* [PATCH v7 16/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature.
2020-04-30 8:39 [PATCH v7 00/18] Add AMD SEV guest live migration support Ashish Kalra
@ 2020-04-30 8:46 ` Ashish Kalra
2020-04-30 16:42 ` kbuild test robot
0 siblings, 1 reply; 4+ messages in thread
From: Ashish Kalra @ 2020-04-30 8:46 UTC (permalink / raw)
To: pbonzini
Cc: tglx, mingo, hpa, joro, bp, thomas.lendacky, x86, kvm,
linux-kernel, srutherford, rientjes, venu.busireddy,
brijesh.singh
From: Ashish Kalra <ashish.kalra@amd.com>
The guest support for detecting and enabling SEV Live migration
feature uses the following logic :
- kvm_init_plaform() checks if its booted under the EFI
- If not EFI,
i) check for the KVM_FEATURE_CPUID
ii) if CPUID reports that migration is support then issue wrmsrl
to enable the SEV migration support
- If EFI,
i) Check the KVM_FEATURE_CPUID.
ii) If CPUID reports that migration is supported, then reads the UEFI enviroment variable which
indicates OVMF support for live migration.
iii) If variable is set then wrmsr to enable the SEV migration support.
The EFI live migration check is done using a late_initcall() callback.
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
arch/x86/include/asm/mem_encrypt.h | 11 ++++++
arch/x86/kernel/kvm.c | 62 ++++++++++++++++++++++++++++++
arch/x86/mm/mem_encrypt.c | 11 ++++++
3 files changed, 84 insertions(+)
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
index 848ce43b9040..d10e92ae5ca1 100644
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -20,6 +20,7 @@
extern u64 sme_me_mask;
extern bool sev_enabled;
+extern bool sev_live_mig_enabled;
void sme_encrypt_execute(unsigned long encrypted_kernel_vaddr,
unsigned long decrypted_kernel_vaddr,
@@ -42,6 +43,8 @@ void __init sme_enable(struct boot_params *bp);
int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size);
int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size);
+void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages,
+ bool enc);
/* Architecture __weak replacement functions */
void __init mem_encrypt_init(void);
@@ -55,6 +58,7 @@ bool sev_active(void);
#else /* !CONFIG_AMD_MEM_ENCRYPT */
#define sme_me_mask 0ULL
+#define sev_live_mig_enabled false
static inline void __init sme_early_encrypt(resource_size_t paddr,
unsigned long size) { }
@@ -76,6 +80,8 @@ static inline int __init
early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; }
static inline int __init
early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; }
+static inline void __init
+early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {}
#define __bss_decrypted
@@ -102,6 +108,11 @@ static inline u64 sme_get_me_mask(void)
return sme_me_mask;
}
+static inline bool sev_live_migration_enabled(void)
+{
+ return sev_live_mig_enabled;
+}
+
#endif /* __ASSEMBLY__ */
#endif /* __X86_MEM_ENCRYPT_H__ */
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 928ddb8a8cfc..8b8cc87a3461 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -24,6 +24,7 @@
#include <linux/debugfs.h>
#include <linux/nmi.h>
#include <linux/swait.h>
+#include <linux/efi.h>
#include <asm/timer.h>
#include <asm/cpu.h>
#include <asm/traps.h>
@@ -403,6 +404,53 @@ static inline void __set_percpu_decrypted(void *ptr, unsigned long size)
early_set_memory_decrypted((unsigned long) ptr, size);
}
+#ifdef CONFIG_EFI
+static bool setup_kvm_sev_migration(void)
+{
+ efi_char16_t efi_Sev_Live_Mig_support_name[] = L"SevLiveMigrationEnabled";
+ efi_guid_t efi_variable_guid = MEM_ENCRYPT_GUID;
+ efi_status_t status;
+ unsigned long size;
+ bool enabled;
+
+ if (!sev_live_migration_enabled())
+ return false;
+
+ size = sizeof(enabled);
+
+ if (!efi_enabled(EFI_RUNTIME_SERVICES)) {
+ pr_info("setup_kvm_sev_migration: no efi\n");
+ return false;
+ }
+
+ /* Get variable contents into buffer */
+ status = efi.get_variable(efi_Sev_Live_Mig_support_name,
+ &efi_variable_guid, NULL, &size, &enabled);
+
+ if (status == EFI_NOT_FOUND) {
+ pr_info("setup_kvm_sev_migration: variable not found\n");
+ return false;
+ }
+
+ if (status != EFI_SUCCESS) {
+ pr_info("setup_kvm_sev_migration: get_variable fail\n");
+ return false;
+ }
+
+ if (enabled == 0) {
+ pr_info("setup_kvm_sev_migration: live migration disabled in OVMF\n");
+ return false;
+ }
+
+ pr_info("setup_kvm_sev_migration: live migration enabled in OVMF\n");
+ wrmsrl(MSR_KVM_SEV_LIVE_MIG_EN, KVM_SEV_LIVE_MIGRATION_ENABLED);
+
+ return true;
+}
+
+late_initcall(setup_kvm_sev_migration);
+#endif
+
/*
* Iterate through all possible CPUs and map the memory region pointed
* by apf_reason, steal_time and kvm_apic_eoi as decrypted at once.
@@ -725,6 +773,20 @@ static void __init kvm_apic_init(void)
static void __init kvm_init_platform(void)
{
+ if (sev_active() &&
+ kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION)) {
+
+ printk(KERN_INFO "KVM enable live migration\n");
+ sev_live_mig_enabled = true;
+ /*
+ * If not booted using EFI, enable Live migration support.
+ */
+ if (!efi_enabled(EFI_BOOT))
+ wrmsrl(MSR_KVM_SEV_LIVE_MIG_EN,
+ KVM_SEV_LIVE_MIGRATION_ENABLED);
+ } else
+ printk(KERN_INFO "KVM enable live migration feature unsupported\n");
+
kvmclock_init();
x86_platform.apic_post_init = kvm_apic_init;
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 603f5abf8a78..3964f5de058c 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -46,6 +46,8 @@ EXPORT_SYMBOL_GPL(sev_enable_key);
bool sev_enabled __section(.data);
+bool sev_live_mig_enabled __section(.data);
+
/* Buffer used for early in-place encryption by BSP, no locking needed */
static char sme_early_buffer[PAGE_SIZE] __initdata __aligned(PAGE_SIZE);
@@ -204,6 +206,9 @@ static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages,
unsigned long sz = npages << PAGE_SHIFT;
unsigned long vaddr_end, vaddr_next;
+ if (!sev_live_migration_enabled())
+ return;
+
vaddr_end = vaddr + sz;
for (; vaddr < vaddr_end; vaddr = vaddr_next) {
@@ -375,6 +380,12 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size)
return early_set_memory_enc_dec(vaddr, size, true);
}
+void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages,
+ bool enc)
+{
+ set_memory_enc_dec_hypercall(vaddr, npages, enc);
+}
+
/*
* SME and SEV are very similar but they are not the same, so there are
* times that the kernel will need to distinguish between SME and SEV. The
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v7 16/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature.
2020-04-30 8:46 ` [PATCH v7 16/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature Ashish Kalra
@ 2020-04-30 16:42 ` kbuild test robot
0 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2020-04-30 16:42 UTC (permalink / raw)
To: Ashish Kalra, pbonzini
Cc: kbuild-all, tglx, mingo, hpa, joro, bp, thomas.lendacky, x86, kvm,
linux-kernel
[-- Attachment #1: Type: text/plain, Size: 1977 bytes --]
Hi Ashish,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on v5.7-rc3]
[cannot apply to kvm/linux-next tip/x86/mm tip/x86/core next-20200430]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Ashish-Kalra/Add-AMD-SEV-guest-live-migration-support/20200430-202702
base: 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c
config: i386-randconfig-a003-20200430 (attached as .config)
compiler: gcc-5 (Ubuntu 5.5.0-12ubuntu1) 5.5.0 20171010
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
arch/x86/kernel/kvm.c: In function 'kvm_init_platform':
>> arch/x86/kernel/kvm.c:780:24: error: lvalue required as left operand of assignment
sev_live_mig_enabled = true;
^
vim +780 arch/x86/kernel/kvm.c
773
774 static void __init kvm_init_platform(void)
775 {
776 if (sev_active() &&
777 kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION)) {
778
779 printk(KERN_INFO "KVM enable live migration\n");
> 780 sev_live_mig_enabled = true;
781 /*
782 * If not booted using EFI, enable Live migration support.
783 */
784 if (!efi_enabled(EFI_BOOT))
785 wrmsrl(MSR_KVM_SEV_LIVE_MIG_EN,
786 KVM_SEV_LIVE_MIGRATION_ENABLED);
787 } else
788 printk(KERN_INFO "KVM enable live migration feature unsupported\n");
789
790 kvmclock_init();
791 x86_platform.apic_post_init = kvm_apic_init;
792 }
793
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 36738 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v7 16/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature.
@ 2020-04-30 16:42 ` kbuild test robot
0 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2020-04-30 16:42 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 2034 bytes --]
Hi Ashish,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on v5.7-rc3]
[cannot apply to kvm/linux-next tip/x86/mm tip/x86/core next-20200430]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Ashish-Kalra/Add-AMD-SEV-guest-live-migration-support/20200430-202702
base: 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c
config: i386-randconfig-a003-20200430 (attached as .config)
compiler: gcc-5 (Ubuntu 5.5.0-12ubuntu1) 5.5.0 20171010
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
arch/x86/kernel/kvm.c: In function 'kvm_init_platform':
>> arch/x86/kernel/kvm.c:780:24: error: lvalue required as left operand of assignment
sev_live_mig_enabled = true;
^
vim +780 arch/x86/kernel/kvm.c
773
774 static void __init kvm_init_platform(void)
775 {
776 if (sev_active() &&
777 kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION)) {
778
779 printk(KERN_INFO "KVM enable live migration\n");
> 780 sev_live_mig_enabled = true;
781 /*
782 * If not booted using EFI, enable Live migration support.
783 */
784 if (!efi_enabled(EFI_BOOT))
785 wrmsrl(MSR_KVM_SEV_LIVE_MIG_EN,
786 KVM_SEV_LIVE_MIGRATION_ENABLED);
787 } else
788 printk(KERN_INFO "KVM enable live migration feature unsupported\n");
789
790 kvmclock_init();
791 x86_platform.apic_post_init = kvm_apic_init;
792 }
793
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 36738 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v7 16/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature.
@ 2020-05-01 13:39 kbuild test robot
0 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2020-05-01 13:39 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 5314 bytes --]
CC: kbuild-all(a)lists.01.org
In-Reply-To: <42947fc3dc7a01c73677560c84dfd87498d381e0.1588234824.git.ashish.kalra@amd.com>
References: <42947fc3dc7a01c73677560c84dfd87498d381e0.1588234824.git.ashish.kalra@amd.com>
TO: Ashish Kalra <Ashish.Kalra@amd.com>
TO: pbonzini(a)redhat.com
CC: tglx(a)linutronix.de
CC: mingo(a)redhat.com
CC: hpa(a)zytor.com
CC: joro(a)8bytes.org
CC: bp(a)suse.de
CC: thomas.lendacky(a)amd.com
CC: x86(a)kernel.org
CC: kvm(a)vger.kernel.org
CC: linux-kernel(a)vger.kernel.org
Hi Ashish,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on v5.7-rc3]
[cannot apply to kvm/linux-next tip/x86/mm tip/x86/core next-20200501]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Ashish-Kalra/Add-AMD-SEV-guest-live-migration-support/20200430-202702
base: 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c
reproduce:
# apt-get install sparse
# sparse version: v0.6.1-191-gc51a0382-dirty
make ARCH=x86_64 allmodconfig
make C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__'
:::::: branch date: 25 hours ago
:::::: commit date: 25 hours ago
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> arch/x86/kernel/kvm.c:410:56: sparse: sparse: invalid initializer
arch/x86/kernel/kvm.c:795:6: sparse: sparse: symbol 'kvm_sev_migration_hcall' was not declared. Should it be static?
# https://github.com/0day-ci/linux/commit/ec31b001157e1122024857a2b8ffcb9c730e165d
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout ec31b001157e1122024857a2b8ffcb9c730e165d
vim +410 arch/x86/kernel/kvm.c
4716276184ec67 Brijesh Singh 2017-10-20 406
ec31b001157e11 Ashish Kalra 2020-04-30 407 #ifdef CONFIG_EFI
ec31b001157e11 Ashish Kalra 2020-04-30 408 static bool setup_kvm_sev_migration(void)
ec31b001157e11 Ashish Kalra 2020-04-30 409 {
ec31b001157e11 Ashish Kalra 2020-04-30 @410 efi_char16_t efi_Sev_Live_Mig_support_name[] = L"SevLiveMigrationEnabled";
ec31b001157e11 Ashish Kalra 2020-04-30 411 efi_guid_t efi_variable_guid = MEM_ENCRYPT_GUID;
ec31b001157e11 Ashish Kalra 2020-04-30 412 efi_status_t status;
ec31b001157e11 Ashish Kalra 2020-04-30 413 unsigned long size;
ec31b001157e11 Ashish Kalra 2020-04-30 414 bool enabled;
ec31b001157e11 Ashish Kalra 2020-04-30 415
ec31b001157e11 Ashish Kalra 2020-04-30 416 if (!sev_live_migration_enabled())
ec31b001157e11 Ashish Kalra 2020-04-30 417 return false;
ec31b001157e11 Ashish Kalra 2020-04-30 418
ec31b001157e11 Ashish Kalra 2020-04-30 419 size = sizeof(enabled);
ec31b001157e11 Ashish Kalra 2020-04-30 420
ec31b001157e11 Ashish Kalra 2020-04-30 421 if (!efi_enabled(EFI_RUNTIME_SERVICES)) {
ec31b001157e11 Ashish Kalra 2020-04-30 422 pr_info("setup_kvm_sev_migration: no efi\n");
ec31b001157e11 Ashish Kalra 2020-04-30 423 return false;
ec31b001157e11 Ashish Kalra 2020-04-30 424 }
ec31b001157e11 Ashish Kalra 2020-04-30 425
ec31b001157e11 Ashish Kalra 2020-04-30 426 /* Get variable contents into buffer */
ec31b001157e11 Ashish Kalra 2020-04-30 427 status = efi.get_variable(efi_Sev_Live_Mig_support_name,
ec31b001157e11 Ashish Kalra 2020-04-30 428 &efi_variable_guid, NULL, &size, &enabled);
ec31b001157e11 Ashish Kalra 2020-04-30 429
ec31b001157e11 Ashish Kalra 2020-04-30 430 if (status == EFI_NOT_FOUND) {
ec31b001157e11 Ashish Kalra 2020-04-30 431 pr_info("setup_kvm_sev_migration: variable not found\n");
ec31b001157e11 Ashish Kalra 2020-04-30 432 return false;
ec31b001157e11 Ashish Kalra 2020-04-30 433 }
ec31b001157e11 Ashish Kalra 2020-04-30 434
ec31b001157e11 Ashish Kalra 2020-04-30 435 if (status != EFI_SUCCESS) {
ec31b001157e11 Ashish Kalra 2020-04-30 436 pr_info("setup_kvm_sev_migration: get_variable fail\n");
ec31b001157e11 Ashish Kalra 2020-04-30 437 return false;
ec31b001157e11 Ashish Kalra 2020-04-30 438 }
ec31b001157e11 Ashish Kalra 2020-04-30 439
ec31b001157e11 Ashish Kalra 2020-04-30 440 if (enabled == 0) {
ec31b001157e11 Ashish Kalra 2020-04-30 441 pr_info("setup_kvm_sev_migration: live migration disabled in OVMF\n");
ec31b001157e11 Ashish Kalra 2020-04-30 442 return false;
ec31b001157e11 Ashish Kalra 2020-04-30 443 }
ec31b001157e11 Ashish Kalra 2020-04-30 444
ec31b001157e11 Ashish Kalra 2020-04-30 445 pr_info("setup_kvm_sev_migration: live migration enabled in OVMF\n");
ec31b001157e11 Ashish Kalra 2020-04-30 446 wrmsrl(MSR_KVM_SEV_LIVE_MIG_EN, KVM_SEV_LIVE_MIGRATION_ENABLED);
ec31b001157e11 Ashish Kalra 2020-04-30 447
ec31b001157e11 Ashish Kalra 2020-04-30 448 return true;
ec31b001157e11 Ashish Kalra 2020-04-30 449 }
ec31b001157e11 Ashish Kalra 2020-04-30 450
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-01 13:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-01 13:39 [PATCH v7 16/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature kbuild test robot
-- strict thread matches above, loose matches on Subject: below --
2020-04-30 8:39 [PATCH v7 00/18] Add AMD SEV guest live migration support Ashish Kalra
2020-04-30 8:46 ` [PATCH v7 16/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature Ashish Kalra
2020-04-30 16:42 ` kbuild test robot
2020-04-30 16:42 ` kbuild test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.