From patchwork Wed Dec  6 20:03:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10097045
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	DCBC060210 for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  6 Dec 2017 20:05:05 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE57128A07
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  6 Dec 2017 20:05:05 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C284B29E42; Wed,  6 Dec 2017 20:05:05 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2611C28A07
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  6 Dec 2017 20:05:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752577AbdLFUFC (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 6 Dec 2017 15:05:02 -0500
Received: from mail-sn1nam01on0070.outbound.protection.outlook.com
	([104.47.32.70]:10704
	"EHLO NAM01-SN1-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1752566AbdLFUE4 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 6 Dec 2017 15:04:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=eQVxZxjCAwNUSFXFeWcPh9oeGooHymaG/gIootq1hFk=;
	b=OncKF5LKNxpCOYFm1dINVGRMTG8xiBgDR1GRBCRbSurG2PScHCcuTEF80ByfHU9oyUSTUg3YmnKSwQPBnsZM2gUVPAxV6lzKqf2+vn5OzeVbAMKOKNGcmeJrjTFOIvQH3Bvtwus0QjsDuSFjN24Ujb/jUuNd1ISqQsYV4CVliNg=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from wsp141597wss.amd.com (165.204.78.1) by
	SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.282.5; Wed, 6 Dec 2017 20:04:41 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: qemu-devel@nongnu.org
Cc: Alistair Francis <alistair.francis@xilinx.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Cornelia Huck <cornelia.huck@de.ibm.com>,
	"Daniel P . Berrange" <berrange@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	"Edgar E . Iglesias " <edgar.iglesias@xilinx.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Eric Blake <eblake@redhat.com>, kvm@vger.kernel.org,
	Marcel Apfelbaum <marcel@redhat.com>,
	Markus Armbruster <armbru@redhat.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Peter Crosthwaite <crosthwaite.peter@gmail.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	Richard Henderson <richard.henderson@linaro.org>,
	Richard Henderson <rth@twiddle.net>,
	Stefan Hajnoczi <stefanha@gmail.com>,
	Thomas Lendacky <Thomas.Lendacky@amd.com>, Borislav Petkov <bp@suse.de>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v5 15/23] sev: add command to encrypt guest memory region
Date: Wed,  6 Dec 2017 14:03:38 -0600
Message-Id: <20171206200346.116537-16-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com>
References: <20171206200346.116537-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149)
	To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d814b811-3e06-439d-99ca-08d53ce4978b
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286);
	SRVR:SN1PR12MB0158;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	3:LfVoWH9A9CFNg9D1CRkIDhxJcpXZ1bSIX4HitgsJfwqkY+srE85s6Oo6v7lIM4V/QhN+bMI1XdRBaRfIYOYzXy89usqgxumpmAKuws0xQUnwRj5CFS0ZUMJiQFh7yLR0gAVQ+z15mhbqSOydT4oBkeCeMx+q7ugPTWqsE4I7iGE3IO008/JbEUMODqP9aVQFeMayMFRcFDK2fHzCN8MnJcd0yLeKnc1hO39Rw1LJHTjG23lmfFdjpdq1xCskGMeW;
	25:PSTRXqfrooQ5NjGfZFW/lJGoOjTV9DOGXUmk5qNx1IKHdefmgU4xvfSHWFoZRhi7yXQedl2iv12hTcwvM6kuRl8lOujgtGRwQTV5E75GQT6FKym/ApipIetN/nxutp8jROHYjMk+R65AUsWVeGksgrbLIk1by/WUKehsJ7Hw0yyFhS8HwUJX5KnP577S8mmrwhpBMtrkUAZdWidphCgcMDSR0nJEb8pWzzi7jUgWcO3yFKxPgU5S3XytwKHVwuM6VgzvP0uP0AHxCK7N7JpL4GmwnXl9bPtoGSUNdWN0oeS7hWqaZEMBTZAgHMgJLCPLJj2XrzhftwplHMqZxX87qg==;
	31:219VCKOQuzdq3qe/0jXtLoRbpmGK0tFITsnpqJKFF2rpgQn8Lv0kPTG7n87lfokmXM3HQmelxj6PuElCFbG5MldeRVENSRQt9bOZ1R1SEo+1MM/o75DGTqyN/YPNtUeLmXVUAZ5rdDTupD0M8jnfZP1YwLQJgD421fK/otcTktHwVUo81gScVVDsxZbTuDzEQYIKSKB6kif5C5drioQLeQfD+ti11CVoWwp5bPdlQsk=
X-MS-TrafficTypeDiagnostic: SN1PR12MB0158:
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	20:mVFVl3lgvgPeuMGdJItpQ3VD4q4Bqjhh5TmuUiofQn04UnuFmCONQ7CNhIaeeSjM6K30GpQy9ZrJt2DEmR/wz7kxJ3/HFrEER5dySYcyEHVXmhskafNJoEvlwKuGK2frz9lT1SMmBaoAXo3Anrx8IbjvnOdfYLNZ5nfSV4szylcpceAUkZowG3v98XFepW4WvfOyNwuPLm4iKIsIv9Emwt3xpKryy8RW0U6iHFh1QwODQodbJMc3CAAI5Djf10U3aomDK15EikQUn4Vhrt/DsRl0SBAyi6IupnyukW+5SDEyEVaAUPCemPCp86U9CG8A0Em+QVyHczEqOHrdm+EBTQMBe7H+yyzvmBg+03pORRSwJK0+mZDwFclzj2f0ggGhPE4F6EvlhKcpfzWX8ToHoS/4a9owXef1wHCi0N7+wz/StyOrnoCkIqe2D2oyaygo7/QdxdyNXLm0lV+TXivQIqtDhBgrZkxzKDxPL1X/0AtfQad1kp25AzWvl5uf1xZq;
	4:hj05c55ZCDQyuRe0YiOmi//PZw6EJUf5BoQuuq9PQoXr77vhg5psoHiAahz73VyvYbC3zX4PKooqNwb0s0wWhiVTK/wc9wF+iSJwXwckhfrilwp3UnfXRAogxWZyWp21FW+Akkc7pTOKnNiBkrUT1g/k2jD138cyT7McBerU37UjbkkR4t723QB+fT6ynI3VgBOCjQqOhzqTwCC08AiWQdIwDl9fEniQeLeo6mOUpA1nwLjmMLDC0zvczINkqjoMj2yCgZ9i5ff1iPr9KlOHtkrfl5OCKlPX8XODeZXnAU1s6kIalvZmKFBjgRfSrpID
X-Microsoft-Antispam-PRVS: 
 <SN1PR12MB01584692A3D782625B596B91E5320@SN1PR12MB0158.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011);
	SRVR:SN1PR12MB0158; BCL:0; PCL:0;
	RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158;
X-Forefront-PRVS: 05134F8B4F
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(575784001)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(6666003)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1;
	MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158;
	23:C40qMOFZpCLULK4Iv9i7DZ92DZAJFztjz7i8ogWIi?=
	=?us-ascii?Q?gC1hERLPZZnWnMNvgHAZwEyeOjewVkgK5Xd/inKb6XnURMHN93+vfVeCLgEj?=
	=?us-ascii?Q?nGQZdavPn1Km0AdMqaQ1VdlH/A6VtZtN/gwbb4H7KQQJ+ZZNjQHdFL0cWCbA?=
	=?us-ascii?Q?WBRYVdjAZk6xjvonvQGupckeYdozjAwuTB0T+WpIumrN+65rf3s6TsdPsZ4S?=
	=?us-ascii?Q?9Q4QqQNitXcAbHyGIcWJJ6/vM04GQ71xjfWrcEnlZk4RYt50XT/V9s6ftm/k?=
	=?us-ascii?Q?/NqWg5IEkblIQU+OGwVjBgY66NUrFW8Lwl9kQq8jvFBOw66BMi/A3FKYOLam?=
	=?us-ascii?Q?39upQk77suqd/fWGX7L/TjcLaXY2NfqpGj43SfR62/GI3oSCPzhEqvLsZ6Ix?=
	=?us-ascii?Q?55o6amNtT1S7xluFpWYfhcinMrxbqvRPFaxcX51rCUEgbcyMueMP0DDLryrq?=
	=?us-ascii?Q?UKyd1s50G9IqZdDksEINEAVEhm5Dx7/Mn1HVoneHh46nzPZV2Vd4zM/8L26g?=
	=?us-ascii?Q?iCBr4tmg1frNOF2C/KnibrS0e2QsG3tpK+B9VfWC5gNAgZ1M/ydjdt7UW3x0?=
	=?us-ascii?Q?s7APVbvLz57+QbPIE2sTPi1DiQBu7ZdfMDbbeitDWYpceKa2g+Fr3oZt31gF?=
	=?us-ascii?Q?rvyPSUJnRhXKAoh2H9mQyh4omBTI4uXE5TARad5413+IWZLvv5wo/3NqvitX?=
	=?us-ascii?Q?bZxgSc2T3l2wtwB0us2kULuDN2oOmYgmiC0sANknLIS3p2HwZR4ji+w40vNl?=
	=?us-ascii?Q?nGZXJyL/iaZj65hZRevntqIwUMSXHFdeCjS7ic5tUQOB8mnNHGxANsVyggg8?=
	=?us-ascii?Q?rahNcXOu42zudB3ccMSXwJK8tELiS1cCRHaXDWqndxb3kbtcVkYheY+pMO1X?=
	=?us-ascii?Q?hWU7dTC8fCQ5optd2eQ+S+6NOBj/zGH053F/PGi0Nqo1JyT6fJLosQfD7chI?=
	=?us-ascii?Q?/eBM1ZkZ0Ac6vrkhURKGeh+eMRGsYxbvMCNZ5ceVCt2g8K3LeXfg1Z2odpxh?=
	=?us-ascii?Q?c7JyEitVy6SEYMRmGlPGQaTcKWVTpSknW4AwbkOP+fsMDKvB9t8B6Y8n0LHT?=
	=?us-ascii?Q?IZ3lTyJOYOI1EFhWqvMY08aqUAW5rM3NAY8T+QXMpmvVhY9I98QA2gpb4Z0T?=
	=?us-ascii?Q?Lri6D6cQgdznaPfgp5dwtyeRl2YgNqppYY4wTPBqhJvNfIyG8AlWvhwEfG+S?=
	=?us-ascii?Q?FDS9ZQ5U75nPSOm6GGBNr1hHPMK4b7+Q5B80wt4JLSIulCZ2Yuh77hEgadOQ?=
	=?us-ascii?Q?3DCXUyWYAG0Y4tYfvU=3D?=
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	6:PBMkTgLg5t7Nr0vWlQAppVeokkm4oB0DW54cO+0BjKTtNaVy+KSExOUqIZyjn/cFlLphypvNIGtOqdFrdTfqrQWjVV2RI6c60t6OWrRFqGDrYc40JtNZ+AQwc4Syneg86N5hlrUJTbp/kFwlPJNhaOaTVMaQO1HEVjkcOcPeenv35v2dXbZ7M1ahb12YleyTHNtom7e/dCxAkJMar+Ko/eSgrwld8FPhMzqvuD2S9hNu3BtqJzPTBavxULuigDe9oO+0UpsTUSZatGLoml8g2DMMmMtZAdjVJWw3lzFbd/CbyLii/+2b1XXzauJPbGfx7Y6gnry44iEJXO0dhSY5708qYtahALlIi1+SD94KdEE=;
	5:PBTorW3+QEhxUxZXKhdx3LS66AhAGXrWFB1Nt5eP/G9Me2XyCrbzHD79xiWdQhogbdp7d5Q+dfOP2qNEdGt6XzNNGXPDaB+w/y3Cg0UW3TTtgpGgr37SjzX2iBh3hEI/bg9scvlh/zERMDtZDEAk3269iY04Im/ezpHmTOPjFhk=;
	24:/qdEwsY9n0mznad7FyLVMxRq7qtbPWizRVnrz2pWbxDFLBuBXgzFxbDvoDahvE884ioA9V5Z5D3Z2u8IHHyjSxfYNKACnM/T6pXnmPwNfeE=;
	7:jvwo4KT1ncCFFzBKgLER3gfhbl79lxVl3EzZD1qXRtk90Cap0s8NsZHQ3K2T59DVykI5IeitxhcVDm/2rVH8iuvDL2r2ScY1wwcSH4o9spFNIeT+DwBN2jAKY2rRRNTNw4jhcOi/1uryg5nIeo5bI0oT2dWpED43j1Wn5Ra49zJ4+Nvc+lzUtOWuB8MaBSTgwHLq4I+JGwelJ1Pt3e9loqy/QbdUr5ucByXuVpnRYjq1xRv4M0aafHszkIm4hH6r
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	20:hpYr0K2Cew7z4o2s153igFzhgYhdg44KKwN9p0VtVAVX74sd+/PechLGeu0y8bz1xigdOSTVp3OoELBa5nS3H7kreK6nVhQGBd7mPiC0CnWhOHg9jaCXFKotHF4Syr0jjYsDqtxjlKsZpngh8XT52JNh5ukWheGd+Y4BCu0iW6bzJW3rkG17qac6584gPcVMmj7OIqpi6WMeO8JSCONjn3v8vqOBSU/0YwcCRYjxkgxNxI0vprGDeNPt2Ir6cSup
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:41.8324
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 d814b811-3e06-439d-99ca-08d53ce4978b
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory
region using the VM Encryption Key created using LAUNCH_START.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 accel/kvm/kvm-all.c  |  2 ++
 accel/kvm/sev.c      | 44 ++++++++++++++++++++++++++++++++++++++++++++
 include/sysemu/sev.h |  1 +
 3 files changed, 47 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 54a0fd6097fb..d35eebb97901 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1675,6 +1675,8 @@ static int kvm_init(MachineState *ms)
         if (!kvm_state->memcrypt_handle) {
             goto err;
         }
+
+        kvm_state->memcrypt_encrypt_data = sev_encrypt_data;
     }
 
     ret = kvm_arch_init(ms, s);
diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c
index 74eb67526bd0..83fc950bd3ac 100644
--- a/accel/kvm/sev.c
+++ b/accel/kvm/sev.c
@@ -368,6 +368,37 @@ sev_launch_start(SEVState *s)
     return 0;
 }
 
+static int
+sev_launch_update_data(uint8_t *addr, uint64_t len)
+{
+    int ret, fw_error;
+    struct kvm_sev_launch_update_data *update;
+
+    if (addr == NULL || len <= 0) {
+        return 1;
+    }
+
+    update = g_malloc0(sizeof(*update));
+    if (!update) {
+        return 1;
+    }
+
+    update->uaddr = (__u64)addr;
+    update->len = len;
+    ret = sev_ioctl(KVM_SEV_LAUNCH_UPDATE_DATA, update, &fw_error);
+    if (ret) {
+        error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
+                __func__, ret, fw_error, fw_error_to_str(fw_error));
+        goto err;
+    }
+
+    DPRINTF("SEV: LAUNCH_UPDATE_DATA %#lx+%#lx\n", (unsigned long)addr, len);
+
+err:
+    g_free(update);
+    return ret;
+}
+
 void *
 sev_guest_init(const char *id)
 {
@@ -417,6 +448,19 @@ err:
     return NULL;
 }
 
+int
+sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
+{
+    SEVState *s = (SEVState *)handle;
+
+    /* if SEV is in update state then encrypt the data else do nothing */
+    if (s->cur_state == SEV_STATE_LUPDATE) {
+        return sev_launch_update_data(ptr, len);
+    }
+
+    return 0;
+}
+
 static void
 sev_register_types(void)
 {
diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
index 45b464cc96f5..b1ea3f805290 100644
--- a/include/sysemu/sev.h
+++ b/include/sysemu/sev.h
@@ -69,6 +69,7 @@ struct SEVState {
 typedef struct SEVState SEVState;
 
 void *sev_guest_init(const char *id);
+int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len);
 
 #endif