From patchwork Wed Dec 6 20:03:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10097059 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 63CDF60210 for ; Wed, 6 Dec 2017 20:05:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5541029FE7 for ; Wed, 6 Dec 2017 20:05:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 49B6729FE9; Wed, 6 Dec 2017 20:05:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A200329FE7 for ; Wed, 6 Dec 2017 20:05:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752633AbdLFUFU (ORCPT ); Wed, 6 Dec 2017 15:05:20 -0500 Received: from mail-sn1nam01on0070.outbound.protection.outlook.com ([104.47.32.70]:10704 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752588AbdLFUFH (ORCPT ); Wed, 6 Dec 2017 15:05:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=s8hZulSwar6ELtiFVQb01ifBIcNORnbFldsV5X1g0eI=; b=A+tPsEq5FFzEhHbMqGrwGOF6ZrGV/RiG0XKtyUWh0wgytcZqKDOWQwhdmUOg1+93AJH/JxRUZt37w5Gs34SNvHZ02EL3nwoFGv44bb4gozlhMPyLpKpCsMNqrYs3DqX7yHpcI5UwHpnUqqjlaIL71S5og1KwFjCNO6fc0U8uC+8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:54 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Edgar E . Iglesias " , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Brijesh Singh Subject: [PATCH v5 21/23] sev: add debug encrypt and decrypt commands Date: Wed, 6 Dec 2017 14:03:44 -0600 Message-Id: <20171206200346.116537-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d2659704-5bff-4c12-8270-08d53ce49f59 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:cKzBNKk/lf5z691yMeMwQB7s2fo6iAeBxmo4CUU5iI7ouZlxq0EFcHXuYFM/+6i6bzTXAfvQkiRUn1VmBDnk8VQB2VlrHEyXu9pIomkjcoYv+KWIMVcro30W74zdAVMIZgF/YbFqEwr1aOi8svkyNAbOYb1wwrKM90y64ztBDg4zdiXiOcZlXFNubiUTAnfLM7qe46GasXRa3OsxUexp5ZMb69fEzVY7pMJyEbZ7bs9j3qx+7eBW7uLL0p5LeTGj; 25:UdZK7BR2k2pT367XKCQAltqZ1RSq9wC83WW6c+Q5MWAOd6uzj1vmfuxXR04geYMnRsoDoaUcHCK7IlvuUaY+aZy88OustEuJH6tZ9yfgAQ8JqPTPT59WEtD7P+xgVffB4lysSON+whY/h5RqNi5pz8oqhAQ0r6cmhgqCxSaVhtHfrhHJbWQGN2dSCgUOADvyhAiy2VfPi2y3D76qX9GrjywhMP51FIBMYDO3S7O73vYomd+a8IvWHCQYabdW9UUUpW2KSXopRBsX3ryYGAWZcNQlxNflFi1FS2rzaE9BH3/YNYHQ6Pw2+WMjM8Pb9ZETxYvrHClVok/KPnnJpQDd3g==; 31:6E9BYfJSTE196t1q8lCskE1erTCHO4Baw0EzZM2D5zb94LHig+zDDUS5Flh8s3K7LDULhS9ji0FvYWPHECLURVPqKfYbO7g6Or2EYvQ1/oBvWvR/HbWkS4hm3wMwJMsveBQtAnMLyD2MNPVl/LsF46uORsvhzN20peF8ccXPP26ePTa3bfD0jBUPhKI48Sg0ilHivVf/stWeHu495iS1C1NcHB75KsoD5Wd2hqwJm1o= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:BFXCk9qjsEeKjhqoLQOWo8UPtMuLKllfQhJ3atS+T5vaHxVuOXxFpk6BBrvUCGKdn/7sFPnDOqi0zxdbX21/gKJTxjKqbKfgg+73kPrnYkJFcRnxxucblAPMS0aC2li6hSiYkpUaSm819TgDBAWmMS6ezD6onuAvLVQX+XJaBbPk8j69ZCQDMtzH9q/iuU7K5747gBWO0J70S6HwU+agfZmxtvyPSIbtxWks1H1HZUQ6FhfoFaUe0aGbiX4xoSSXOIEewJwLTcwX0+sEPy5mo+TuK/iacf/dAzjt1LLvHeSnXoGiEXkyS242nyhAqWzfyM6tNT8wpwG1D/A7Doug1dT8/M5u0cvomBy8GTH7LO8sPu2pbd88kZAHDTVsIP0OlmpVcPyoaewo1m9TfHB2DLcI+mL9//q2DUAIgxEEsDcA95jHg5TOINzOlXTSW2CnLZbJJJGJWOeXP9S28D5w02tM44FUBvajkCKo4pa00MLvMV3M5XmeOuEAU4IxIf4K; 4:YYZziDxZNrk0OsMwXh734BlbelHzJgEsOTTDFDBU7auk5UeCtdlLDv6dLVynF5ekQ8WNyoLtpSsu7qKCfk/iMPpOuLLw/HGohhGZf8FPHundCvFSCFX6kVrjPI30WzlPnOIs/3BKAruCqEDc/EY+/dmp37UlAsNrjXSZh0UUcGHcE5xVJFGEFxRGCed8Fx+bDaFbXbBu1x9nPrRfLDO3YNJWCyyrqbd+XsCUsmudVUD9KmF3PWZFTmYVp2q/RBwuAsJ5sz33qwMX4p1oDIlX8x3ZKzukl7ws08KtKwVwlZOCzm1kUeD8sHIyWY5vbQN3z4ibqynSG+EIQuMb6g7lfw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(575784001)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(6666003)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:2yi+Smnql8in4ecA96R+e9XXY118yidAMt4TOPxrG?= =?us-ascii?Q?90SLML+HDB/9YjrK2mhv5jyWAsHdAuAp/7S/JRUuWuv6giWb3Zf8ycAo6z3m?= =?us-ascii?Q?WLYwe3hzR1AaGSyu26opHTVXHkZAk3gdWBubrrmPsBGNm09T7oxzdHARN3Po?= =?us-ascii?Q?TWR49vJXcQ05twTAK9UNwxs9cMB8SmPU1PE7ZIxxxtNCzbX8rHcZe8R/iHxp?= =?us-ascii?Q?7hrgcFdXuJis+/nlkeibFIyGaJFrnsYYLubaausZt8lrOl9oc0HO2ND8eMiZ?= =?us-ascii?Q?Nnl81sLf+n1c2aJpMlwFzS8Ye5cPwloh4qfQO6rY9rd295Iq/UlE4nFR7Rzs?= =?us-ascii?Q?nngw9FkFdZwp91/wlkIkZqK2Gr5+FbiEJ7Y1cdv6CfHe9M8PHqhAUwyjHnew?= =?us-ascii?Q?nmwu5QEP8UPYhTiXwniuGGH+gcyyhbCMm9B+KKBAMXhW0Be98rDxORtE3v9D?= =?us-ascii?Q?9q6zv3XccPldQxhv8Wep02a2gkmmYGSgUf2js3Dh3FcBnkbXclUtMxjaNUSy?= =?us-ascii?Q?2GsheOR0I0mN7DhIMYIf/nvHEo+sUUOFe9775TEVd6hfNc2F73CeKkqTvuis?= =?us-ascii?Q?fHpvhG0dMv4G1cCWmvVL3sgyKA5bnq4r7sELR+ClDYxgEXfbJtMW4QQJLYZV?= =?us-ascii?Q?6YvVm6urh9iNIE8dr50XxSF2kKuTRDxiybyL3LI+rDkUgsdBtliNpL7m6+nR?= =?us-ascii?Q?1WF7aIfQrS4ucLdjg6UhVmt4vHJYru3Jke0ei9lNMGTsdzAGcZAupQcBVbwH?= =?us-ascii?Q?NfYDPDY5mFPrS0I2UFWLgYVYoXuaVSLYxvXuc9arvS2ib269vCdEGQz36ZJA?= =?us-ascii?Q?x7ThxVvA6z/TpLmMnuWrsrW7ULc9dXzoDqO1eDdyS/Nh3RazeLvDHMIizZWD?= =?us-ascii?Q?vpfgOTjIP1kcaZHrNjT62bIFbdBGtfNbudRWhPu+WcnvaoAY9ty78LdlmeTi?= =?us-ascii?Q?Gsx/vJ6gmLApA7oMF0kIt6ZEPKlPZCQzmM3PkN9oWm3amP/BoaBMH8tDztoq?= =?us-ascii?Q?MVxg+Nbb7ESSWp8NZlesh3Gv2rVvgLAQhSnq5pZiQcbns0WgTQZ63IugQneN?= =?us-ascii?Q?kBmmnmcJ3L32JYeT3A46jNqNBGjJ4ZZB9uzgDNAdEYRYZdxCiLRjT1AILoaM?= =?us-ascii?Q?DSbODPETuCRuMsffXuDuUwVvIYhUV0vzNbWK9mpkxv5tRVdOSDjYsEQErzPH?= =?us-ascii?Q?eEnXmh4ywiYTxJotiWi4ouJKoaSP1B9BHwQb5X/Zg2X3LceMbJVot1J50NYA?= =?us-ascii?Q?myOkTw/Iu9pWiHvUG0=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:PAdhQAl7cYKg1c+7Dplm0wnbeRr+YIl3TlTTv1eYxPTV7DjAZ+CJOpJv5QEuilxoaA8WyMGWxpDKo/BdV0bp8lkmEQ5EKk/fwgnYssqdxGj55nk37HwpIAa3dNSg4Jj8V0oQdGxQWNGFBlU0I8mXB7xTDI9ukfMiHHokso7ITXpuVaT93+ATntYnz9QJGmiYUSaLHA62NbPVHPvGcslSkhKe99siD1/DBS6xBSi0mg7haQ5CGqvbLdgGjQukeSyNjCOrgCeTRnKuwtiVkTTSe1lMLKvVWGkXmAL5o/EkDNNRMEzTKNRW4vJbcW7VUjLY0NbY0Bk54ZIwPNB9KDrdfXp3cQP3Sc89DzzYqRoKE5w=; 5:96svZ/hgueEv6jBlTFXN3WjyAaMrZfAnMe1TsBpsPj19CrbKy1AU8+jSSfnXiOIJlr4gmsbc0mjOXfFa6Q3xumolavP0tg/VB6SThBWSfZpJ/nnKjJIbcrdUO1IUEqWVhPkc/WXgAlbVcXgpOqy4F5AgX0d2YBNRwz/y4lObxLk=; 24:ob8YSI2jQGx1F2OTrdgjLM08ePfO9raFOhA4TMm1COWczVy6lQ03Qpmib5kQUbbRdALFp5r4aIq90Fjq/2Hyvu2egLN+6c/dNEnCQokLhkk=; 7:oLDqGZGyQfgh9vAp127w4U8KfmTIF9kylTrWTQZNh6UJY5pLI7/cVdCO4ln4xDhSjUSOx/GOjjF6eSZ6uigntqRUGqSZPOMDeY7NE+YzIUzdS/mYgzeW//8Qzei0AGx9zEiM/Fm/+TDvcH8TLdQxeHkABJUjdwYjFZCyAjUf1RJmbcEpb8I6xW/Ci64pROo1Oy4hFVuUdDqhwBL+QuH3JO093qgwk+GXmepO+gHRkVtDvW+uBobTD1ORqz+hI2SJ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:VPp7hZ62KNruVDeIV71sx3o+CkH+tzo09qoKE4Xstw/d4l252ASYRBr2s+HxgSxL6NWL031k9k0vLgHoj79/SIC9tlETXFpmKwcKHaK9Ph/PLltCarQOxWXuem38vLCZSCEmtZKB8XE6yUkmGFXctjUsN48zy7BXlIzcshWmDpHKQQEhBNKbhVj4trBnCzfQa/AuZEX58/0T03ZBzK3P1sRliOmBw+dPOiTuen7cWKkN1j/iQofj+23jaq/0XEEF X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:54.9415 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d2659704-5bff-4c12-8270-08d53ce49f59 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for decrypting and encrypting guest memory region. The command works only if the guest policy allows the debugging. Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 1 + accel/kvm/sev.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++ include/sysemu/sev.h | 1 + 3 files changed, 72 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index d35eebb97901..b069261de32a 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1677,6 +1677,7 @@ static int kvm_init(MachineState *ms) } kvm_state->memcrypt_encrypt_data = sev_encrypt_data; + kvm_state->memcrypt_debug_ops = sev_set_debug_ops; } ret = kvm_arch_init(ms, s); diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index fbbd99becc0a..3edfb5b08416 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -22,6 +22,7 @@ #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define GUEST_POLICY_DBG_BIT 0x1 #define DEBUG_SEV #ifdef DEBUG_SEV @@ -34,6 +35,7 @@ static int sev_fd; static SEVState *sev_state; +static MemoryRegionRAMReadWriteOps sev_ops; #define SEV_FW_MAX_ERROR 0x17 @@ -483,6 +485,49 @@ sev_vm_state_change(void *opaque, int running, RunState state) } } +static int +sev_dbg_enc_dec(uint8_t *dst, const uint8_t *src, uint32_t len, bool write) +{ + int ret, error; + struct kvm_sev_dbg *dbg; + dbg = g_malloc0(sizeof(*dbg)); + if (!dbg) { + return 1; + } + + dbg->src_uaddr = (unsigned long)src; + dbg->dst_uaddr = (unsigned long)dst; + dbg->len = len; + + ret = sev_ioctl(write ? KVM_SEV_DBG_ENCRYPT : KVM_SEV_DBG_DECRYPT, + dbg, &error); + if (ret) { + error_report("%s (%s) %#llx->%#llx+%#x ret=%d fw_error=%d '%s'", + __func__, write ? "write" : "read", dbg->src_uaddr, + dbg->dst_uaddr, dbg->len, ret, error, + fw_error_to_str(error)); + } + + g_free(dbg); + return ret; +} + +static int +sev_mem_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, false); +} + +static int +sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, true); +} + void * sev_guest_init(const char *id) { @@ -549,6 +594,31 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) return 0; } +void +sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ + int policy; + SEVState *s = (SEVState *)handle; + + policy = object_property_get_int(OBJECT(s->sev_info), + "policy", &error_abort); + + /* + * Check if guest policy supports debugging + * Bit 0 : + * 0 - debug allowed + * 1 - debug is not allowed + */ + if (policy & GUEST_POLICY_DBG_BIT) { + return; + } + + sev_ops.read = sev_mem_read; + sev_ops.write = sev_mem_write; + + memory_region_set_ram_debug_ops(mr, &sev_ops); +} + static void sev_register_types(void) { diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 3af945935b60..7c50d33af4a9 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -71,6 +71,7 @@ typedef struct SEVState SEVState; void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); +void sev_set_debug_ops(void *handle, MemoryRegion *mr); #endif