capability enables userspace to migrate the encryption context from the VM
6923+
indicated by the fd to the VM this is called on.
6924+
6925+
This is intended to support intra-host migration of VMs between userspace VMMs,
6926+
upgrading the VMM process without interrupting the guest.
6927+
69146928
8. Other capabilities.
69156929
======================
69166930

arch/x86/include/asm/kvm_host.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1476,6 +1476,7 @@ struct kvm_x86_ops {
14761476
int (*mem_enc_reg_region)(struct kvm *kvm, struct kvm_enc_region *argp);
14771477
int (*mem_enc_unreg_region)(struct kvm *kvm, struct kvm_enc_region *argp);
14781478
int (*vm_copy_enc_context_from)(struct kvm *kvm, unsigned int source_fd);
1479+
int (*vm_move_enc_context_from)(struct kvm *kvm, unsigned int source_fd);
14791480

14801481
int (*get_msr_feature)(struct kvm_msr_entry *entry);
14811482

0 commit comments

Comments
 (0)