qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH v2 00/13] Add SEV guest live migration support


From: Singh, Brijesh
Subject: [Qemu-devel] [PATCH v2 00/13] Add SEV guest live migration support
Date: Wed, 10 Jul 2019 20:22:58 +0000

AMD SEV encrypts the memory of VMs and because this encryption is done using
an address tweak, the hypervisor will not be able to simply copy ciphertext
between machines to migrate a VM. Instead the AMD SEV Key Management API
provides a set of functions which the hypervisor can use to package a
guest encrypted pages for migration, while maintaining the confidentiality
provided by AMD SEV.

The patch series add the support required in Qemu to perform the SEV
guest live migration. Before initiating the live migration a user
should use newly added 'migrate-set-sev-info' command to pass the
target machines certificate chain. See the docs/amd-memory-encryption.txt
for further details.

The patch series depends on kernel patches available here:
https://marc.info/?l=kvm&m=156278967226011&w=2

The complete tree with patch is available at:
https://github.com/codomania/qemu/tree/sev-migration-v2

Changes since v1:
 - use the dirty log sync APIs to also sync the page encryption bitmap
   when SEV is active.

Brijesh Singh (13):
  linux-headers: update kernel header to include SEV migration commands
  kvm: introduce high-level API to support encrypted page migration
  migration/ram: add support to send encrypted pages
  kvm: add support to sync the page encryption state bitmap
  doc: update AMD SEV API spec web link
  doc: update AMD SEV to include Live migration flow
  target/i386: sev: do not create launch context for an incoming guest
  misc.json: add migrate-set-sev-info command
  target/i386: sev: add support to encrypt the outgoing page
  target/i386: sev: add support to load incoming encrypted page
  kvm: introduce high-level API to migrate the page encryption bitmap
  migration: add support to migrate page encryption bitmap
  target/i386: sev: remove migration blocker

 accel/kvm/kvm-all.c            | 108 ++++++++
 accel/kvm/sev-stub.c           |  22 ++
 accel/stubs/kvm-stub.c         |  22 ++
 docs/amd-memory-encryption.txt |  44 +++-
 include/exec/ram_addr.h        | 161 +++++++++++-
 include/exec/ramlist.h         |   3 +-
 include/sysemu/kvm.h           |  25 ++
 include/sysemu/sev.h           |   6 +
 linux-headers/linux/kvm.h      |  53 ++++
 migration/ram.c                |  91 ++++++-
 qapi/misc-target.json          |  18 ++
 target/i386/monitor.c          |  10 +
 target/i386/sev-stub.c         |   5 +
 target/i386/sev.c              | 455 +++++++++++++++++++++++++++++++--
 target/i386/sev_i386.h         |  11 +-
 target/i386/trace-events       |   8 +
 16 files changed, 1016 insertions(+), 26 deletions(-)

-- 
2.17.1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]