Message ID | 20180308124901.83533-13-brijesh.singh@amd.com |
---|---|
State | New |
Headers | show
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="ZVG3MJME"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zxrRF20YJz9sb1 for <incoming@patchwork.ozlabs.org>; Fri, 9 Mar 2018 00:08:09 +1100 (AEDT) Received: from localhost ([::1]:38555 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>) id 1etvHD-0003wC-20 for incoming@patchwork.ozlabs.org; Thu, 08 Mar 2018 08:08:07 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58904) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <brijesh.singh@amd.com>) id 1etuzi-0005EJ-0i for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <brijesh.singh@amd.com>) id 1etuze-00041o-1w for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:02 -0500 Received: from mail-cys01nam02on0089.outbound.protection.outlook.com ([104.47.37.89]:10504 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <brijesh.singh@amd.com>) id 1etuzd-00040H-PX for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/Rz9enuW1etqMNl+9YKSzlHuH5iQ5JrxodZSclIa3oE=; b=ZVG3MJMEbqlBt8qRHJb0gHQ159Hd03hIUhAhZqXI7h/Ia/fKUX6BF5HpiT5Sw/BRR2vXDu//w5yFY3Cl8JQAYujyXzfABDYnNZSDyCMlf1oS8QJx3QNOxvA6RxsbjdDbIWvnuCiNCtfkuqM3G6Jcuc1mEOo7xhWrbWjGaodcLi4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:49:53 +0000 From: Brijesh Singh <brijesh.singh@amd.com> To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:45 -0600 Message-Id: <20180308124901.83533-13-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c6f50558-0009-4789-71c5-08d584f317b1 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:kL47YeAhz4NvyBRpNaQLS9t2hyupLzVQW0WD0RsBi+fBIRCBOXNK37MtrS4DEGb8MUBKZ8iVZ79VzbUy2JKsk6xC8omkielkPFU2ui5qNyan4uOPcarWolKS5gNkLstT50BXFz1a09y+fEjymeQzYaVi4JlGpHfuKqQZsbwtqO+nJdlJjCET6juCWftI/W2XXACBNpTG8d1UeWedvqQdKFK/KWti1mTsDFHAbdD/lRewpKoHNjonHZt3Q68qS2go; 25:jy6a2BXaB5sEHHY6vnXt1VtgCAiwfQ1gRNx/US5HUUs7iqf6MjBuJttyM2jKJ39huuoxrP1x9OR3PtsbN8skBbiLMvzm4/MfQ8KJi6iAB4B5u1/wzfBBOlNLmShMNcM551OMovdr/QhcauT9yqDGWUthJeLxrmj71MeK91Rcl//v2rIHXxsQlsPAaLo6dlri8U9EEFueYDcLwa5n529xnDpm79qTSeRm9Z6eTU4EdqJs+pZQCA5Bs0c1V5kboE03GnWCAugmFdxlKgnHASIfOeBSfU3gIOV8TpV2Ie+rd4rp8zJUObi0nrQVvjVDI2ZTbFhzIQ5uiv81SpLOYak2FQ==; 31:gHqbbMfv8MG/hVWbfLL7d23YT2sWyvCIgCZ42XBiDzUgES1t0gKrlWsrQcujEdrsEGGiDjA4UnFl8sWzu65k6yDLuT1x04Cieeq0hhaFTrU6tmg3JfEcuFMjE8Abz261b9kjO0cjWznqFMiPB5ltAKsV4zRwBOaiws6D5gW6cIb5YkCY9JUS5YeXq4PdR/QzBSLHS0URdMz1Up7Aic3M+R3fmKE28QSbgb9ArDHF2d0= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:+t66UcqGGS9z4UpRXKqBksFpNByMPNe4n4lHL7O2Ezcd1NTgxLguTWIU1aV7s7MbDmwkS7Zra8gR/m6+AFGU7NN6EeSYmSPGWzNSed6bcQgT391WX6KG+UjPlRm1fOfP1bhdezr1d3EUfgkKJBu15gsiEPhr3+5lx45msveMJqD8chlfEUjUkWFJlnO+TWrVpJuAL98435hjZ/xyhN67fgJLLBy5SrtoN3WNPzCie6YUJI/Y/eKIzERhrvloonnbxN0YGqf4fFWCWdz5DmMx0pCHIeo4IIAjaeHQq6kER+fmR26uWMiq+u5WoFnmwJnyTQOaALGoOb6y6jFo+7oGPt0UKkGcuyhE/V+CJOz8kfzY1vmJBVP55zNO/qKH2bZpsv+zsERLH0BO095t4XjKFYSSW0RBvunyaJMlXQ61Cmh4M3DJo7VFAdP2EqhcRrB+Jvb+ISHV0481Oycg+RoVkFjN6Pt2yY/W4U3ptKCWXn+Z+D4OslNNzYg3w4rLlp0w; 4:4v4ix92dEV/pGApsY6S9WPQQl0kN1gbcsjIMTTlkCY+CiH3DIPoopz5v4DMzjAY6QxuMfPXiFNX4ehPNdGPWEg+Ds2j706eS+mFAc4HsCTk3zXQI+Vk1nwF5OTL8pLT1P4WElGC/7hGa7FYuX8dUPmEB2WFY9YjxJibDpGkKYZ2lSt0uRmerB2JnGCA3g7uU3tT2chjFbLsasJYHrc5E21blOfVGtZbhtSRbvX6LzlPniJcPRZtDHgWY6jmncIhRZ8L/eIG19Ytt2Kxs4PsbWuWtZix+4u7ZgpqsAAt+QifRxBfxYtMXl33Aa2f9kMK1 X-Microsoft-Antispam-PRVS: <DM2PR12MB0156EED171CEC39DC81AC3E6E5DF0@DM2PR12MB0156.namprd12.prod.outlook.com> X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:FH7JxRJO/KGzutDMJZKntp/q/sNZ0rW1lwA07iTM5?= fDQYCEM4fT2gMCWdn7Dzq416dEXyg1Hvituc8NTNzmB+C0P9GVXfZKZaLUiD4qAXljOfT5yqLAb5dptypH9WacihnfIRWvgzQbzW2t6wEL93O6ky6hAYrOUWdmlpWIg6v3YSp9PuRAKPXDncLp5TV9BMFy78k4hWRLDfLRQ8glfm4GVw7QvBd6ztmYz8LhH7cSNrLzHUtOiDG/uPoWqaPVOYGdXw0xGUEaqR+ov9n89RgXxCNn9qsKJ2+PIZm/0DJhRJ4ypUr9GU0dFJLu5kuHro4fNWgCXXMenJqOjFCLsmRJHviG8nDcqSfKoBLRXljzsH/eSu0BBy8Mpb8091AEOfz5kxEaBu7+dJTGXYyrtmhojOKO5ugeBNejXlRM/CyU4vMmEIHoc7aAXAJSeB2646OON2vBFRy0c4G/Y/1CMaWqQTa43fkn0mKdDud/ssmgk0FDAgKjTmZ5L+zXN5Qf66VIUu8jkWVApyJt4nSC+9ySwmznOJMaozBHTh1HT+Nbqv45QY4HGtwR3fyH6ZSfPaGqD+zFyRScV0JpkluKhuylTe0HUJApzDXd1nVBnI1qpz0kAmsIR1GVa80Xj83Kb1LO2AAeOIZBoracSS3+S9fGxh64psV28WUPUnUgIXlsutgHdd5/0icao3+bGjJOHjMiAYK1uYtrTOnUfegrxJD+6KfrV49D6fpcqGasQDLdsfoRZpWcFjTm2IucOynN1aekN2IBTcOBM6SlzfWITRfamhb+gz/80kCNuPhlJqZrcpToQ4CH38oM9/FUtrkPtnOZ4tj2xA4942cg3ERihYMnoLlIskl6yV02EAnc9wm8N2rVsZxzJYz1FFQTD9GyCl/0frwS+aGseO5Kz6jjL4vbOzDc5KYru1JDv0uF3yGDWE/Mywx1ZiwxwsIB4fHLRk/8ehuBSdsoQ26Z75K36QwmGaF9HdXxFNvHv51qquOW3YcJ7BZjGprFbEX89xUf3RvNEClHVNSsstLJcAZj8cZEh1MyaTcT7CoD26sr6AIBrC4aPx9XsrPVuS2kJ6E2eRvwZgrRlsxF6v25pR/j13QfoDxvbBZLn1VBybU3kExbINLMBGteCkFtpeziuO3HCBZSJ3gvbh1c0OpkUvBTPmbOlEMD6cLFBY0PPrKSAOdMrD6SHmrpLkNZr2MdVyttZuxDu5MP+NPQW03u9fy6bQLO0rLhcPr4MQRz2AZiSFDffz4El4SJSUTqPFQs4jZo6NhRmcJb/q7N92mIrmcPI+W5EfAvbNshKqOA2dVKxl7k= X-Microsoft-Antispam-Message-Info: 6MAWHQgcVt1ZDAoPzeazZY2mN10xX24vCuV27de0jVx8nhmyRhSk1Q7pgKgeXKQMFoZgIIwx6ndvAA2bSurQRYwrSK9sNr7T/tp2hTrihnmbpu5JHzwvXoeegOptswrbjkmphSqiTfvwDfdDwWe9mm1MhlPXcmbx8HR0jO8iIvkGU0l0s/h6WkTIaFmKNZba X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:lh9xSQDGzUdVwaollWAHqHcIdTRTstJHRTbii2D2K5rdNHdpU4KvLzMFPEEPv4OMdHSqZPbFDnXZYnbptMtHLWcScqWRous5MD/te07d5fJjfzC56kJiZbgfBusixvp1TOgi6R4q5Mni3/B5MPxqI10mcUzPXXWLa872mFKQfGpxl8kotik4QeD2K+QnN6syH52kL5uQEOaEGkHV4zwsSjEEZ7cHnQE5yJ2ATe0Wo+4AG0CCtrM2ACTz3A6JPkR3/rSI/A6qGPUYxGWSgvSRwMhPym0XLHKPIpHhFt9TGp6gErHMe5em8HrTU152VzRAoX12QBV+t65Udv/qfleAtP1s+OK5qU3YQRgWrb53Clw=; 5:PpSjGVrnJVIApAmPYTbGTQGe2LdVqL19Zn7wdAPWU1Qm1gCdOqj+W50ItLGixk/8ivuljjJ6iL1kesvAl5Zigx1ucr6yh6cdKF7qjnIG4/3Rdrrbp206iHmmy73XRo1xGSZTm16g/QYo1fh0Sf65lALpeZM6V/iNfUefcTvUlNE=; 24:pQvAds/p/rjFPu7d3A9A0lR/PTYINIR7hDpVRaa1xK7EKcD0g1ZdydJAxe9A8biLC2twVTrlQF6lhGjd/FCl9sDPI3Ltv0MjBokPz8lcpvA=; 7:QAPL3Fvjmq06s01C6rGRCri/P0xZydeMM2zxbFf3BZ++/LfrNmQHCCb/5Kp0njHeMiBKi4PkePliCwxZJii5wjRWI5cnBS6mHucgA9EmtskEcXnEYr3teqBUtFBGHhmUqNjRUiKdIIwBR6qksAlHua7jBqoA6RDfm0UcUeXWX8v2OUy3VXsCm+m8MWcV97QEbNj7qy6qGF6kmSA45hPS8xVupH45/YwYeu3RbAbyIDgg2RKHicP7YazMo1sdOM7O SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:HzdDXgIn2Heb1i1IEyEHCwuojf7AkVZTOQcomXM6u2enYExwemU7Sgq8sd0dOSBvj7DgAZvuGEEeQNQJTHzm0YHaWaLUHna/JguRmNihCMLOuT7aLB8y9F21iU4DWgW2WGxFbDsEdy6+iYptSExtW80DTKJOSu+K/ZI+Sy0W+gMKJ99GxxmcxMQLNVg0hLaMBq5wQ1uWzcSoFTGBJOWrcbshsidZ2qYcHVfa9nm54qjS6p74glx8j4iug7Xr9SGW X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:49:53.1123 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c6f50558-0009-4789-71c5-08d584f317b1 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.89 Subject: [Qemu-devel] [PATCH v12 12/28] sev/i386: register the guest memory range which may contain encrypted data X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <qemu-devel.nongnu.org> List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe> List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/> List-Post: <mailto:qemu-devel@nongnu.org> List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help> List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=subscribe> Cc: Peter Maydell <peter.maydell@linaro.org>, Brijesh Singh <brijesh.singh@amd.com>, kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>, Stefan Hajnoczi <stefanha@gmail.com>, Alexander Graf <agraf@suse.de>, "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>, Markus Armbruster <armbru@redhat.com>, Bruce Rogers <brogers@suse.com>, Christian Borntraeger <borntraeger@de.ibm.com>, Marcel Apfelbaum <marcel@redhat.com>, Borislav Petkov <bp@suse.de>, Thomas Lendacky <Thomas.Lendacky@amd.com>, Eduardo Habkost <ehabkost@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Alistair Francis <alistair.francis@xilinx.com>, Cornelia Huck <cornelia.huck@de.ibm.com>, Richard Henderson <rth@twiddle.net>, Peter Crosthwaite <crosthwaite.peter@gmail.com>, Paolo Bonzini <pbonzini@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> |
Series |
x86: Secure Encrypted Virtualization (AMD)
|
expand
|
diff --git a/target/i386/sev.c b/target/i386/sev.c index 288612e1aa46..4f85035d5203 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -105,6 +105,46 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static void +sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_register_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); + if (r) { + error_report("%s: failed to register region (%p+%#lx) error '%s'", + __func__, host, size, strerror(errno)); + exit(1); + } +} + +static void +sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_unregister_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); + if (r) { + error_report("%s: failed to unregister region (%p+%#lx)", + __func__, host, size); + } +} + +static struct RAMBlockNotifier sev_ram_notifier = { + .ram_block_added = sev_ram_block_added, + .ram_block_removed = sev_ram_block_removed, +}; + static void qsev_guest_finalize(Object *obj) { @@ -436,6 +476,8 @@ sev_guest_init(const char *id) goto err; } + ram_block_notifier_add(&sev_ram_notifier); + return s; err: g_free(sev_state); diff --git a/target/i386/trace-events b/target/i386/trace-events index 797b716751b7..ffa3d2250425 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -8,3 +8,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" # target/i386/sev.c kvm_sev_init(void) "" +kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"
When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- target/i386/sev.c | 42 ++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 2 files changed, 44 insertions(+)