From patchwork Thu Feb 15 15:39:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10222155 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C1081602CB for ; Thu, 15 Feb 2018 16:00:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1CC02894E for ; Thu, 15 Feb 2018 16:00:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A634C2946B; Thu, 15 Feb 2018 16:00:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DE94429472 for ; Thu, 15 Feb 2018 16:00:20 +0000 (UTC) Received: from localhost ([::1]:33051 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLxL-0008Qc-Md for patchwork-qemu-devel@patchwork.kernel.org; Thu, 15 Feb 2018 11:00:19 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35774) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLec-0004Sb-LL for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:41:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emLeY-0003a5-MP for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:58 -0500 Received: from mail-bn3nam01on0049.outbound.protection.outlook.com ([104.47.33.49]:35616 helo=NAM01-BN3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emLeY-0003Zo-Fc for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YycUoJOHHUk0WP7L9N8ktyKhhrb9pyoceXtUL27T8LE=; b=HJbtlZadNRhP/2v+GHsZqv3oQj8NMPkTRJOR+jPVaSgOaxkpldfP+EPyoKMA5J/8GFvrBmdSX+QVe8Amh2aa1MTBlv7WnG6wJXAKLsyjq1D2e1ncxBou0mux9ZIqV7x6vqJWFjuDKugUTxaCkuTgBByZgqdy7vLRZfMXRucon28= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Thu, 15 Feb 2018 15:40:49 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 15 Feb 2018 09:39:42 -0600 Message-Id: <20180215153955.3253-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180215153955.3253-1-brijesh.singh@amd.com> References: <20180215153955.3253-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR04CA0044.namprd04.prod.outlook.com (10.172.133.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0c19b4c8-f6fe-453c-55ca-08d5748a7e4c X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:t77ftw+1S97nLxKZ2iwNdtzKFWw73M5LfS0G240UbcQSGbekl0Y7tQuwTVp4exgBqfPVjUolg9RPLKLLu0v6aDlUbUsjv1mpGszvoifqRRgamPaomNAomUayDsS3gjiot9434eDWdqywpgf80JUPgIrmkcMLn2SkMWGbFiTBTjHYzW2UgxRggeCP9BjDKQduaLwf5xaaiJgFYizBIDF3NkKVN5KlldGYuo7GlF1Fg4vS3UQXSO2hhmoubuHtVpJ6; 25:zSuklAL6A2r48QxB3WPJRz15JKPoA+nWobJ1l2qx6kfGrQ2Xt2vRnprqsmrX7STgFX1WqwB8YKVysyGOJrt4iJkRWQyxOVTHaW/SkhwbGw03PdnobEkongdizZevHd1xk5fDnCjMblveSIACwEovINTRB/m5ITfTOls8R7tNdoALGsNOcijFNUKQpuPhHcn5Tg8JqzNW2u2os3yfnWfW9qhlC8i+VJlctQL+4y2JXO7ekX0jZdVrHZFC/AJlmycoEGk+TntwaxMq4ggtB2otTP1RJA3iVA7d58DiPmJ1Zggf+q4JqDpRydG6b1SXnUOZ9dFsdJykWgZESVAsDbIQ5Q==; 31:K1r6iosmjVMTeuQgqxnMhwpYdX933pCfbgVCaN4LNLMSPowXTJLzbuk13Gi70QsPVhTS6vOGtoZ7sPYgsQblAaFn8V19wrvp9OFJiozg9UVq8ZkFEyJFa+U6TrnZs1kKkx0YeIhtUZ9Giazr7ibfoVrNs33uGytGd/Jn/M47RUu/r/iVBbCnEsF9BZ3umQWxp/8zGJ8ddN3FvLavZOsjjsFKcmR8iRYjxVHCoE/dFsw= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:kjTfwq5TtcMVLJpexu+IeLPYJVTvQ+wF0vt2WyBtjjKZLFjlgsjMgzqjgJDl3KIw47pPFCJj33IpUfpK1uL9+3mOZvWIgZdSGVIUXy02cRw2djAfdw4O4VmkYcnccmrHUnAdB3Qk0prkxdP5GO1uUEdPVQMGCINwVgEFKOxh1/OEQ4d6bX2ZaEF78QyXaucHrbDzWoQNJOd8SzP5hozh5BVwxgEiCsbNjVfBSgMvYcdjskQ/2otA6ej1tyiHxaX5iDHJ7/9LXUOaV7B2GqtqrT9jLrcgiiNy0c2sWpM/jFxiRHfnONwz6WFz4TSlT6qwmv1KUYQTIun5yFZH9g1itrrxhpJ5ufeE3nv01kzI0Lq9TWlS0L9GQ2nmDQgfnAbQj1VbRPZk3SUsnTc2hu1cwOCBqr7x3WHJg1z2+zWyQAdXoJDHSIe1LUdi+tJLzOHt9t7JQTgdCiYl4KH6c0bNtmxI15Cyw5PGpwccIj6mJTuCpHFEF0zCiVH8OOFtbldu; 4:qMhGelIkXqzbGicm9oWGoBLJYVA8skzlmPOPHUMI1AWCju0cbg83jxXZe9kc86fAD8p3vet/oMxKRiOcsOzaS4aZP6SRWJl7OAHRM2FFfj/Iv01mie9WkqUb+u6ZY4Oq0x2ACi4TZw3RyJLM5LRbmT/6aHpIGpiJB7ceAfo6LrZjrmNYAr2now91WyH1MOzYU/stui3WOQWl3gLWYrZjZzR34Xuzwlr5W6NlkvBnVmUq9ouzUAmOEIx5prWa1XpZE6mY6ZU82nAxr2lf+TqlEEs7a3oqUF9qIAXAw8yxJOrRQHn089pkdnEcWjxbl/VK X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0157; X-Forefront-PRVS: 058441C12A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(376002)(39380400002)(346002)(396003)(39860400002)(366004)(189003)(199004)(26005)(3846002)(386003)(8936002)(5660300001)(186003)(16526019)(316002)(6666003)(8666007)(1076002)(54906003)(6116002)(48376002)(50466002)(7416002)(478600001)(59450400001)(8676002)(68736007)(86362001)(575784001)(16586007)(2906002)(50226002)(39060400002)(2351001)(6916009)(7736002)(106356001)(51416003)(8656006)(52116002)(25786009)(4326008)(97736004)(2950100002)(6486002)(2361001)(36756003)(76176011)(81166006)(53416004)(66066001)(53936002)(81156014)(47776003)(305945005)(105586002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0157; 23:J1Bjxz7AFHiCf5YqlxrZgEW7uEkU0QjQ4rhaAY4kO?= =?us-ascii?Q?VpWoDOOs3rnDMOmlQqlJI0E2v/phP4s5YavxqMbcZ02fwrNSMRLDO/KndOad?= =?us-ascii?Q?hzOugQkPCEpMnHftd6sS5r3qGS1eeiwf6+R7ew9lSDkUAgL0fSGqhzNCvUhv?= =?us-ascii?Q?prqKuqqqA+yV1Xm7T66fjgXe+qAa6jYE5LGFxxvmvByDmkHXz9rd+13PbkgR?= =?us-ascii?Q?Yv0lGsxcxzKG6KYCRZ5BXVH8Jk4TF2y7kiartALm6FfqeWYkfFwfXulQssCA?= =?us-ascii?Q?p78VH2sLEgaK10rV1xmpiqrNmSSreII1amr0jLeOuvhVjjvgumB2XXYsPqor?= =?us-ascii?Q?8Edlou/OJlWSt2fCaMwWVkM4szWScyUh5SRUXTxzAWy016XD0mkG3PnUVQ/b?= =?us-ascii?Q?qHLa5PwYXp9awKdEDzFw9dCbThIHwOIB4lnbY2SOF66Nvew/9PtoqA0/OiVG?= =?us-ascii?Q?GZs9NLC4d6D0WakutfdE94ViV6BQkCRG6X5Acu+B/BWRK/o6iJ3K45Y5OlC/?= =?us-ascii?Q?1WxDrvh0cCMnapqcnXOJBQeipjRmjOz6YyRogtR400LZyst4vQh3A7wqZ88b?= =?us-ascii?Q?d/Sx7IKDWFZLj9x/ls0+bsIvJd1xmqJBHjdlk+gqwohwf6du8UVhrEmn8REy?= =?us-ascii?Q?ZXHxT/fieAVYbv1+MwWLXOkjvwJBKVTMIddBv0tb9Q8HiuVa41JNWgHgiAiW?= =?us-ascii?Q?1gbvtZaGCcvsBOd5LwKFjSOnvTJUZEksB61kuKaLq0tPpFU9tQEEr6mlPaTX?= =?us-ascii?Q?rjTDeKutWdcDikJLNioN/8RlvWfepGxo/cPoLAlPzeJIxZhczah227QMf3gL?= =?us-ascii?Q?frjQqWFFXc9NERTsWYsB/VFwTCb7+q0dJ+dx76hyFWThw97D/3Z475XwdX86?= =?us-ascii?Q?rx0VOtL269JmpIwKeaqKxcyB7M4+1aveN+0oTfk6Iixe0wtuGrguVcqOkM2K?= =?us-ascii?Q?dZ3PshPKaqv/d4ucSGbxYNhhVYIZGarj1uzzoI00Vnrgtbpb+UxTL2IY9b/S?= =?us-ascii?Q?cD7m4UnQHTP0GK4UXoINVS2fmH64xlVWYZDtOhq94V/vM7kdBUv0yNBga4To?= =?us-ascii?Q?HwLz2Ihxkqa0e7Deu5xVi3OlU09EbpVtHeUpq+1afZ9zaEr49I+RfxbWH49N?= =?us-ascii?Q?OKu+gtofKudgaJqljBW+zucSBwwlSxjwKieFbUfl4l507tr7QGBGMYqbi3/Q?= =?us-ascii?Q?uCDYZCXSk0jI0mV681Eb1rnl/c+X6XF5E90jcYgt8LW84qpc8goybrbAzz8c?= =?us-ascii?Q?7TmQQq+69E74o3G23xpQWfCJftW79E2swbU6pAJ2gzoqFqG3RmCdsFWtv9po?= =?us-ascii?Q?B5E8BtbOiFXJbzQUqE10XMBGhqiS4SYfYawE1u0+0rQ?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:rNBykyWgnk3PHdG6EKN/paQk3xnVvo0MtdVOeBjDVQhpkKBzpy0Iuufw23iYmWzSg9nYyjLJSBS+dE2bC72/pJWvHYO+Yd0sv/mtC8fvHwpo5/lwOmlSUEM3rsFcXdLaVn6+tr71FZeq1NSxRhkLh4EnMWowI2CeUp6d5QNVBjSuJeq9b/Id4VRl4M8apIuoiUQH+rQkK5WwDp5/HBY/REK+FHgdMw8PRbAN82wTR00dofnYgOfjKZyaFCGicm42rYP0xQcB5ds2Mbm+MWrfhZMIPUNGEElT1aBEJpMqx6qVgMsGMwpFsejPOVL6BweqR8+hPCBSj928j4pnsWltQ+VzWK+445CRaTzN8AwX6MA=; 5:3Z9IUkkE1vFPZzovSVCtrU7F+2mzYxQ9aZ7EFmnvPti3sr+ZkiC+ZB/1HKLshOneS1/dF39hXdNPF64j2BDtG9CPPN/prYYhbRlaMLF6FkigeakjoRFJCvv0lyiZPOzJjGk1bvxJeoMptuTOEaNR6/NniAVPZzYaf+cvzEh25ck=; 24:DhtlnMwaZxnQb8ALNwog714XHDiZoQ7GdVb56KvUNFLAxvGL0rhr5UCdcgNW5aw6XcgX9INclBNe/RQ3/tZIBS/mKn+P0KPfwbujYJec40g=; 7:QYJQErRvHgUWR/dgWVs5PIr47L5/BSi9ofGD4laUi/+94jZqa6fDp9W2i+N/sE1xUssSSCti/dBwyrqs7MCm0LkKiUulMWW+9PZwYmqMw9sq7QdqgJ1is3LU4AaKPc7wa2neuvQSpco8oLMo47YdypfwzjyKTZYso6/DLjr27Q6zUsocaYNSXkyBzBpz4hfFJkoP8VP2Uike6tPvRrXPdBPGVGPUmhRGDh/ZuJsKCxNK0rAzWjJ20UjG1GAlkJKF SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:E2EWsAQ3Q3C8an9xhuRIQOQZsRu1Lt0PfBzQfPl2yfP+FlLE68GJZQ0PlduNZQt3tfB02Nc/ThK4uZyOeLMTO6sPUoo6TqVJeSxU8mn3rhQfz5VqCbKAwA55W63hUDz+zoemXLDFSbtOzTku3qJh7V2YHf9+sQw0gQxvLIjZhfgN426wtpMwaBsS/FwjcM5ivkBJz2ZZGTOOXS4WmJ7zkzB0oh/uxlfFUPX1HCQsvQA5GdDy+vZY6jPOemmi5sbf X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2018 15:40:49.8533 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0c19b4c8-f6fe-453c-55ca-08d5748a7e4c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.33.49 Subject: [Qemu-devel] [PATCH v9 16/29] sev/i386: add command to encrypt guest memory region X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 2 ++ include/sysemu/sev.h | 1 + stubs/sev.c | 5 +++++ target/i386/sev.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 5 files changed, 58 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 4468c8fe002c..4974c00c46fb 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1679,6 +1679,8 @@ static int kvm_init(MachineState *ms) if (!kvm_state->memcrypt_handle) { goto err; } + + kvm_state->memcrypt_encrypt_data = sev_encrypt_data; } ret = kvm_arch_init(ms, s); diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 5c8c549b68ec..c16102b05ec4 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -69,5 +69,6 @@ struct SEVState { typedef struct SEVState SEVState; void *sev_guest_init(const char *id); +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); #endif diff --git a/stubs/sev.c b/stubs/sev.c index 24c7b0c3e04d..74182bb545e2 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,11 @@ #include "qemu-common.h" #include "sysemu/sev.h" +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + return 1; +} + SevState sev_get_current_state(void) { return SEV_STATE_UNINIT; diff --git a/target/i386/sev.c b/target/i386/sev.c index 6f767084fd57..04a64b5bc61d 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -90,6 +90,12 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static bool +sev_check_state(SevState state) +{ + return current_sev_guest_state == state ? true : false; +} + static void sev_set_guest_state(SevState new_state) { @@ -466,6 +472,36 @@ sev_launch_start(SEVState *s) return 0; } +static int +sev_launch_update_data(uint8_t *addr, uint64_t len) +{ + int ret, fw_error; + struct kvm_sev_launch_update_data *update; + + if (addr == NULL || len <= 0) { + return 1; + } + + update = g_malloc0(sizeof(*update)); + if (!update) { + return 1; + } + + update->uaddr = (__u64)addr; + update->len = len; + trace_kvm_sev_launch_update_data(addr, len); + ret = sev_ioctl(KVM_SEV_LAUNCH_UPDATE_DATA, update, &fw_error); + if (ret) { + error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + +err: + g_free(update); + return ret; +} + void * sev_guest_init(const char *id) { @@ -540,6 +576,19 @@ err: return NULL; } +int +sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + assert(handle); + + /* if SEV is in update state then encrypt the data else do nothing */ + if (sev_check_state(SEV_STATE_LUPDATE)) { + return sev_launch_update_data(ptr, len); + } + + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 9402251e9991..c0cd8e93217f 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" +kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64