From patchwork Mon Jan 29 17:41:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10190351 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2F43F60375 for ; Mon, 29 Jan 2018 18:09:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1991922701 for ; Mon, 29 Jan 2018 18:09:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0DB8E25D99; Mon, 29 Jan 2018 18:09:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6A1CD22701 for ; Mon, 29 Jan 2018 18:09:43 +0000 (UTC) Received: from localhost ([::1]:54811 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDsE-0003bR-Ji for patchwork-qemu-devel@patchwork.kernel.org; Mon, 29 Jan 2018 13:09:42 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49152) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDRh-0005ko-6E for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egDRd-0003bC-1r for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:17 -0500 Received: from mail-dm3nam03on0073.outbound.protection.outlook.com ([104.47.41.73]:1695 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egDRc-0003ae-R3 for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3W1yjLfdIK9z8/pWa/vYNy8YOCHPmJBmgOjtI0BboeE=; b=OBBnbXCyQ4WlGCOk87fd9kFQYAzgKIBycfy1lAfhZh5ZXAMu2PsrLUQvpOylKr7u77Uxdv5aWNP/mMCnSPT0oZjzc/2TEID7YDfY6xhAWAx/zGmapRN2l/hMMb03QOaWSkLbVG63WXghccQp4gyepjFEc9T//I6k33nsm55Dnio= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Mon, 29 Jan 2018 17:42:09 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 29 Jan 2018 11:41:24 -0600 Message-Id: <20180129174132.108925-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180129174132.108925-1-brijesh.singh@amd.com> References: <20180129174132.108925-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0018.namprd17.prod.outlook.com (2603:10b6:404:65::28) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b054f1fb-9e94-480f-0132-08d5673fa018 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:fj2snc3F0zexzStY0VefU2Iga/g0kQqghmjQSwLNkhvxxBjK/jACVfZ/+OChwsN0nWKi4OpQFFqHCdc+F6CgXJQkQ5JJqpjDx4X1CFYISdOSmE+TV5k4ohXitxD4b5gHG/FqoqeBSO0yvKi26Mo0UketQ1tBK40QEwpj4TOR8LnEAVt8rtoceYxC6DTCbJKzVyO7qoUhN7IZA3vWRN95Ck4da6FBRkqzwxjkdn/dOT3B1Bn7IzyIPN83o9ZWdssT; 25:MuKS9DQj+/+ZlNurUZwqUuYprfKQzBRccU2B3VwdbfnLeQxtd898N8fGi7THv27g6uQynBDyYXww4LvuXI2hK8aECs0VmbN1Gk9g6lzhIZjzew3pQ9MXUWNMbr27zMVq5a8TaqppZErfiE1Ilirh0YS1O+oZAimuFqhsgZLJP66Hg6L0ECcHj09AQNJLpgWaMeL3e4f1Bh02j3Rk0t1BBxEaoFGWlp7+Hxq6uRVA/iCOZ9IKAXgtduCj4feDDI0InY6ScJ88uiYb23AfgCGCJ1iX8fjWlYUNiWRR8WEEsfFu7d3sta1q1DxKSPHjBwV5aVjNELPWgIbcLPx4Hq1eNw==; 31:lQhqRPFQ2V9dKLOSJQF+NbE1YKdHrKdJoQd4n0GzZqWMFdpNyWl9JOyjeELVJMi8uTdtAiRraSZHUaBiBS6cOF2Awa33vjqpiapqMZKG3xXn885ygH/qG0AeXe1ie1W7wKhRBoF2xtMsrau8EGRLmEm/yfd4exXPi++YqkTTrCeeWK6TxjBsZWWWFBtIydFip/ca3U1p6EqQi+1rL6Db+IBOv1Lyv6ndjQOBeAJlXW8= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:SZO28AsGiiUrr0VP/3Dm152JZccq4WmKAsjMAxyiuAZaTNkTmR7Ppf5Q0OBxIWru3iPbIVfWYuuL4mGZJ6lFjPMFWifWrD9wKFW38NXLNQhtueUinN45Qp5Vkjl6JAQVzjBGH1k00SyGh74s1JIYaxsVwf1v+fn7QrJEESd9H+vbaKAiE+d4FJcOPuzxK4ZRCNPu2udrc2/NjwSNeZyWbBBAJ/majaiTAWYxUjGZd87faHoVZjdDTA9T5BvVez4GUveugVEGHBY8hYiiokekX1s71+V9GVwdnyTGgwRNeYAv5SI6eZTbYFiCL0W/OpMBzKtlnyg6NlctwWF6iHDdL9x2sOKDPMvwEoRoo6GWiQqPDgDl+dV5gBi4LJrIsp84mCkzPx3bU9royfyW2xiIQplzmHwoNDlrWLUxw17r/Fteia7mPIzayQ4198IEUUsaKL0NZv7EHgBGJlvcTl+PmTq7+LyhNbFbkbKLgkhrzgqOVMBDnfzGiUivcNNLNEnR; 4:F8iolj4ppyWd3gOwGH50ciIlWFmOGyHgN1tWkMOLcHskXDConYHMzJu3cG6nZYcwpyLliQ+DgRpjeWYRAJW/GwaWV1ew6ELJXbOlfH9GTFQvRupU3fTjHItveYZXFXgyET0qWGLeMxDS2qfoZhpwNw+/BbMXZso/qPYeCwGp3+mz02C1Fe4vZB/UwFTCqIi7daJJMPnpfnxbtMJ/HSpLOlHC/HGN+4eFAqfIfw4EMqOiWvhkNfhbKQEmrFjlUOd0lCnDuEV1YecHJL0Bsm+8/dVe0qFM992Dfai1Vi8U0PQfxtXbaGL5y7wTNP2WKEM4 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0567A15835 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(39380400002)(396003)(366004)(346002)(199004)(189003)(48376002)(8656006)(39060400002)(4326008)(6486002)(68736007)(36756003)(478600001)(26005)(97736004)(16526019)(53936002)(386003)(50466002)(86362001)(575784001)(25786009)(8666007)(16586007)(54906003)(186003)(47776003)(59450400001)(316002)(7416002)(305945005)(7696005)(105586002)(106356001)(76176011)(51416003)(2906002)(81156014)(66066001)(81166006)(8676002)(2361001)(53416004)(3846002)(50226002)(52116002)(6116002)(2351001)(1076002)(8936002)(7736002)(6666003)(6916009)(5660300001)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:ki6SoSi0PLl+s1hgjG/dW1CuZmV+KNXeZHfXC9XpD?= =?us-ascii?Q?zAPL8l7wc1pkGQFYDfDSCdE8oqngJ7tpSikM/CLVoyqVhtwVo6huus67PLEw?= =?us-ascii?Q?NpIVj9Ak/vXKrKn91Unam8yfP/oqREQYYEkHWU0MoHyMQIWQZmQ077p5P5UV?= =?us-ascii?Q?z4jxX9qIJ6zwg241nH/vap7bqdxxpMhSAarw3rRy1q4Qw0cPq1+A7qgv42Wn?= =?us-ascii?Q?Xg1AM5miZ0ztA0XWPe0gWyVwlHJd71FJhOW9FOB6m2/rOKR6JdNO0URrHKYk?= =?us-ascii?Q?E24HvuTd1mehALshSyp39uTqyFmvk1UAnVdX98wL71M+JaROTeOpUCty2h12?= =?us-ascii?Q?qxZ3Jrkv8uXwznUOp/UddDZefhrJoZiL8rqtGKTARlYxSww9BjfV9RTp0fQe?= =?us-ascii?Q?fw81Md8iWi3I77WHHCy80UZOb4CL80T5FBcGFjTJmTsSkNYGWFyBhN0qDiD9?= =?us-ascii?Q?CNxvSIG9slZscgrYXnjUm3g6IUbQrf6Sht4Oj7eST+e3fkDHQMYlmyEb9JW7?= =?us-ascii?Q?dP3CAImtROJnsRuzEZzaVlL1bIMLv1/rotSYsw/OP8B4m9/T1Lc2eCgmzEaO?= =?us-ascii?Q?JdrOnS3laTIuBBdfS/d0BjFM0SLcZzTZvq+5vRJo1HgR8+9WW8R0EUd3sNbG?= =?us-ascii?Q?r9hxEaAQQ1rDxC44E9CZk+0RtWaO9yiUZdZLmZ1BQAWclP5SZ8PQCyCeUpcd?= =?us-ascii?Q?Nq8Y0xrCRFzJwqNS0GQPKb+T3VhAEJ402xe0+vCZQdGFaZ8Nq2NdXt88kuPm?= =?us-ascii?Q?iyOf7lB9if9roX6k/IdwiGUQJdollv1wWgyxcpqjA+PzZW9h2xbuExvzkVTi?= =?us-ascii?Q?BlP/yx80mD008+ZPQ5ipcWblohKuCx0A1shZ8g+bPeNG7mNcYZCKKB1wIO3J?= =?us-ascii?Q?XwWV4EGe5zXT/r28Sack4BaJ64nf0TiigV58gPdMA/YdQWKQvLC94yYmyDiB?= =?us-ascii?Q?Qzg8CR6LwiGsHVPsfn/5MlZKXmiY7b3TB1C5pFxga0Y6vdwjg8psYQ3+gVAl?= =?us-ascii?Q?jTHwDgGsZvRxnOFC15GRrkqrDurcLle2K03CFbAH2yHKoIzFRguQ0PpupJ7N?= =?us-ascii?Q?JXNOe3w2kXP4oAhNXc9fiZ10fKBA8DDUWYlx5tGePMc6PYM6oKREYCbiKL29?= =?us-ascii?Q?/sIW7fTXFKhSxtuWphy7oIJZL9K0itR/czf92qGNi+g1SBdZIzbwm0JYHJzl?= =?us-ascii?Q?ef/Y394ZEryLnH9jLFqNkNkPbezlnLvAYgNjbHCOmS1rC40eOFvPPERczvsg?= =?us-ascii?Q?AAEleNnH5xUebconeEEZ4JPyPogj53Wf7+a/6lCHEwGfIMhIo6n5Vn6YxR3n?= =?us-ascii?Q?iUSMiSpWwgqZg9//wrZs/Y=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:VC5Y1xOu5jFHTzDICN0ySxoDdTUmAnn/9+cpFYpS30bhkyaOqBmkryYh/ZgvJb0bq0a0gMS1widRLrPrURBHniD+MUDQ6k7fxnMN8XDOEaOGckMEArAXWZ/t7e1STzjeWYwgeGb/NRlA59i3IBGoyd5N9fy3uo+pNIu5H5JGAALgZAR7CJww8ATgj2qn/XbeHI6U65US191tk/aMyY1RnHkBZ66ndqNkCK4ayr7menm8drwxkYDnyER+EjbLVF1y+FuMIDwX3u/UqFE7DrcbDkPYqNwQbXpeRGBHP1zHHnZuxx+Vw+YRzCQpHLW39NAcLKnuE9dIC5fwnlTg5RqOs+e9hResFiZTsdIlFVY9qf8=; 5:cTJ2f4bjBQi9vorKhHHRDNpku6OCsciePuuwlXtC/slIqZ7xDhrHaKTNC1fpg/ZV0yMEf/jPKUtt/dxJEUwhEPVOzsTz8Vd2Hi1uGhJJpw3odmjlEjSC83Xr/DChRfo5DLzCG06YI3DydMwwz/ZDufZsf/aMG5DbkpiIVTbY6Sk=; 24:4VsjonJC8bI6LjkFGfl0S/Mq28UW5KpY+ImRtHzZFaQrJNPMy9gBmDs1HZk9xJ51x23P/+qqgzJRUIOOpqSolBbVoWV6UjaJgWMntXUFuxM=; 7:SREhfMj5TL33H0Cm+gZ7H0Ec0c6rZLk2anpcYF8YhGX+duHmclRm6v78bao43s253/Jr0gqtBAgkulItGzfAMyNH1vGM4F1HbtYeK4KsT0pIOKMI6r7cSlGWvGWFLxIQOoEcKbDRUyquttWHaWV6HSs29CRAy5miG8ExnjmPCUD+AT1g2KC9pZ22YJcl03SFBom5Rze4cD3euFNAWF3ZbeoaMuGBUAP/vbCRAbbiQaXfnDLe4xjb2voet9FUttYB SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:AWAcqcDqoPiaRhfZjTg3fie6HO7dZazDWbtyYA0r6Ahgx+f55BW7vGpnRp33FxLVDFhNvlIREHZ+UdiLq9LX/S1tN3arVDvnQTO+bqtEPfHAvvCeTcvQ0YvSk6IXZkpRSlmdeyop3bp9HkFDCq0ZwfdeAxc7tapX9rPt4DyQHcNlit0/RdHgh/dNDg3wWEdzcIcTE8g2nvFpoIwn5v5OH6VUYAv0A3hz4pA9eUcVLPhXprWF7idPbhDo009OjiOz X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2018 17:42:09.6352 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b054f1fb-9e94-480f-0132-08d5673fa018 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.73 Subject: [Qemu-devel] [PATCH v6 15/23] sev: add command to encrypt guest memory region X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E. Iglesias" , Peter Maydell , Eduardo Habkost , kvm@vger.kernel.org, Tom Lendacky , Stefan Hajnoczi , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Brijesh Singh , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 2 ++ accel/kvm/sev.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ accel/kvm/trace-events | 1 + include/sysemu/sev.h | 1 + 4 files changed, 53 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 54a0fd6097fb..d35eebb97901 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1675,6 +1675,8 @@ static int kvm_init(MachineState *ms) if (!kvm_state->memcrypt_handle) { goto err; } + + kvm_state->memcrypt_encrypt_data = sev_encrypt_data; } ret = kvm_arch_init(ms, s); diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index eea07ac9642f..1f757df725df 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -95,6 +95,12 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static bool +sev_check_state(SevGuestState state) +{ + return current_sev_guest_state == state ? true : false; +} + static void sev_set_guest_state(SevGuestState new_state) { @@ -382,6 +388,36 @@ sev_launch_start(SEVState *s) return 0; } +static int +sev_launch_update_data(uint8_t *addr, uint64_t len) +{ + int ret, fw_error; + struct kvm_sev_launch_update_data *update; + + if (addr == NULL || len <= 0) { + return 1; + } + + update = g_malloc0(sizeof(*update)); + if (!update) { + return 1; + } + + update->uaddr = (__u64)addr; + update->len = len; + trace_kvm_sev_launch_update_data(addr, len); + ret = sev_ioctl(KVM_SEV_LAUNCH_UPDATE_DATA, update, &fw_error); + if (ret) { + error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + +err: + g_free(update); + return ret; +} + void * sev_guest_init(const char *id) { @@ -432,6 +468,19 @@ err: return NULL; } +int +sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + assert (handle); + + /* if SEV is in update state then encrypt the data else do nothing */ + if (sev_check_state(SEV_STATE_LUPDATE)) { + return sev_launch_update_data(ptr, len); + } + + return 0; +} + static void sev_register_types(void) { diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index a4ea1c382ec2..c55546f36a25 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -19,3 +19,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(char *old, char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" +kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64 diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 392b21fafbd3..839800efdbbf 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -68,6 +68,7 @@ struct SEVState { typedef struct SEVState SEVState; void *sev_guest_init(const char *id); +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); #endif