From: Dov Murik <dovmurik@linux.ibm.com>
To: Ashish Kalra <Ashish.Kalra@amd.com>, qemu-devel@nongnu.org
Cc: Thomas.Lendacky@amd.com, brijesh.singh@amd.com,
ehabkost@redhat.com, jejb@linux.ibm.com, tobin@ibm.com,
dgilbert@redhat.com, dovmurik@linux.vnet.ibm.com,
pbonzini@redhat.com
Subject: Re: [PATCH v4 04/14] confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs
Date: Thu, 5 Aug 2021 15:20:50 +0300 [thread overview]
Message-ID: <a608f479-1eca-6738-d96b-75145c334b29@linux.ibm.com> (raw)
In-Reply-To: <74fce7be9bd219ce902851c0b27192fdefbf9ef1.1628076205.git.ashish.kalra@amd.com>
On 04/08/2021 14:55, Ashish Kalra wrote:
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> When memory encryption is enabled in VM, the guest RAM will be encrypted
> with the guest-specific key, to protect the confidentiality of data while
> in transit we need to platform specific hooks to save or migrate the
> guest RAM.
>
> Introduce the new ConfidentialGuestMemoryEncryptionOps in this patch
> which will be later used by the encrypted guest for migration.
Do we already have SEV / ConfidentialGuest debug operations? (for
reading SEV guest memory from gdb if debug is allowed in policy)
Are they supposed to be in the same Ops struct? Another?
>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Co-developed-by: Ashish Kalra <ashish.kalra@amd.com>
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> ---
> include/exec/confidential-guest-support.h | 27 +++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/include/exec/confidential-guest-support.h b/include/exec/confidential-guest-support.h
> index ba2dd4b5df..d8b4bd4c42 100644
> --- a/include/exec/confidential-guest-support.h
> +++ b/include/exec/confidential-guest-support.h
> @@ -20,6 +20,7 @@
>
> #ifndef CONFIG_USER_ONLY
>
> +#include <qapi/qapi-types-migration.h>
> #include "qom/object.h"
>
> #define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support"
> @@ -53,8 +54,34 @@ struct ConfidentialGuestSupport {
> bool ready;
> };
>
> +/**
> + * The functions registers with ConfidentialGuestMemoryEncryptionOps will be
> + * used during the encrypted guest migration.
> + */
> +struct ConfidentialGuestMemoryEncryptionOps {
[style] in QEMU you should add a 'typedef' at the beginning and call the
type ConfidentialGuestMemoryEncryptionOps, and then you don't use the
keyword 'struct' when you refer to it. See for example the definition
of ConfidentialGuestSupportClass below.
> + /* Initialize the platform specific state before starting the migration */
> + int (*save_setup)(MigrationParameters *p);
> +
> + /* Write the encrypted page and metadata associated with it */
> + int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size,
> + uint64_t *bytes_sent);
> +
> + /* Load the incoming encrypted page into guest memory */
> + int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr);
> +
> + /* Check if gfn is in shared/unencrypted region */
> + bool (*is_gfn_in_unshared_region)(unsigned long gfn);
The comment says "shared/unencrypted", but the function name talks about
"unshared". I prefer:
/* Check if gfn is in encrypted region */
bool (*is_gfn_in_encrypted_region)(unsigned long gfn);
(and then maybe the comment is useless?)
> +
> + /* Write the shared regions list */
> + int (*save_outgoing_shared_regions_list)(QEMUFile *f);
> +
> + /* Load the shared regions list */
> + int (*load_incoming_shared_regions_list)(QEMUFile *f);
> +};
> +
> typedef struct ConfidentialGuestSupportClass {
> ObjectClass parent;
> + struct ConfidentialGuestMemoryEncryptionOps *memory_encryption_ops;
per above, remove 'struct'.
> } ConfidentialGuestSupportClass;
>
> #endif /* !CONFIG_USER_ONLY */
>
next prev parent reply other threads:[~2021-08-05 12:21 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-04 11:52 [PATCH v4 00/14] Add SEV guest live migration support Ashish Kalra
2021-08-04 11:53 ` [PATCH v4 01/14] doc: update AMD SEV API spec web link Ashish Kalra
2021-08-16 18:44 ` Dr. David Alan Gilbert
2021-08-04 11:53 ` [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow Ashish Kalra
2021-08-05 6:34 ` Dov Murik
2021-08-05 9:39 ` Ashish Kalra
2021-09-10 9:53 ` Daniel P. Berrangé
2021-08-04 11:54 ` [PATCH v4 03/14] migration.json: add AMD SEV specific migration parameters Ashish Kalra
2021-08-05 9:42 ` Dov Murik
2021-08-05 14:41 ` Ashish Kalra
2021-08-05 20:18 ` Eric Blake
2021-08-04 11:55 ` [PATCH v4 04/14] confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs Ashish Kalra
2021-08-05 12:20 ` Dov Murik [this message]
2021-08-05 14:43 ` Ashish Kalra
2021-08-04 11:56 ` [PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context Ashish Kalra
2021-08-05 13:06 ` Dov Murik
2021-08-05 14:45 ` Ashish Kalra
2021-08-04 11:56 ` [PATCH v4 06/14] target/i386: sev: do not create launch context for an incoming guest Ashish Kalra
2021-08-04 11:56 ` [PATCH v4 07/14] target/i386: sev: add support to encrypt the outgoing page Ashish Kalra
2021-08-05 14:35 ` Dov Murik
2021-08-04 11:57 ` [PATCH v4 08/14] target/i386: sev: add support to load incoming encrypted page Ashish Kalra
2021-08-04 11:57 ` [PATCH v4 09/14] kvm: Add support for SEV shared regions list and KVM_EXIT_HYPERCALL Ashish Kalra
2021-08-04 11:57 ` [PATCH v4 10/14] migration: add support to migrate shared regions list Ashish Kalra
2021-09-10 7:54 ` Wang, Wei W
2021-09-10 8:47 ` Ashish Kalra
2021-09-10 9:11 ` Wang, Wei W
2021-09-10 9:42 ` Ashish Kalra
2021-08-04 11:58 ` [PATCH v4 11/14] migration/ram: add support to send encrypted pages Ashish Kalra
2021-08-04 11:59 ` [PATCH v4 12/14] migration/ram: Force encrypted status for flash0 & flash1 devices Ashish Kalra
2021-08-04 11:59 ` [PATCH v4 13/14] migration: for SEV live migration bump downtime limit to 1s Ashish Kalra
2021-09-10 9:43 ` Daniel P. Berrangé
2021-09-10 10:18 ` Ashish Kalra via
2021-08-04 12:00 ` [PATCH v4 14/14] kvm: Add support for userspace MSR filtering and handling of MSR_KVM_MIGRATION_CONTROL Ashish Kalra
2021-09-10 7:56 ` Wang, Wei W
2021-09-10 9:14 ` Ashish Kalra
2021-09-10 9:36 ` Wang, Wei W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a608f479-1eca-6738-d96b-75145c334b29@linux.ibm.com \
--to=dovmurik@linux.ibm.com \
--cc=Ashish.Kalra@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=brijesh.singh@amd.com \
--cc=dgilbert@redhat.com \
--cc=dovmurik@linux.vnet.ibm.com \
--cc=ehabkost@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=tobin@ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).