From patchwork Wed Dec 6 20:03:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10097039 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9062160210 for ; Wed, 6 Dec 2017 20:04:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 80E3A29EF1 for ; Wed, 6 Dec 2017 20:04:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 73B2F29FD3; Wed, 6 Dec 2017 20:04:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F1CDB28A07 for ; Wed, 6 Dec 2017 20:04:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752565AbdLFUEz (ORCPT ); Wed, 6 Dec 2017 15:04:55 -0500 Received: from mail-sn1nam01on0070.outbound.protection.outlook.com ([104.47.32.70]:10704 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752557AbdLFUEt (ORCPT ); Wed, 6 Dec 2017 15:04:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=84VVRamiwEmyyOf+EPwrpYiHNZvj7LrvW+lOYoxniGU=; b=go92913ynU+7lWRrpejgMZK3JXLNeejTPr14xWdRPtiZMDFINZHRNaATOWzgdw5vOo4qxhwcnOnsl2CQnESavaXQCfUl5MuQgdH6wUcNIRmsHV8wDyXFmHSYkDMvAO2gS2SNRAZ3bDB7XMWS1T8czy4f+xn8MmFSCIDlnyAmPCY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:35 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Edgar E . Iglesias " , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Brijesh Singh Subject: [PATCH v5 12/23] kvm: introduce memory encryption APIs Date: Wed, 6 Dec 2017 14:03:35 -0600 Message-Id: <20171206200346.116537-13-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0ddef2e3-d917-4581-049d-08d53ce493e5 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:VAG+dKcDd8xSHP1e+50xUXmBYyatLfjjDmZQlcW2DZMMJORU8ol07rNRerh1OEyshnZQQ9t7QfUsjmUHXisv2nSDzv8wiYgZkIY6OtuOvx/t6yupiEeSpQPQPUUltlt1cX+p6G7u3joM+WWHWXUOTrQWot4jOO829C+cqj4orFVRfo0KukCn8fEFt2Ck8UYgUc+eJQWH3XfkDflpsG7sZPIs7ih0x5RsZ/IFAY34LpE9cfctUVD9IfvVMGvRmZqB; 25:XvVYyHgcoIa8rf79VNz742G8Y2cmT8OqcEAp0z10DJNxOPQX/xy+jvhSA4jE2uyHn8mIJuj1gMmqaz3XjvgCsH/9VKFadcjYbeNbjoguYT6pkkvZAxCTO1hU3ZxCeTOwHNhoUHdxMq+3DHtaA2/5lD4yrl+8hv7YBqCjZj7P5y1kstAhWycWdqPLby8FVOb490vhG/dBM1ZlhI8PHo6k4xeGtPERkulzg4LywDLiv30kT5dk8nSjyYodCKPi/PxjqrRY+LLpcAkWjyBcXQ29ZDVrI/+kBmi8az4b3htWqXkSE3Z00tWxIXdlZ5WYjWSOjmDVJR/2m8hr6022V1rDTg==; 31:F07WqvXqAo2+Z7zDi0+jbb0b8DFj76VAlrvOFO0lsjkZT7Fxnat0O5zPRRbZAUuPz2SWsJkhdI3Q8H+i+dP4yRpe2NudPYdzvYpKmdOlVENEEI8O7DReK6M64nSXR20o9/lrPajbKMzo4DYfqJpCrp12/jhHeD1yykiMN9qqQYmYSaNbmyTe7HYn1D1FXP/IpwNphQlLDOetNVZy8Cx+W9ELQW6DnOg6Nmx+ZPMni7c= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:kZeJkzFr8qqJeCghhPGrcbMX9o5BylNpRw23PeRI5GBEMhBUwZr/1cF+h87dt0N66sl7ODj6/LuwlcHY3NYRlCISCdcaidgOwNkBbbbMgZmB1CXMfNS7daEOXCRTa+muN/SvhBqOQKhtBLt4Zgl4bNp1SebN9LG8pee1Vd6bQnDdbX+kg+MhYD0XEeIWKkDVXVJlluzIYi8WSyiC2R2Jz7D6sRJMMuAfihTFmN0ESOkdkiRw3vFyClfZsLmva+X3BPnBfgl21VGkECdQQQ9dsl3NN34JYjhuL1u+DtxgjppFEIW1UP12Qnejj2CmVjtkiaBh9kplkiMnbJR1TcgaHUAcXrbPa45BgPlk9HC81i6lOJJ7dJyi1I2eXDm9i7hPCYQoHGeJo4P+dY6kDsCo5co+hgxl85+j4Cao2f0E8p/j94buY/NWrqj3oCk5nqZ8+4MJHBCm6o0L0ZWwmF8ZHoXAOSvwXTwdSb6Hn7Yxq3zHVPL7ogA+S6snXG1tzdk/; 4:EiEwBSjz9Om0rU9jXfC02xJGklf8GxSrinLrjr5JSa/AeIGog1uMMLDKUpOUnkWcWO9Pb5hLyG/rWpggnWxWa4hDthughglEJh4vPf4aQT4OdfZrlE4tQ3xDoJdNLYXW8km+0xyc0mXEXx4Qqw1uypLMWIfqPaxybtt4VqACKnmG4pxG2/CcuysnHD0lDMl9v8a12Xbw3PFDZAk1JD4FhhmfHWegj3M7ohgb3UKF5U6Ktwvnby3HwSqBGTPN8WldrXJgBMAsjTdCQDTgHR1+3x7niNarnO4FPvFWqMP87TXG+jTZ1Ts74YJhwWapGtBcip41okJO/4TuWhUvPcfuKQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(575784001)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:t+kdDnlxd7xhjsZ8SJxybNXzDz92+ub51coTuoyT9?= =?us-ascii?Q?ta+ZdAirIvT4Apysf5UiVba+ekzgVOgZBGnOfG9sKVsoUNHV//46Ke33Ro8Q?= =?us-ascii?Q?BAGX64uIrF2ErsrjpV9EUfSg8w0v5Whds5y3Nj3kWOXBvpy4xVUZt9sMHEa0?= =?us-ascii?Q?LFC1zR4Z37ewZTUPdzVbKz1wdKUVk708o7G4fsoFeIX4ZGhtcsGdY5HcZezh?= =?us-ascii?Q?UGYC/X4cF0I16KPZBEtuVPLIOFSvFmS50mFlOgQHiqSJ+uCBgRxbfUCkGf4u?= =?us-ascii?Q?RQezVtT8KywSuvld4elnJ/rEEYM5nPYANydlOfzz6hx8qQWjRpnwtiFH2AP9?= =?us-ascii?Q?ZBgBTzm0wC5GZkYSadIJAAVkhwyP3c0MHqi10VJweTwew5+TTjh8MBBrnIf6?= =?us-ascii?Q?1dorNyCUVkfswm56EH2AgOvD9Cfkrfg+J1JhiGBh9EHcF36UZORuPUV8af8h?= =?us-ascii?Q?GdlaGUrE65yeZ/S51iyuOlC5izpF7qUs1S55F4Aj7VmAJ15kC6cMozzy+aoG?= =?us-ascii?Q?ABB4EGRSSQSr0zYJBgOVPBJYtgAqJ3ulLmRWwFd/6GjSymOcXEZEPym7VilP?= =?us-ascii?Q?+nmzlKL3Kni/85VHB/Ww60fEGP/xlywCbmQ6QSOTXL6hPSj0gwyXbCXNI4G3?= =?us-ascii?Q?M/zc0CRS4eLaPTS+RYWSVcCHGSIjtmIq9lDwJZSOcO1+KCXCmxupybNHYbwY?= =?us-ascii?Q?om5llDblLqjOc6GMDgp+VRH+eBNzpw3aX0YoZ05lECkaXFbeJGy05yE0Vd91?= =?us-ascii?Q?lo6tzUc2zhEBwRlGRvSePxrOEaGw9Wao+O7V5qR2D6XSdVDt7+b21v7ern2L?= =?us-ascii?Q?5OJx4eelp4tm37MBlN/chxHXk/52W1TtyLT8Xqm3wT39CBXvMa1ClvpkhtSt?= =?us-ascii?Q?SSD1xkklV5zi0KOeI55qmG6tPq1gCntkqvrAVIzgpnI73WsoWPiNVGI3po/c?= =?us-ascii?Q?tjKnWTEaI2Ro/FkyPIJT0O+IF7CPcT7xOR13Dt1eymUtQlOrMzbPbArkeYXj?= =?us-ascii?Q?4vF9nl8cgp3+h/FXLf/KRaXcivgFf8muo9w6pap6ypIZfoQNAqUHGdme499W?= =?us-ascii?Q?MxzqIu5fZNb5fyWwyZGq9yZ0QfHWXsbP5QjQ0YeUqcSAFi6DmIS2XfTFRhhI?= =?us-ascii?Q?8AVzQuDBaop6IVE35vCuB++6Vh4fchOt45V2pjbM/UXOGoVNCYR6XyifhfO+?= =?us-ascii?Q?GTE4bIRfK8rIjybengITIxx4V1d8NOYovP8/FimTpN/MnQLttnpPrkIwg=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:HT4+n82ICWtkmComCTTqTCKvYu6jfTcgg1Qt08KhOwnBUPjDI1JrPs3UW7s6G9bqnrgTUpsQLB1JNlDSEUfheEqsqRO8cGyiVUT1FnDRdrY8Gs0UVEkYjxeo46XcJT7vdhjl2pAUNBFJr06X36gtB9suX4JOrzjC02pyEApftyY7femgSuU2kgJ0Tvu1OIUYLgY56yEp0VPQFE4mAxQ+REqvMZ6VZLFtIcKRNx2Fg/VP9NSGkx27uhZChhpiukktsIfhnWlXZRC4wK8jZM70tf2cWycwkKdgCLYiZNPwgjyI8nfOQwNHk9HEeFf3HizLJYB0ygbzaDp/ydC1gNjdtXVvOEZbzl5SzZkosxw1Iw0=; 5:T+zuyURDLmtFLIIUkswMtGXiP7KyU9NcsJlZgKyh6TpjEunCWtZhH6Y59SjEhugqBywq02/VTUMHcEmaP/N7RSeMmWESLHLGevzYSmWENq0iLIZkMGHjPfhhthK/W1XDcryn9kKatxLbq6lNgST3eRQNrMuyBjVEIVF9l3i2gKg=; 24:2U+bbXGtvMZY3mzqQOuQ2JJkswzztyBaYXfbce0rPDuJ5QMJyU0+yMpvv/OKjzT71FOR/F02rVz172U4RWkHLR1eLKuBqzXfLpHG/FJGX0o=; 7:Pw9MwcfNSdfe41anKD0l4a6c9oMiAByTrFQ84C3q/yaiWUzaZhp+0iSB6L33g1D9RUBLsEE/Jzc1NMpjfRXIBX4h69hgOQVc26XGRb0ip9pYPm8V05bMOogwjUJ+90ipCwBFeWgL4cu+Tl+9HlSPJSNuxMJWdhPsSqzJ8iZoLjGSinRvOeKK2mFM1N176WfROe33gHyf9YBHnl7quw4uhj8Do9zaQfBWPukMVJZDJG3ZTJgBryGfjW3H1hN4PkpU SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:x9BQySb8LyhiJsiRy3dWcCrGxgqYTWwkqGOft10hZCbincbg+hUSjR5IxFlBm7A37M5Ar2RY3JLaYNSCSiZMZKVU+i6cmDcc5mg6Y75radCYcysvEP7lUIax5Hgz5smYkXbd9rrDLEy7Zurk0Mv+dJinN4SDoyJIXPvWDokYmPDWoNOHGJpLmXHnwdCssyqHDJ4DjufDgkyQVVGpqxDxNwAnzXZZrV4O9LR+UHcYWje7/U4YCmIfDOilL1XggMsJ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:35.1138 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0ddef2e3-d917-4581-049d-08d53ce493e5 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 30 ++++++++++++++++++++++++++++++ accel/stubs/kvm-stub.c | 14 ++++++++++++++ include/sysemu/kvm.h | 25 +++++++++++++++++++++++++ 3 files changed, 69 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a9b16846675e..54a0fd6097fb 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -107,6 +107,8 @@ struct KVMState /* memory encryption */ void *memcrypt_handle; + int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len); + void (*memcrypt_debug_ops)(void *handle, MemoryRegion *mr); }; KVMState *kvm_state; @@ -142,6 +144,34 @@ int kvm_get_max_memslots(void) return s->nr_slots; } +bool kvm_memcrypt_enabled(void) +{ + if (kvm_state && kvm_state->memcrypt_handle) { + return true; + } + + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_encrypt_data) { + return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle, + ptr, len); + } + + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_debug_ops) { + kvm_state->memcrypt_debug_ops(kvm_state->memcrypt_handle, mr); + } +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s = kvm_state; diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index c964af3e1c97..5739712a67e3 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -105,6 +105,20 @@ int kvm_on_sigbus(int code, void *addr) return 1; } +bool kvm_memcrypt_enabled(void) +{ + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index bbf12a172339..4a5db5dde390 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -231,6 +231,31 @@ int kvm_destroy_vcpu(CPUState *cpu); */ bool kvm_arm_supports_user_irq(void); +/** + * kvm_memcrypt_enabled - return boolean indicating whether memory encryption + * is enabled + * Returns: 1 memory encryption is enabled + * 0 memory encryption is disabled + */ +bool kvm_memcrypt_enabled(void); + +/** + * kvm_memcrypt_encrypt_data: encrypt the memory range + * + * Return: 1 failed to encrypt the range + * 0 succesfully encrypted memory region + */ +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len); + +/** + * kvm_memcrypt_set_debug_ram_ops: set debug_ram_ops callback + * + * When debug_ram_ops is set, debug access to this memory region will use + * memory encryption APIs. + */ +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr); + + #ifdef NEED_CPU_H #include "cpu.h"