From patchwork Wed Mar 7 16:50:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10264431 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A25CF602BD for ; Wed, 7 Mar 2018 16:52:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9302929640 for ; Wed, 7 Mar 2018 16:52:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 87F79296AC; Wed, 7 Mar 2018 16:52:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06355296AF for ; Wed, 7 Mar 2018 16:52:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934242AbeCGQwh (ORCPT ); Wed, 7 Mar 2018 11:52:37 -0500 Received: from mail-by2nam03on0067.outbound.protection.outlook.com ([104.47.42.67]:40290 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933842AbeCGQvu (ORCPT ); Wed, 7 Mar 2018 11:51:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DzjV4rvO8iNzL9lfQDTE6UH/JfHnf5JS4VFtWSKU2CU=; b=meHSDyNL3N+a6TO5Rgf1mxA2B5xVmN9dcnFz2BZLM7hbPoDnQ3T2mzbiCDSlucmZ41P4Eu9Vmw+hQXW5NhGIP36UR1YN7gZko8iIx57EN7QSYxIAB7cU/Ux/juIUPGSjM3hK1ssb9Tpc9sd05zGo/C8UYDGqUyDMq8KR9SK5THc= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Wed, 7 Mar 2018 16:51:17 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Michael S. Tsirkin" , "Edgar E. Iglesias" , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Alexander Graf , Bruce Rogers , Brijesh Singh , Richard Henderson Subject: [PATCH v11 16/28] sev/i386: add command to encrypt guest memory region Date: Wed, 7 Mar 2018 10:50:26 -0600 Message-Id: <20180307165038.88640-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180307165038.88640-1-brijesh.singh@amd.com> References: <20180307165038.88640-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0095.namprd05.prod.outlook.com (2603:10b6:803:22::33) To SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 628b64a8-9a41-4ed4-cf51-08d5844ba57f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:s3MbVCdgyXYqi0C40VhV9bO13qJHI06ccgvzkj5jaaqjjPlrBSYXjhNT9zDGF0AdkU+4Akypc9KmExX6b1o+BJresv1WmUhzPo1Iux4xtNfgvK0GyPF2OrzcIlqYsR+2MME/Z5nAQFXMVY7ViZ07MgBrJkeLjtXAdo1JpAoXaVbiiEkxMh2KRRGIk0TI1gOz+n1mnVdMwc3e0EP9SwHMApolZ5fNWWyhj6UxtIFv0TnH/n8XHoLxDsvWHTRt6d3V; 25:88jsdnRmWXaMWNDjNFUixMqCb/WBLvk0e5GWlnMb5EMhBh1qOWRvUNBJBF8g0+HZEtCX3LrGnxNiu2Imhc6AuXr64rIlQONfvWyC/rET1dz8SbB7Ei57WQFnW4RX2wFOWzgnhcb9Tu6HxjIZeJ7SUYsiQbnd64hUzUL9YiORAAj0RzdY7SG3UHbqn7PbWVO3Qf5XtdN0H6u1YqgiXkDEI+1TLCatR2ck6aBsOq4su96kbvKZ1RcfbX0/ET+3pabykJk6BSVa65G8vdM8vp5SYDu59KqRX+I7DxompZ4wUDfNOP/9XmogdHlS4lHUxXm42oLFDhvQkTXX3GopjUjYcw==; 31:7lJqFsHnVQunvARMyWPbd/9CdoQ/8ogdrz2Tmq56v8DmP3Umtbq8dkrHUe0F4h6+6jq7tpYT6VdLc18LnFLSTLg72blF2NblwVdyE9srqKl215WTdfvkTsM/qFIVkMvG0mCxBLwSwv7EOJDgJ/a6jQ3pE+Ul4wiQFkk59fhBUDhnARcpdfo/nwXV79i8Vf5hrAYz9k3P87E9MGHxZrh+QLRjIcIWgcuTik8eN+MOZkE= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:7ZdpRY6lld4YuQiYGKHoOl29q15TUFCD4F6jAFgR0uHXgZ/2MyBhZ7bAsIi8sK6RFEC3HplmsNwV2XC18SFWKaJSzJRAzOgkQjuQV2L3EuXKZ7U5dONDjs5/jebet7EaT/Cx42ZFgEnTAup5u0CH3q5YapAmabMGr4KtFSQWnN4nt2XWUDTZZGpWHyntstZUBxpiLartDFpsJeT+FcICSuQDPDOO9EUMgfxzLyDMkw56bNi1Kzs//CXarnBP0CFEiVcO+OTK1zeFnPxEcFkPI7zxwOG4Yr3gwgwGzqgnUyoOqjHKFhn82ixqRf0tarnzbK8deH9/2uZC5duvjgHSfeWgFY0nsWeWrGk1mimlZVDFjNUOXYiPjdZSVgoSLUz+vwTL1NhYI95sN6bEQsTeepMMirKMB2NC/i5C8SKwdaXhTe85P47Ea6lzeWQnxhVBgI42KRF1lRhEEacHJ1xiRdT3DVe+RyIJZNKpbwC4JDJcGROyEy+F38t/5EDScJ/Y; 4:Ap1Ogke9ElfGaCcLy4j91gnnH9/+yIB51dUBYHP1imif2Cn9qVZ+LupFIprvinYsDLcKrL+MVfWl6MpGVWMHsSx5b8Q9dTLzPokIDNuX8+I0yr79VJlkzXyb9Setq7Ixv7xyBkexqhcOSHbjfe8LKiXxArk0kg95+thdG9yfKaHs1QJKN/lIMYX7M71gJmoLeTBrzemcvaXNcAQnBrJQqRExYkRQLHhA/r9eIaU+jSGbAs9nldFRKOKpzmSIisiJp0LATwZTuF53QtwHydrWobtNvmApxS4M6RcnfoBPtOsxF1BD8eiB/SxJWSpNCquc X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Forefront-PRVS: 0604AFA86B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(346002)(396003)(366004)(189003)(199004)(53936002)(8666007)(2950100002)(6486002)(6666003)(6916009)(53416004)(3846002)(1076002)(6116002)(4326008)(54906003)(8656006)(2906002)(25786009)(59450400001)(386003)(68736007)(478600001)(48376002)(50466002)(105586002)(2361001)(2351001)(575784001)(86362001)(66066001)(106356001)(47776003)(186003)(16526019)(51416003)(76176011)(52116002)(7696005)(26005)(16586007)(316002)(50226002)(8936002)(8676002)(81156014)(81166006)(36756003)(7416002)(97736004)(305945005)(7736002)(39060400002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:Miuyef5u9ILg9LyRzd/PtdBS3765UVVf31MgZc61/?= =?us-ascii?Q?55QyiHr1FbSlFEvIRyBVY8K3CmSSMoSfPoqAlagn5rY65NJtAOjIXCPYtFvI?= =?us-ascii?Q?vcMHTPYUiGLLUKFRsJz6g5ylNm7C7rkn86e7Xv0Rzpxz6B+ry3/WqMOP3lmr?= =?us-ascii?Q?xfJsprCMcstMgbMlaewH8fps26xg6WyNcbEa3vxsAeanpCAuK9q45qJHnAbl?= =?us-ascii?Q?4FtdpPg9L6QzWyayMcFAKfNuNjKLeKW21jMaZ259zaUHrPOoaFRf/Wqvt0u7?= =?us-ascii?Q?A9l/JbUyro05TNc3r9DY6iUQzAgQ+18UuS58SGRqJQ+dACpmhSW8Suquougt?= =?us-ascii?Q?RPRQqR6XqCfgfYngam7SzwryLJ0KRpEYvnQofAbPsaT13S8dzfr05C9iTjO4?= =?us-ascii?Q?FYNQLw6rkSX6psAMvWpD9BDWGamP4cuoA1RbUIbxAyIb4BRXFZ0/5iksadvv?= =?us-ascii?Q?zpUDjaYqF3JUhrl+stCQLpzivvdCCjaLN2FYSz736CaVlnN7y7SDEi52pNDS?= =?us-ascii?Q?xCx3oKsphPYsyHE3K13dHFiKsWgl5DN4h7D1jCmc2DN47gyOA+ubc+VLRiVl?= =?us-ascii?Q?xdd9SwRnd5yacyTjHar0fS7A9H2dPDlzT+8qzCbIfqnQS2l6p/foEN9c24fx?= =?us-ascii?Q?QPk0I2AIPEI0q/KbFwF8oyqEJlTTF/OhwB8NTYpumUvib7cyHGuEt+Q8qp5P?= =?us-ascii?Q?ujcGrhbjWSdRvLNiGiHiaIiEm9CCal8mwPM+Q2JeJKBZoKhmxD0uQGyGdgaJ?= =?us-ascii?Q?FxbtZ+j1ucL27rV1+gnCI85xWOKOIfI3yEd36vmrVotaBFElKc9NfKvQaplq?= =?us-ascii?Q?lWwQ0Crv2/MpiKBdkjkNNuiRyb/fM/BeyW+rfr17uCJCcCrlD+JnFEjop/mF?= =?us-ascii?Q?JobImpYLShpTg8WIYKdyk3fwQ8RNzGsVHyGyTWY5lVlrto+uN70anLMBM4go?= =?us-ascii?Q?EgEuOi3HmyqQEdOoJKfcJwx1y22ghzDeTY43N+fsnuc9v3VPOooL7Rry5C8w?= =?us-ascii?Q?RGKixPE4of6GznLrc4jk1SfPZMa9baRpuhKWDgwpZ7I0eeKt2KcZlgmFfKBG?= =?us-ascii?Q?+bOn6OaRVCYVJklk0VBm8fUlq89kqiMHMmW8PAOz0LzFHWyFs8zqyFKSceqw?= =?us-ascii?Q?lD78bAallDrJaEwlv1C1oiF3fJJxOih8rAzCaXyKZqHT1BZDiPyg5GYcgEM5?= =?us-ascii?Q?G8kNFXCaSkqb3IXQLt0eHYqenbxXbsEULcVjowtuH3GhkI0U//Vx8OkYP8Ug?= =?us-ascii?Q?JMBmM/RwG2QADtVVK5e1xLqAuXXbe4nr5epejm7yKhuHdF7fpGFr1CuMnWS5?= =?us-ascii?Q?Y4U9UL9YRjanp9wxWK+qdShtscaLYYs9PBel8so68CG?= X-Microsoft-Antispam-Message-Info: 120IdgXlQnrTtDRSMSYjoAtKzcEHrNYl0bZuGN5af6eYclaSUt1plK5sjfyewYRG87ZhDDJh3xeVtN8n0H0K0n8SGyH0P62O2xWvVp0+5SpPCpR5Qa7lqO3Y2sLOEAX7ZNZySVA5gzSsZmV6I0Uj6Y8TzjEq8GKWC84KEypiS05jVSy3ETltiub1Bq057u/h X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:RQIlEnSVqF61bHls4cJq2ruK3QZJKsnipQpQZuzdt1x5VinYkCdi6bAqlkpzoU0YgW17B1gWCf5angUizcMHquREgDrn7/xJoqa+sSXBpMttk/F3QT4WP5M7v3yCnTLfoAxVLT4j6QEIXv7cQfcTplZqlpvb/+Uz/kzmlpnz6XjMiQl0834O6EiRkhvBjRLgb01rQOqvY1+6pJIwYEllbMZrEiLqgsYyn1tTkOG6GAi3HOt9Iayj0tbgtw/4uGMIEeCnhgcQn3Kc8g5NfudtlzTI0L2XeRLBH+DHapf/82BPCakM+0xWIZQ9Xlb73G32MIOUnQdgps6odEhvY42XwqCbHaqu0zTiDTWddkxp2iQ=; 5:ISG+FZtgJZHW6RMaWHua+yUev5nui7zXLoBAPAS70DFmtmk6rvuQXpn+t6BLMQiVelWKlKeldqjDSklV0xNdVfjdo+sd1VHygiu3WDczhaX4JmjW8HF8pN1qIVFiwZmRfgr0rA/fm8iVOKjQLhKCNNj6+Y+18Pm4V8/4Sf4NZr4=; 24:jik4gfcqBRtX+QYbEi+z2iwjZ5s5Ifo9K5cwhNITfkRh0BuDzqq3NtwapBrhbW3hLKY0TM4J159SDl6ml1Zaq/B95IkhAOLxOv2FFBW6zTo=; 7:G73PH+SGgpjRRohUZlHbDPQBBWWxUJQXt30sTN507sVh9J1Z/ngKeVtWFclUz68GD3PbSfdRz2tL15dQISpEfwalVqeqdXzyrK23ICsuW2cjo9qt8qFXTdcKrVfuqO43FnuPL+n3XtqVKtPdX+6bhF2AXzPNkM4/RRL1e2sr85hGkuVlyrxNuCU+wJXjy8aLJgq6ImWbLlmT0Y++7hHxVY8X0FWVVep9L9adTtqyaf+DBH6XiUh9bAH3VdQK7QmA SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:Gxzo8LoRxB566rq2iT30Tsbc9mV8qG5d7KypFGzklbcG5KIm25+Zy3pmVjsLk3hyRobaitM99FwO63/v7sZizpX3N/2bOx0fldnRSt995Kq3e2s1+CjU/UnrOtJqnHPJ3KcnqVgX2NxuyrC4wbwqiozCngxWA7oQnXWCpExdeLAmtfddtOJhW45hQIqopa6PisBua2X4AXl6jU7SRPbwypG+Tbes+jtRXwciPYfkHA2vR/Wxw0/xiiO+ztpSd5sM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2018 16:51:17.0573 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 628b64a8-9a41-4ed4-cf51-08d5844ba57f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 2 ++ stubs/sev.c | 5 +++++ target/i386/sev.c | 43 +++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 4 files changed, 51 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 975ba3845234..411aa87719e6 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1680,6 +1680,8 @@ static int kvm_init(MachineState *ms) ret = -1; goto err; } + + kvm_state->memcrypt_encrypt_data = sev_encrypt_data; } ret = kvm_arch_init(ms, s); diff --git a/stubs/sev.c b/stubs/sev.c index 4a5cc5569e5f..2e20f3b73a5b 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,11 @@ #include "qemu-common.h" #include "sysemu/sev.h" +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + return 1; +} + void *sev_guest_init(const char *id) { return NULL; diff --git a/target/i386/sev.c b/target/i386/sev.c index 1c8fcf32df93..6a5f026e8fc6 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -100,6 +100,13 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static bool +sev_check_state(SevState state) +{ + assert(sev_state); + return sev_state->state == state ? true : false; +} + static void sev_set_guest_state(SevState new_state) { @@ -481,6 +488,29 @@ sev_launch_start(SEVState *s) return 0; } +static int +sev_launch_update_data(uint8_t *addr, uint64_t len) +{ + int ret, fw_error; + struct kvm_sev_launch_update_data update; + + if (!addr || !len) { + return 1; + } + + update.uaddr = (__u64)addr; + update.len = len; + trace_kvm_sev_launch_update_data(addr, len); + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + &update, &fw_error); + if (ret) { + error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + } + + return ret; +} + void * sev_guest_init(const char *id) { @@ -566,6 +596,19 @@ err: return NULL; } +int +sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + assert(handle); + + /* if SEV is in update state then encrypt the data else do nothing */ + if (sev_check_state(SEV_STATE_LUPDATE)) { + return sev_launch_update_data(ptr, len); + } + + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 9402251e9991..c0cd8e93217f 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" +kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64