KVM Forum 2024

Tom Lendacky

Tom Lendacky is a member of the Linux OS group at Advanced Micro Devices where he is responsible for enabling and enhancing support for AMD processor features in the Linux kernel. He is currently working on extending the SEV support in the Linux kernel to further enhance the features and capabilities of SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging). He has spoken at various Linux events, including KVM Forum a few times.


Sessions

09-22
11:15
30min
SVSM and VM Privilege Level instantiation and execution
Tom Lendacky

The VM Privilege Level (VMPL) feature of SEV-SNP allows for privilege separation within an SEV-SNP guest. Each VMPL will require its own execution state for each vCPU. A Secure VM Service Module (SVSM) runs at the highest privilege level to provide services to lower privilege levels (such as a Linux guest OS). This talk looks to investigate how to maintain VMPL state for each guest vCPU and how to efficiently switch between VMPL levels of the guest vCPU.

Hall C+D
09-23
13:45
30min
SNP Live Migration with guest-memfd and mirror VM
Tom Lendacky, Pankaj Gupta

For SEV SNP live migration support, a migration helper would run as a mirror VM. The mirror VM would use the existing KVM API's to copy the KVM context and populate the NPT page tables at page fault time. The mirror VM also does the dirty page tracking and finalizes the end of live migration. For designing the guest_memfd API's for the mirror VM, we want to consider the post copy use case as well so that the copying of paged-in memory in the mirror VM would have a separate memory view. In this talk we will cover the above use-cases for guest_memfd & mirror VM design for the SEV-SNP live migration.

Hall C+D