[v12,05/28] machine: add -memory-encryption property

Message ID	20180308124901.83533-6-brijesh.singh@amd.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Brijesh Singh <brijesh.singh@amd.com> To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:38 -0600 Message-Id: <20180308124901.83533-6-brijesh.singh@amd.com> In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:00HMWVkGLFPk3slJaT7EYxquQf/DA3yDdq91IQd0N?= lIy72fJOGprn6+19qgajYhlXMM1Q2fWBQGvPB8yOYPUwm2mo5uVyi74WyDLKRzJRVdEBN1Mqup7JdyEr83TluebsgbBoGYQbr9yquM7b3uGmHiINimHH++0StpB+6bJ4KKb8r8wVlSxULVK1d8v3GELmwwr3NukPVKQiQssHoepTdyxbqmAQehQUpaqBIzJZ+nC60hft3fbitktlst7DQLpZ5AN8uXgLX1nC5xQgClrmyMncEMe201lxP4zvDFsW//Hl5mUQ27LjbPQbzx/SvscebfieET2GSLiEvUSepMtGPKM6Rz1Vpv3cnaDO1DW1rTjplph2AcBjr50WX/OCD8EagPenrlbMMuti9S0eSsdY0F49tl5Ed6FFOHOk8jfQ/DV3c8gDnDVGqCYgeICIPm2feeVlddN0KIXndQRbfiof40ww2dPielI474RMAiE7SKzSNzNGrIvEmPyYffYzK+au8+8L8l06BdpTvutrWXqMxINrqD/6zWT/uMD17324dwLzF1eXVqkRUauvf+gNL3B1ZFNY9gd3QYHqo0jWCC6x7TypfSJMgkElWAYHCIUOLzHsqWBM8LH6UHXCFSS14YYMWxzYjN9VatsEpT+O8OQ2E24mPUIuAcejhEv75vvyScLadIE8n6OY4wpIXHTq684f+21M3ZysDo0LGY1LB/v/SjTvy8HyJ1jQwKbD9SQgcIwcVval8hiay5DpnelFg+7cICFNuBJO0gWDhmzeLUvOYeAeIohQB7gnwpTGrXAtFI1pq2H7yNSgewYhg9rc7qnGonSupwh54N2lipBkvEPFZs26lW80U/oYmaHvuv021zBx+Og4hOhW/EQ2kqpKefuqzSSNdIC6ij9a0kKU7o/1Wt/ybAEN8K8kTaq3elnJMa99gMxE1S385KHdh4HKeKvkPRwtKytxZ7S7GijBX0dGNDsmaiICzTUWBMchDn57BTTHr4kta+15gnJBf0mIkCbuD3tmayOr7i/mRzoyGjt2k1IJi4JU6miNg1j7AQ9YUK1155+3idiHZS9GxHHNo2ZDzjHCB+JsIhrMSZIBWPJiUrlXE80gJwfKWPDYK7tLU7twNAhlRO8Kxl5Ncz6q5zrvwvHPE+mT04gWz3KsUrsgQ7Lq6BLJDvPJOuNxtXyyacv25hORYMYXs+5T7Ljv8kWCskb6iHHbAYqpVokI6AOh75A9Lt1vqj/2R2sR/7N3TmTQ1b6QQ7nLykXf+xeymTa1d83A6eqGDJMi07ZWEJa8g== X-Microsoft-Antispam-Message-Info: dXFivc2UvzHHjShgzZ6j+YcAypiJJ7Bz9f5rQAFUSZFQVRss9iVvMBcMXswUBtO75MhIpcv6H2Qz4SvSQ50BWlz1odayQaBQhmLJpFug/spft6e7Y2PItTOiZ7jYT+qZvalN4+GEkvQcGDlaBTe8hvfHKWJTvq4Mz1jBj/FrwQnWL9PsqrWZl5e+ppZNbXTa X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:yRsyZR5h6dEmclwbgYanU8RWppFdTDyJUCp8oJYhN3UeWI/uhIZLqdVpXJdVVIkNGL2yg4RQwN/eN/9k2aCASMs4Mdm22TcSxpTTIFgW7YZVax81iaZ2xMB2XypZSRoFpJZ2zryPa7bFHr21RqcfJ66+v/Qx3ufUVk5vWT0cxV+MQLmEYYURFUVFIyzPT17Aj4Rziv21LX25yYSB8P6iXxryh6rdK2a/X7m6FDvycOzsWgr6hVXfmRNnXbHfirLM5SsQjWvyuYMggjUxRF4tQa5o3sNnbdo2ZqU8Sv/+Ne2FNZVHTeWa/D3/h5utcCpfANH7uCLVBuAZnHIlmsCeQwfdXJF46RLitdBean2IGPI=; 5:VsvCapExz6cIOtTmdZg2B7XSC9ofmTFSMUOHebCp6MlGrQpeAHo60fhotjqGKdThezjExnIiSHk3jbsXrcNWPyTGV/vNkyTduod7s5RK6SrN8ZV3eZ6LgR72cFXcrDNaSi4AoxwbA4TSYP7B1HG6FfFrDbwJqmftlzAWybZLjeQ=; 24:7inX2N8MPWUufaD5Q+rbasi6fHvTGiljIL7tR5+6D6cYYkpRGBZC/j1O+lyVCK7247eDkrfAjomMF15oifJZvi2lDxjYOBuuXC/esexK430=; 7:Kn631Xbb+UAILUTXCjYeuHJZsm4oRYm4pvq5VGXfhPqqTptbUKLX9pbsOqZoUHIVJVD3dDObIihvOTJkKvzcYZ/8W7fypWSAPOeRzeVykyvpWiUza/8QRvItpcY89t7kQElu2aCiOTG7TtVLQJOZKpBzWDIkIOW+AfqNhEPhyMQJI0ffYTh3xbN5dZznQ3ywOMFXbW5so4NrWpXN3iQp8tL28DYgbiViI4nXHgtfy/qOcVgIyYORHq/MVOX6LLNf SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:3z1npDib2uQbUPxjiDQvLWD5abriLERfErIgm8qWiu1ZcjC+uBN7qc9AMR7phQWkO2HTgAiT2mVMOt1rV5QuCh0sjMxG1qaIn2aVxLosQuqC4aCzkZ9VDXZ7UWTkdHNrwOvX0hkDzKyWnKvql0vJwIS3JS1NGsLIQ6AtXiFB+0xx9UP9MDaqkWChxIdpoOVMQdYx9Gabc9HWWZKRHMsgICrRKMNF5U6PL7nknlUw5g182CfHQbekmBmaci89pqu1 Subject: [Qemu-devel] [PATCH v12 05/28] machine: add -memory-encryption property Precedence: list Cc: Peter Maydell <peter.maydell@linaro.org>, Brijesh Singh <brijesh.singh@amd.com>, kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>, Stefan Hajnoczi <stefanha@gmail.com>, Alexander Graf <agraf@suse.de>, "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>, Markus Armbruster <armbru@redhat.com>, Bruce Rogers <brogers@suse.com>, Christian Borntraeger <borntraeger@de.ibm.com>, Marcel Apfelbaum <marcel@redhat.com>, Borislav Petkov <bp@suse.de>, Thomas Lendacky <Thomas.Lendacky@amd.com>, Eduardo Habkost <ehabkost@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Alistair Francis <alistair.francis@xilinx.com>, Cornelia Huck <cornelia.huck@de.ibm.com>, Peter Crosthwaite <crosthwaite.peter@gmail.com>, Paolo Bonzini <pbonzini@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	x86: Secure Encrypted Virtualization (AMD) \| expand [v12,00/28] x86: Secure Encrypted Virtualization (AMD) [v12,01/28] memattrs: add debug attribute [v12,02/28] exec: add ram_debug_ops support [v12,03/28] exec: add debug version of physical memory read and write API [v12,04/28] monitor/i386: use debug APIs when accessing guest memory [v12,05/28] machine: add -memory-encryption property [v12,06/28] kvm: update kvm.h to include memory encryption ioctls [v12,07/28] docs: add AMD Secure Encrypted Virtualization (SEV) [v12,08/28] target/i386: add Secure Encrypted Virtulization (SEV) object [v12,09/28] qmp: add query-sev command [v12,10/28] include: add psp-sev.h header file [v12,11/28] sev/i386: add command to initialize the memory encryption context [v12,12/28] sev/i386: register the guest memory range which may contain encrypted data [v12,13/28] kvm: introduce memory encryption APIs [v12,14/28] hmp: add 'info sev' command [v12,15/28] sev/i386: add command to create launch memory encryption context [v12,16/28] sev/i386: add command to encrypt guest memory region [v12,17/28] target/i386: encrypt bios rom [v12,18/28] sev/i386: add support to LAUNCH_MEASURE command [v12,19/28] sev/i386: finalize the SEV guest launch flow [v12,20/28] hw/i386: set ram_debug_ops when memory encryption is enabled [v12,21/28] sev/i386: add debug encrypt and decrypt commands [v12,22/28] target/i386: clear C-bit when walking SEV guest page table [v12,23/28] qmp: add query-sev-launch-measure command [v12,24/28] sev/i386: add migration blocker [v12,25/28] cpu/i386: populate CPUID 0x8000_001F when SEV is active [v12,26/28] qmp: add query-sev-capabilities command [v12,27/28] sev/i386: add sev_get_capabilities() [v12,28/28] tests/qmp-test: blacklist sev specific qmp commands

Message ID

20180308124901.83533-6-brijesh.singh@amd.com

State

New

Headers

From: Brijesh Singh <brijesh.singh@amd.com>
To: qemu-devel@nongnu.org
Date: Thu,  8 Mar 2018 06:48:38 -0600
Message-Id: <20180308124901.83533-6-brijesh.singh@amd.com>
In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com>
References: <20180308124901.83533-1-brijesh.singh@amd.com>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:49:34.0497
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a411f228-dba7-4ad6-cb26-08d584f30c48
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-Received-From: 104.47.37.70
Subject: [Qemu-devel] [PATCH v12 05/28] machine: add -memory-encryption
	property
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Peter Maydell <peter.maydell@linaro.org>,
	Brijesh Singh <brijesh.singh@amd.com>, kvm@vger.kernel.org,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Stefan Hajnoczi <stefanha@gmail.com>, Alexander Graf <agraf@suse.de>, 
	"Edgar E. Iglesias" <edgar.iglesias@xilinx.com>,
	Markus Armbruster <armbru@redhat.com>, Bruce Rogers <brogers@suse.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Marcel Apfelbaum <marcel@redhat.com>, Borislav Petkov <bp@suse.de>,
	Thomas Lendacky <Thomas.Lendacky@amd.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Richard Henderson <richard.henderson@linaro.org>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	Alistair Francis <alistair.francis@xilinx.com>,
	Cornelia Huck <cornelia.huck@de.ibm.com>,
	Peter Crosthwaite <crosthwaite.peter@gmail.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

x86: Secure Encrypted Virtualization (AMD) | expand

Commit Message

Brijesh Singh March 8, 2018, 12:48 p.m. UTC

When CPU supports memory encryption feature, the property can be used to
specify the encryption object to use when launching an encrypted guest.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 hw/core/machine.c   | 22 ++++++++++++++++++++++
 include/hw/boards.h |  1 +
 qemu-options.hx     |  5 ++++-
 3 files changed, 27 insertions(+), 1 deletion(-)

Comments

Daniel P. Berrangé March 8, 2018, 4:43 p.m. UTC | #1

Nitpick: the subject makes it seem like you're adding
"-memory-encryption" as a CLI arg, but actually its
adding support for  'memory-encryption=$VAL' property
to the '-machine' CLI arg.

Sufficient to just   s/-memory-encryption/"memory-encryption"/

On Thu, Mar 08, 2018 at 06:48:38AM -0600, Brijesh Singh wrote:
> When CPU supports memory encryption feature, the property can be used to
> specify the encryption object to use when launching an encrypted guest.
> 
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Marcel Apfelbaum <marcel@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@gmail.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  hw/core/machine.c   | 22 ++++++++++++++++++++++
>  include/hw/boards.h |  1 +
>  qemu-options.hx     |  5 ++++-
>  3 files changed, 27 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index 5e2bbcdacedb..2040177664d5 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -334,6 +334,22 @@ static bool machine_get_enforce_config_section(Object *obj, Error **errp)
>      return ms->enforce_config_section;
>  }
>  
> +static char *machine_get_memory_encryption(Object *obj, Error **errp)
> +{
> +    MachineState *ms = MACHINE(obj);
> +
> +    return g_strdup(ms->memory_encryption);
> +}
> +
> +static void machine_set_memory_encryption(Object *obj, const char *value,
> +                                        Error **errp)
> +{
> +    MachineState *ms = MACHINE(obj);
> +
> +    g_free(ms->memory_encryption);
> +    ms->memory_encryption = g_strdup(value);
> +}
> +
>  void machine_class_allow_dynamic_sysbus_dev(MachineClass *mc, const char *type)
>  {
>      strList *item = g_new0(strList, 1);
> @@ -612,6 +628,12 @@ static void machine_class_init(ObjectClass *oc, void *data)
>          &error_abort);
>      object_class_property_set_description(oc, "enforce-config-section",
>          "Set on to enforce configuration section migration", &error_abort);
> +
> +    object_class_property_add_str(oc, "memory-encryption",
> +        machine_get_memory_encryption, machine_set_memory_encryption,
> +        &error_abort);
> +    object_class_property_set_description(oc, "memory-encryption",
> +        "Set memory encyption object to use", &error_abort);
>  }
>  
>  static void machine_class_base_init(ObjectClass *oc, void *data)
> diff --git a/include/hw/boards.h b/include/hw/boards.h
> index efb0a9edfdf1..8ce9a7a21d3d 100644
> --- a/include/hw/boards.h
> +++ b/include/hw/boards.h
> @@ -243,6 +243,7 @@ struct MachineState {
>      bool suppress_vmdesc;
>      bool enforce_config_section;
>      bool enable_graphics;
> +    char *memory_encryption;
>  
>      ram_addr_t ram_size;
>      ram_addr_t maxram_size;
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 6585058c6cde..4c280142c52c 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -43,7 +43,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
>      "                suppress-vmdesc=on|off disables self-describing migration (default=off)\n"
>      "                nvdimm=on|off controls NVDIMM support (default=off)\n"
>      "                enforce-config-section=on|off enforce configuration section migration (default=off)\n"
> -    "                s390-squash-mcss=on|off (deprecated) controls support for squashing into default css (default=off)\n",
> +    "                s390-squash-mcss=on|off (deprecated) controls support for squashing into default css (default=off)\n"
> +    "                memory-encryption=@var{} memory encryption object to use (default=none)\n",
>      QEMU_ARCH_ALL)
>  STEXI
>  @item -machine [type=]@var{name}[,prop=@var{value}[,...]]
> @@ -110,6 +111,8 @@ code to send configuration section even if the machine-type sets the
>  @option{migration.send-configuration} property to @var{off}.
>  NOTE: this parameter is deprecated. Please use @option{-global}
>  @option{migration.send-configuration}=@var{on|off} instead.
> +@item memory-encryption=@var{}
> +Memory encryption object to use. The default is none.
>  @end table
>  ETEXI
>  
> -- 
> 2.14.3
> 

Regards,
Daniel

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 5e2bbcdacedb..2040177664d5 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -334,6 +334,22 @@  static bool machine_get_enforce_config_section(Object *obj, Error **errp)
     return ms->enforce_config_section;
 }
 
+static char *machine_get_memory_encryption(Object *obj, Error **errp)
+{
+    MachineState *ms = MACHINE(obj);
+
+    return g_strdup(ms->memory_encryption);
+}
+
+static void machine_set_memory_encryption(Object *obj, const char *value,
+                                        Error **errp)
+{
+    MachineState *ms = MACHINE(obj);
+
+    g_free(ms->memory_encryption);
+    ms->memory_encryption = g_strdup(value);
+}
+
 void machine_class_allow_dynamic_sysbus_dev(MachineClass *mc, const char *type)
 {
     strList *item = g_new0(strList, 1);
@@ -612,6 +628,12 @@  static void machine_class_init(ObjectClass *oc, void *data)
         &error_abort);
     object_class_property_set_description(oc, "enforce-config-section",
         "Set on to enforce configuration section migration", &error_abort);
+
+    object_class_property_add_str(oc, "memory-encryption",
+        machine_get_memory_encryption, machine_set_memory_encryption,
+        &error_abort);
+    object_class_property_set_description(oc, "memory-encryption",
+        "Set memory encyption object to use", &error_abort);
 }
 
 static void machine_class_base_init(ObjectClass *oc, void *data)
diff --git a/include/hw/boards.h b/include/hw/boards.h
index efb0a9edfdf1..8ce9a7a21d3d 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -243,6 +243,7 @@  struct MachineState {
     bool suppress_vmdesc;
     bool enforce_config_section;
     bool enable_graphics;
+    char *memory_encryption;
 
     ram_addr_t ram_size;
     ram_addr_t maxram_size;
diff --git a/qemu-options.hx b/qemu-options.hx
index 6585058c6cde..4c280142c52c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -43,7 +43,8 @@  DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
     "                suppress-vmdesc=on|off disables self-describing migration (default=off)\n"
     "                nvdimm=on|off controls NVDIMM support (default=off)\n"
     "                enforce-config-section=on|off enforce configuration section migration (default=off)\n"
-    "                s390-squash-mcss=on|off (deprecated) controls support for squashing into default css (default=off)\n",
+    "                s390-squash-mcss=on|off (deprecated) controls support for squashing into default css (default=off)\n"
+    "                memory-encryption=@var{} memory encryption object to use (default=none)\n",
     QEMU_ARCH_ALL)
 STEXI
 @item -machine [type=]@var{name}[,prop=@var{value}[,...]]
@@ -110,6 +111,8 @@  code to send configuration section even if the machine-type sets the
 @option{migration.send-configuration} property to @var{off}.
 NOTE: this parameter is deprecated. Please use @option{-global}
 @option{migration.send-configuration}=@var{on|off} instead.
+@item memory-encryption=@var{}
+Memory encryption object to use. The default is none.
 @end table
 ETEXI

[v12,05/28] machine: add -memory-encryption property

Commit Message

Comments

Patch