From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Ashish Kalra <Ashish.Kalra@amd.com>
Cc: Thomas.Lendacky@amd.com, brijesh.singh@amd.com,
ehabkost@redhat.com, jejb@linux.ibm.com, tobin@ibm.com,
qemu-devel@nongnu.org, dgilbert@redhat.com,
dovmurik@linux.vnet.ibm.com, pbonzini@redhat.com
Subject: Re: [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow
Date: Fri, 10 Sep 2021 10:53:54 +0100 [thread overview]
Message-ID: <YTsrMsYwMsm/yWBe@redhat.com> (raw)
In-Reply-To: <0e2b3d80e3d61b121ff4b508e5299e3c23f7b090.1628076205.git.ashish.kalra@amd.com>
On Wed, Aug 04, 2021 at 11:53:47AM +0000, Ashish Kalra wrote:
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> ---
> docs/amd-memory-encryption.txt | 46 +++++++++++++++++++++++++++++++++-
> 1 file changed, 45 insertions(+), 1 deletion(-)
>
> diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
> index 12ca25180e..0d9184532a 100644
> --- a/docs/amd-memory-encryption.txt
> +++ b/docs/amd-memory-encryption.txt
> @@ -126,7 +126,51 @@ TODO
>
> Live Migration
> ----------------
> +NOTE:
> +To protect against the memory clone SEV APIs are designed to make the VM
> +unrunnable in case of the migration failure.
Can you expand on this, as the limited explanation does not make a
whole lot of sense. What is the threat model here, what actions
are being taken to ensure unrunnability and who or what enforces
that ? Which VM is this referring to - the src VM or dst VM ?
I comes across like you're trying to protect against the case where
the same VM is executing on both hosts concurrently, but I'm not
clear how that ties into migration failure.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2021-09-10 9:55 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-04 11:52 [PATCH v4 00/14] Add SEV guest live migration support Ashish Kalra
2021-08-04 11:53 ` [PATCH v4 01/14] doc: update AMD SEV API spec web link Ashish Kalra
2021-08-16 18:44 ` Dr. David Alan Gilbert
2021-08-04 11:53 ` [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow Ashish Kalra
2021-08-05 6:34 ` Dov Murik
2021-08-05 9:39 ` Ashish Kalra
2021-09-10 9:53 ` Daniel P. Berrangé [this message]
2021-08-04 11:54 ` [PATCH v4 03/14] migration.json: add AMD SEV specific migration parameters Ashish Kalra
2021-08-05 9:42 ` Dov Murik
2021-08-05 14:41 ` Ashish Kalra
2021-08-05 20:18 ` Eric Blake
2021-08-04 11:55 ` [PATCH v4 04/14] confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs Ashish Kalra
2021-08-05 12:20 ` Dov Murik
2021-08-05 14:43 ` Ashish Kalra
2021-08-04 11:56 ` [PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context Ashish Kalra
2021-08-05 13:06 ` Dov Murik
2021-08-05 14:45 ` Ashish Kalra
2021-08-04 11:56 ` [PATCH v4 06/14] target/i386: sev: do not create launch context for an incoming guest Ashish Kalra
2021-08-04 11:56 ` [PATCH v4 07/14] target/i386: sev: add support to encrypt the outgoing page Ashish Kalra
2021-08-05 14:35 ` Dov Murik
2021-08-04 11:57 ` [PATCH v4 08/14] target/i386: sev: add support to load incoming encrypted page Ashish Kalra
2021-08-04 11:57 ` [PATCH v4 09/14] kvm: Add support for SEV shared regions list and KVM_EXIT_HYPERCALL Ashish Kalra
2021-08-04 11:57 ` [PATCH v4 10/14] migration: add support to migrate shared regions list Ashish Kalra
2021-09-10 7:54 ` Wang, Wei W
2021-09-10 8:47 ` Ashish Kalra
2021-09-10 9:11 ` Wang, Wei W
2021-09-10 9:42 ` Ashish Kalra
2021-08-04 11:58 ` [PATCH v4 11/14] migration/ram: add support to send encrypted pages Ashish Kalra
2021-08-04 11:59 ` [PATCH v4 12/14] migration/ram: Force encrypted status for flash0 & flash1 devices Ashish Kalra
2021-08-04 11:59 ` [PATCH v4 13/14] migration: for SEV live migration bump downtime limit to 1s Ashish Kalra
2021-09-10 9:43 ` Daniel P. Berrangé
2021-09-10 10:18 ` Ashish Kalra via
2021-08-04 12:00 ` [PATCH v4 14/14] kvm: Add support for userspace MSR filtering and handling of MSR_KVM_MIGRATION_CONTROL Ashish Kalra
2021-09-10 7:56 ` Wang, Wei W
2021-09-10 9:14 ` Ashish Kalra
2021-09-10 9:36 ` Wang, Wei W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YTsrMsYwMsm/yWBe@redhat.com \
--to=berrange@redhat.com \
--cc=Ashish.Kalra@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=brijesh.singh@amd.com \
--cc=dgilbert@redhat.com \
--cc=dovmurik@linux.vnet.ibm.com \
--cc=ehabkost@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=tobin@ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).