From patchwork Wed Dec 6 20:03:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10097061 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A3D1360210 for ; Wed, 6 Dec 2017 20:05:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 95B1829FE7 for ; Wed, 6 Dec 2017 20:05:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8A64F29FE9; Wed, 6 Dec 2017 20:05:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E1CBF29FE7 for ; Wed, 6 Dec 2017 20:05:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752506AbdLFUFR (ORCPT ); Wed, 6 Dec 2017 15:05:17 -0500 Received: from mail-sn1nam01on0058.outbound.protection.outlook.com ([104.47.32.58]:2394 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752587AbdLFUFG (ORCPT ); Wed, 6 Dec 2017 15:05:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Gy8TSc6rGx1QjQpnkIT4gHjb9lbLz3mP2yjoBKEQxnU=; b=GfmdREakmtnBrhMe6uz3ajc88Ht/D3HoP3rWMf3efE7FgkrkOeJNt0jwbN2mwhW5hlKxPeNRoSE73rwnQdQYUnhJX1221rwb3kH6ujO8dRBZGqw4oX8QdRd/IOAJdDoqlE+yeHDXOj19bJ2fPOMMz7mVU1DyzvSpSbptlWWJA98= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:52 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Edgar E . Iglesias " , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Brijesh Singh Subject: [PATCH v5 20/23] hw: i386: set ram_debug_ops when memory encryption is enabled Date: Wed, 6 Dec 2017 14:03:43 -0600 Message-Id: <20171206200346.116537-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 09907e66-8054-45d4-1ba7-08d53ce49e2d X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:bqoBUiMVyDNVIrG0ar7Rn1VUSuCZgLYLumTcTKFJD+VkqTIQXIOgh4vGCHpL4+dp1XVyPSxJCxLNMKe5DzUSi0kWnvtA2B1z3AqgHA516VWkNEzRvyh1LMMC+5PDaQP+pL/mQxhG939HPapl6JmVR0GIFHKD4444QOrWLPzmi7JruwyoWG4VhehD2mxo6emBBvV9nHSebaIGNHBmZsKF4MHcIUEZQyym78RU2yqmyzRW4ob8MfkjLXBWPIeAX/Ap; 25:OYbZwjPfdo/3xnPQnPUsLv6tHFRVZDQWrkWJKCHoOXt3LC/9qJZphZCRyUR9w2k8aymPBchXIAC7awvC6zMDrzjGmSuU7lVE0Uq4tMGuysqpXgbKYVR0/6z13D9o4E1T02ijTWRZ0htp0t8R72gdSmhv/cyNtE7VGey212Bk4kpADRZXWCjPUOWAtE0FCpY0iIjGDjOmOZgDWQ28B/Zv4RqKq/8tQcHxIQa2cts+Yfy+BJlnpBhYo7Np97fph+AojWvtHcrtXuLAxnMGUkPjyCMciGNrK/P0BNe8zcQ3SSZyTEGgh2Hm/uRCBikVrEjaT5ujeoJgF7zmUs0uMq0OHA==; 31:n4v5E9fZO2fFeA273u6DtIQnAlgGMUqzKAixaciTr/yGOwNButq1DciqAgJnG4F0+2DyLxhXQjns4CBhkSaz0vvHSxF8hVPfZGENu5esoBUOHtl08pN6NUZpln0/y4ZMBq0FTgcEIQhyn22VRXLmRDdH09qrjRLAP6WqRk+QiwpRxBNatWC2TC5A4YTT8BOxjtGihWOJwNqf5g8afp/ZIcbGMt/Bup4KyFbxkuwq1HE= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:Q6wBa+fYc2zwjQdG236jpIyKVl6Ybus84PsVjQb11BAv1mQN8dsRobOOOwUrJcf75Bnu7eYUchygEoEkrrq0qh++DRvKrekFvc4da5D4eZYcPjY2v16/ychjQDnIjKPIK4EXMrr1v70dWRxPQ4/izGVeWu/4d1hvVS7GwQfq5Saw2+mnoUE79Nk9wKzYnAk8HD+5TYbp+/FW8dMFyk5Ai5k4do3Ii7pjKTOxvss5Tnpq80a8TvK1kE4r9OqnYNmNvFx1jkuLUxicCuvJKQFiEsJCPUH0jA/Wk11f3iiIcmNPu5aGSL0uo4+uaGLAswOJf2+ZGprSQRciPXHvCnyldGSITtoSVgpOVlGsUM2NG5YVSTjKr1HT9I5l/u4+iGrIPmOSNBdmRdB5SWL+f+ImfoJei75LW8o5Bg8SYffbVVbJCSk9d0eAmYQXaNirgq0tUl5oXRjdviPaQCVOI0xcEdGaKnd/krB8T0ErUmg1CPdv8GWDBjHa3Dn0cUtEYg7o; 4:Q/miWQ2fiUpMiVfB2qj3W8ZnrH1f/oq2Z714hWjp6/vTCft1uuXK1V8Whxx35ZFTe6ETqV1Uxo5UvVH2+DjZOm0xrYRrd8AvtkNXls5YJ+wLViqYnc5WH5RcZzj7ZRCKHx7mfaSwNuJgxqcxqu8lIQcrRy8LdOqSYevbPcmg9Pi/Kf0/7+CwSIkroXqACbOKBFGqye7qU/aXfRP0wP2ZC3Wa8my8NeaI7b/w2Rbfvn9DyodllmUVtqzVjfXyy6V57WQuMMhvZdAwV83kBlcwEb2p0TfOIkIPIouc/POf8Z/x4lmZLMoWPwRJEvKMtSPu X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(6666003)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:VtPEyhiMEX1PTriLQW8xqucftDIGkjxSrU+zWLso/?= =?us-ascii?Q?5w1AQGf1/24scB8VwNA70vb6DgHtZEQfepJ0prsRcLMyjKmrpoMWBKLx87H4?= =?us-ascii?Q?nOe+tV+mjVWof3BCyNPSbtxNsW3ry04pHnQYqJMmzLrjBnzmioDa42yYLIVU?= =?us-ascii?Q?LTEA11xQqq7oqwEALhbE+l0rY8zVpdLmDupZ5Uedx9ixbtnapT2I/8GTmX3y?= =?us-ascii?Q?k5HWx6Oh9oH2v3QKLm4nlJDeB1ncT+iZFjDb9w7AhgGbUycpC5kkzZhB1h2q?= =?us-ascii?Q?qgvK/AuAoBkuywo4f23qyItVKYMgk7EEeV6CTR7cUPZY64uD6YaOwn2keAeq?= =?us-ascii?Q?qdxXNftHkxaRivErwb81XgbPIqsJ1tmJeV/tkS8sCJb4jhTc0eodQyytuBBE?= =?us-ascii?Q?RaX7Qs3AH5qxgnOkfH6d3KzJw4SQU9rG/Pm6q8VMOhdBeXtz8sB4lxqgPZFz?= =?us-ascii?Q?Oyh8C/D2TZtE8NUd4vwdgQSZ+cFAuXz2Mey7jbuowWK/q/5Us6l8BrEMfcRW?= =?us-ascii?Q?gFY4OvECMGhyljoA7Wtvl4Is5dRFJxFHrtIP4JhkLo7HtfRe12GWPYuwghTH?= =?us-ascii?Q?Xs7ssRV5ekXRosfuQTbhCSO3UwfqyiLVFt6ToWZmHxy+imFzYpB9UgYdnhSd?= =?us-ascii?Q?v2CKdW6RohOJ/mfbw546P31JrALyRl0JQyOrm6bu1HSauk3RrjTIrVo/mYfJ?= =?us-ascii?Q?/X8TJ50DkWv47HS6fr/KzGkLnP8zxamLSm2/cSFt2BxS3v2mFVgwUS2/EsJ1?= =?us-ascii?Q?atUaLjV2Hh3ry0NRiLubxbU6qJeudiM27g7bJrRQpSUnh0X96xrmhH1U8EgX?= =?us-ascii?Q?iwWHGjNKYg0WPHqinBD9kPCgIxn6ZXiardgvOLkEvxi6AK4FvVnBdh8cQ/bx?= =?us-ascii?Q?NicVqx7E2tdeIU2Zmzz1ABRCp3g4wPCfO/ExyBk0ZrxFbIjj3pvEYXq572ca?= =?us-ascii?Q?9Zk1O/c0rzhk/ms9e2ntbR3tZG7QJSYaZzwwF+Ub5HL1ue3ZYEMzbET4WRBm?= =?us-ascii?Q?gNW3DtEu6QHz7vwwrDlX6aLppZYGrwO3bFDZJqz+0Lsg+W1JO6S4mIkCTMaL?= =?us-ascii?Q?ONkqrvcPJwV9LTZnGi8lqkAm4aVl6mb/Q60NsDbl6mAVtmOjPIztKSqTi8+r?= =?us-ascii?Q?FJPLaNsD3QAwAOLkCtUH/VszH2L35AHyRzbgrJmZHP5yvI3YYaNn20l0ucKG?= =?us-ascii?Q?4su0Bu1B3s9LrLoBP4yFAM6N7Hexrc1HNGczOEUD/ZsCbTcSA0hOLlVhg=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:lmFN31E1v47RMPIOI86kYJird+XcgWOUjMKHkAexoH7GgVPpaT9z0oiKkP1yuKDmoMZ48EDGiBRva2tXAysvQO7qsKtepoBAVOkwS7kUtm0MftuG29alplx18HQX1Wuy//tg2Y0CmjKhmGnrJAA4IRY/r3vL2v3frxbU8XQ8xhjfUWA54sSGjbF7jzHWJjr7YOnXEvsag7l/Ob1YlV7nN5Pt9eBnwMw/itWON87DozPrrirV5eBrPTNbm55yuUVrD9QPv/QWbbbFZBPJJerpId24Kc/pSVyoxcN1BVW5c1X1iwov+ULWbVHEP1lEQf6mRgzWKfpXrwbYhcqWAPSMHtqnt1lt4/XizHJiVh2maYY=; 5:oUVXqdyN6Rg3RowrqdTjE5JL7v56H7YBUdo2vrst0XV/N4aKaZKPjdtxRg4IGykzgV+Vou70sahqp7MtK4dVi4A2jU4c8lVrNhVhSKY7zLgdcu2xlz2Q0Bkrhi5s99UW2NhyPRVGgkskLEmBdpSiXICdec1bHs+SCl+kVVyq7Ag=; 24:ldz1fkZyKCC2JdEC23e4dwpMTvUe2a/ickWu/9NLwsAgIcs+I3Pe0KlKvMi/RHqV9eGH2WrUw06f70VOwPGudpHdfMEoOqfZhvCCnd837zI=; 7:CGoO2q0JDnmjQyyEMkIQJKUQWOqVywjthyYwQwNupUCOkqBSEUtCEN9mCVbY6lLlgB2A32nzyi7Gea7YGtsjpuqPSRudb7+bHzaeTl0Rz9K2V6KRYgqIajzFvfQuWPaNVCtezkVOjZnW8sIz9H0LIMMjQAbiovR5pN3C55Cl1GSkVBJawTJ7iuPJzhSEYQQX6chLgbscX/N/UvNyIatAThKkusV8ZLLXOF5FYXvTFZwnVDYZoL5vBNeA4Ibdp/EE SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:G4MLkZ95ysoxfvpOBB5AqdSWVZheV4+R4Dk8Z/eSV5v0ZtJqSpZ78x+O4vk2NGhP5ymtES/9ocefRXLV2ZW59kd4N9eEbu0m678/WVey9ltmiwVGCUYCrI11E/gfECqOMRI+2T2l8mRGhdkDgyxnhmT5aZNWWgU/kzB3j7qRPgVOADgE0VUvQj1pDcURb8iVfrCgHDy2txXrb0+E23jAhg6bFujBiGWENv8Lfq9XRMBNgSI3yPqLeNKFI+0EATlv X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:52.9728 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 09907e66-8054-45d4-1ba7-08d53ce49e2d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When memory encryption is enabled, the guest RAM and boot flash ROM will contain the encrypted data. By setting the debug ops allow us to invoke encryption APIs when accessing the memory for the debug purposes. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Cc: "Michael S. Tsirkin" Signed-off-by: Brijesh Singh --- hw/i386/pc.c | 9 +++++++++ hw/i386/pc_sysfw.c | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 186545d2a4e5..937cf75d5545 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1355,6 +1355,15 @@ void pc_memory_init(PCMachineState *pcms, e820_add_entry(0x100000000ULL, pcms->above_4g_mem_size, E820_RAM); } + /* + * When memory encryption is enabled, the guest RAM will be encrypted with + * a guest unique key. Set the debug ops so that any debug access to the + * guest RAM will go through the memory encryption APIs. + */ + if (kvm_memcrypt_enabled()) { + kvm_memcrypt_set_debug_ops(ram); + } + if (!pcmc->has_reserved_memory && (machine->ram_slots || (machine->maxram_size > machine->ram_size))) { diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 8ddbbf74d330..3d149b1c9f3c 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -180,6 +180,12 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) error_report("failed to encrypt pflash rom"); exit(1); } + + /* + * The pflash ROM is encrypted, set the debug ops so that any + * debug accesses will use memory encryption APIs. + */ + kvm_memcrypt_set_debug_ops(flash_mem); } } }