From patchwork Thu Mar 8 12:48:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10267949 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1BAE160211 for ; Thu, 8 Mar 2018 12:50:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0B1FE298FE for ; Thu, 8 Mar 2018 12:50:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F35E929902; Thu, 8 Mar 2018 12:50:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6B16B298FE for ; Thu, 8 Mar 2018 12:50:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935589AbeCHMuF (ORCPT ); Thu, 8 Mar 2018 07:50:05 -0500 Received: from mail-cys01nam02on0040.outbound.protection.outlook.com ([104.47.37.40]:48672 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S935582AbeCHMuB (ORCPT ); Thu, 8 Mar 2018 07:50:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MjeXwgp6bmm57CVrc6D8g62a6qwkiOb1n2+Iajbxsns=; b=MMOTV7u6grOSYqpFtkt95JQak6ETdVRi/29JE6Nha2rZZmpv6C6C4qaNNdN6G8LzTWfh9sM5/roGVPajwme5cMDKpa3rHbhnuTerfnpLBTb1Y/HeB1YXkbRAC6cdfSeXVtx+4tO6CmDBZjSJ15+QP6aZnxXO4AfW4oThtA3CXCU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:49:55 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Michael S. Tsirkin" , "Edgar E. Iglesias" , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Alexander Graf , Bruce Rogers , Brijesh Singh Subject: [PATCH v12 13/28] kvm: introduce memory encryption APIs Date: Thu, 8 Mar 2018 06:48:46 -0600 Message-Id: <20180308124901.83533-14-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e774dcbd-377a-4fea-11e2-08d584f31936 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:szCTh0t+jOlxvBRqmo+03To3uKuVPpmAEMmjn9o37GPhc7+uFgTDXl1gzJyPGYHDiZK/0deVfzGidjwI8pTKGndp2JDu47W7njeVTNZkWFbtYD1EtA8trACRyk7Vf5qUMN/6BE//+vlez7t0noqGN2OvYFCsPFXJ0FUtFb1e77t7JCOMVDPe3teEhjE5qZHuS4BlAZLMCbizjh6IcvECQgCHE4jhS4jGMZ/y+M1bHP+QWyD61EwL/J7xCg/uGDiz; 25:EPsrNi24jcKS451JwUBVdDa40nhtlLyuCCENQYmbtGlxbUWIPr1yYvRM7J7uCdI5Pxbsgr+i25wQ7leyvZeDwLblrLBznSIrCIA1ECjTOENI5+iK4NaqQeBSFnzcrBKojYNBLxx35KpPyFoqgf/zELxA0NSXt4F5qPSG0SnqMkGJyq6ZcfjLfFIyENx0XIS+Dx9va3LwnGqHbbMPxtb/ZRXsG/DyrRZTUZl0TjZmzgvTye/X2Gvhq0bJrBfmFT4TsxQIbWjEeanNnYT3D/td+M+LAAJHp6TX+jDXlGnZxjlbpGvtY8E0Yau1dg0WRNoAk6jItsIaRGm1xWceIYDwjg==; 31:kc/taN948J1iwgCrRup+T1qKuIu5QIS+KqQ4ATrECA669DCwYbHSQgGUN1B4pHFGpiWrz/F1i2FRp5SPACE1ay/OtXxySlKbCX1Mjat9eaMvHvjLh1/x0oigpcoDbzEBvIr8TIUxSvm3f4QKAGdDyGiu/HrYUWPAWw4gl13EcDjeLX0mCQajEMNqYiS1JfEWHd3ubNSxpWMJESbS/hi+bMvD6jXi1RBVuRairysmc2c= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:gjgzGpFI8iBX5y7m+t2AMto7Cj1+9YCRzSKpns1N3fXPsXTMnUdH8DiVRSQSO9y7plkY/u/DluPcPgcHD1yGGdUniEyWKdc3zLjKbWoFhtEuymUeuxDCYl8w5hWspOquYR+o5h02UfORogkpga+M78IOL2/iOlGyT/Rxw6ZzIPH/Ky4FXNpRFJkgxjlB9gPL7ctPkqsiaU1koWOZzecnQrFL6goDbylMpLmmv1ufgNy95CqB4cAl0S+PnQp1qiqL1WaeYFV+ytH5osQTqRqV1bvEDThLkB1/FG6HcPL4Xwf3jenly0ExoW/l0dbsTPkM5MV3WDYAto6R4+BLOT1NH9E2AgdimHmJNb9EG02YaGxKpBHBxx/vEcyav7qx5ny+cq5t1nEdN/zwVwzDxzWbZn9zz9IalxM88C7sGBqDwQWmSIlJlZYWm6nzIXyXtq5MqkViJm5eThwUfLWXVtnv3QH+elDaKmlAhA89I/Q181wCkQ8nCJtY1zapIPyhExuo; 4:55YTB7qdeSSskVK3zxxZEMpvmjxOfQ77gzxkdw1C8COJ8dfq9uUQqZboYlHIhnr+s9pGqcuvaNTeAYqr8I8f4VySLSjoqlc1a228ZFBIeJA2vJOcUNaYQhi8TUjMiVYN71jTELSqGTPpVDATVadyDrbS3Z7mtKKFdST36Du8s7c3xVVQwqP0t4wJnJ+IrLzBsDN6X0jtoLFP5jCyAmMFSB2LCGCafdIcxNyNSD5zk8kNOaHF54Mu+k/QK3+EEcEqPWEXGNSoCr1wsVlEWQIsYF3bk9JJ7NtkZ4Ql6tZHoBRfBuUZ8P4ckZQOCXON+rGiKj+nqSCptJaFdlj5b/dCYg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:Cwwx33wZCgWq7BwgQBe2B23cDkUqb6U1bfGklJ9dN?= =?us-ascii?Q?Xz2trMYroldh8vfHjDpTESiYMFdf8b3lOeSlbdnl2cBjLSV9aQ/TLlVBI9fp?= =?us-ascii?Q?SAjmyKe9MlH90cxQeE2sxgPAiw5VSa2OMjiC35KjJZif39h06i2za60BSjqo?= =?us-ascii?Q?ISLQWTKckDKvyBUKKvJtRrD6vFo+sFd9dOhYRl+OsHVsLVXlekbuELkd5CFj?= =?us-ascii?Q?1Joh5iBKhFXM2jDZIh6pxSVWK7z+OUvpZwaXKqlbU3xBUl5mosgTm6n7UXIZ?= =?us-ascii?Q?dfnkWSznlbSVG+2Pc4+LlxbIW34pqpP+j6hJSo1EPzZVjCzv1RVL1nZm8Iuy?= =?us-ascii?Q?zhM6s+nbVMGF3Gsdh2+l5DaKPHNnuo4rkNy4YZxPcUtph++CWsUYky2EPI0w?= =?us-ascii?Q?OjnFB6G7u4Ah8MINxz1Slg95S5YpVXK8/jh6oNdCE7IxgKzVZ8v4wvrq58Ct?= =?us-ascii?Q?1BIfn14kajl1VhkS0E+vbDKXtSqmF4xp0UOdNX9H77Jx0w1LxmataDii5An3?= =?us-ascii?Q?PqiheyB4uIAPZsg3sBjujtO5vpznALACxvVsENoOKSa/9LjdAfQtCsXtcFcL?= =?us-ascii?Q?zC1rx8KjsI9TmqkO8l1XK2+hwdp1WXWigYdqgsA7hABppG0oiMyUuhpiVtuu?= =?us-ascii?Q?Z+w05ByqyGxtNDTbY9560XHG+RiXx1IUZROdYvoNG+/7bgeUMEcgznPOkmDa?= =?us-ascii?Q?4zUBu9SdA/Tqe5NENF5J6+pPhumTYcJSAu8QgRBLkHzbYYCP1Ldx6M8tbycH?= =?us-ascii?Q?h2Ju/JYTakO/gNyKXaTJDy3WWi2lOJhAD1Y+H9Uy8SbXUCNSX/10tzWF3LnY?= =?us-ascii?Q?f7u/85G0gXdEI0dcqz6vzgy1nvSFrBprGaRG+qDV/zVkEBC+qc0sjHvR4FYy?= =?us-ascii?Q?mLN8gc+78hh6YxJuL3IR6MSEYnN3Hv9PUfU/2vma2xDs8PN16Ujv8bbe0Z7L?= =?us-ascii?Q?oMEbQXoi96ztFUKEQLicqrCSPhc1/iR012v3YPNwooNv6/oRMw1tlijMk7A1?= =?us-ascii?Q?wqwzloWn6657M37c0Sq3+lZNSuc0/vUX7Q/OlkT8+AXWTd5EmmUrIxms80jS?= =?us-ascii?Q?44Ur8EmU1XXDSn9WP2kF9P0ZUWO5Fr1N/i0IZV1+l8cMtxycbgJswoE9Ce7j?= =?us-ascii?Q?1pxx869tLIe+F7zUyrBBlPWNu6CJro4obbkWEu/z3FdGhONod7vdg+jvMmr4?= =?us-ascii?Q?t6ipcwaIKD2hQiQ8NIfNUFiEE1+kt1dSO/APQAlv9Ur56Lgsk6wUM2lU/Acc?= =?us-ascii?Q?8rE9FQB/ZUj+yeG4TEVgoIAZKvvZbERr2smzMs3ptCRTotHqPuZ9K51ssbVQ?= =?us-ascii?Q?2ASaJ7ecJ8Y7+8Z+xuSWFs=3D?= X-Microsoft-Antispam-Message-Info: mXej/Uvz9LCY7mJXlFiP0Q9fenUYK3TLBe90K/oslc0OSXvIv0N/s9P2SMVnSYhPibrR96It5PjmWzlI/o6tSuHCG+VxkIUgKQbAkIxnyEy6qX9lMPgijSHc0CIYsqFrNNTN8ecMPNEfSJEIzlbOoEo2xtfgyCscgbtmOn1BqwpxjC+yUyanvLYi7hvoeyNu X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:FGsC5Wh9monLZA0o/1fPchU6LgiPaXXVD2FZp9jt8bbU6xRKcqTkej80ZsZylljsSRmEVpkl2tIBuRmuOrqhgkivJTFiifAOGiRLx52gNompH2HuHcaaA4/muLx5lJ7YkQS0/eVz9OxLZeHt5MkhuJa3q3Awryv4DcFQR9OKMU/757v6maoRNY5VE18x1UBcwfsv/P3cAtzKa2p1BebHPpbJ8LepcikuxmGDLCMk0bD6Bjm+LnfRUk2QCheQqqMuDxVEJsXv87DqFs9BJz/MNqJ4b8xXVn0INvOHtUYRy47wrSLOTObfbXyqYGXxdcz5b5Rv5+MFrugNtcsarHsuB8mudoiTv6ctU75uc3XkRWU=; 5:DuCUq+MoCfSZr9I+vOT57ArKE98RV9DjFFPeFssxzQ9LOmWDyHDJyALH4ifkQKytYrKKAAg8bn7q+VV4f4Mh+hUR6NyoZ197PVt8BZqvWxCFo8Ym4z3LOtXOR8XEdHVIRH19gY7QpkQpcxvxcvXXzMTO5VM5EihJl0w8O8VFkLU=; 24:+E5Bntj6pC5cCnE+9+WIkcy/VFCh8VZZzH+QCGN+TdV6zeRoBjdYWjVQ2RkvLdAr0CipEUmhkTl01bQeUA91hjqGsCLSb1/iXnDS6aHZk+s=; 7:6tI2m26VuJgSUHTPmkHT61aAsoZK5lXhV8BhFttnCMLHdSAfslJJH276+wz/wp3K8esEtHyRzjzfWI43SOLHFKPhmki4/AA8y0wvPE+mtqjULOY8i0w0JloVbN11PBit/LP3DfA4jMLDXyfMWUImg6VMfTz1haBhmCyH36Z7CAA2HwUK2Sdto1ZpLDs6iZFhGIdgr9eaEz9Qjg5lBwGFKRqwtb9jrnZEQeyEIv3LDg1stzb+u1Wy2R1hHznyR/RV SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:9UST9L+vyRH/DBry7oNZhLeFHUgOumUgE6bbBe9ZJvdvXWJ/cjL8JC2gbGaBGe3/qVoT1zZuv33q+Ap6ao4GCY37SO+FT7Kn3zNze8dgowAb5g4IuD2yCW1Fnv6jFIrbv4CU5H1obnyy1gMgZxX20wRxYcISRFMH2LcRxAkl9pDHkD3OIe57HckHhI0RGqyJVt6PdMGMpFyoMkcg0CTZBHlNWG38HrCSWqnaL/bFHRYS70clQOxYQO2MVR4stgvU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:49:55.7998 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e774dcbd-377a-4fea-11e2-08d584f31936 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 30 ++++++++++++++++++++++++++++++ accel/stubs/kvm-stub.c | 14 ++++++++++++++ include/sysemu/kvm.h | 25 +++++++++++++++++++++++++ 3 files changed, 69 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a6473522be11..975ba3845234 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -107,6 +107,8 @@ struct KVMState /* memory encryption */ void *memcrypt_handle; + int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len); + void (*memcrypt_debug_ops)(void *handle, MemoryRegion *mr); }; KVMState *kvm_state; @@ -142,6 +144,34 @@ int kvm_get_max_memslots(void) return s->nr_slots; } +bool kvm_memcrypt_enabled(void) +{ + if (kvm_state && kvm_state->memcrypt_handle) { + return true; + } + + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_encrypt_data) { + return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle, + ptr, len); + } + + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_debug_ops) { + kvm_state->memcrypt_debug_ops(kvm_state->memcrypt_handle, mr); + } +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s = kvm_state; diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index c964af3e1c97..5739712a67e3 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -105,6 +105,20 @@ int kvm_on_sigbus(int code, void *addr) return 1; } +bool kvm_memcrypt_enabled(void) +{ + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 85002ac49a54..d69bd1ff2b07 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -231,6 +231,31 @@ int kvm_destroy_vcpu(CPUState *cpu); */ bool kvm_arm_supports_user_irq(void); +/** + * kvm_memcrypt_enabled - return boolean indicating whether memory encryption + * is enabled + * Returns: 1 memory encryption is enabled + * 0 memory encryption is disabled + */ +bool kvm_memcrypt_enabled(void); + +/** + * kvm_memcrypt_encrypt_data: encrypt the memory range + * + * Return: 1 failed to encrypt the range + * 0 succesfully encrypted memory region + */ +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len); + +/** + * kvm_memcrypt_set_debug_ram_ops: set debug_ram_ops callback + * + * When debug_ram_ops is set, debug access to this memory region will use + * memory encryption APIs. + */ +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr); + + #ifdef NEED_CPU_H #include "cpu.h"