From patchwork Wed Feb 28 21:10:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10249871 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BD1ED60362 for ; Wed, 28 Feb 2018 21:34:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAF6D28831 for ; Wed, 28 Feb 2018 21:34:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9F46C28860; Wed, 28 Feb 2018 21:34:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DBC8728831 for ; Wed, 28 Feb 2018 21:34:02 +0000 (UTC) Received: from localhost ([::1]:47091 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er9MP-0004I7-Sl for patchwork-qemu-devel@patchwork.kernel.org; Wed, 28 Feb 2018 16:34:01 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53351) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er90M-0001Mt-CN for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1er90I-0005pu-F6 for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:14 -0500 Received: from mail-dm3nam03on0076.outbound.protection.outlook.com ([104.47.41.76]:5440 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1er90I-0005nz-3k for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4viPuM/wzu/T/G/p8WcgHCW7smbA4wFTTr1Oc8Oeu0c=; b=bH2K4KrsUoIRqDYerJZN1oF4436hEqjkzqqFXQ4Mx3fPDLccaBnFJcjKfa95f6OtTS8QlEOK/PjYQ/090YT67ORSumHgXyfGcxMTCUOq3aDXcIXEKEeHsKUh5wLo1CE5Fm4P+Kt4SzU5uuy1sEO5v70U/BkWhrbUramoqc9OC0k= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 21:11:07 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 28 Feb 2018 15:10:16 -0600 Message-Id: <20180228211028.83970-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228211028.83970-1-brijesh.singh@amd.com> References: <20180228211028.83970-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com (2603:10b6:4:2::18) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 80c4bb46-2780-4a22-3ce7-08d57eefc9a0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:qrYmeF1WsxxpGOGQoX7UxlzvqQ871bDLUnYCpioPJ6sR3RSvq+PVh0KZSXCZOfAH/RVJSIxeTAaL6Ej2uOca6q6kmBHQGwpMc5ccayv6884ohvJnX/iAIVjNwzgk8FKsQJjp18Qs5RW1qtp90VxIYGPn700qygxxVcWEfCP0IyhXP6kbVoWN12o6FHEkVKE/44ZQXl7dm4M7WZmI+vC6L1U83HAXXTzsb83jOaO4hzV8ZF8YyMSVF6AngIY1hiZS; 25:uE/8CtL0G+LD4ZxMZPzgYcFPWi7IiD45vabkLs97U/plwvhHtW7B3b5xg77GW2K0rhxEdGF5+HiCVlmNjnN/b5skUBqwuDfN5FIGZTN+aMUCUvR18OCUUgQ7rovb84a7cXiraOhYvN5R4w36AJIxGM29scvLGYupmb1ksP4CMXdaiFA7OnRdYXUnd2Q9A1BCByWBnEjte5bcqRxZ5XFBboY+53uWUayJlOJlXSsqbrCNO+mcYdkTwi3YFrdQwWDJ4MYF0fpAEAc57BJhurq0KRBNARM5Oss++Vs+/eXw+ueiLGrUbKTjeFHNsq6DDQoQOlV8oiCX34TiaihlVn+v3Q==; 31:bNMcYQJB02Lb31BH1G87+7dlFUcW/lfLIfPcaV3l5Um8o2I5f06az9NZ32e+rR5FmidBdooqFiU8ZM7tb2eFJBDBFPdKcLZCiL4gM+Jzq1c1VjeqTNayErLxYyr56wv23QwYaNsv9KWzIu/Gld86Ux/V/1vohludPbDszZkfzZSWsSFnHR2B1xqZYc3clo8m3N0cYrjzlGWOd7JcCO9eefUo1iUXK1p/mYG57p2entw= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:uQKfetoWUKrZYINJatBbUHJnIvtljNkAz3HcP7GomICLh53+u+awN4c8bdELIRdbTB6bJf49Qj3/kdseU+pY5wxP3u+sR1OYMgmTWpvuVJVD11RJZMqg8H/znawzsxzScYSh1vbemdRPSl6WOEvvVXca3IqOJw4DusH2WfbZxuj9d+G3da6PXSIfeaydY/wYBC3+YZV/YGAGg1bbGHz8UNz3w5xJnLjLBnFVymL+a+4BprCwf7rxEt8ly2LFqjQ+qTP5AZ/kdphBHsUHcQpwb60mbLCfGtJ6Bh10ihNFNNG3l6qQzvaxAtmUaNni6OKGWkRLIiuxy/CbwGDhdt83AaC02n9bU8h3raF+zAqIJcGuS6XHXOW6YMvRmJP0o5emzjOpA5cxCphSZKuUPIXj3DINSvCw9snpNvFWdOTlL+kC/mFxBCH2bqULbXdWHApVYLyVSVwRRCE15hQza5zvtrhEpk7wXQ6qFTAj5ZTebEKos+OcuNnb5Hl18fKd98Te; 4:H+FHNYpHPbtrgI/OoHfNAlYdaeRIVVBOyxZ4j/EGRsILYPBLxXl4keHAnbuka3XAYuRY4ew4Wz6k4ubBLWQulwv3U+a/9qBa4Wzf1TOAlMmUiaz2Czw4YuYVBAJsAktHrG+qksKs+IdOFr7kKIxCXk5/c1JEZMZVMsUFSfUVeetYLsCK0XHP14Eh9/lWB34w0P0oasK7bLR//X8CbI0E5JDXweJWjsuNNnrMuEdSeYSmw7bStB+gn4RP+BQVVbWe+s8OalSk3ACpJpTRQjmMJN29OYDrj/Pu32ssd/Q8ESYa/yDNKVlqyM87UAgpKREz X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(16586007)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(59450400001)(2361001)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(97736004)(5660300001)(2950100002)(6666003)(305945005)(4326008)(76176011)(7736002)(39060400002)(8656006)(105586002)(68736007)(50466002)(575784001)(7696005)(51416003)(25786009)(48376002)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155; 23:RCsZwPZVsU7LoFeFgsO/8Z5SD1rhqYH3RqXswxmrP?= =?us-ascii?Q?Rm3hlXde3YlnNYWSZ7bUGWyzVZUc+U8XbJjM7FMr5HO2x+pKYhdi2z10IXrY?= =?us-ascii?Q?LB5v/YG53vj7lRHdMJEOk8PcEKft7zl1aaG3pdcIS1sWl5v55Yqwrs7slJXQ?= =?us-ascii?Q?ibcwG86beTrTBTmk+5njTVRmgNpA6ZnDKbWxLUK2oJm+EnbL4PZVmk57IZF1?= =?us-ascii?Q?0h5t5J2nnbzJcibs490R7kW8alet9k044sExk1NhrIi+t1Q1xiUjubhNLV+r?= =?us-ascii?Q?L3XuCHHdtoaLfF7XF2/D2MZ9d2/OyUZoJ53iqIL+wiJSmqCzS1qe5c4KF1IN?= =?us-ascii?Q?+X9sqUKqJYvHCYD8Ypb598vCmmm8+5plUr/oK1vo7aFUovMguU1kSmV3tsuC?= =?us-ascii?Q?LMt1odYyEvlZli5oAUD2wRI6oJZO3SkQ64cCxJwLS/wd+YlNej3n39MRh1vf?= =?us-ascii?Q?0T0Da2tmTdGO/qKjCiUZf+fufGia4MUwOw+azXNjgvKv1thHOBa8vZWoTt1s?= =?us-ascii?Q?1p7XsfXKWAPzQG8MBf0OqSS85ZkqFjKHfK2QwkDmt4UshUPhCdlIJ1kod4Xp?= =?us-ascii?Q?DGvXSRsqkt8mctb3lX1ZwVLyxktgfTXksqzDbE0whpFlWOImF5FckL+eFprg?= =?us-ascii?Q?wn0gLc+pLAhaJyufGOKLtQ4ehv2PjW51Mss/kgFrSgnx5W9+VeLDIDVU4K9h?= =?us-ascii?Q?vLQwEAEIMc9JoPnCSWkeWDuLW7M18ZUz9t70wlgCm8N70p7gKqM6IQ6UTcrP?= =?us-ascii?Q?PXbb+4yg3/NeZcS2AWChciK8mkHlpyl4I2YWrlsKGkB3XblolRvwvTZZIYbz?= =?us-ascii?Q?Sa9ZzaLxqYCO4Tk4kTi9n7sgDIylVIfRuxLgjtwPDjCZ7+/EgsZwBG92mAW+?= =?us-ascii?Q?AruZd6NcC7fMeqpev/4tShXxmmBaLoRwD7hbkMVwUjdhvUJTo+Txjyd7nux+?= =?us-ascii?Q?CKwHheAkfswzihDB24MNOxlCnfcb0pgA3wq8WhaY6NN7GEweM1m386DqPbik?= =?us-ascii?Q?Q/scmlIyj80tN1BQx884MNfzK7HdkNM7FGclOsy+GrVQ5gQJbz9qC1IRMDEF?= =?us-ascii?Q?uzgXI5QCA21GZysqRKJd6QtJlGq8UQf4bbEl7+6RdcrKTytDK4PTCilWf/1Y?= =?us-ascii?Q?Dx8nCSMcRyddgVDyz0dLN9pOOucGgCdMYJGub//WoL/jJrKNbwaA9niDqLRL?= =?us-ascii?Q?hhzpUupeDY9Im0cZkd0I4KtHNKn6wLfYqTIXgDq/PXBb0NO50tsyc3lyt3bW?= =?us-ascii?Q?oSbp+jfqZOX/+7e3Yyy0ZK91AlXxy3fFjm7Zv8su5tUv4n7b/mkQzWXOHFl4?= =?us-ascii?Q?E7QivaGVwRcoBJNqcHV0nGHRANZfGD5FXk/I6OqVuXX?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:XbI0jxk6wSobEM15PWG4HOPZt6sUEgRjMs88R8XqB78BJ1X5AR7DcCrimsvVt4Yxa1RWGeec1fV+NRmvlc6TYKe9UWAdIITwYstIMDjgSOZ3fYGZagi3JsNWUoLgxgfDfwonynYtlReAc4tJFsVccPCFCMkL9AH+WNWFq3Btx8ZBSB4XNMvw/ib4GLxtWsHRyfxGMdJ2T6Jf+dnLSPw4GTWnx33K0q2qxJDW4oRFh9DLOR4p98RDgZRikfvf3X3ZwikF66wwyNZJhD7A7va0ApK32N3Hu/MIun6HhxTbOeZP2bi4s2TI7yVL0cZ1/RQTZLhN1JMnpIBYrMYF4JgCx1dx13y2luTDydGAgylEeTI=; 5:93nckpKlUV/n5KbWLlmMNrCGmwZrMSNRaKlnl7235hyKQUL/ElTyPZ8A1X7ilE3NqdPQPSoL2SS0O0Xn+wDQLk5H4A1PphE0Ur7EAQ99sNIwjhQNkHHy22SmvcUKXwiEgaYkqIMGW/jtHoHicRVz5Dg5VfPuPPsezDy6gMlfdhs=; 24:J0Jm9uZ3iQf34V6xNzeYCQR/wGcq42EbtqZWQHmKEjqShwZpA4c59Ws7aiBEEW9ICqmebF/zpYEJ5e89p6AjmBDpvv5nbiXKorVJtLMdQUI=; 7:1cF4uQerxRfOREPsdsWi7Sjxlit2finqc1hoUHoqyb9XkjJIrlNJgvQpO6zDQlkaj8+TMGBfKfOKKmTeV9c3ejt4fQFj0fMK7Li7i8JNWsTQkYyNB9pYkLQ9PxUnwqnCLQsCFluwwSn4lR1oQATF+qgDwBwBwUzU8iahuQXgib7ttYFNNl1uafGfvzlNsjSsH/GjWeYL0xEcDzeLtY95d/6QwAphnGMibLWmYITeQEa29WN0z4w4sEAb9q7AFv+f SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:4DJhNUlgb8qJTsdTvr3YfXmwuJyk9AwdeLP6B6Ri78/Wnc/tMMxch0AzM8U398SM96yNmV/ulDZSrvHrnv5c5wzoO9jlv4x7AJGgnS+TlZT9Qjn1Uuav5e2zkjZetVRNyOh0JTKji2ugCMVkxooIir5NOxMJ1UpnUh417EmxB9TJhbztus/Nk7k1bEA6W2d5mAitST+IwNOXJyPc8EYjxEHgLuo5fbjOFLvqeNG2nytzMR2LFBPZzq7+TE5NDkVD X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:11:07.5923 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 80c4bb46-2780-4a22-3ce7-08d57eefc9a0 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.76 Subject: [Qemu-devel] [PATCH v10 16/28] sev/i386: add command to encrypt guest memory region X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 2 ++ stubs/sev.c | 5 +++++ target/i386/sev.c | 43 +++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 4 files changed, 51 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 4468c8fe002c..4974c00c46fb 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1679,6 +1679,8 @@ static int kvm_init(MachineState *ms) if (!kvm_state->memcrypt_handle) { goto err; } + + kvm_state->memcrypt_encrypt_data = sev_encrypt_data; } ret = kvm_arch_init(ms, s); diff --git a/stubs/sev.c b/stubs/sev.c index 4a5cc5569e5f..2e20f3b73a5b 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,11 @@ #include "qemu-common.h" #include "sysemu/sev.h" +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + return 1; +} + void *sev_guest_init(const char *id) { return NULL; diff --git a/target/i386/sev.c b/target/i386/sev.c index b867ffbc0eae..a25722bdb934 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -100,6 +100,13 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static bool +sev_check_state(SevState state) +{ + assert(sev_state); + return sev_state->state == state ? true : false; +} + static void sev_set_guest_state(SevState new_state) { @@ -480,6 +487,29 @@ sev_launch_start(SEVState *s) return 0; } +static int +sev_launch_update_data(uint8_t *addr, uint64_t len) +{ + int ret, fw_error; + struct kvm_sev_launch_update_data update; + + if (!addr || !len) { + return 1; + } + + update.uaddr = (__u64)addr; + update.len = len; + trace_kvm_sev_launch_update_data(addr, len); + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + &update, &fw_error); + if (ret) { + error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + } + + return ret; +} + void * sev_guest_init(const char *id) { @@ -568,6 +598,19 @@ err: return NULL; } +int +sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + assert(handle); + + /* if SEV is in update state then encrypt the data else do nothing */ + if (sev_check_state(SEV_STATE_LUPDATE)) { + return sev_launch_update_data(ptr, len); + } + + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 9402251e9991..c0cd8e93217f 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" +kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64