From patchwork Mon Nov 6 18:10:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10044145 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7803B60247 for ; Mon, 6 Nov 2017 18:25:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F66F29E00 for ; Mon, 6 Nov 2017 18:25:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 62F0B29E85; Mon, 6 Nov 2017 18:25:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F18FD29E00 for ; Mon, 6 Nov 2017 18:25:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932665AbdKFSYy (ORCPT ); Mon, 6 Nov 2017 13:24:54 -0500 Received: from mail-dm3nam03on0078.outbound.protection.outlook.com ([104.47.41.78]:9872 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932562AbdKFSMM (ORCPT ); Mon, 6 Nov 2017 13:12:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fO9D1kqNEFokpAsIW9LpbnnDDO/BLgJXmhZO1n9z6k0=; b=IEuLb4EYLIaehlMJUXxGfuk8q3PYuc2evrFXM2LeYhC8jdw0m4xKPx+BuSxO5ZVYdJxmG4uG5o4H+cJiOHhfSra29szJSb60gcGvX4tMPe/wqV/b2NuD/18nGucFCH61qJKOh+IBHNdfuhKiGTgzi2Kwd5rr41OyMDGfp9LaZgw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 18:12:03 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v8 07/38] KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl Date: Mon, 6 Nov 2017 12:10:59 -0600 Message-Id: <20171106181130.68491-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171106181130.68491-1-brijesh.singh@amd.com> References: <20171106181130.68491-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR10CA0031.namprd10.prod.outlook.com (10.175.102.145) To SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 97fd6b7f-73bb-4327-48e7-08d52541e2b0 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:SN1PR12MB0159; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 3:KJY8JbsaOS9TgoyVhA5VmFR6woTxSnrBz26jbz3PWZX3Oi6lp5A7AnclStNsDZXbXzdY3p4AVVy0Hbh9bCBxTa8Bu1bEWfGp4Y2DKEjKKIXVsSRytSBuH/HIaRnkqDS6aoa7w/5n6p731xJakmrpaVCU8ar7+FpcEmulgAEil1atckNLXb26aOHyGth0UliRbIoyRs9Cu0w08GB+VIbnThMA5lyvVojawHMDkfixMlkwQ28tE6JljMPcqpOmm2vb; 25:i8z82BqQaSZKxN9WkqOzlrOe56ve5d9LP7DHpADRMAZO5gHQdVxVrs5kAi0Ha+izvoPC3eGQcFVJKUazT7Ycy8GXXjH1UEf3HpTucFJXHc4PtZiO8JULC/dcRxG91/DYAdushUUpDumoFOp5FbVHbNidvOjsz7fRGH/fU8dqyi3MVZH9ZwtpWqTWDNRpEKbd+UcjmrHsCF8CrR8DqhU8wR3tljdduSWMmDBVsKm7lAeHiFloV9NBDj5prRrrai3w3z1TFEhtff2BsWiOYCx4i4atQdUhyf3/05BdL3xFgGV5fSTEGn4j8TqhP5Ugnb9V2Wo1HoYIiD/dzFXUuLftig==; 31:NnmUZaJhU7KfrQ2VX+cp/v+QTRtHNWoeQh2IqdynMqf0LLRuc70ruhlhcL3ytcrjzUAMy0vNx7kOnt1NctoxWMRDGShyITB35cDrk/SyDL8FlggIlo1IED4nnmAqSaz/4Fxxe+N3z4/aO6vxOG+hfEcWJcaO9oPw/so1iE+LYz24I9VCcKEZYHMu8kF0M+qVARdsI5/kE9QGiHu7Cbu7C/jCtcu7oAG8546Lx+HCuIQ= X-MS-TrafficTypeDiagnostic: SN1PR12MB0159: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:m2ciUkd1EuqG7Xoz+rfFH5H75XvuLtWFXG2iUV1E6bh20Vbs/Gq1gZyWcvx198qsfut5o8iYsomLwFqDo0lJYw00XwQZXtGj/OEYv5tvRQZ5L/b6FZK1lMYHSNtPXGW4SmUbxRG2Q17Gd9TWcUBiAJdEQ3GVF2TmUrznmZwPWTDQq+/I4FynJvO2wP9Ps3ft7ruCqDKY8d5ddbMPoop3/65cfHptaY4Qo5iRLHPPuhpPjIhNHQt5zoUWi/toqsyBXK5LwiztKNjuGIJ+LkebCEsXQQoeO3wLXhYkJ93G4lqp6P0fzurRnVsxlqtxPHRSxwCoCMB/LNBZ+y3nz1el/XWvl+jBrcvEL0pTvMumAtQz+lSax+JNdJl8nXer+p/H8ZtOTT2QIy9+qJuGOSRME67mzyiaj8xHvH/iqjNNh3w5rSVu9+ABCMeIuuN5NxDWvyiTi/DH5HhF9u/bKy64/7t9pnFefsdsoPdNEpABPqIAmuYh2TWxSsRkNhY/EoPl; 4:ChOeLcIALGH5ecDUoLadh5i4GWLtJdHS722j6u1M+m0IZGdaTKQgHlpV7ebek0bTMJP9Yit1ytr707dgr6M7AilokcEL8HgEJOYl4gYNKODWpHhT5fu4oSAHHLACHzmO7f19Na9I0lqORUiMVxOqkeEZN6x3+OG8a2tfrJ1tI9cA+9ERf/ZZbVoI05jjG+1+YsBvDCFmnQ47wYJWlmjOVvjbCp0MPwmhRhvOyqlZtcN52flpcRsCPmMOfTJseXrxgUqU8Sbd1i6vVMw/Vkll2m1VmZvmzU5/lJt91b/eJXPoh1ikAxD2i9rqerXpS7lHptKAEGe5U7uMui9XDMQkIw== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231021)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0159; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0159; X-Forefront-PRVS: 048396AFA0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(189002)(199003)(68736007)(97736004)(4326008)(316002)(16526018)(54906003)(7736002)(8936002)(2906002)(81166006)(81156014)(25786009)(53936002)(8676002)(2870700001)(1076002)(6116002)(575784001)(23676003)(50226002)(189998001)(305945005)(86362001)(3846002)(50466002)(33646002)(66066001)(36756003)(53416004)(47776003)(5660300001)(7416002)(76176999)(478600001)(6486002)(105586002)(50986999)(2950100002)(101416001)(106356001)(6666003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0159; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU5OzIzOkxuZ3V4ekNheFgyV3pYdGJvYldZSjQ4bDFG?= =?utf-8?B?QzlaTVdsYm1QWlJsc2xEWnYyNThhYjA1MkNYN2t2R0tHQSsveHhBRzhPaXN0?= =?utf-8?B?aE1XRDFURGF1UnVaSFJoMmNPaGlDR2xtMjlWMmhCM2hJcjZXcmUrVXI0WEZY?= =?utf-8?B?MFdJUjBqc24vYXBuNnVBU3I3Q2FLN3NKdzFyK1JmNEZkcWlxdk4xcjcwZCsy?= =?utf-8?B?WXNWMmpEU0pVVEw3V2pFWlA0MHhVamhKZUNEeTdYblllOWE3dFFEc1E3TXFl?= =?utf-8?B?NU4wK0w3Sm93MDBHaEs5WkFPVElFZk5NUzFLclduZjg2NWNZdVpkclV0TVFz?= =?utf-8?B?aGtxT3FnWjZteVpIU0M4VTIyVlJSNTVQcFllZys1V25YNVFEbjZkcWtqVXlV?= =?utf-8?B?WUxDUkhkL2tlbFpFeUJ6TWpNaHNMUHNDMm8wc2kzTlA3TTAyaER0YlZkakJF?= =?utf-8?B?WXBwK3dDVDB6czYyaVVCK0pHcWdJVDJXTkJhQW1uSkF6djFtVU5EWmNTUGty?= =?utf-8?B?ZG1EZDAzZk5KUUFIUGFWeDRsU0gzdXRIOVJFSlExN0s5MSsxa1FCb2hzTU9x?= =?utf-8?B?M2lWamFuQytNZUwvbVZhTEg1VmxyM0xxelpFa1JIaTI4THRuQ08zL0FRRVNz?= =?utf-8?B?NUNZRnhPMWgxSWJPbVZSZVZyQTcvTXhSR2R1M3hnWWJtM0M4R0JRY2FEaU1M?= =?utf-8?B?SzJoTk10SGZOWkFWYUt1RDc5ZGJCSXVTamxvTFc0dFNRaCtVWnpRRWhqRXB1?= =?utf-8?B?V0M3aHJKTnpXcFdBc2dBSVRqazZPQ0NWdzN0SVRaRTFOZHJ6RkwxbjlNdlk1?= =?utf-8?B?dU41dm1Ub0VvcW01VytMdFR4MTR5bXlLWGt3eFlrOGVxYm80NzRLWXgvVDdt?= =?utf-8?B?a2NUTFI1cmNLdWZzelM3bE9KRG5UMHRZT2o1aUNZcjM4WlVGZEpNQURzbTJi?= =?utf-8?B?OVhzbFNkSnFER0VwSSt6NTVvckkvSnBxUzgrTlRpMFcyckp1eXAxK2htTzF6?= =?utf-8?B?ZnF5SUhxQTdOMFRWcDlnT3FtTVJpalBzNjdkNUhYR29iQUVZbnUxWERJRzZJ?= =?utf-8?B?YksrZGo0MlhSeXdFZTZRaU5PY2RTZHNMcTZlaFRwTzg2M1BBaGV1OXBkU3Qr?= =?utf-8?B?cnFtakxtWGdpMXcwa1JJNnBOZTYyTUhPUzhWWmFRN0VDdEJkRDYxcWw1YzN6?= =?utf-8?B?Z2tDZXhGOGV1THhQWTB2RndxM1VtSFRTSGErUm8xOVV2akVKNEtqNDRibU81?= =?utf-8?B?NHdnVDJnUGtQWURkSGtNN3RBcnVENUwvV2xUUkN2OW0xNXA3YURjdDBNMHp1?= =?utf-8?B?YklmNWhjSUJhS3RaQnA4ZWYralhoc3YwMEx4SW5NU0JsREo0aWl3ZkJLbFZS?= =?utf-8?B?NkluemZ5NVA0dE5LS0EzdGppTldUdkE2cm91bXJKcU0zUFYyblZFTHIrZklj?= =?utf-8?B?dVd0eUZOKzg4UVFEYk5INS9pR290WStpRU5wanNjNE5EVkdRQXZVQkREN2JR?= =?utf-8?Q?/x385o7XApVf1D0Qc/K35KBvg=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 6:0TiZ7qvg2kHz9OUfz7rxVsFAOUr3sP8nyg5e9qtH/m6uzeXV0vcBstGvGmU4CciCoAQRMtxB3qpnUrZA6uqFj1hQnS7xBmmT+zJfMJlEoxldNrTzaCv1gFA/WqoSGP4YtUm2qCrGuhMcvp98c3yRXis/9QMPvstdLc7x2IWqMxTA99FfrHZZj+W5Lk2J9X1Z7auICzYaO2XgFuHac88nTWjq5omNZkahY3SCTIl967N5zE8HUgK23lHQLFpNd7GfE5Nb9wpYpuZT21uEiYfnvDoCpwGQC/pbAuJRkGp1jzl2gMxfUxzLXyQLdCx5lh6H9kkSyT9yoNMKPyWz1nO4eKRxLWOI45Hm3H358wjEBgI=; 5:ezvp1er6lYd/J+OU7u0TNPP67aRcapQ8IT8MqhiRlMzsMI34RYv08PbtXM/c9AZmwaTjkkIS33jpDCuQCApoC7n+UGd6uqU2D3TsrjCgh2+9mVJZCEvJtT1m/WxBpaCxHTY0JQ2nMitk9yTvf6Jew69a9hsDYKZer5++gdrGMhk=; 24:CBEdXiVcNlmplUYgHtvWedR5bKeiizbcWDz/KsQ6x7omW6PgLfmh+g6Aur9PXKfSk5okRDooYDdH57NYdSYh/mzs/bQX3wXlG5UkAh8nwAw=; 7:T6f7W5x5xCBwIpwgGqbJCXoFQhC3QMsdrh1rAm8/xaJypUjXPl4q0bLng8LiSw9eh/o2FKvtdmzl621KAs+2WskLp40gMBrU3A6dFPtv8ZK3LmLk51lou54+Aw1eEcVpsEFrb61P2rh0XDu2mTLHw0whBbS0vQVXYUBbCswHEAbGyHtdb6PDCoASCgvPA5HqWFx2ayHAWtulGgY+m2LYRSuCLceFkFluwv3pehqwrI9z43dHpX3Q/lXhAg+/MqbO SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:4wejSr1Tbht9pExVH13haLe9eq3CI8ncfAdZPJPe7WWAqWMm8gSpYk2uu3Inkomo8DaOzdeDba+0aEPWZkd595JjBxTsuLM/I+4d5mVb29dGI8H1POCi6oOdJwo9iLnKR1nVxyJkmkD/VPPgf/VznPZ1Vbu8HRK8o/xS2MjztCd2jUkcw4E1CEupUJ0yx9T4Hb0jtG+yIgdJuBqux25F1QOt3NQUssKE3U29MElBijUsqqVhCtgdgTBC0B7EdNZ1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:12:03.8942 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 97fd6b7f-73bb-4327-48e7-08d52541e2b0 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0159 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If the hardware supports memory encryption then the KVM_MEMORY_ENCRYPT_OP ioctl can be used by qemu to issue a platform specific memory encryption commands. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Paolo Bonzini Reviewed-by: Borislav Petkov --- Documentation/virtual/kvm/api.txt | 16 ++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/x86.c | 6 ++++++ include/uapi/linux/kvm.h | 2 ++ 4 files changed, 26 insertions(+) diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt index dd2dd96927b8..e3e29892167e 100644 --- a/Documentation/virtual/kvm/api.txt +++ b/Documentation/virtual/kvm/api.txt @@ -3394,6 +3394,22 @@ invalid, if invalid pages are written to (e.g. after the end of memory) or if no page table is present for the addresses (e.g. when using hugepages). +4.109 KVM_MEMORY_ENCRYPT_OP + +Capability: basic +Architectures: x86 +Type: system +Parameters: an opaque platform specific structure (in/out) +Returns: 0 on success; -1 on error + +If the platform supports creating encrypted VMs then this ioctl can be used +for issuing platform-specific memory encryption commands to manage those +encrypted VMs. + +Currently, this ioctl is used for issuing Secure Encrypted Virtualization +(SEV) commands on AMD Processors. The SEV commands are defined in +Documentation/virtual/kvm/amd-memory-encryption.txt. + 5. The kvm_run structure ------------------------ diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 7233445a20bd..f7f68c1e6162 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1066,6 +1066,8 @@ struct kvm_x86_ops { int (*pre_enter_smm)(struct kvm_vcpu *vcpu, char *smstate); int (*pre_leave_smm)(struct kvm_vcpu *vcpu, u64 smbase); int (*enable_smi_window)(struct kvm_vcpu *vcpu); + + int (*mem_enc_op)(struct kvm *kvm, void __user *argp); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 34c85aa2e2d1..7bbed0c0ba79 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4281,6 +4281,12 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_vm_ioctl_enable_cap(kvm, &cap); break; } + case KVM_MEMORY_ENCRYPT_OP: { + r = -ENOTTY; + if (kvm_x86_ops->mem_enc_op) + r = kvm_x86_ops->mem_enc_op(kvm, argp); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 838887587411..4a39d99c5f99 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1356,6 +1356,8 @@ struct kvm_s390_ucas_mapping { /* Available with KVM_CAP_S390_CMMA_MIGRATION */ #define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmma_log) #define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log) +/* Memory Encryption Commands */ +#define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long) #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)