From patchwork Thu Feb 15 15:39:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 873978 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="WWkYsFus"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zj1LT3KB7z9s7f for ; Fri, 16 Feb 2018 03:04:33 +1100 (AEDT) Received: from localhost ([::1]:33309 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emM1P-0002Wy-H3 for incoming@patchwork.ozlabs.org; Thu, 15 Feb 2018 11:04:31 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35845) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLeo-0004fT-V6 for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:41:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emLel-0003d8-27 for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:41:11 -0500 Received: from mail-cys01nam02on0075.outbound.protection.outlook.com ([104.47.37.75]:62830 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emLek-0003cx-Ls for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:41:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=j9Rv4vf53y8O4CJGXyRjhJIpQ9x9WgVsYyiP0imVAB8=; b=WWkYsFusYrT5Z2AhRIx4e2tWRV5Hwq36Osb7uHmIGly/C+9fldO3q+msd/lJhwlopXhlTSyrW44G2UkWI0shcyx+QBMvNM98Hpje5skWntEhZ7pmfB8Q72kytjbFRFkzTQdJWF+pbc6w/3JQ0dlwdfNvjjh4LUdVrMtNj4aNBw0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Thu, 15 Feb 2018 15:41:00 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 15 Feb 2018 09:39:47 -0600 Message-Id: <20180215153955.3253-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180215153955.3253-1-brijesh.singh@amd.com> References: <20180215153955.3253-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR04CA0044.namprd04.prod.outlook.com (10.172.133.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 92940929-a560-4cf9-8433-08d5748a84ad X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:1xCgOIPUnrBg1JF11L2lkJfK9HU2I+asl2f+8WGEcL251n5cvC/urTYHkvykb/y8ezED0riwJ1EcZxRwIJ6Hc3L6wFZCU15+a8Rgw1PZQCXs1FtSEIRScqBonkKsa2kY9Ce12QeuZJgGUnEUVz2lySja435tEu2apN0Bdmd8s25uMYJUMXpJCzgWAP0yc2MBefN83svEpHpIz9zjHVDzpIaIS4fafIJMztGhtGM9vsLu+Y9pHfN/kc3cxOJ9Hpjm; 25:wn9cE9FMjJx2qnSg1+Tlvo8a4OGrSSqsxnXuCAAj6MIdyBm4fi1E5FA7E1fH/eh78xvuVr/84HTUi9OulMVdHZSkPW8mBSakEczSxfHJGfOKVwoPzy3mbQCoaA/ijPSPJGM8aD4QBaKOw2LS0G8314RxfxIULNOGSt43TDVOusoqqVD3go6euHip79mBSaSA8CN53q3hptvRfo5YNmea3uDm7mHXCGDDHtQrqhW38HvIsQ1/dFOW2arXYmG61KfD0uYSvwCalOxP922QLHK5m5ZcQHy+GFy+8CLrPintEirw/qQI5VvWTN4+9x4uLuPQCxlQKhzra/dTkckbK+KpMw==; 31:dURprDA2FU5Es0hBOwAvSY+uCv0YX2GrvfY7aF1iYb3HzmoNuU0d5ZURJ298q0DPb0dGDBl1Rz4zb/iIBPC9JhwIyTSVjs/A/dY5KygLbA30qPYsuuBGsbh5KVnBKnfx5VlJkgoPzd9ceeJC81TP/JXIGnk05rG6ioGIELGM+f/o2mO4drkDRtceOiBGXBAxXYEZHmB0cAk/dXCzntZ4WFw9ouXnlbmTMoBEbr41L84= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:rAM1PKDdq98hj3iwefrLW9GAgpeG4Dv/iDwZceXJELacyP6KXSj+ACuqkML0z/L4mJyqpwMHjCr3/bqLlkPVX0dqcRQ/0aIPNs7RJPuwMLS/aROXrvIMA5LPCMoOA148DbKvAj7Fdu/t14Ei+yrx1yZP56DIFV+kldIrDEAANaVyjn8oDU2uwv6aSWBEfULy8hGeXRK8WCOzsXjcjnuLd2O5TL42DNcy/79sLcrf7HkoFTTwgWg99vC5G3O995ZgDo8LHOopBRMDRl33hwOnoJBWrTXyscklsWP0/EHu+1YhTBPCbjEKe5TgLnKumFr+EEXTLhT4I+uekk8d3+mdeALmYpYiBycyu9IplB4pEwjfodkEOWy+zpZ0aQ+0wDIxaa8woqJamU+dvmxpi1ESd6NCwbJz7TuNqGhZAJ7suRcA8To39z/CUtX5iOwJG5yTkbaqGtxvM3MHPt0k4qn7psHYCQ54jtssBiSqwVl1TgvRyrF+4B2V4quxSABn5BKH; 4:uwLeV79pfnpKImQAlpoHDppDjmVacOxaSt9HKoR9vZLP2tdrZ8fQAhDrLLflOnW2Z4ywj4FCFgs4MCa/1NEpzkeppMJdxmBqNaR5v8K7JWLla+OzOkvBJQCtHt67FZahJhrm7hKxdCS99G7TRPB9t2JSuHvUyUGDRfAaZ9TvU6HI6tV0Kzm9G8b0Qx+NORzzfo8msOYgFyBmabNBUlSF49zAURa7Ia2o7v/DIXfLhjfWOAionaAss/uy/UfoHxvx7lVQggWT/yeCUD0+v46Fijfj3Atr7qwLAdlU/eGpfZQeD6Z/n9Y2V1bcYiZ5kVp/ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0157; X-Forefront-PRVS: 058441C12A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(376002)(39380400002)(346002)(396003)(39860400002)(366004)(189003)(199004)(26005)(3846002)(386003)(8936002)(5660300001)(186003)(16526019)(316002)(6666003)(8666007)(1076002)(54906003)(6116002)(48376002)(50466002)(7416002)(478600001)(59450400001)(8676002)(68736007)(86362001)(16586007)(2906002)(50226002)(39060400002)(2351001)(6916009)(7736002)(106356001)(51416003)(8656006)(52116002)(25786009)(4326008)(97736004)(2950100002)(6486002)(2361001)(36756003)(76176011)(81166006)(53416004)(66066001)(53936002)(81156014)(47776003)(305945005)(105586002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0157; 23:FtHWah45oW3SdTliXrTV1E7icZI+XWSF6/4fLP+Q+?= zz9ZVsmcy7WUWHJg3zNteCxrS5JcHTfjFXG6SQcboz82/on8r8S7HsErpKfB2fFrKEPixaiMbEHzjYLCXgl0fG/ah81jiIXsWqUNG7Zr1Gse+4pHjjHwG/u8j2nhYAaOsrpLoH94FhMDzHflJIOPJJycgeUwWf7nVTFE5suPvoxDoAqGc1OIKdzpZPlkSrM6kzU/2huaR4bflGbLyRJ6Ya/cQzXZqd51YrfPmsqJwiGfe1X/fMUQsO48ApmqhjAwa2zSLGeUXo4KIl9KDW49jT5dPe4GZmQ5JvChxZ+r33JtmcRMGYbY6uV/jYHZ+i3ohqkSOovOgHKihXlPJiymSC0njEB08Fyvpm/+Z4vBNhweqaPp1e1kPOd2cvTO3xvNxl5USsMj3uYLPO8fhZdExZ+EHKNePXlGzRStVm1taokrGVyHg9wBWq3ol22fZXK3T+WH6ZF6YjaRrSgHiwvw5rqjzX6OUwbabjOscvHpW1EubBOScoi71bnL6kM27rZUQ5B/p4pY8pfF8sdMp4qAFSsw8rzxFWwWVTa5X87qbIJF5rjPJCfYViaHqnJIm3kFNy93B6RIv5GVN6C+iMbu2M74c6ifDvCmy9EoXSWYa9GYN605IXXA62T+PHIeJNlKWXib47UyG1drtjU8fkTRgB5A+RNgns0oCjzm75y2Ga8tSgyHe1C6xlRBMb8rmzS0TRmbQge+GKQmzVZGkluR9ml3h+eNAenyZUO4kfxfBhsvwslq2xFgh4GnHpupSOjf4s/AL8M8uWBJa7q/BMKK46EBdn6iVJKZTPUKPDHAD8xGGCfc+u0Noot1Hs0GUUyQ7cbh3jJnRRlxvgxl/s5/xlPftr6TNmUlvGjjeHnLRX018+dQjbfK94isRVHdb/fltgmga+muDQ41JHHKmVb2aEXg4kJXMfRI6TB01rO+qk3osptm+x7vKXhfI+6uOvG4A+MwLMfUkq7cMWJ/iIz3Jo8DXrQTwZj3I6G5Gsn2KYfQl40vjkuXEOJnelbw1HIrF/pKKHZx3Kqw+7eWZqxOGbjm1xOzG82vzyjYM3CWGzdAeCAkDagnp3QXMv3L/0S4VZ3tS1oNf1gA23zEBwPVlo3Zk8m21hGip5BPA5AgddPKHjx5ms0D93X0ZBGIZNZMLNn06kxGwQ//54HBI8n/7D0fFk8/0MIcdqRT8KJXXnUwqIDzZKkl0LHPEdhj+rfMeKMZSOFC7quv2Rre/FScPVx6iOj4U3pelUz2OZb1OHFaGIz9hbBXQ71uFQ3M7e/t+E= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:4V+51i0ov+bxODl2vGqSVg4qi0F7gUy1s/BNiCMwTarLCDBaVRPxiNP7VE5kFseF+yBP+xNWnSX0pZjKzW1lD8FCbHQ39Lg7b7F9Ogl6hZ4lpeZUtNSMVHM2hrXBE2CIpuRHqWXvzcJheJx5xpe7FRtAWgtq+D8aLOpkPSoXGEyUOqTpMlDarwXoeqOgH1k7m7KQ2pUIBQmM/dqT2nVyUSMPAm8UVGnrBk28rP8JY2oVZGRfdBmGyAePROOJOtrKjFAAnwkRlMImRw7y5U0Gf//AGxPjiJ/pkR969dGhmj0JSESQLtMwS80xvVEyRFrpt0HWga4RjDtot5WglAJVkQEzIbOs+XioLgnxOU7slzU=; 5:5ZUc4TtLeWjZMFzQZNJHHwnbEMqWuqfxcPUG9933c2jjX3llvaDS/dzUww14qURNNILFjDOLsLS9HSWizxOPiRPOrcuOfHLhmM40gPRYO4wYg9nXAGiy9Ps8gr6b9I4RAhrN6IA8+ZQDu7cXifi3xwNGkQ4g+LyUJRSelPe2cfk=; 24:VX5FmJSBOM5isNh6avngiknXfQ56xE1IhsNP67dHY/k/SeI1fiK/2YxpbuLAezeabLWDVaT7gPG5AJ+1ZOoo4H3e3JDcbJZ/CyoAZwZAJhk=; 7:fmbD/hKS9OwAONgzyH6wlyAdpZXXKMAbf7fIyBQdLC4u+ZQdT26idagLY05y4VdCEYTaDFNvLaEwaB93mBkuMT1u0sYGx37S3fhsBVwvubjh6AjL9spqjvG18AX2QH3S9Vg3eSopV38eo8bGyDrHOlhA/vhFqtDcXmZbl5cam8cjlvWH2XixZ1zo5KWkZSEfzN/H3u4KqqGXwaa3n+lBz1Ph06mEYL53uUn/RG3ZE9YZrZQQa5YAIoTxuiymJxCC SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:wt7zHSafwkux+z69eRkKvzDUgeI4nh8auEjVchMlLCNhrJAOGhulBL1COOtsp2z8AxrbSPxK8VuxQzIazhv1R2VhnuhTTnWRsczN6WIKBkkzX2Lp8EFi5G/95b+x3zfylKv/Te5t8dH6oM+Jb75/8R2W4h2MPXPRdf6IBJmMVpEIUG8IYpLsFSfp5K/aepCLnj8uz9JPFewiEGuwMIxyMINvdAxYb8XHytcnZDcIx8S06pcC4gn6tQQybSy7V7pN X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2018 15:41:00.6347 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 92940929-a560-4cf9-8433-08d5748a84ad X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.75 Subject: [Qemu-devel] [PATCH v9 21/29] sev/i386: add debug encrypt and decrypt commands X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for decrypting and encrypting guest memory region. The command works only if the guest policy allows the debugging. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 1 + include/sysemu/sev.h | 1 + stubs/sev.c | 4 +++ target/i386/sev.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 5 files changed, 79 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 4974c00c46fb..f53d4ca503b0 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1681,6 +1681,7 @@ static int kvm_init(MachineState *ms) } kvm_state->memcrypt_encrypt_data = sev_encrypt_data; + kvm_state->memcrypt_debug_ops = sev_set_debug_ops; } ret = kvm_arch_init(ms, s); diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index ad4a1f1338ec..ac70c7a00b6e 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -72,5 +72,6 @@ typedef struct SEVState SEVState; void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); +void sev_set_debug_ops(void *handle, MemoryRegion *mr); #endif diff --git a/stubs/sev.c b/stubs/sev.c index 5420ada7fd6e..8ea167031e1c 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,10 @@ #include "qemu-common.h" #include "sysemu/sev.h" +void sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ +} + int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) { return 1; diff --git a/target/i386/sev.c b/target/i386/sev.c index 305ef65191c9..1fbc3beb1655 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -23,6 +23,7 @@ #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define GUEST_POLICY_DBG_BIT 0x1 static uint64_t me_mask; static bool sev_active; @@ -30,6 +31,7 @@ static int sev_fd; static uint32_t x86_cbitpos; static uint32_t x86_reduced_phys_bits; static SEVState *sev_state; +static MemoryRegionRAMReadWriteOps sev_ops; static SevState current_sev_guest_state = SEV_STATE_UNINIT; @@ -595,6 +597,51 @@ sev_vm_state_change(void *opaque, int running, RunState state) } } +static int +sev_dbg_enc_dec(uint8_t *dst, const uint8_t *src, uint32_t len, bool write) +{ + int ret, error; + struct kvm_sev_dbg *dbg; + + dbg = g_malloc0(sizeof(*dbg)); + if (!dbg) { + return 1; + } + + dbg->src_uaddr = (unsigned long)src; + dbg->dst_uaddr = (unsigned long)dst; + dbg->len = len; + + trace_kvm_sev_debug(write ? "encrypt" : "decrypt", src, dst, len); + ret = sev_ioctl(write ? KVM_SEV_DBG_ENCRYPT : KVM_SEV_DBG_DECRYPT, + dbg, &error); + if (ret) { + error_report("%s (%s) %#llx->%#llx+%#x ret=%d fw_error=%d '%s'", + __func__, write ? "write" : "read", dbg->src_uaddr, + dbg->dst_uaddr, dbg->len, ret, error, + fw_error_to_str(error)); + } + + g_free(dbg); + return ret; +} + +static int +sev_mem_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, false); +} + +static int +sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, true); +} + void * sev_guest_init(const char *id) { @@ -686,6 +733,31 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) return 0; } +void +sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ + int policy; + SEVState *s = (SEVState *)handle; + + policy = object_property_get_int(OBJECT(s->sev_info), + "policy", &error_abort); + + /* + * Check if guest policy supports debugging + * Bit 0 : + * 0 - debug allowed + * 1 - debug is not allowed + */ + if (policy & GUEST_POLICY_DBG_BIT) { + return; + } + + sev_ops.read = sev_mem_read; + sev_ops.write = sev_mem_write; + + memory_region_set_ram_debug_ops(mr, &sev_ops); +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index b1fbde6e40fe..00aa6e98d810 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -15,3 +15,4 @@ kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64 kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" +kvm_sev_debug(const char *op, const uint8_t *src, uint8_t *dst, int len) "(%s) src %p dst %p len %d"