Patches 1 and 2 are the long-awaited tests for COPY_ENC_CONTEXT_FROM, based on the ones for intra-host migration. The aim of patches 3 and 4 is to simplify the locking for COPY_ENC_CONTEXT_FROM, and solving (by sidestepping the question) the problem of a VM's encryption context being moved from and copied from at the same time. These patches are an alternative to Sean's patch with subject "KVM: SEV: Explicitly document that there are no TOCTOU races in copy ASID" (https://lore.kernel.org/kvm/76c7c752-f1b0-f100-03dd-364366eff02f@xxxxxxxxxx/T/). There is another bug: a VM that is the owner of a copied context must not be migrated, otherwise you could have a dangling ASID: 1. copy context from A to B (gets ref to A) 2. move context from A to L (moves ASID from A to L) 3. close L (releases ASID from L, B still references it) The right way to do the handoff instead is to create a fresh mirror VM on the destination first: 1. copy context from A to B (gets ref to A) [later] 2. close B (releases ref to A) 3. move context from A to L (moves ASID from A to L) 4. copy context from L to M I'll take a look at this later, probably next week after this series has been reviewed. Paolo Paolo Bonzini (4): selftests: sev_migrate_tests: free all VMs selftests: sev_migrate_tests: add tests for KVM_CAP_VM_COPY_ENC_CONTEXT_FROM KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM KVM: SEV: Do COPY_ENC_CONTEXT_FROM with both VMs locked arch/x86/kvm/svm/sev.c | 118 ++++++++---------- .../selftests/kvm/x86_64/sev_migrate_tests.c | 113 +++++++++++++++-- 2 files changed, 155 insertions(+), 76 deletions(-) -- 2.27.0
