[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 25/26] target/i386: SEV: Allow migration unless there are no
From: |
Dov Murik |
Subject: |
[RFC PATCH 25/26] target/i386: SEV: Allow migration unless there are no aux vcpus |
Date: |
Tue, 2 Mar 2021 15:48:21 -0500 |
Memory-encrypted guests require a migration helper running on an
auxiliary vcpu inside the guest in order to migrate RAM to the target.
When there are no auxiliary vcpus, block migration attempts.
Signed-off-by: Dov Murik <dovmurik@linux.vnet.ibm.com>
---
target/i386/sev.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index da2d0cc699..f22f9b29ea 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -32,6 +32,7 @@
#include "qom/object.h"
#include "exec/address-spaces.h"
#include "monitor/monitor.h"
+#include "hw/boards.h"
#include "exec/confidential-guest-support.h"
#include "migration/confidential-ram.h"
#include "hw/i386/pc.h"
@@ -669,6 +670,7 @@ sev_launch_finish(SevGuestState *sev)
{
int ret, error;
Error *local_err = NULL;
+ MachineState *ms = MACHINE(qdev_get_machine());
trace_kvm_sev_launch_finish();
ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error);
@@ -680,14 +682,19 @@ sev_launch_finish(SevGuestState *sev)
sev_set_guest_state(sev, SEV_STATE_RUNNING);
- /* add migration blocker */
- error_setg(&sev_mig_blocker,
- "SEV: Migration is not implemented");
- ret = migrate_add_blocker(sev_mig_blocker, &local_err);
- if (local_err) {
- error_report_err(local_err);
- error_free(sev_mig_blocker);
- exit(1);
+ /*
+ * SEV migration is not supported unless there's an auxiliary CPU running
+ * the guest-assisted migration helper.
+ */
+ if (ms->smp.aux_cpus == 0) {
+ error_setg(&sev_mig_blocker,
+ "SEV: Migration is not implemented");
+ ret = migrate_add_blocker(sev_mig_blocker, &local_err);
+ if (local_err) {
+ error_report_err(local_err);
+ error_free(sev_mig_blocker);
+ exit(1);
+ }
}
}
--
2.20.1
- [RFC PATCH 06/26] hw/acpi: Don't include auxiliary vcpus in ACPI tables, (continued)
- [RFC PATCH 06/26] hw/acpi: Don't include auxiliary vcpus in ACPI tables, Dov Murik, 2021/03/02
- [RFC PATCH 13/26] migration: Add helpers to load confidential RAM, Dov Murik, 2021/03/02
- [RFC PATCH 07/26] cpu: Add boolean aux field to CPUState, Dov Murik, 2021/03/02
- [RFC PATCH 23/26] target/i386: Re-sync kvm-clock after confidential guest migration, Dov Murik, 2021/03/02
- [RFC PATCH 03/26] machine: Add auxcpus=N suboption to -smp, Dov Murik, 2021/03/02
- [RFC PATCH 09/26] softmmu: Don't sync aux vcpus in pre_loadvm, Dov Murik, 2021/03/02
- [RFC PATCH 19/26] migration: Don't sync vcpus when migrating confidential guests, Dov Murik, 2021/03/02
- [RFC PATCH 08/26] hw/i386: Set CPUState.aux=true for auxiliary vcpus, Dov Murik, 2021/03/02
- [RFC PATCH 14/26] migration: Introduce gpa_inside_migration_helper_shared_area, Dov Murik, 2021/03/02
- [RFC PATCH 18/26] migration: Stop non-aux vcpus before copying the last pages, Dov Murik, 2021/03/02
- [RFC PATCH 25/26] target/i386: SEV: Allow migration unless there are no aux vcpus,
Dov Murik <=
- [RFC PATCH 24/26] migration: Add start-migrate-incoming QMP command, Dov Murik, 2021/03/02
- [RFC PATCH 15/26] migration: Save confidential guest RAM using migration helper, Dov Murik, 2021/03/02
- [RFC PATCH 26/26] docs: Add confidential guest live migration documentation, Dov Murik, 2021/03/02
- [RFC PATCH 20/26] migration: When starting target, don't sync auxiliary vcpus, Dov Murik, 2021/03/02
- [RFC PATCH 05/26] hw/i386: Mark auxiliary vcpus in possible_cpus, Dov Murik, 2021/03/02
- [RFC PATCH 10/26] softmmu: Add cpu_synchronize_without_aux_post_init, Dov Murik, 2021/03/02
- [RFC PATCH 17/26] migration: Stop VM after loading confidential RAM, Dov Murik, 2021/03/02
- [RFC PATCH 22/26] hw/isa/lpc_ich9: Allow updating an already-running VM, Dov Murik, 2021/03/02
- [RFC PATCH 21/26] migration: Call migration handler cleanup routines, Dov Murik, 2021/03/02
- Re: [RFC PATCH 00/26] Confidential guest live migration, no-reply, 2021/03/02