qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 00/13] Add SEV guest live migration support

From: Dr. David Alan Gilbert
Subject: Re: [Qemu-devel] [PATCH v2 00/13] Add SEV guest live migration support
Date: Thu, 11 Jul 2019 10:59:38 +0100
User-agent: Mutt/1.12.0 (2019-05-25) 
* Singh, Brijesh (address@hidden) wrote:
> AMD SEV encrypts the memory of VMs and because this encryption is done using
> an address tweak, the hypervisor will not be able to simply copy ciphertext
> between machines to migrate a VM. Instead the AMD SEV Key Management API
> provides a set of functions which the hypervisor can use to package a
> guest encrypted pages for migration, while maintaining the confidentiality
> provided by AMD SEV.
> 
> The patch series add the support required in Qemu to perform the SEV
> guest live migration. Before initiating the live migration a user
> should use newly added 'migrate-set-sev-info' command to pass the
> target machines certificate chain. See the docs/amd-memory-encryption.txt
> for further details.

Note the two patchew errors:
  a) Mostly formatting; 80 char lines, /* comments etc - you should
     check your patches using scripts/checkpatch.pl  to get rid of that
     lot.

  b) There are some build errors on non-x86 softmmu builds.

Dave

> The patch series depends on kernel patches available here:
> https://marc.info/?l=kvm&m=156278967226011&w=2
> 
> The complete tree with patch is available at:
> https://github.com/codomania/qemu/tree/sev-migration-v2
> 
> Changes since v1:
>  - use the dirty log sync APIs to also sync the page encryption bitmap
>    when SEV is active.
> 
> Brijesh Singh (13):
>   linux-headers: update kernel header to include SEV migration commands
>   kvm: introduce high-level API to support encrypted page migration
>   migration/ram: add support to send encrypted pages
>   kvm: add support to sync the page encryption state bitmap
>   doc: update AMD SEV API spec web link
>   doc: update AMD SEV to include Live migration flow
>   target/i386: sev: do not create launch context for an incoming guest
>   misc.json: add migrate-set-sev-info command
>   target/i386: sev: add support to encrypt the outgoing page
>   target/i386: sev: add support to load incoming encrypted page
>   kvm: introduce high-level API to migrate the page encryption bitmap
>   migration: add support to migrate page encryption bitmap
>   target/i386: sev: remove migration blocker
> 
>  accel/kvm/kvm-all.c            | 108 ++++++++
>  accel/kvm/sev-stub.c           |  22 ++
>  accel/stubs/kvm-stub.c         |  22 ++
>  docs/amd-memory-encryption.txt |  44 +++-
>  include/exec/ram_addr.h        | 161 +++++++++++-
>  include/exec/ramlist.h         |   3 +-
>  include/sysemu/kvm.h           |  25 ++
>  include/sysemu/sev.h           |   6 +
>  linux-headers/linux/kvm.h      |  53 ++++
>  migration/ram.c                |  91 ++++++-
>  qapi/misc-target.json          |  18 ++
>  target/i386/monitor.c          |  10 +
>  target/i386/sev-stub.c         |   5 +
>  target/i386/sev.c              | 455 +++++++++++++++++++++++++++++++--
>  target/i386/sev_i386.h         |  11 +-
>  target/i386/trace-events       |   8 +
>  16 files changed, 1016 insertions(+), 26 deletions(-)
> 
> -- 
> 2.17.1
> 
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
reply via email to
[Prev in Thread] Current Thread [Next in Thread]