AMD SEV/SEV-ES Local Migration Support Patches For Linux
Local migration of VMs allow for moving the guest to a new user-space VMM within the same host such as when upgrading/changing its resources or other alterations to the virtual machine but short of remote migration to a different host.
With Secure Encrypted Virtualization on EPYC processors isolating the VMs from the hypervisor with encrypted memory and SEV-ES also protecting the CPU register state, VM migration support requires special handling. In particular, the proper and secure passing of SEV metadata from the old to new VMM.
With this kernel patch series submitted by Google, the just under 500 lines of new code allow for SEV/SEV-ES local migration support with the Kernel-based Virtual Machine (KVM). Meanwhile on their latest SEV front with EPYC 7003 series processors, the SEV-SNP upstreaming is still ongoing but hopefully that too will be settled soon.
This isn't the first time we have seen Google engineers submitting patches to the Linux kernel for AMD EPYC server CPU features. They have in the past worked on other features like the RAPL support for EPYC and more. For some of these non-critical features they have been at times a bit tardy to arrive for mainline until tackled by the likes of Google, but with AMD continuing to hire more Linux engineers it looks like they are working to provide much more robust support moving forward.