[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow |
|
Date: |
Fri, 10 Sep 2021 10:53:54 +0100 |
|
User-agent: |
Mutt/2.0.7 (2021-05-04) |
On Wed, Aug 04, 2021 at 11:53:47AM +0000, Ashish Kalra wrote:
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> ---
> docs/amd-memory-encryption.txt | 46 +++++++++++++++++++++++++++++++++-
> 1 file changed, 45 insertions(+), 1 deletion(-)
>
> diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
> index 12ca25180e..0d9184532a 100644
> --- a/docs/amd-memory-encryption.txt
> +++ b/docs/amd-memory-encryption.txt
> @@ -126,7 +126,51 @@ TODO
>
> Live Migration
> ----------------
> +NOTE:
> +To protect against the memory clone SEV APIs are designed to make the VM
> +unrunnable in case of the migration failure.
Can you expand on this, as the limited explanation does not make a
whole lot of sense. What is the threat model here, what actions
are being taken to ensure unrunnability and who or what enforces
that ? Which VM is this referring to - the src VM or dst VM ?
I comes across like you're trying to protect against the case where
the same VM is executing on both hosts concurrently, but I'm not
clear how that ties into migration failure.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow,
Daniel P . Berrangé <=