From patchwork Mon Feb 12 15:37:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10213437 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 005BD60236 for ; Mon, 12 Feb 2018 15:54:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E596C1FFF9 for ; Mon, 12 Feb 2018 15:54:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA098203B9; Mon, 12 Feb 2018 15:54:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 536D81FFF9 for ; Mon, 12 Feb 2018 15:54:31 +0000 (UTC) Received: from localhost ([::1]:45658 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elGR4-0000MM-Jh for patchwork-qemu-devel@patchwork.kernel.org; Mon, 12 Feb 2018 10:54:30 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56043) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elGBe-0003Yh-89 for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1elGBb-0004Jy-4u for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:34 -0500 Received: from mail-by2nam01on0075.outbound.protection.outlook.com ([104.47.34.75]:32863 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1elGBa-0004Hp-RG for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=e8/kEui0mIlayFv4sR40fDcYPUzI9amcMC14sGjq4KQ=; b=5VRUWnjOSSOzsdGLusw2+wnbSbtBUjIJyKSsmekLrLceBk68x+wZthDAXqUaB1hkFodPdc71TC4vRhRvOP3IhipZ6Xq1dLIMzq2sXroH4t5nu8IVsBl7qOiD7umRcnaLwjfwlJylTUwC14gSv3GY/ceIbNqZ6y1SQukkI00q8Gs= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Mon, 12 Feb 2018 15:38:27 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 12 Feb 2018 09:37:03 -0600 Message-Id: <20180212153715.87555-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180212153715.87555-1-brijesh.singh@amd.com> References: <20180212153715.87555-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0801CA0004.namprd08.prod.outlook.com (10.161.215.142) To BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9fe5d15e-3c08-4d8e-99b5-08d5722ea9e8 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0146; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 3:KlNkfkDdklGqrLkeZbMDxK0MP3EFNFiqZp2OTw6JmsWuIUMcy01LfgbnViSwlLUUuCE0wu3B7uX7Ebeg65Hdifpae4eLY1KbPjbJQy0AaftS9dWw+VG9UuBA8USnyJnOmxU853aKOjy70CXlvnn+M4c4j/iJkG7IdP6zlYr5vL5wwKXyOC3oREXfnVmE3IPRTgihhJ4bcOhzANVniF+lejMNP/7Dn2Vg/BcxaZpanV0p+qoT9DUg90pFNkTVK83e; 25:grOUyxYcXYShZIq5VukM/Fpkbd78uqVlNXF3N3vWHsZMK4pQm3624lrC9635pwuBmlRNae71IfCaOzCM5hOvXjBf+ftAFUVfcBjpvhWFrXy8BRTRRe+ZsmN+DFnoUZbodWSsTVEk7Sy5F8/n7tHVWmqY3IRbhHnkkTseIU3YtiTjWJvU90JAxucufKertp7wYKqoPSjH6zZnxnhl6TyfR/p6RS47/QLwIs60epRZdMlZ/dvMzNvDXeI4/dpCU1VoLTpruuYIIiJyKRfqvI6riySe5WGw+tipwKV9ZIt8dkXd19qChMeyuqnLgQKBXXrTVUzg4m13I4Oi8eul164Lag==; 31:FcQIBKBkC6DVexaBvoefArYCxf4G69cMtI4JGm3OBlKKqkiB7aMDhh56CrEGu8d9uoMyOwxuig38jgzbfhRwd/F0rGRh1kc7Gd4iC8QOU1+EZTf5ViNo3Ed2SjMr3ELXWpZWP8TrT7tVpp8JDiKhVVK8m19tNgQ2i5AkzD3C/jyFyA3gJbD/dixX8SQKmXAHtiaqeX/EpaoQ9InwTemaIzIDhFk0deMx65WGbV9FVPU= X-MS-TrafficTypeDiagnostic: BY2PR12MB0146: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:/lo3Y8R3yRgSCgd6jawBVgquu8qGsGoGcWQWiphdKfRk0EpLpo4Z7fFe6OPEoE9bDmYGuWYc8pInocg8CjX5JuRqH84uNM4b/w/neC3bMiPnXhhOIhpvnMv+gjdl999NRkoCgDbmfPO4Gm2bWW+a3baRfbrsFInKMg/0jbOmKVH5YY9NP2i800lk1eeEuRxBDzhAXvB0Q0Yrq2cUROf2Tbo11UsUU7mikxzjqpv6FXc0YxI7FqPbBa49b17GWW20yzy0yJlR8nz8+1EzM7DZHpWW+lhDTAEho0u480Qoo8Cy4CgKH22Dyx3AQdlf1zLhvKzl+81jwGfrm+8oEOVgysnCb3ci/0zVjna2tCSFUXMTx41JgbCUKOecYi3IzDq8KOiBFeFd1HSxYkqX418YL5BkLOVBbbhvMqhdQ1uEcMhhZRw978Jf/JpF3apagljqLMUWZ7Ioq9owNgPMbQ9PpSjDg2x3AzAymEWeoYnAwAm2IhM85xa1lElDXmz7mP17; 4:0U1w/2Ec0uOMcYYVjrSXC9Z69MZu02Enp6ZO/AwHG/cFl9DC7bDjMgyUzdsfEECKnZa48V+ENWGbXW9iCODOcTEyJMgdCKKILsGlByb24vBS7S8hhVRCL69+sLGiyxE3JoxqyRL/M1Jn748UW3vv3Io9XS/8brA1opU1AxbsSoqy8s3ZgNA5b4OT3osO/hzHiAn6JG5gkRMZn2nCeTould48I+6SQlilDoBFCqIxgCn5t4hM/OQzqaKasLMyMkzvF0GSQEnP/bsZHgvS06Ftue0XwtjWCZIjpBMgCSI1ggyrpRVfYkuIQT9E98Ty577M X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231101)(2400082)(944501161)(6055026)(6041288)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146; X-Forefront-PRVS: 0581B5AB35 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(346002)(396003)(366004)(376002)(199004)(189003)(25786009)(53416004)(66066001)(8676002)(7416002)(105586002)(59450400001)(81156014)(76176011)(81166006)(5660300001)(97736004)(186003)(16526019)(8936002)(106356001)(50226002)(575784001)(2361001)(6116002)(3846002)(47776003)(305945005)(1076002)(86362001)(26005)(2351001)(7736002)(478600001)(51416003)(36756003)(4326008)(2906002)(53936002)(6666003)(2950100002)(8656006)(52116002)(6486002)(48376002)(39060400002)(68736007)(54906003)(16586007)(7696005)(386003)(316002)(6916009)(50466002)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146; 23:lc6iXIV9BDf95/j9LIpcPLHjPLeEGnd1wGLXCAoHR?= =?us-ascii?Q?Ua3MF+L1LdiKacs2+FQjpifqtcAuQiYuVHwur497g48TSL4Afe7yUPLwgoGN?= =?us-ascii?Q?KsLQ5QQMLo8YRO8hZJdXIblObrvh4pjencCwwNnGZmtlzXxL9y9HzHUJprFS?= =?us-ascii?Q?Y6oz7NPLgxaK+poH90nIEpJcd+aUo/kDqj45EGYkX+zjfkowfznLi4rRVIWG?= =?us-ascii?Q?ePzuXEchW14az7D918ukV6IIRkstLSG0Ow4EXcu58rSnk7/yQKYIVJuji94a?= =?us-ascii?Q?XD1l/qoQ8TJ3t5Urz+Tw6nLeyRDMwH0eG8nJoL/CJH2JtbRgGBm3MR+e0ctn?= =?us-ascii?Q?74q7HuD52R+Uu3VbAOD9vXcTdQPlI8/8Je+tO+LzEXj0OnFnVwii61wYMuA9?= =?us-ascii?Q?QhOHLeeW9YG0UJ9xacf1nyEV/ArmUp3SMDK95RrY5fFgxevn5EX9zDuFJ4jz?= =?us-ascii?Q?08/+VgMZE5xLGWb3FDyembWBAnEx2BE4ecNeywLDF3PfTqFkEo+invnhkijZ?= =?us-ascii?Q?pke8ANx5CDTcUoz+5cOxoGK7DRIfJtvFVNwyNjn+uCZP9FP5tG0uXOW8nm3m?= =?us-ascii?Q?TmH04RbhtgfKLFizCjYehoZfa5jpUHo9U+eWXLTS9VCtkistCFG9wtV89075?= =?us-ascii?Q?VDAxYWkoeNjEZ6L+vjKGCXzp+bKeUYMJEwkacGSP4vKs626CiGZKFCkKNsdK?= =?us-ascii?Q?k9kSsLBN3hGQ708Hl8fgnr0gp2Rb443ooAG2EqpdedlbN9SvHmuMUM3SQ53r?= =?us-ascii?Q?vdjbgS3ipuFIa21HZzZpvxMC3sA/95OJ8ihvhAPjq+LC9XD9wOt9JHEbApJH?= =?us-ascii?Q?OpsBZSgz68IPNAAf0EgZtBYX0EJhbKPq0rgIa5Q/f42zr3Xdw+4skGhGiE18?= =?us-ascii?Q?VAE0UZEUN0L5FkDsyzF772PiQfdECNuLTlYjYOWkdvSKxa6Mmc2As0+a1B6+?= =?us-ascii?Q?nH7vI9zMvMLbd7/Amdzz9WmxiVJJq6W4bCndT58QbBxUA4zwrJhF2jsOsRuV?= =?us-ascii?Q?v46kC53dYEXTog7VPnGf+Uk+7MAetXdBuxyuUCW0hCHsA2tEpghPp5x/CvBS?= =?us-ascii?Q?PLj/uLBmUIOnOYt+snvskGszoSQHDnITJmxKx9FQRRM+WlV7nZRMOqYdwf0T?= =?us-ascii?Q?e9eDhWduQbB2MaeikuCyub3PbXHQU+qEadhzYASGfTX5KU4Ls3+7O3TJEIFX?= =?us-ascii?Q?oZUsEwIAf8WQm2oK3soHXrsipc8EL1NSSd07RwkkRa6oWL2kJsaepCvQt6wZ?= =?us-ascii?Q?90sDVkXXVxU0LzQe+jfymvlNEGqxdzXv0fa0NABXIbbVC0N3yCM/aMOyyaP+?= =?us-ascii?Q?8Ea2z58kd2r0tx8vIK0I8/UXADzcSMh3ymucp4/vunj?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 6:1aOt9Q6Tg+El3Dghdp3jCzkognbbL3J46CD49qKNA6JGiJgoqbApymbaKo5Sl5DMhDVcvg+L+JulNMGZR04XngaqNVNlZeO6abUyTYUyBdJXLxRpzhC4UJlye2tkhwW7RHXqlcKbCS6V3KjGvO3QsSEubBfImSLRTSM0/3b/Rfz3VM7tNlXrptRfJN9Q86gIcwjDWmYiTeSYatyy124Eh9RU08zvaxT5O6QODmHOxxKUVc2sjGBbRsxxMxhgk77PSxBs84fwD3OaA+mqHFlrZb/7kRHO/FaUFSIinwSmfSr76v4hkflbRilXFSyPyd52u5cbmdRPE7wjO2AyxQt+VOj4JvJDP6fkvWq1e8t/6OA=; 5:wao0ev7X2e5+1kvW5745s0nFr1gRx+0owtMkJLIPhAvdEth2eKC7pDSFtUXIHUfsR4SpsoRcmrpgTUvmqtKh9PAqulj6YVqfbsTGVMjXS3mk+letJL/gw3UgDVsX30QilYiK2niu7e2sTnmWTQyhrh63vNogFNZ0kueEzB9VluI=; 24:RxOJGPJZI9G5Wmz+oe6DDQ/Kp8CDfgzkgbrskJaF4WWbJYg7hEc5G+mOLZENBr0zReMO8Nqzg6Yk1DiUVCoee8haIWs+xOUgTTS5fK6M9as=; 7:gLV1dXVqJ2+oZNU8Wk4Lj3CQp9Y3/MHDsMtNLuD5xTFQXqiVhriDcYn1ld9jSV0kMkaoWMGJY955yLapIH2taut5RBF8g/f/WGGk0MGVUYg3Dl1JC5aEn6HWGfBneXkFhY09B9qusVQ/s/gumeB8YVcTrBPTr0oS3wkzbbz+sd9gnYp3s96+S5e4/ek1+VTXo7mKy4e60VwGJZoxiu1XKGCOVRhpr94ckgOY6F0Js6sZJ1HM4itwk0fWvEI06pBL SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:+zFxAkWt7vx46QBjLKFldPg7f1MHthR74FCjfm8QPmmV2aJrWYm1XbxxjQ/LxDgPS7QMMnbxXVWKoQSg3RQzwO87LMzfX40XUV68dlzZbK0/EGP9MYHktLDjNx69t54FE1nq/xOqqndO0wmItrAmGzLDHhA3nX98qS+qSEHcfl2xmz345JHuWe/j4KkNkrCnHW06UsDaK6KvlmiZJw6xxCMKjEOSsy06edoUQgnPhCkfbIEi1UtFcd9pOFmySscU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2018 15:38:27.1981 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9fe5d15e-3c08-4d8e-99b5-08d5722ea9e8 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.34.75 Subject: [Qemu-devel] [PATCH v8 16/28] sev/i386: add command to encrypt guest memory region X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 2 ++ include/sysemu/sev.h | 1 + stubs/sev.c | 5 +++++ target/i386/sev.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 5 files changed, 58 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 4468c8fe002c..4974c00c46fb 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1679,6 +1679,8 @@ static int kvm_init(MachineState *ms) if (!kvm_state->memcrypt_handle) { goto err; } + + kvm_state->memcrypt_encrypt_data = sev_encrypt_data; } ret = kvm_arch_init(ms, s); diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 08014a9c94ff..f7af1a00c510 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -75,6 +75,7 @@ struct SEVState { typedef struct SEVState SEVState; void *sev_guest_init(const char *id); +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); #endif diff --git a/stubs/sev.c b/stubs/sev.c index e3076f009a48..8725e6d4e1ec 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,11 @@ #include "qemu-common.h" #include "sysemu/sev.h" +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + return 1; +} + void sev_get_current_state(char **state) { } diff --git a/target/i386/sev.c b/target/i386/sev.c index 2ecc6a1d1ad3..4414bda25509 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -97,6 +97,12 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static bool +sev_check_state(SevGuestState state) +{ + return current_sev_guest_state == state ? true : false; +} + static void sev_set_guest_state(SevGuestState new_state) { @@ -447,6 +453,36 @@ sev_launch_start(SEVState *s) return 0; } +static int +sev_launch_update_data(uint8_t *addr, uint64_t len) +{ + int ret, fw_error; + struct kvm_sev_launch_update_data *update; + + if (addr == NULL || len <= 0) { + return 1; + } + + update = g_malloc0(sizeof(*update)); + if (!update) { + return 1; + } + + update->uaddr = (__u64)addr; + update->len = len; + trace_kvm_sev_launch_update_data(addr, len); + ret = sev_ioctl(KVM_SEV_LAUNCH_UPDATE_DATA, update, &fw_error); + if (ret) { + error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + +err: + g_free(update); + return ret; +} + void * sev_guest_init(const char *id) { @@ -506,6 +542,19 @@ err: return NULL; } +int +sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + assert(handle); + + /* if SEV is in update state then encrypt the data else do nothing */ + if (sev_check_state(SEV_STATE_LUPDATE)) { + return sev_launch_update_data(ptr, len); + } + + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 9402251e9991..c0cd8e93217f 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" +kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64