Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SEV-SNP implementation to run on upstream kernels #243

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Update SEV-SNP implementation to run on upstream kernels #243

wants to merge 5 commits into from

Conversation

tylerfanelli
Copy link
Collaborator

@tylerfanelli tylerfanelli commented Dec 12, 2024
edited
Loading

Modify the SEV-SNP launch implementation to:

  • Create VMs with the KVM_X86_SNP_VM type.
  • Use KVM guest_memfd for memory regions.
  • Use KVM_SET_USER_MEMORY_REGION2.
  • Update the sev library dependency to 5.0.0.

With this, libkrun should be able to run on stock Linux kernels with version >= 6.11. Still completing some testing. Once tested, I will mark this PR as ready for review.

@tylerfanelli
amd-sev: Create KVM_X86_SNP_VM type
3ae6bf9 
KVM requires a VM intended to be run with SEV-SNP encryption to be
created with the KVM_X86_SNP_VM type.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
amd-sev: Use kvm_guest_memfd for memory registering
6c1f4bb 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
amd-sev: Update sev dependency to 5.0.0
d2670e7 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
amd-sev: Set guest_memfd memory regions in memory_init
535914f 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
Copy link
Collaborator Author

tylerfanelli commented Dec 12, 2024
edited
Loading

With these changes, I'm encountering the following unexpected error immediately after the VM starts:

Starting TEE/microVM.
[2024-12-12T06:43:33Z ERROR vmm::linux::vstate] Unexpected exit reason on vcpu run: MemoryFault { flags: 8, gpa: 4096, size: 4096 }

Will investigate.

@tylerfanelli
Copy link
Collaborator Author

tylerfanelli commented Dec 12, 2024
edited
Loading

I'd also like to modify this to create one guest_memfd and map all guest memory regions into it (using the kvm_userspace_memory_region2.guest_memfd_offset field) rather than creating a new guest_memfd for each region of guest memory.

@jakecorrenti
Copy link
Member

With these changes, I'm encountering the following unexpected error immediately after the VM starts:

Starting TEE/microVM.
[2024-12-12T06:43:33Z ERROR vmm::linux::vstate] Unexpected exit reason on vcpu run: MemoryFault { flags: 8, gpa: 4096, size: 4096 }

Will investigate.

I know in TDX you need to also set memory attributes after creating the guest memfd and setting the user memory region. I wonder if you have to do that here as well?

@tylerfanelli
Copy link
Collaborator Author

With these changes, I'm encountering the following unexpected error immediately after the VM starts:

Starting TEE/microVM.
[2024-12-12T06:43:33Z ERROR vmm::linux::vstate] Unexpected exit reason on vcpu run: MemoryFault { flags: 8, gpa: 4096, size: 4096 }

Will investigate.

I know in TDX you need to also set memory attributes after creating the guest memfd and setting the user memory region. I wonder if you have to do that here as well?

Do you? I wasn't aware of this. Will try it out.

@jakecorrenti
Copy link
Member

With these changes, I'm encountering the following unexpected error immediately after the VM starts:

Starting TEE/microVM.
[2024-12-12T06:43:33Z ERROR vmm::linux::vstate] Unexpected exit reason on vcpu run: MemoryFault { flags: 8, gpa: 4096, size: 4096 }

Will investigate.

I know in TDX you need to also set memory attributes after creating the guest memfd and setting the user memory region. I wonder if you have to do that here as well?

Do you? I wasn't aware of this. Will try it out.

let attr = kvm_memory_attributes {
    address: region.start_addr().raw_value(),
    size: region.len() as u64,
    // KVM_MEMORY_ATTRIBUTE_PRIVATE,
    attributes: 1 << 3,
    flags: 0,
};

self.fd
    .set_memory_attributes(attr)
    .map_err(Error::SetMemoryAttributes)?;

Should do the job. Hopefully this saves you time and avoids you having to dig around for it.

@tylerfanelli
vmm/vstate: Set memory attributes of regions
3e91667 
Co-developed-by: Jake Correnti <jcorrent@redhat.com>
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakecorrenti jakecorrenti jakecorrenti requested changes

@mtjhrc mtjhrc Awaiting requested review from mtjhrc mtjhrc will be requested when the pull request is marked ready for review mtjhrc is a code owner

@slp slp Awaiting requested review from slp slp will be requested when the pull request is marked ready for review slp is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tylerfanelli @jakecorrenti