Message ID | 20180228211028.83970-13-brijesh.singh@amd.com |
---|---|
State | New |
Headers | show
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="m79dy4Bh"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zs7lS6bqQz9s23 for <incoming@patchwork.ozlabs.org>; Thu, 1 Mar 2018 08:20:52 +1100 (AEDT) Received: from localhost ([::1]:46995 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>) id 1er99e-0000VX-Vm for incoming@patchwork.ozlabs.org; Wed, 28 Feb 2018 16:20:51 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53224) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <brijesh.singh@amd.com>) id 1er90I-0001JQ-Hv for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <brijesh.singh@amd.com>) id 1er90E-0005l0-MF for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:10 -0500 Received: from mail-sn1nam02on0070.outbound.protection.outlook.com ([104.47.36.70]:44829 helo=NAM02-SN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <brijesh.singh@amd.com>) id 1er90E-0005jA-Df for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=nUgAYimDtIYs4xXrQMQ8fSgH5oA0U7OSiSH9APPkoJ0=; b=m79dy4Bh4ces13xB/mAniNmZF2cecBPEsOLhuaY9ApnDD/9YBGursAxRKXhODICHuF9iCAVveI0I7wps+lh0bPXqXk9JFAGCjdxLhGzhoSIFCr0hjybdlXh+tyA7U5AcQ76+ZXiM9UunTRoLWGY3kZQW2StxaFneKs7kOgEhV5g= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 21:11:02 +0000 From: Brijesh Singh <brijesh.singh@amd.com> To: qemu-devel@nongnu.org Date: Wed, 28 Feb 2018 15:10:12 -0600 Message-Id: <20180228211028.83970-13-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228211028.83970-1-brijesh.singh@amd.com> References: <20180228211028.83970-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com (2603:10b6:4:2::18) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 170a9b79-8f1b-4fd9-3b30-08d57eefc692 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:6ZwpyoIk1PLEeRhpEUzfcee6V+to/hFdmeeahpl0lOR7mI2W+z8jP3RzQRT3Bkue/HLNF4KUIFzF2qwIP33EnGjJKrrXV8XWnhu2B0j3TRz9utPnMOEvAS5b5AsAr2J4ZDVDzoyQ988JnmDAV0iZk3XJfAA3bR1+m9GzefiTuMhFEvL/3csVePebYAPJMU8GtH1oCcnlOhH/24ThDe7UVrRW4RAXR385OIiR+iIJliz6T/z/hOz1+GniCNl4vQSw; 25:nWcGnyABpO5TPxL3dP8K1oIvVxJa44dwMFi4zqxN7R5Ls7MXQlI+KyVKWfXktGUlov5KH9lT4owJFRegUqPAy1ysbERLyrKeveSfWc2k9fWeA9aJ3pcBXmjn5ztjMAAJOB42zSolYUrNe5sknRkvBeuo/o4L7CNTR/2OK6TToc1FgA9qcY+h1R7NGStZp8ybpOi/rpK8IeF4Vz0+0Ot4XAewP7OH87ZWDM/GYfCE0OEyxVvJVwGo0G+MZ3eENtrg0072ElAqDK5cirTyjXYnNQZbg57CGdh/WuV3g4J2RDMDGiDsLsNgvSAOWGpr3scTMTT69aZD++GXuKqCFjZfWg==; 31:9mNkYBIhSB2c/xd8+yr8yYpg5D1Ka5peyc6TG3LMAq9iDcSatfQeY0AtOSrFC9ObrMxODfiH5yMWNqK6mvtKFQzKJBfDsZkQLR4NIPrKEQndViOQSdImfISflxgtLw7hfjAtvVNeEsOfzns5YLv3hTDjHZyOwGbGiDCWajBLOqeFxoToYXH/6tPUyNfpFYmxBBGQ4X7jqCjEaT+6r8K+im8cCbi+GQTlEuHWrWqYOyo= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:NyvBOP1gDVtBD3el13eiyvOf02CiXlBmmYrk5GVv5BclAqw8D5StEoRaHKSPyHboNGcLmN8SnFUbXUCzJfc/4ijFSwDB2Mr7odPVmLhmzqDcwLUPsRhv3G/SYrzV8CkCkxZ1tBLECieKABsjdt4zD04RGuwhOGATqJdtwVsDhpTbLMOQfxuO2ZLKxXZ0FwSsoUQSkYs9j9THl/u91451alTQIkCaeUe4DqkrCv5mr8eX7y6dkfJ2Ys+pugHMWudInjWJqLJIdv6bewWqZijWvWlY7MOwcKgYkJOTF6yCYsjFluPNuyJ0SX7OXC1G75lkxLRFeImO59Tc9z2sixpJxDYac8qShcOehSvB461C4/kCX1aVaN309dLhn5nLLurZLOZcNFDa4QwmRcHL9zF5xlxZKswDPmwmI2emp3ghkd3FKlW2VVkSpVEKjwyqf/M551Pl/0SovvuPMcGBABv/ts/RCAZNpFcOFqqLWRmfiMdvoYeyZG8f2Kdn7oygtRG4; 4:1HxA5mCRQRQskShKUO8CkQoaRsMmQKlKOUEl2S/2slc69TNBNtW6HtBi11jTYiOfPwPh12xr/QbB0mqGrcWuLuZQ1YMyROPEgEK5K2ySr/YQLCQVPhz6xCrGSDlK/A0ZsP2EzACh3LsLCpGMvrItwxin7pLnrIDkDYM/9W3xGSX1bB26SP+xduC6XC8ccDkKKF5Yrqpy9JFwJGgwJLH3BJD4DgTbruelGuX5Oiryz3AEktTYvgy9Oepfd/s+rglTLc2EIyBCniidEZx89xa9UMnRu98m3lclBIjPZbQa+2zpKYUm+eyu3We2USR7cLB+ X-Microsoft-Antispam-PRVS: <DM2PR12MB01556C4C9F46738FA2FC8047E5C70@DM2PR12MB0155.namprd12.prod.outlook.com> X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(16586007)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(59450400001)(2361001)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(97736004)(5660300001)(2950100002)(6666003)(305945005)(4326008)(76176011)(7736002)(39060400002)(8656006)(105586002)(68736007)(50466002)(7696005)(51416003)(25786009)(48376002)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155; 23:Z2Bx9CtVEzXPgkQZFYZ2f2jHEIGTm9JpErenxBoX4?= DoTp7SPOHKxvnnMaekpIJMZhqYfsIx8xN23wivtFcUPF4Evv0XmNokj4TjWv1xT/b3zsI6gYQVjAtllIcx4kNMHA+RlKyQ0dvlyKoVmGu5t8R7KTBHrOv0Nmkj+mazMyPlM2xc8KaTKc48olijccn3FJ6x5zgIUCaVeQPBRcq2YYY024MulHyNyMdkN3lGbF5Yndx14Wr6MnUJ6qwHqLfEf09WjTyEXpOigR5s59oLv5UxA7S6EPWtQJTan6kxv+FNVRSd1SKvgWIovDtVvPqSu/WVtKg+NF4h45MNZENFnVD+Tymb5vBNmAtYhk4RB+VZ4nF9ER8u4Gs0iGari6MeZ7ZhUkREE/G6YcGBqfoyF9k5AHKn/OXLl6e73XcRD032aMw7QRvIxqbUWRdQ2L9rEVHR8BylbwPWVrG7EzHfE7MHsf59Ouja9kPTSbNqEJgn6BHY7UkN71bN2cvGUeHi+4LPh56QZfICm9m7Mj5tSu1nB5ixXHeaR7Nj80bynYqnRoyzyG3GLM3a7+i5Xs8xXEweVZb3IqtHLWhhf/7p2tN6LggKGb3oDvJ4OGtwHKinXtiYF4Pol5dThc9sJyjSNLQtdPTHdx3BTf+b+M4TOYzJrFIcmMuXhffVDLCW+FyCjEYc08pwADAkcP12deQyAS7tdutUS9RNZ4dGgeYXwTfHGH/GdHJTFwP1pTtUSKZUIoHvkYPQCIXFUZV2VYexp4GdsXoZ5iBDcldj3MfD1y62clYqvRospHEF/PZe9ZagvIse6dxSKfx76tVV73rMsEpwUwoNA1TQO8EY9xv8gWiPXyiqnN9PeafX6KJLg8hR2EkSM5FOXXrOez60tV3U9KH5o9M1z9KR6QHMRC0rsAiKrzrhIboUCpHLKfI5gpPdYCq9bJ1iIWI2YjbhkYuzq03uvFFQYHA7UvJtMq+2vl0jf1n7Za2glO4dn+8b2P6AgUy8MdADShx1DI/7ux7kfzWxF+H8kl4grqSGzEdtQ1WGMd/0Y7xTcu8UGcd4hOXaybWApm7XKPzDfwLMfSKAxAqfOzsF+uXx59RXJ6z/wOV2Y7VEcbOwJg8nPT6kAjKbkbQ5Ehim7mW5yQ2CszfW479jvAGI2ISkmvcyJOFJeoiZqCMXYFludsB0w2Ca5KQHcsGysm5al3Q0jR2OokE2wMMXjQG2jFcVvb/gsFSROeYvYWZL+1LlHeVZK85x3LqtjtmdMRwqvKAq6OuyQGPArxEl6hl3MA3JD7IE1lCOZ0O96+66ocM3tLvyN/uuVQag= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:RyN70OS9LH+h6El79f91OGLB+Q8BtMZWJkM20HmIuLOLbRnW3OQPvWoJzc912TSVNBrzeogj/Ulwb4x0Kw1mkjni9PiRtNKiY0r0nCJreSuddFmi+Fj2iTjpFMAgJb16B2qkkB7WTB6lkKjFoHf2B3VfkAZ+442xKZec/GGRbymyfimKoqNQEH6BIuRASOzcyxzY87Kmr8s63L4AK1FFyCfSnAYSmPtpEbnGQhU3JYkrmpcY5sEI8PI4bZMpjdH/9+3fb7STr0dyc0XEssKgC1niQpXHtgv7tha793/C6V0ke5WedE1lsM4m3zub0BUEpnXooCvdM7QFVRqa4EE8e1w1qfIY0o+UVGKLkgJLerk=; 5:iCh/1N4nMWOmdyR8xr40g7fabQh1/I33hyTAgTf7GrdLGxy4qSJ2opW8Ts0dS/D31Fj69D4m3OmkRiNnpvRoZicl/YLyH+9Um4QidMksgpkgAtlhUu8EnX39Yle7Ih/rZCBOTH672ebNbwUrXzwKXKCQhPBY20UqmXk1T3r0d/A=; 24:O4a13Yz9p4dKev853yCVdY1eUX3AVq3s5/DVHRmOSOmwbg7+oh72t1xKimTTr2qnYbHXwttpV7NXfHbErnFUuqlIFYEeN55JOeJaIq1xHaw=; 7:G7/kBBkTu40my6uZLrTICyLNhQzNlwntSluhM88uVNvdEN/rXkPgRLXpWAJXJxvQgEyOn9+LWUpfeSqEk6GvU9q9Ddyuyhqjw9V6IxaWPKkIuEZa2SUemc1o6Ps4r4E10sdPSKD/vZ9YkHwNWH9EolMPkXpZV7SVO7OEsu9hfrrP80fJf8oa4pQqIG6BCfAFrkTLjrMSkk4FdATNWzAZOiQOm9hmLCuijIlwO5klENLQJCYV/IW5YmzqHTgBcAqx SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:52Hzg1G14x7tlmG9339M5J5niZs2QyLIRHpzRKYLwdAc76QbBMMhCoVW9rIWneWYrraDDCbopx6tQBwfJ4jtH8rT34mP0r+zkEiPZyw1qdOJXcN8+4cuBoT1QoUUnOvHM13+ygcKvkWB4MLY9ZKkErrgdjR0DKkXtwRzxvNwtxYX+t3T6yMFG6mF0XNjyWjv1Hd8igTTD/QlxKiIhxwFiHmbmJEgqpRYQVTLuxUzqavSZLMz37GJ5maGaCLZ8phk X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:11:02.9830 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 170a9b79-8f1b-4fd9-3b30-08d57eefc692 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.36.70 Subject: [Qemu-devel] [PATCH v10 12/28] sev/i386: register the guest memory range which may contain encrypted data X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <qemu-devel.nongnu.org> List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe> List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/> List-Post: <mailto:qemu-devel@nongnu.org> List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help> List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=subscribe> Cc: Peter Maydell <peter.maydell@linaro.org>, Brijesh Singh <brijesh.singh@amd.com>, kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>, Stefan Hajnoczi <stefanha@gmail.com>, Alexander Graf <agraf@suse.de>, "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>, Markus Armbruster <armbru@redhat.com>, Bruce Rogers <brogers@suse.com>, Christian Borntraeger <borntraeger@de.ibm.com>, Marcel Apfelbaum <marcel@redhat.com>, Borislav Petkov <bp@suse.de>, Thomas Lendacky <Thomas.Lendacky@amd.com>, Eduardo Habkost <ehabkost@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Alistair Francis <alistair.francis@xilinx.com>, Cornelia Huck <cornelia.huck@de.ibm.com>, Richard Henderson <rth@twiddle.net>, Peter Crosthwaite <crosthwaite.peter@gmail.com>, Paolo Bonzini <pbonzini@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> |
Series |
x86: Secure Encrypted Virtualization (AMD)
|
expand
|
diff --git a/target/i386/sev.c b/target/i386/sev.c index 80569f4bcf49..8ee6159b2bfc 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -100,6 +100,45 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static void +sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_register_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); + if (r) { + error_report("%s: failed to register region (%p+%#lx)", + __func__, host, size); + } +} + +static void +sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_unregister_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); + if (r) { + error_report("%s: failed to unregister region (%p+%#lx)", + __func__, host, size); + } +} + +static struct RAMBlockNotifier sev_ram_notifier = { + .ram_block_added = sev_ram_block_added, + .ram_block_removed = sev_ram_block_removed, +}; + static void qsev_guest_finalize(Object *obj) { @@ -434,6 +473,8 @@ sev_guest_init(const char *id) goto err; } + ram_block_notifier_add(&sev_ram_notifier); + return s; err: g_free(sev_state); diff --git a/target/i386/trace-events b/target/i386/trace-events index 797b716751b7..ffa3d2250425 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -8,3 +8,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" # target/i386/sev.c kvm_sev_init(void) "" +kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"
When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- target/i386/sev.c | 41 +++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 2 files changed, 43 insertions(+)