On 21.03.23 19:15, Peter Gonda wrote:
On Tue, Mar 21, 2023 at 11:03 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
+Peter
On Mon, Mar 20, 2023, Alexander Graf wrote:
With protected state (like SEV-ES and SEV-SNP), KVM does not have direct
access to guest registers. However, we deflect modifications to CR0,
Please avoid pronouns in changelogs and comments.
CR4 and EFER to the host. We also carry the apic_base register and learn
about CR8 directly from a VMCB field.
That means these bits of information do exist in the host's KVM data
structures. If we ever want to resume consumption of an already
initialized VMSA (guest state), we will need to also restore these
additional bits of KVM state.
For some definitions of "need". I've looked at this code multiple times in the
past, and even posted patches[1], but I'm still unconvinced that trapping
CR0, CR4, and EFER updates is necessary[2], which is partly why series to fix
this stalled out.
: If KVM chugs along happily without these patches, I'd love to pivot and yank out
: all of the CR0/4/8 and EFER trapping/tracking, and then make KVM_GET_SREGS a nop
: as well.
[1] https://lore.kernel.org/all/20210507165947.2502412-1-seanjc@xxxxxxxxxx
[2] https://lore.kernel.org/all/YJla8vpwqCxqgS8C@xxxxxxxxxx
Yea we are using similar patches to do intra-host migration for SNP VMs.
I have dropped the ball on my AI from that thread. Let me look/test this patch.
Awesome, thanks. If we can get away without any of the above states and
make sregs completely useless for protected state, I'd be even happier :)
Alex
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879