From patchwork Wed Mar 7 16:50:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10264421 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 72E306016D for ; Wed, 7 Mar 2018 16:52:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 62437296B0 for ; Wed, 7 Mar 2018 16:52:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 569B5296B2; Wed, 7 Mar 2018 16:52:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90BBB296B0 for ; Wed, 7 Mar 2018 16:52:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934019AbeCGQv5 (ORCPT ); Wed, 7 Mar 2018 11:51:57 -0500 Received: from mail-by2nam03on0067.outbound.protection.outlook.com ([104.47.42.67]:40290 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933655AbeCGQvd (ORCPT ); Wed, 7 Mar 2018 11:51:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2vvaOrA/vkkJcnBdTB5CDVewAIdJ75n1h/0vEM6pdoI=; b=TQ0iSfF2tCZMU8175NJ5mM1Aza45UDlYX+4JeytmBgaleGefhTxb+QtosNl20CnLhoT9wWJHmpfUapY6QxGm+Z+CqNRq9r/6OOoW1ZNwMdJKDd/Ve2hPgt3liEMn9Es+F6LbuK6Q0ckZpGJqodnAMwpXGWHzSJd0I0rz+r2985k= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Wed, 7 Mar 2018 16:51:12 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Michael S. Tsirkin" , "Edgar E. Iglesias" , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Alexander Graf , Bruce Rogers , Brijesh Singh , Richard Henderson Subject: [PATCH v11 12/28] sev/i386: register the guest memory range which may contain encrypted data Date: Wed, 7 Mar 2018 10:50:22 -0600 Message-Id: <20180307165038.88640-13-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180307165038.88640-1-brijesh.singh@amd.com> References: <20180307165038.88640-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0095.namprd05.prod.outlook.com (2603:10b6:803:22::33) To SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b07c5a6b-ecfe-4dfd-db66-08d5844ba2e1 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:VnSjrYHTgPkzCIK62PAaQpTp8+lAJ0IblB8IyGFX03Xr7mqJsKRFi/GB7h54KfBHbtk9NWNgct3NBkZ8U4BLt2SfgebWUvfRp2dQdtaOJ+CgDEfAxfuUPHxHT+M510AlYZBSBTFax1FjdULFxB7O6oYCGq63xFErTqqKHFFsSMCxcwRTYpD/NKDAoiGcUf/XWy8BMaZ+XvJinO389uQt4CQ9om5WBfPTJm73Cf8Sr+9ChjADc0V7huyqbxXIqkey; 25:/tS3GgnqeRMVWfMvQMyVDSXLc/BvssE51no+weDTeD0/uQ2fvE8g1FkujkYnYg1Jx2wEDpjeMP2YeH7SbWeR/M38hUz6b16mOMRGCoUH/5v10+F+Sz1Vn1InKHmWIfarGXlCvdlvX4nkfRbtQAqxBoBODnpC2NewJvWCiORUPNkNV058ZqkeAsgz34Pz+6oA7uTkC+LGyUw4B4yXNCxGWFwaL7dT20HSv9Kaf+NOPkABcdFukhnTSvX2qSHaQnrG825yVNh/CC7UixdcI1rieTs64a98+jHOBaoUedG+wHsrQKL4J87cckmGIhTcpIG4k2veCTH2MsKxd1RPxDdxPg==; 31:h6vy/nSsvelhKBeGPY82a++FinXQLJMsvt2RMYBeTZ2nACwK8X8hJ4FyLJ0aWatvGrjz+dTUNqa9DQaGS6qSu4iom1+F20thYpx+9e7go8VyvI/dgRkDteX4eJB8+pJUNzS5H2vkIYooC4/BOBpU7WQsrJNxSDWq7DSIjdxPFctXbhxo1mP4Lkd8zfLtyh4bqACjsCh2zMdZXSnMM/1jXzR9BaeKU+ZvYyexjNYPHss= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:G+310te/stpJNviGZsjYfqufIFzR+OBf1MeGRaFbA+Jf0JnqG4qwgseHlCEbuQ5MK6qUYHLUN8GgQuJE6zxB9yNdPADvQMnUtRr7aqnTcZVwmwlQltSfxZGvDzvX+DoYtRp8bgxKn3dUQTEkcll4Bwrh1Li0NqWTTOurgJ6hwncSVfm22ipzgK6w14+likulPBZ0FYwAMEBQL9PS1I3RV9OnRv0LVldzcvaRuhdaeEWDLbEyHj8bp+RCgvoiOdeUN79xz8fvfgSqiNaJ9rOFwaFA3qVRNRdYj4mkpPSO089WTkL7VF7tgUvDcuC7hFtJsfBOB14Y8KFWIEWwuT5E6ApZdeD2vYK+/vgRnuw3iFjHHp0U9sJKrp6v2p/GQmwHI5hJOJMz1VlNrSfc9GrUbFLq3eqrvjCHaWlzECLFvnV8fgJ1gjBw5i4L8+osiyG084pup4SCc9jSeOro+nh9AVnmlMwEK3i3G8NTX3p7d49GriYXxwtymczVs9p1B5Z2; 4:83pX3NnIA+2cYA8BSH/A0vgopqDKMHKG1AgEJFPC31ZJfeHBKR18XVE991j/Qkn93gnJMcnp+cax0hejLMwnCuTXXoHTjC8MJpTr6Ap+fNS1p7wcoY8VuOpvt10yIUWJt1n0lsvSxu3kCAqLZg/GyoY31HZ2Vf80awb0CAs0z0NsX0uf9q/+u1HaW9u9y+7hInpW2K1yMFkCD07dwLsq9eeOxSTa0cMQyGlHzdCCexV+WHVCD/o1mYNQ2C3d7dEpEwi7QR61jiK1OZi/y0y+6VZ7ofXF0bINt2L+0x09Rj8nAPnUSpYbClepECDzgRtf X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Forefront-PRVS: 0604AFA86B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(346002)(396003)(366004)(189003)(199004)(53936002)(8666007)(2950100002)(6486002)(6666003)(6916009)(53416004)(3846002)(1076002)(6116002)(4326008)(54906003)(8656006)(2906002)(25786009)(59450400001)(386003)(68736007)(478600001)(48376002)(50466002)(105586002)(2361001)(2351001)(575784001)(86362001)(66066001)(106356001)(47776003)(186003)(16526019)(51416003)(76176011)(52116002)(7696005)(26005)(16586007)(316002)(50226002)(8936002)(8676002)(81156014)(81166006)(36756003)(7416002)(97736004)(305945005)(7736002)(39060400002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:RAE83q+PahJd+CHBxWvOL/4TxLj8S3yOO0pUdEYA8?= =?us-ascii?Q?6o9XSur1NOA361rhEGL+xFFYeqDLwtHvlwnq9NCc46Z61lWR0HlaPrqFsvzX?= =?us-ascii?Q?9ZS4RTwhrE3pL5c36FaU3oycIhETFv0aXb2pHySNPZLsMsR9LKas31DGFAMp?= =?us-ascii?Q?9AEKyamDco1BL2LrI3bAcBAF94loEzMA+WN79GK/fJXet1hHLittFVfejhVt?= =?us-ascii?Q?W+w+Cc6H017l3wLczksZHhgqOw2HXnKFLb7irXOQYYg8nOkFmSOns1gjfTyF?= =?us-ascii?Q?lAuyupmrvbpLRDTQX7NMbLCpk62+c0KhXiVvwp2b3iRsiMO/qfUM44bZM6lt?= =?us-ascii?Q?+pxgOVCJkc5sQB6KM1O40Q+qsSQO1lDUBv9N7yvzrtJDO18gMcStBbhZxyB9?= =?us-ascii?Q?lZ9LJbcWi0A0zy4X4d5gS9NmML2mHygg15X6XI+YaZDQSDQbWiaL7s3qWNQ6?= =?us-ascii?Q?0XA6HTlUuvS7+ina6TRvyYnPlQzRX6uGtYUvB6x9ysBHZc1JsKJol1XL2I5n?= =?us-ascii?Q?j7tcoQSuU3b/7p6akO0wYnl1TJyX93UctTR1c4VhEAzrAiidR2qHU+4WdD0N?= =?us-ascii?Q?6YNgvaFl+MaMLZJI3TnuL8Bi2vH5EPhWHmYiOtLb32WmL16CC/pzQSCre1HY?= =?us-ascii?Q?RHpV6RjHaDRd9ekofUrQzyzmH/gxgF8jRRZENzaFDySZYyPC5KGhsBZx55Uz?= =?us-ascii?Q?izFb2szoH3YWeqM+4H2rW1uUFaThj5TqOjTPzioTJrT+74KEAE7nO9QF4hw1?= =?us-ascii?Q?F62UFL53B2LLmuRc3OOgKjjdJxEzVh2/vcunVLsh7qWI2HUux4YkyjJmr3vC?= =?us-ascii?Q?eWTgVVh7f81cfQCclDG+FlAVxHyiSQ5tbnGDyl0HOKlJEXKYbM0E8BGrPi6T?= =?us-ascii?Q?T/tO9fBLaWlSB45Fx+eCdC+4Y3Fhb7Codu9/xTjOCzhzg5QOrLaNS1ntf4BN?= =?us-ascii?Q?KKpzDzWy/Jl8IE5/0YsPnt9alKsTCcYvalAqI/WTYYmht5jnxEixpJZ+LCxD?= =?us-ascii?Q?85CoCv8q6wyLNQq1IsmpnlrdcE0i5aocQV+VHNblC81qngI9wfW/MOTEMBcr?= =?us-ascii?Q?ncJD+siEkOR7bhJJfoj8XdE0tib30bw+mtd/s5aGsNbWHfBqZwtw6TMw8rd2?= =?us-ascii?Q?Qeoqq6GvfV7mqMEukGEFGjHGQF4STuXO54mq2mPPW1B1MfLlwS5iN+CETRfh?= =?us-ascii?Q?jPB9fBJkRLp5CY+x58tHlDiUJRzz2znNhl69PQZxnl0/Zl9USn5luuo1G5we?= =?us-ascii?Q?ZorHrcOwuHXN5KM5BTvkuwtsNA9YK8DyDy4RaRdPUcOOJ0PudyihyAmMXGfr?= =?us-ascii?Q?Kph+9/JW11enKSmejS8EiUFckHhUBtm6xGKq58C7p7S?= X-Microsoft-Antispam-Message-Info: aeKEInY+G4qLK8wtV6G6lw6SQSpG+eY+4uZ3BVyPjTcSCt1V++L6zfJnV4ZLMhvINaCq8LefNDSZktk0pRJWt021w89VfaPcLBb/rJHi53GBkoWtBuxhss9Z7fxYiY37tihzcdmB9u7P279ZTN2xkFJNAE9YJmX4NH+4j7GivlqEYsUeFx6WAU2KWYkS0Jzm X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:JuQzuBNeG0CN15Nte8+Sn+Peg/ZUprCFOY9zGUA2I4750hOg3L84mheN6aeqzSOP+2mBWNkuQlS3MN3QD83somxvV9UsNmEH6WWHd5h0Phoov/8urb1mTGYNOWFJMQxNcmeUgvfZ0yqxirInYpdkEIv5axZHg+f9MwQ87f4B9A0Hc0lFp4JiD8SkJNka1hPxN7V8FwOQC+5L7y4zD9ZTSHZsXXkpYPPgymMSATrMnbwXsJtpRISDLM3NOpseetw10+x6lBpnlGz/VUGyMsOus4t+1VRTgYSh85bAL4IVYMq9nnvApxbKfNlk03ScaHKJ5Vm7TUHk7OLDFN37RMdzYW09LMBmRCKlZK4sPsIQb/Q=; 5:RTYE6x/+Km4CMdC8o+5nI/XjQUpsb9o7XtsOpAuthWIGW9kC72A90i9gvpsD88joXDGvm2uUsWCTi2k604M0j/HpuWUZrmlb8Wuo3CpbAGNf/SK5RAFpLkzuGhAfJnM8Qs8ygG2PC/fHDKkLIA8eceJO77p1LexOg0L/0a1pegI=; 24:bdbmMRSzARXBY3EeT1liUeG02Ek8lR9F6E1DATaK7ZJ9ovtATUzXypcj1jlQPgxQTNwXaf0GY9QAQ8X56YZ6FT0KBy6d748beHi4uzwr4V8=; 7:NjYpPV1k2tXQSQRpu1VXLLTc3U708MeSUo+ARhBbWSV1lMrIpAA0WjmaE7PC6dIxJftzjiS8DGT9RaC2ebmpe0oIAP6ajEISzZInhBXHu8afdwZ9DW80roQT3CNYh+SCZBjRPGY1YXF4Lroos6egJxYgk0JVcPYnxU+j6ji9le4LcM4br2Wz0euDK71xRt94qWG8q2CQFVDMpZqsS7HWMVbFYqDUYYuKt0K41Z2jlbsS6T9WvJGQPBd0LI0Ggmet SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:e06l8hqDp5iiN8M/odRQOxlbGayWeCmxKw+bTj7mu641CaIXAwPM5I/5rfECsfHrkClfcVCyDgPGCy8NaW6tnECOJ/Of7Rp2lRmS22TKWl1mCbcwNhhOR14Nuh3ZKvod2qYvnJNW9IB8tFIlKpKb9wq+3/R9O3O+N9ZN0zcJEDaYpe2zy1IVDDaiCZjMrMsjVk8Em2Ho2vzKzilzcSVrwxinF6Tc4e5rWYB1KFVbJGSeUUVMCb3jKzkx9bpqRgXd X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2018 16:51:12.6511 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b07c5a6b-ecfe-4dfd-db66-08d5844ba2e1 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- target/i386/sev.c | 42 ++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 2 files changed, 44 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 2c9fd67eaaec..a17b0c525f9b 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -100,6 +100,46 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static void +sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_register_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); + if (r) { + error_report("%s: failed to register region (%p+%#lx) error '%s'", + __func__, host, size, strerror(errno)); + exit(1); + } +} + +static void +sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_unregister_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); + if (r) { + error_report("%s: failed to unregister region (%p+%#lx)", + __func__, host, size); + } +} + +static struct RAMBlockNotifier sev_ram_notifier = { + .ram_block_added = sev_ram_block_added, + .ram_block_removed = sev_ram_block_removed, +}; + static void qsev_guest_finalize(Object *obj) { @@ -431,6 +471,8 @@ sev_guest_init(const char *id) goto err; } + ram_block_notifier_add(&sev_ram_notifier); + return s; err: g_free(sev_state); diff --git a/target/i386/trace-events b/target/i386/trace-events index 797b716751b7..ffa3d2250425 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -8,3 +8,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" # target/i386/sev.c kvm_sev_init(void) "" +kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"