On Wed, Apr 21, 2021 at 04:44:02PM +0200, Borislav Petkov wrote:
> On Thu, Apr 15, 2021 at 04:01:16PM +0000, Ashish Kalra wrote:
> > From: Ashish Kalra <ashish.kalra@xxxxxxx>
> >
> > The guest support for detecting and enabling SEV Live migration
> > feature uses the following logic :
> >
> > - kvm_init_plaform() invokes check_kvm_sev_migration() which
> > checks if its booted under the EFI
> >
> > - If not EFI,
> >
> > i) check for the KVM_FEATURE_CPUID
>
> Where do you do that?
>
> $ git grep KVM_FEATURE_CPUID
> $
>
> Do you mean
>
> kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION)
>
> per chance?
>
Yes, the above mentions to get KVM_FEATURE_CPUID and then check if live
migration feature is supported, i.e.,
kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION). The above comments
are written more generically.
> > diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
> > index 78bb0fae3982..94ef16d263a7 100644
> > --- a/arch/x86/kernel/kvm.c
> > +++ b/arch/x86/kernel/kvm.c
> > @@ -26,6 +26,7 @@
> > #include <linux/kprobes.h>
> > #include <linux/nmi.h>
> > #include <linux/swait.h>
> > +#include <linux/efi.h>
> > #include <asm/timer.h>
> > #include <asm/cpu.h>
> > #include <asm/traps.h>
> > @@ -429,6 +430,59 @@ static inline void __set_percpu_decrypted(void *ptr, unsigned long size)
> > early_set_memory_decrypted((unsigned long) ptr, size);
> > }
> >
> > +static int __init setup_kvm_sev_migration(void)
>
> kvm_init_sev_migration() or so.
>
> ...
>
> > @@ -48,6 +50,8 @@ EXPORT_SYMBOL_GPL(sev_enable_key);
> >
> > bool sev_enabled __section(".data");
> >
> > +bool sev_live_migration_enabled __section(".data");
>
> Pls add a function called something like:
>
> bool sev_feature_enabled(enum sev_feature)
>
> and gets SEV_FEATURE_LIVE_MIGRATION and then use it instead of adding
> yet another boolean which contains whether some aspect of SEV has been
> enabled or not.
>
> Then add a
>
> static enum sev_feature sev_features;
>
> in mem_encrypt.c and that function above will query that sev_features
> enum for set flags.
>
> Then, if you feel bored, you could convert sme_active, sev_active,
> sev_es_active, mem_encrypt_active and whetever else code needs to query
> any aspect of SEV being enabled or not, to that function.
>
Ok.
> > +void __init check_kvm_sev_migration(void)
> > +{
> > + if (sev_active() &&
> > + kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION)) {
>
> Save an indentation level:
>
> if (!sev_active() ||
> !kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION))
> return;
>
> > + unsigned long nr_pages;
> > + int i;
> > +
> > + pr_info("KVM enable live migration\n");
>
> That should be at the end of the function and say:
>
> pr_info("KVM live migration enabled.\n");
>
> > + WRITE_ONCE(sev_live_migration_enabled, true);
>
> Why WRITE_ONCE?
>
Just to ensure that the sev_live_migration_enabled is set to TRUE before
it is used immediately next in the function.
Thanks,
Ashish
> And that needs to go to the end of the function too.
>
> Thx.
>
> --
> Regards/Gruss,
> Boris.
>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpeople.kernel.org%2Ftglx%2Fnotes-about-netiquette&data=04%7C01%7CAshish.Kalra%40amd.com%7Cfe47697d718c4326b62108d904d3e9ad%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546130496140162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=d%2F%2Bx8t8R7zJclA7ENc%2Fxwt5%2FU13m%2FWObem2Hq8yH190%3D&reserved=0
