From patchwork Thu Feb 15 15:39:38 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10222491
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	947A6602CB for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 15 Feb 2018 16:46:57 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 85A8A2949B
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 15 Feb 2018 16:46:57 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7A5A92949E; Thu, 15 Feb 2018 16:46:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D65302949B
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 15 Feb 2018 16:46:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1426447AbeBOQqz (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Thu, 15 Feb 2018 11:46:55 -0500
Received: from mail-bn3nam01on0073.outbound.protection.outlook.com
	([104.47.33.73]:18784
	"EHLO NAM01-BN3-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1423821AbeBOPkz (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 15 Feb 2018 10:40:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=Zaplo9z+6CtFf3r3y2dKVTFQTvhixDl0qDpSTnSyaNs=;
	b=DXqZKlDKTvYCoEx4V13+OPGyYQOReGONjvegvJKfnAjVLW8P1c2YjFyygcex8yixhaOCZh9Z80SKOJhN17jSgmSu/SvVxXYQCGzOVymd1hEpvuQuiXQzqVfFPJoj8ZdHcqQCKnXfGJ2YuptO7itOLHr8w4LG1diyduK6GYPFAW4=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from wsp141597wss.amd.com (165.204.78.1) by
	SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.506.18; Thu, 15 Feb 2018 15:40:41 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: qemu-devel@nongnu.org
Cc: Alistair Francis <alistair.francis@xilinx.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Cornelia Huck <cornelia.huck@de.ibm.com>,
	"Daniel P . Berrange" <berrange@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"Edgar E. Iglesias" <edgar.iglesias@xilinx.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Eric Blake <eblake@redhat.com>, kvm@vger.kernel.org,
	Marcel Apfelbaum <marcel@redhat.com>,
	Markus Armbruster <armbru@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Peter Crosthwaite <crosthwaite.peter@gmail.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	Richard Henderson <richard.henderson@linaro.org>,
	Stefan Hajnoczi <stefanha@gmail.com>,
	Thomas Lendacky <Thomas.Lendacky@amd.com>,
	Borislav Petkov <bp@suse.de>, Alexander Graf <agraf@suse.de>,
	Bruce Rogers <brogers@suse.com>, Brijesh Singh <brijesh.singh@amd.com>,
	Richard Henderson <rth@twiddle.net>
Subject: [PATCH v9 12/29] sev/i386: register the guest memory range which
	may contain encrypted data
Date: Thu, 15 Feb 2018 09:39:38 -0600
Message-Id: <20180215153955.3253-13-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.14.3
In-Reply-To: <20180215153955.3253-1-brijesh.singh@amd.com>
References: <20180215153955.3253-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: CY4PR04CA0044.namprd04.prod.outlook.com (10.172.133.30) To
	SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: f7fcc153-65c1-4fe2-a078-08d5748a7968
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020);
	SRVR:SN1PR12MB0157;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157;
	3:A6ndTTErbBnL3oBS3bhszzDkQDEXs/B/fn9dPvpAr8iW0K/9zRiwUppznFBKmdvPBBPbbQ0AL3qLdc2EPppSawtLJJV0j33VDxvfvpRg6K7EOadnECyA+G7TsXE3ZGeXu+JPJeEUi3i+bRKyBYnZLCWPkoJEqCPCt8PcZJ9HHLayXwiiul025upYTAkcEhDJelmFNRYAO4KHXRslwdWfGv7f0bOoItTcsuyOH2i9CF98E2CkmcfdJwwoJrPWWdEY;
	25:hSMqWmhpfE8fSAjyfTIZRwL7NsBrq6fhsUCW+1R9KpNCQuKGli83ZX+7dd5X4PBKuQgCtnfr/6BBOiR0jBZ1q+2xqenES5pD6u4hrDLV30PHJIJCxacuAeUL/S4yWht9/BRsnkRjG0rN9QMlAnLNNhnz6p349pH1FdZ0ZZ/Q/NhWPoKu27dOq//sXHxEyvLXIrRHFpfGWNXAg4hwKfNJvxX6h6FYQxnmf+58mG9jI/l7ZapJRfzmNxFFTObTQ1WShj+CM9tu5tSifFoQ0TghSOyPbyWjetCryiwSQECdhnnCMiv19V56nPAH/VgpOP6Bn62y6MiUyYe4g24+OUlNjQ==;
	31:35wtbEzUu/qdACGc8PkTdYYuRh3UGGKjbqLc6g+OWKVrZKAp7C9iyjC7SdI1NOdIZurGtHFESeMIST1iF9soJ/hOS9btKgPwuEC9Zo+pTn989IrrX5QtFYZjBNOs5zAY1zo+6WS0qmwz1CbcGfaEkBFhw498wIlmAt4G45IhBPY3e/8UkiDLGBZTDTsLxw+XDABXrBAv9m7WFAaD/aQDanrgjIy3WS5YrFNqY2Z7neY=
X-MS-TrafficTypeDiagnostic: SN1PR12MB0157:
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157;
	20:qYtk24dT0Nl7jZ5AkAIBaxA5rVHA7f4uWVqopz5l2JhjF+ia3QIVlPuEg/h4ZS45BrSYW223DeSsfze/YyJjvgO+XEVxzA2xlYCKhA6zJOGBFhbMi95OSUeXvOnY0sMKRthBlSaZcOvxITuUT77mqZh8mHJnSJp68HlMpmcJ6Zpet9kpI/ner8g2E3mO428upldzWRIiOr38OO5M7u38l7FazyIzwVnaUHQGO6+rVDP5Tut+a96AXsDayUmXpLbAA2oSgAnZRnLL60LpiRuj3yMDV/2FdgvQKgBIGc7dvhcyvgZcIaLAPijr48tmghit1aMfUPSw2BHrLsKEeYdqQZft8cK8hvdr0u3/EGsVlcXvuKVqmzR7Yq86I9k0fpAZNtP5j4pxVrCHuAwbk4Xhp4am2h9gfgHElKv+uHslkYQgjAhFxn1Wc5LPqFybdcIFt2wAFKQwhpKzJZqSoBqtq6OhNReXkKk7pMpPoSpEoI6yQlLrWJWQzEke5Uc7dpro;
	4:ee5vrKEKhRUCWsLq8rfW9t0QAdLpeX22JOMquEKc8cmk7CXZUcZDwk7BpQ3uZXF4AEx/Guffun2tBnDG3Fi6kkm/P6u4VCLOUGqgL4LGKDElA2d6xNS6QXmRFOCo2znhRyiDI9n4eCiBAMenfldlvxsCsbCKBkV7DcnHzXfkdDn9g6PzUzHVp03W6TTW+JfeCm69T9S9X1U9Q6qmff4suRtFLLzZlqPbuwA3QFP4OGRgqdZxo1NrpU0U3qOIkrAMyfsL1F4SMvg3VEQfEtNBadc+d0yRFdv3TTE58YTCZkNvq7HexJGjgEPk+Xasfj9a
X-Microsoft-Antispam-PRVS: 
 <SN1PR12MB0157C8D05C8E67DADA0C8893E5F40@SN1PR12MB0157.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011);
	SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0157;
X-Forefront-PRVS: 058441C12A
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(1496009)(376002)(39380400002)(346002)(396003)(39860400002)(366004)(189003)(199004)(26005)(3846002)(386003)(8936002)(5660300001)(186003)(16526019)(316002)(6666003)(8666007)(1076002)(54906003)(6116002)(48376002)(50466002)(7416002)(478600001)(59450400001)(8676002)(68736007)(86362001)(16586007)(2906002)(50226002)(39060400002)(2351001)(6916009)(7736002)(106356001)(51416003)(8656006)(52116002)(25786009)(4326008)(97736004)(2950100002)(6486002)(2361001)(36756003)(76176011)(81166006)(53416004)(66066001)(53936002)(81156014)(47776003)(305945005)(105586002)(7696005);
	DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords;
	MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0157;
	23:9XUEyRPdj605P6NhziuVxe+vdxXIbTO5/MLdjSJkI?=
	=?us-ascii?Q?/Gc8k5PaoAh+nEherOf65VXwfdybpoIAEVzcMoQmZptaYzxH4H0LY5kMAODk?=
	=?us-ascii?Q?xc7UqD6Sf7ElfgKQwf8lhsc0xzLbMHHiNLaN6AoY9AxKUA7WeFRQ/d1BFAnp?=
	=?us-ascii?Q?OiLogS68W8wOEzngx/lsujcwlDG3/b3z3EWEJLRW09TVnPyvPUlJccOYAgG8?=
	=?us-ascii?Q?+d+tJwm6u7XRPJDWZCjKwWSVfrotc3gQ5n7LyXeT4jMiD+u+24H8epDYfPMH?=
	=?us-ascii?Q?laBuloKKju+/1b1kNpK47a2LkrQz2+BMJuMVnSoZqHSz6brpBGtFDdUlgdbn?=
	=?us-ascii?Q?m2H6qH8y1RDAOcbBj05eFu7MWFSBjzJB7XUJLXO/z2hiz3aVV6d5FLl6VuLC?=
	=?us-ascii?Q?Cvo0wg/HFkXqqgeIUQEm95ZcawnYRGnmvlIqfsyxP36X9vLniMmQp0x37YOY?=
	=?us-ascii?Q?AlnQ19NyFLdwEYlBfhqLc2/+wlmO5gPaNm9pzdPCaLHDsHMD5sLvZCyTw6ir?=
	=?us-ascii?Q?kpmU74iF8/WMNthmTZuCdeGs0yiYIzbnsZVMlWbzYNjeWT4N2fb1CNAko3V7?=
	=?us-ascii?Q?hPdTCIy5E4fGP8zQ6KlpusiCZY1n80CcaUf2A1QvnKo2jqsdBuhmKEbG8tZa?=
	=?us-ascii?Q?1U5ww5Dc66J+uFS7h1olotvpE28ltVhm0BFaS1+/03OCbr6ZzkEydi6xCJ8F?=
	=?us-ascii?Q?iG+bYXBnozFunG+tHI/eiQK22NN+0tNFoLmzcKr6xmIZdTy7fnu9uo9ghYlB?=
	=?us-ascii?Q?26Upn508x/v0i7AY2CGX3yBkR0eq2zWB4BF7vEGkgVLvjyREtYYaNWe02iJs?=
	=?us-ascii?Q?4WMd+F+Xz9LiqYPmfLfjxS8kIGNJqzxaploOa1lrViTJGy40ak7IZOVumN1b?=
	=?us-ascii?Q?bXHM9A5R9cjCLdjbfgEj2x7zHoVbJg6pH7sImbWKkyftAsEq7aUEFV3jGHME?=
	=?us-ascii?Q?k4Gh6OxuazvCdSzBkqzJqX3XOUoD/YQ0+4B3vYkR8/0EE/1CjeJfU+dehB/L?=
	=?us-ascii?Q?1LXcwEWPDq0e/MGAGBGM5gqzeozahjQueaPGpqofPjEoBS/BYUL9HvuuIa+D?=
	=?us-ascii?Q?tHU1yr86ffWuiYUKKPYKibu41RqppY7lhyO7FQdCHb0A/f7kXdwuc38Q8UHr?=
	=?us-ascii?Q?Wy+yqggqBwf59MDLZdVMxQtG3mW/BKjZc+IW+A6NkPTxKbTVL4+ESz0lcjMQ?=
	=?us-ascii?Q?/5Gtl8O7K420AtbhHfmSmnF+JFQXJvbyKdH/jvosTnsZX7MGVROZBaMe7EQw?=
	=?us-ascii?Q?QtT5m1gRZd2oZpOEHyw60DYcXQN+HyHIxmFybSd+EW9Qde6RVucjfY1b+I78?=
	=?us-ascii?Q?k4OwuX8nTbMcZrKcol6tmY=3D?=
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157;
	6:mj0rsugSY236lWXD+KWPomhGvX+EbMNwaUVdtOL3ueHe4qAp33eXlC+nkAJlH/pVEcwVHvwWSD6/jjvsyHJNRtotGKztWNLHXcOcq9BAJzxVZCAjebLEep2a1cEujNiSJO6FNf3J3rTnYONvqGpIpJVgggKWn6ICMLR4ThbSiGv4+e87KZA5UMbJLRuQ4F4aWrg9fFHL8DUOEr0JM4Xx72eVavjnLc8u9QGAh7LWJpi1lYlKDYfMCXi6BcCQby6+MXcv4prPoZ4TnoCnFjwr9ss262OCwHfs/K+N01XTFmZ7AmJgLAzHWlms0AOLvkPORzM0tioJU/s8Kx373uUPF69BJiv+CtCrvFIENX8EZtg=;
	5:zZ1DsPY6VE8gF6rg6gxKZEfdfzkM+gfuBgHqV48aK6/IuElL+RCctkjcRYRKjMxBp9BgACOSaK7iZMWOa+Fbz19G+ecqdpP6teuH0JzlHH9lGLwGfuPqz4a4kr8g6Y6p954IPzMN42hnoyAqU/75qoz/OUYmdB9cF5og8HidVD0=;
	24:1XbMal0AhQcwSdz9wirno5W4hqkQPjYNSHsHdX3jk3Ym789ca3nXnXVnr/MHe6VTRVaT8mYwAr4uv+dbC5LPgf41MPjPjNJzV8LzTkdxLk0=;
	7:I6Lb9dQvKurpIpAL6g6k8qk178ems6k5IWlwCAJha13oalfrLQc1w+kuvD7BihxHvxRmgEXA6T+5tw9kfaFNJP8V01IRwHhOU3tBPAZVQ5xqBgBiAXabepUubWemR4uONR09Go9pm8D4p3hqoDsqyto/1w23mnRNa0nRZxDa0gUWIInDDBe2JZYNre/tifd6gJZMO5DF79GbFrhq4xnxAyFpbFDwPYqL5BIwco+Fi8MaJfMPiPhmsNYJb9K9rLX0
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157;
	20:NCkaOeF/HuNWJIAbETpqm42AjNxH5PnWIj1Se58Zp0vcljEFseEp6JsdPINM1NrUT/vJraqXlBZiWB5ejGjycw8IRe4XWiUeNksIjAwekz++9iGLGD9vggFDvd18i0aSbX5H2bgJedROQJRBTb56AD3KacO0SWfeD78CY22+2coPDW6dK3P05rQOO5fXeXRE79iqFP61Dxr7VSyNGn+OKzFTbD523x3ROI4Zg8W9vkb9xVjyCkyJh1JdcOGUn1Ln
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2018 15:40:41.7283
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f7fcc153-65c1-4fe2-a078-08d5748a7968
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

When SEV is enabled, the hardware encryption engine uses a tweak such
that the two identical plaintext at different location will have a
different ciphertexts. So swapping or moving a ciphertexts of two guest
pages will not result in plaintexts being swapped. Hence relocating
a physical backing pages of the SEV guest will require some additional
steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be
used to register/unregister the guest memory region which may contain the
encrypted data. KVM driver will internally handle the relocating physical
backing pages of registered memory regions.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 target/i386/sev.c        | 41 +++++++++++++++++++++++++++++++++++++++++
 target/i386/trace-events |  2 ++
 2 files changed, 43 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index f9a8748d19c1..de5c8d4675a6 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -88,6 +88,45 @@ fw_error_to_str(int code)
     return sev_fw_errlist[code];
 }
 
+static void
+sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size)
+{
+    int r;
+    struct kvm_enc_region range;
+
+    range.addr = (__u64)host;
+    range.size = size;
+
+    trace_kvm_memcrypt_register_region(host, size);
+    r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range);
+    if (r) {
+        error_report("%s: failed to register region (%p+%#lx)",
+                     __func__, host, size);
+    }
+}
+
+static void
+sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size)
+{
+    int r;
+    struct kvm_enc_region range;
+
+    range.addr = (__u64)host;
+    range.size = size;
+
+    trace_kvm_memcrypt_unregister_region(host, size);
+    r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range);
+    if (r) {
+        error_report("%s: failed to unregister region (%p+%#lx)",
+                     __func__, host, size);
+    }
+}
+
+static struct RAMBlockNotifier sev_ram_notifier = {
+    .ram_block_added = sev_ram_block_added,
+    .ram_block_removed = sev_ram_block_removed,
+};
+
 static void
 qsev_guest_finalize(Object *obj)
 {
@@ -404,6 +443,8 @@ sev_guest_init(const char *id)
     x86_reduced_phys_bits = reduced_phys_bits;
     x86_cbitpos = cbitpos;
     sev_active = true;
+    ram_block_notifier_add(&sev_ram_notifier);
+
     return s;
 err:
     g_free(s);
diff --git a/target/i386/trace-events b/target/i386/trace-events
index 797b716751b7..ffa3d2250425 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -8,3 +8,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes"
 
 # target/i386/sev.c
 kvm_sev_init(void) ""
+kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu"
+kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"