From patchwork Wed Dec 6 20:03:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 845314 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="PEh/W11n"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3ysV6Y1tGJz9s72 for ; Thu, 7 Dec 2017 07:08:21 +1100 (AEDT) Received: from localhost ([::1]:57505 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMfzP-0002Cf-6C for incoming@patchwork.ozlabs.org; Wed, 06 Dec 2017 15:08:19 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49781) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMfvt-00065o-4W for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eMfvp-0002Xl-Uv for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:41 -0500 Received: from mail-sn1nam01on0078.outbound.protection.outlook.com ([104.47.32.78]:16064 helo=NAM01-SN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eMfvp-0002Wz-N1 for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UwjshkY+lzj52QWD1DQGTph1XGBonz3PH0okFKHVLQM=; b=PEh/W11n9DOY+JO386/rFl0FfydoUfg2+2uRN1rOmbDezrg/zhcYIzobhMdEcxuROMJKRGRDMKnaY1xL+WxgLBIGt699ZV6geJjIMk3dRhLdYqwO7slf7B1A7v2juPN1zQ6bLe1dbBIVTFZjeE0qs4ch5ZCBd1uLCCLxMrmuKDw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:32 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 6 Dec 2017 14:03:34 -0600 Message-Id: <20171206200346.116537-12-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b42367a3-2575-4a48-2f0d-08d53ce49227 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:qDCJRgqVrBH/wKgIc/p4f/PIeNq/rDZblNiwW9+E58yIKgNW4M2p5Cc2xw/isiN8F/0eBzeke3PZ9Cuqsrt3WIALiQ7HLvFM4c/ksPJNO9dQBEVbH0Y3ZrsPmvh+icYzy1E4CoyHDDHbRwXRsWUO/HQDUhQ3Wstv/h/s2OZdolZeGze9YelhskCHLjRNPD1y0z+EzcwbgR3dDUdEuhKMYXsgRsD1WzOqAR/FqQ9xO/JNaPsCaKdn9XJ51Um/z+vd; 25:u/Xpiv9Yq+Ig5Er080rPheERCm17PxrXIafGpE1U+WyrEKAMa42uEOcHoe/GXCFi7bFDB5a4bSsXTjj4xShgBMFcNC37Y3aHq1i+ncPmvIzFGKXcAhHSajo8f9Awynojt8O1GjUhpESFT2FuE9DcAoJ/koDUQDKmCEw1S4/GxGpP2lJcfK3j1AxhMyA7LV/u7Ek8UcN4Rwpf3geje9CrDFHinPLtFW7jgNStcnQvSJYnYwjKc/rfOlTrWSqeMgodfioOhO3ftQC1SDdUe5s4pVvAw6RwkoaNFvmYU4Iujh82PzSsqz+bhn6QAaG4+uGTSVVoGKlEhfKIIe/Ij5wPAw==; 31:bfoIep7Vf9nIWVg30VMfJlBtcEo+55jH5z4gKep4m4auib9bxJUTLlWKgQLZV7LdCdcOnnL8IKF1tYDKqp5cYSWLviMTYd7fyhKPh5hpAzeAWLoCUL0xjm3u7c0Gjpp2LA84imuA/s7u1VoQDwWZfDTl0FaORnnBzijdI5bdtG5Gayp+PXaONJdvquLosksQ85Su0Uih/mi5azLq+OOnOjp8fHy6r+/cad01HquLipM= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:yMfFMn5/MQILSaEkmS5urpXqtbzWN2wmqJXZYc38uNzMEEr4oCgfAfUfNBd/8qSEVkWlqVWBCmkluq92g2fgcj/7GPXmW2nMyCTm3mlQ2LtQHuqEh2UHv1poapOBbIlZoJzEe8qb1XfBslbU6etgP8AvmzsOKC+1nzFSDrpfv0grcnSq05NH813QoRxbCJXX+rTH94cBvVuKmFSGnH4U39j5bgJGJgxvRhvT/KiC1GmPBWzaU0+zQMgIm89fPZuQCHPpa1Fv6K5PJmdMroW9FmNP4iu0JWMUm47x0SnWs8Z7+lcGd2IAD9reoWdyBiJblbk2kxFOxyguxXr86bHXN21Zr5DxJ2MHwlZC3/NWMsbyaT+zH/12cQ5g1QdlrhEKfEVnzU0AjAmkUtsGNrI3EHmMLbOMNxkfJWidy7yszh9C1AP/sdzgc3DpaZ0hL4nGNRgXRpgHmsNjVZhTGBLo1sF/uA/BC27PHmGuNfMqYXVWfilypdcXBHTX9CmeEAbm; 4:CcE0PpBOmk4R2UregaoNidW7eNXy01XKiucStykQGtGWSWlFL4asNUBrOo/DG00pfZST7DoKmy26+2a2we++G/2CnpISVfgYWB6d4tK/CUq1yQcqM1H5s/sPuYrnKzstImHFPLppbvBHAuYaVXtmwSTv5NrmVawzxEu10CoRPrc7NipLdJp+VYj7W0Czsiz6jGEr+qvjGYNARzff1UOsST3HpWc5h1ohxHZsdqLKZQd895pWy3UGCKeEaxTYwFVjUp0e+IAe98r6m3rUXKSQfUf2qJoQLGJEWOdIJapIskjTQmSCf1ZyleIjn7jK4tH5 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:Zo/rG9LSwomgQUirg/ckVF+j5qh6DzDjMUwOg3Ys7?= tJE9lRDWbYce6khLEqhpI47o8Ig4PV3Z/y+bYtObTbnEBpfXfpgGFFPpA8k1gB2TWMwB6/UlGIlE4159QoLd3IumOzzpCLzO6MQhItrad3VYOUKfrMc3ZiSgq6E5B8TMv9Cwm8G9jHsK95qErUiWCdThsT53bf3xj6T9uQepGhzfggTY1fKRSOd7Kts97wYYdqKrjyBnqZnNLjYhHnmxnxSyeeQpwpGfLcvZ6V6D4FDCWi7zN88L8Xr6Z2THtNWtUKeO1vE2M2tm4SWtYbB3lP2ijWy+bYfxyLNPc0vos2TVP5c8o5PaXeoF6zj9gSeiUOGFDVi5b5yDUFfGX+OYO/lo5qQqfvKYW9jId94wX3TunDATIEYGfh1q87lF6mQUZFrIu40xGPBO2zaccl0txAZbV2tuIwQbaFyl0gQn7D1uM4cgTsiVmculktSj5kfQd2jcCeaPagubawnCzQub0zJwO8PjTcOxpVFJAU4xGQIseKdUamcWdRM1QFBOTYzLIHzZba3Nvn7OpOg8JGbFIjklpQ3feIEoW/A0D4ZZO6x9aNSVcyfa6LC+ek6TwKSbPX0wAc0i33qiTL2a8MtOMpSotZrsWf7W0fDjFbKpoZIVKmWmpejBAnWyLUsK9oNm6/eNd92y8GqOP+nIgQgTIRJ9nrSRYzHeA1ojgC2gM3MNkmHNKUsg0z1iFl970hD+4z4XJzeY5wTc2XeAP2VXnfBbIoCXiAEurUFHhw+4p+QGYMhI6UWU7ry4I3W58ca8JSIdi8QNPatgcD4hLNrSXecBdMly7cM5BDFLRecM0aTXBg3dWvpTaLMbO65M/ZJIGPR4x591AmZbWXsNHYCab7TpRNzOLUDIhKcwmaJMT2a68p5SLguCiFxYVa8eXY3codysYrFC7AcANdV0+miz6e8FddrgHG/90wYVrnCLjgpWF4/N3tZGVoiD5WTEuUjWUGvfBrp4VwapoVrrDeaR7719ATNC6NBur4mvDvMkwqH/ebnv+lVtamzVrmmY5VjJNHYHs+3lrQsqKhvumsvNvLZ6p93ErV8aVsMJbHRFtc/Ak4vpTaTYg1V7oYyWL7Sx89tQsUzshoEMFpcCWaHM8HC54zY5fVk+I0i/sH6zyeW1vgoeY5r5wAkMzeefpDvHhsWSSZfTLXmv+8gZ1UfWlIn X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:a/AVbcQAlp143Uy8giHaEE4vaMZyvV0Lqa/mSBt9gpPt+pDgl4uCztEVYkOjOz0VZzk4wknHa3FPMLQYbkN+rCK8YAoxTXOYXp7dxF3X4zc3VXnaazeBmqJpyE0iUE1ZbFXGYQhN8E+15c880fGxP0DROlRrX6o9tM2U3EQCAYzCImT8ve1wd5gN6mz7DUT5pOFotGLsbVvVAw9t1w4VzL2YnxIxlzYKbwiyOZAd4ghsQLXQeN/Erwizx7KqrVkADJsygylefEWNLf8wFJsVlGMd8sYtZpbM0VmbRICL1eASBTbk4P5pFSkStFFZR2GNJKVn9JpFbMOMO5pgo5y2MgUcQSiMhZj3bz1BhKtPkbQ=; 5:scgvGDRnUvhHF85uzqNYOTxaUuOeGjjm0qNtbRCowe7HYPlyr5VX3vraLA7AG8VHPppWxe6wS9R5/BHXoN8ykp03yRmV0CGv+YCuMEjut6ehsUbrq75oThQO0DxlhLDdh71yQrSxB2Ys4HvLMf/SCLrsFIZU93DEJGqM3PaUwlA=; 24:4WulSuJDTv8N4JAkj0Y4f+iWMsPhhij44bAJ6xWCwhIrUdhKXakp3yKt+aG4xODrMVdFXbsUl8mwQmU5xcwHBBOXYMAoqjZ+wHf6jaHPvy4=; 7:rPD0gJBKtlbHyB/RS9VNhGX0nrXbROqve1t4WxHRCp7kIOyW0dqnt1XEgP05c/nGgdKJInpdvUTjQqJ1zkqA3s4nZ4AaEn9sn7NmlYrBskqDP/JeOhsT2BOwVdtzQH+Bz+9WyI5iFsTjRS+ugsb/qEcfwVwE3dmPb/nCLE4SiCjCKFGP8l3ZcdEiDvrez2i7GvhaafQYp2w5AatUY76mRbeXWPzpxJHygv0zxYnuHom3j/yzonu5CiOZZlWCLQJM SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:L4zUVHbUcnmcEbWfW/dXXWX3ebMzr8LjDbHNLXB53BmY99lhseyb/x0X2NI1gKEtZaa254Urw5Fdc2vjKxYBhHdnnmPyXTHMPB4DMcDa73t09tBcKuhaoAXfy/ENG7rpNgmFbLTrmeStWePhrZ5FZ7Cv52agAhhqK96aKcPz6vDwyvjreG/3elEsT5CQ0V3+FlyoTch8AoppdDZNNa8Y1VDhs1ozLiT0SI34ohz8EQQnMq1vJHupCAv5Ya/lNwNJ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:32.7857 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b42367a3-2575-4a48-2f0d-08d53ce49227 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.32.78 Subject: [Qemu-devel] [PATCH v5 11/23] sev: register the guest memory range which may contain encrypted data X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E . Iglesias " , Peter Maydell , Peter Crosthwaite , Eduardo Habkost , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Christian Borntraeger , Brijesh Singh , Stefan Hajnoczi , Cornelia Huck , Paolo Bonzini , Thomas Lendacky , Borislav Petkov , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- accel/kvm/sev.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index 37020751bd14..7b5318993969 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -84,6 +84,43 @@ fw_error_to_str(int code) } static void +sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); + if (r) { + error_report("%s: failed to register region (%#llx+%#llx)", + __func__, range.addr, range.size); + } +} + +static void +sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); + if (r) { + error_report("%s: failed to unregister region (%#llx+%#llx)", + __func__, range.addr, range.size); + } +} + +static struct RAMBlockNotifier sev_ram_notifier = { + .ram_block_added = sev_ram_block_added, + .ram_block_removed = sev_ram_block_removed, +}; + +static void qsev_guest_finalize(Object *obj) { } @@ -286,6 +323,8 @@ sev_guest_init(const char *id) goto err; } + ram_block_notifier_add(&sev_ram_notifier); + return s; err: g_free(s);