git.baikalelectronics.ru Git - kernel.git/commit

author	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 23 Nov 2021 00:50:34 +0000 (19:50 -0500)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 30 Nov 2021 08:54:14 +0000 (03:54 -0500)
commit	46b43d0812ad6fb15efea618f74bf00fc519f599
tree	759824b697177936ad53c887de4604947141e8c3	tree \| snapshot
parent	834e4aa9bfff4a366645729ded2c133729c8bd92	commit \| diff

KVM: SEV: Prohibit migration of a VM that has mirrors

VMs that mirror an encryption context rely on the owner to keep the
ASID allocated. Performing a KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM
would cause a dangling ASID:

1. copy context from A to B (gets ref to A)
2. move context from A to L (moves ASID from A to L)
3. close L (releases ASID from L, B still references it)

The right way to do the handoff instead is to create a fresh mirror VM
on the destination first:

1. copy context from A to B (gets ref to A)
[later] 2. close B (releases ref to A)
3. move context from A to L (moves ASID from A to L)
4. copy context from L to M

So, catch the situation by adding a count of how many VMs are
mirroring this one's encryption context.

Fixes: 697b9f909d28 ("KVM: SEV: Add support for SEV-ES intra host migration")
Message-Id: <20211123005036.2954379-11-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/kvm/svm/sev.c		diff \| blob \| history
arch/x86/kvm/svm/svm.h		diff \| blob \| history
tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c		diff \| blob \| history