From patchwork Mon Jan 29 17:41:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10190239 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CE80960388 for ; Mon, 29 Jan 2018 17:46:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C80B9251F9 for ; Mon, 29 Jan 2018 17:46:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BC1FF25EA6; Mon, 29 Jan 2018 17:46:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 169F2251F9 for ; Mon, 29 Jan 2018 17:46:51 +0000 (UTC) Received: from localhost ([::1]:53669 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDW6-0001En-6o for patchwork-qemu-devel@patchwork.kernel.org; Mon, 29 Jan 2018 12:46:50 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49166) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDRi-0005mu-Qb for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egDRh-0003ep-H8 for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:18 -0500 Received: from mail-dm3nam03on061a.outbound.protection.outlook.com ([2a01:111:f400:fe49::61a]:43136 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egDRh-0003e4-CA for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MfDZlPVRLwlDu6/yLokpnOfd9uc2bbj0/azaTHmv+8Q=; b=WcBwCE5aSDJmR98+3+drv+RkJ79dSlIY1WZ4hApjoAoaeWSqTRw5bAw46ht4dflD/5jNjTwJddAhyGRqqB9OAFl/dGFVyJaqXgKVh57vdxLwsutlvcl6BkxOdfKKpkzLL61wpaJxjRLnWbWqMF1WGWmbejWf8bKdec87KCk0CqI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Mon, 29 Jan 2018 17:42:14 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 29 Jan 2018 11:41:27 -0600 Message-Id: <20180129174132.108925-19-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180129174132.108925-1-brijesh.singh@amd.com> References: <20180129174132.108925-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0018.namprd17.prod.outlook.com (2603:10b6:404:65::28) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9dd2bdd0-b5d9-4758-a374-08d5673fa304 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:dzLii5Bkm0QC0DTJk2oBC1Dd0dQMFtbdX8urPU6qRhNJQUknukriTAAUAmfD2T46/dwiNVNpXgFgZGMIwhvC78c1BY7SdcdZlYbKE7YXb4Ob7Kr7WvaGtpvO1Pahw+rwPaRQBM6flKM6IjFDdBGgVpW7pM2bx1daX8tKEgmqMoPNLGL4YsTixaLOLgDvVFm1qpSPzJVt0LOFUpqslhWM4WHLEWf8XldkE9RttGXFPYWnXSaIGtzRzkmNaa4x7pkt; 25:tlYhi+J6QEgYEsEw1CFUM3w3RuXteKu9A1Cj84d2m63E7xUrffGQXR3y5QB1I2kSpxuwHenk55QuAN0bzbvScAbuH5wipfwv1LhLnEDHSAzaTf87mbsg96ir53nyDpn0k9vYIVZM8g2KA9wJOrVX10bdU02zw74EkKDk30YEruVnfowVvWKh4QiCzy1OiHXb5j9L5FGf5KxKyzR9kUd+J1+TQ7riMcu1Cpn2g7ETJBUEYJKIkNqp+sezJim3mLCO8BDNL9EXL9waHKNQtmKYvvUrFGy9HGLKC80rX5BbgOZALaSCT5kCJ9rH9eqGXf4H4oNrIhFVJ12r9vhzPTaEkA==; 31:NJo7tbgGzj8p4sHQ5J4WbosGCM4CJz7q1TZoaHl7wbDlF158d48Gtpa44CH/YysBxvJ3mTZ2UVAOYoQmOcvaIGrLBfxQQmXvpVr3s6/FhUKkgjDmGcgQFPCsjWt+98Nh+SroByvzg9N59oR8iYTTJmIP+DXBdTVaupmUOEyyprVJvC28muTONZCCoetT4oZf2Fuk/k6eRccehPPpq6ghXyH0Afz6xHJdatrHm51rZh0= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:Alccu4yZXnBIhuKGBdC7K0HPsZ98y1c7kX0Vy8ZqiPDzdxbqRyU5SIVLFimVeKjH231MEv0AvP/BC2+2xSMj88o7nVdsHqnizMa2HJvVMxPY1ifRfcowZcTjDDeBNDm+XHfMOT+gkTeVl1Hs4E/xpSnrVmBRqQhGlMGU3/aUIR32zgL+cyS3BzIsJ34S1rDjugJqODs0d/JXbnj/UvGZWrJqWIpo18swfDrle5DWQ+DQBN8oRKKfuZjjMKxlLJl1p1DpTrIJKDWEjGT3RVE89Z1AVFirbxExskw1q8aTzlrPQad2FdhrEuAdvraeAWb7RnjvhQfE205HKd5jcUm0Sn4wh2n7d/atrqbMzYzDvS64U0d31PUUz+qJp/wZaJdzaFFtxwZ3EwfBuvkibCnlr1DlqMzySKnWThtIBZow//ggjHCvw3kJtozWlzXkdFy/Tuw8b2+W5h9pVqr/Xr/hqNbDRMUoAeCPnqUZYmQFdghZZd1MTjfhamcgBxSopcn2; 4:POjrlQUXEljIIXf88onYJJoAbRB4e5UrWOyla8opLqNMYE3bnSRAlDj1Xi5cq1ghR8M3pvmkJ0mvZhQK1mUdWOBLWg+aitbdLf+Il8MqCGYPR681M7DPuAdICqXEHBEZANarP115BtidE4+4hnAp+qXWumrtLanZF9gaBHT5WfQ8Mq+ppCJ4lGVzC+BD+kT2XaZQ58RAsQg9Kf4fBXkz84JRrF9O6x9vWj3ya4wRRLKYxAo4I8qT4UOtjxDn1zSRYNtN1bRyvCTba//zo8+ZQQh/6blpzJYLFRyZypPFpnl7tWndkORS3M+v1KiIiimTz0ZYkNXfXVkOeOQwIJSwvw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0567A15835 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39860400002)(376002)(39380400002)(396003)(366004)(346002)(199004)(189003)(48376002)(8656006)(39060400002)(4326008)(6486002)(68736007)(36756003)(478600001)(26005)(97736004)(16526019)(53936002)(386003)(50466002)(86362001)(25786009)(8666007)(16586007)(54906003)(186003)(47776003)(59450400001)(316002)(7416002)(305945005)(7696005)(105586002)(106356001)(76176011)(51416003)(2906002)(81156014)(66066001)(81166006)(8676002)(2361001)(53416004)(3846002)(50226002)(52116002)(6116002)(2351001)(1076002)(8936002)(7736002)(6666003)(6916009)(5660300001)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:TRXG1ENx4Gbv/gizqEQw7ViTWUwvBGCvUfB8uYsmX?= =?us-ascii?Q?UlcjnM/i1FZGatS0+L83W7pdpNpOWlyiCCqcH05rUFTWNqDIG8X1YjBdQrAP?= =?us-ascii?Q?GTw/yExqiW1NdHOJsqu7N5V5mpykEbJ8vofpKu195AHOFi1OAyfvEGSG2zsP?= =?us-ascii?Q?/jBLoMMgLMmLGau/rvWg/NAMGmN1rWrM06k5QJI37ulpB84MLY9oDDsAXwfe?= =?us-ascii?Q?vkRgvGepcdkgDlpOMFPfMpWHCzVDmSc0nT3D4LipKzwfG2zPAtxW91j3aM7o?= =?us-ascii?Q?QcTtekua/nPia3j+aYs5Oe9aSrgYBqfUL+aDAeMR6zOWgaa0KPMXgC0PFosz?= =?us-ascii?Q?4fPFe+SGtOcHxO0qAQ8iYs9o6/gmdmzNmaEO4Cl2l4m6Sgwjq7BpluUNyRgP?= =?us-ascii?Q?idbWUCL2ZUj8BEHhtgu1LGo9wOhaVMzr0yMLTD6tzL3JfDd9crSmkRTMsqWT?= =?us-ascii?Q?q+PiP3qOY07WEd3LBUMyAmfyIoYQcgOMaFLj2bS+MDHHA9eRY6Cea6rp4xPU?= =?us-ascii?Q?GxWTcOviXC8yKe3dada8v0rkMndoHRsbs9ODqNbRJ0HdzljbgOkbbwcVFcXM?= =?us-ascii?Q?xXJHqV55ZzA5qjs6SSyDvVdsK4GXy7IamGpiSnC8yKOzeIDa0a2I2RtY5y0Q?= =?us-ascii?Q?QACs7PXNQKHxkDsnROzZFqZuMKpMHEJE7F4DPeHzFaxu7HYn4u61DgPh+dVf?= =?us-ascii?Q?y3BnnB01jy7y6wM44cqZV/VkuPC6sxyU1/HL7JqpSoLfGsfYRW0kt6qTsB9G?= =?us-ascii?Q?2scKIQWnqOl06XvXgJbCfpRi4iwYxrVARQExVIA22Zwsbm4WoRZ0LiwzYZJN?= =?us-ascii?Q?P0bYRpawg7p6278nEXnak6TAFxF3tB7Bknp1DxnXJCBr6NaCTZNb9/P41k1f?= =?us-ascii?Q?xe07zh07Y28FZ6HRu27j5bxXeLrYxodwxvhX6wfgfkyembqfwTcuZnGsxSgv?= =?us-ascii?Q?BVDJRPa01AYKai+XGgkKO5ZnnlzJf7qn1NsCOP7iTQLr+Ag2MNQdBWqBFPVQ?= =?us-ascii?Q?6aQWAc550uvcqqsbNQO4NlCvSDgdwWznUyWXVSdn+xVWURiq2EfAhpx0sMYc?= =?us-ascii?Q?q9yCg6RTe3H5YQWUEr7sRjCTeKNKnZ6oKHvKDGHPy4IeDsQ4TFgZj8ilagPo?= =?us-ascii?Q?5K40+ySq3yr4O4G2OXQwvhvUu5RZ+ezBAd6uj4EkzAZjvHa0YmJFpsahUSJM?= =?us-ascii?Q?omtU66DpdtYnDw7uXFA0lmvAskb4WNgQ0E8kRaZLa169n7TC1gQXDJewflpq?= =?us-ascii?Q?ogEjl3eQ4UhrjxDW3+WBw/D0jUwykbVHP12Y2UoEQ5GETlIbRS5n/B7TjzMV?= =?us-ascii?Q?7MoOUclt8ZHmezWtZUcKKw=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:CsTRY3+qhtsVjlr/+yRIQdB9j1+wgMgrJ7OresKuVbqa0a0tnYcDnoJ/3ZGlPqqMRXevta4rwO2DguoUh4Fxj/lhF0uGB8m8Xms71NvzIi3wiyQOokyLBK8BmGJ74sbvUvEs7oHSCpWXNwDs7dqRLEQiUwIy1BKGqEk1YbBIRl/bhLUvJWKAEM0v+YB2TkHjnKQqtDHjxFhXLjv06i2VdxEnqkcOHfSN9M7S88wOz6KHhimvDxbmgIY4Sfm9TPQNUiKRdwOIy2Sthf1Oc+CmjjdHjlF8e3sOloTJZvcTvAROexvXZFPEWKOdPEp1gcOeRU/bDuxHZv7jJhcSdB4/P1DR2BbF8iV2L3e1XT2aEiw=; 5:lVoX47JJK49Bh3J+p+aw5bIka0DNLeOzDWlF6T+rf7yNC4dawAugTxQf/SicseKN3BJJAYaZH51Lvcc1xgOm6kSDlUC9iYrpNiTcY94T2xe2gyod25OZyoS+3KbM8AoRlvmsscM2apOaYP0d/+vZ1VrCs2Cn8FHxdWvod15/ZBU=; 24:d3AwyNCNBLLKkyTtIK0LA5k+v5Flt+3NGInsCAPkL5HZLo8K1E/6j841AoY4McpfFxhHsnVUKsNJ0iIOqmKCObm5Esg47drO1gn+svucz4c=; 7:bp1idJl9vApFao0DObvxkhDTKARdHsAUr/dufi3j5mUEN7KceVO7vrDW8m7/QJ/YEZ7+jddsux79/reco8iWE3TX8lnubuvLhTm6P05qWKUHGIAw4hchpY5hu3BWWDK2z3IFI+dpNkd/eclfYFoc3tpReqUZlSXdC65igMhNXVC1bu78EeT+PAZt60ixSgZgEBOOcjlc+zsOxqNjJAhKekRGrAK2yzUh4MRjeJKPkYaVNKQMHypmLA5rs5uAuZ3l SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:eYs1/5ZQ/KX2vVpdaKnP7YM7l3HnqaCb7SQ7Z898Oa6ByWopUGf8WKAeBB7O+IqICVj1d5NAqFFcHioPsHrYC7vXY95UiEByi1cbQsu821OEWHFlrdlOPagOJFQsq5l4w1f4WOQom9kfxu05M1Oh4yitxAjWnwugrQNRqRDzinBZ/cKND8dm/ZINY8CWlWrQn3kf+NH3VCgbPWrr54Og7obZ79Pj86LWTiX2LmUfC/c7SuuAA1wm0OU8WIjCsAIZ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2018 17:42:14.5571 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9dd2bdd0-b5d9-4758-a374-08d5673fa304 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe49::61a Subject: [Qemu-devel] [PATCH v6 18/23] sev: emit the SEV_MEASUREMENT event X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E. Iglesias" , Peter Maydell , Eduardo Habkost , kvm@vger.kernel.org, Tom Lendacky , Stefan Hajnoczi , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Brijesh Singh , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP During machine creation we encrypted the guest bios image, the LAUNCH_MEASURE command can be used to retrieve the measurement of the encrypted memory region. Emit the SEV_MEASUREMENT event so that libvirt can grab the measurement value as soon as we are done with creating the encrypted machine. Cc: Daniel P. Berrange Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/sev.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++ accel/kvm/trace-events | 1 + include/sysemu/sev.h | 1 + 3 files changed, 60 insertions(+) diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index 1f757df725df..b78cf3144b1d 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -19,11 +19,13 @@ #include "sysemu/sev.h" #include "sysemu/sysemu.h" #include "trace.h" +#include "qapi-event.h" #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" static int sev_fd; +static SEVState *sev_state; #define SEV_FW_MAX_ERROR 0x17 @@ -418,6 +420,59 @@ err: return ret; } +static void +sev_launch_get_measure(Notifier *notifier, void *unused) +{ + int ret, error; + guchar *data; + SEVState *s = sev_state; + struct kvm_sev_launch_measure *measurement; + + measurement = g_malloc0(sizeof(*measurement)); + if (!measurement) { + return; + } + + /* query the measurement blob length */ + ret = sev_ioctl(KVM_SEV_LAUNCH_MEASURE, measurement, &error); + if (!measurement->len) { + error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", + __func__, ret, error, fw_error_to_str(errno)); + goto free_measurement; + } + + data = g_malloc(measurement->len); + if (s->measurement) { + goto free_data; + } + + measurement->uaddr = (unsigned long)data; + + /* get the measurement blob */ + ret = sev_ioctl(KVM_SEV_LAUNCH_MEASURE, measurement, &error); + if (ret) { + error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", + __func__, ret, error, fw_error_to_str(errno)); + goto free_data; + } + + sev_set_guest_state(SEV_STATE_SECRET); + + /* encode the measurement value and emit the event */ + s->measurement = g_base64_encode(data, measurement->len); + trace_kvm_sev_launch_measurement(s->measurement); + qapi_event_send_sev_measurement(s->measurement, &error_abort); + +free_data: + g_free(data); +free_measurement: + g_free(measurement); +} + +static Notifier sev_machine_done_notify = { + .notify = sev_launch_get_measure, +}; + void * sev_guest_init(const char *id) { @@ -461,6 +516,9 @@ sev_guest_init(const char *id) } ram_block_notifier_add(&sev_ram_notifier); + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); + + sev_state = s; return s; err: diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index c55546f36a25..51df5113ad07 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -20,3 +20,4 @@ kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(char *old, char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64 +kvm_sev_launch_measurement(const char *value) "data %s" diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 839800efdbbf..572120c865ea 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -63,6 +63,7 @@ typedef enum { struct SEVState { QSevGuestInfo *sev_info; + gchar *measurement; }; typedef struct SEVState SEVState;