From patchwork Wed Mar 7 16:50:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10264505 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4998B602BD for ; Wed, 7 Mar 2018 17:02:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37ECF29719 for ; Wed, 7 Mar 2018 17:02:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2C65129729; Wed, 7 Mar 2018 17:02:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A00B129719 for ; Wed, 7 Mar 2018 17:02:13 +0000 (UTC) Received: from localhost ([::1]:34402 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etcSC-00074X-R1 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 07 Mar 2018 12:02:12 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50371) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etcHj-0004mz-NU for qemu-devel@nongnu.org; Wed, 07 Mar 2018 11:51:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etcHf-0008Jh-Cw for qemu-devel@nongnu.org; Wed, 07 Mar 2018 11:51:23 -0500 Received: from mail-bl2nam02on0077.outbound.protection.outlook.com ([104.47.38.77]:29824 helo=NAM02-BL2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etcHf-0008Im-79 for qemu-devel@nongnu.org; Wed, 07 Mar 2018 11:51:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MjeXwgp6bmm57CVrc6D8g62a6qwkiOb1n2+Iajbxsns=; b=rO4YtqAo+HpmSHKA3EZ0KXY4HAR8Hw3haGkgazKYhFXsjKWLgDImz9pyaRyzcWtmykf5q2G6pqLZ4nUiq1P+/b0mbRD+AQErwqIGoXch42hCt8+2e1DLMjp2amEb33rHtuRbeAFi0njcc1X6dMss+agfynnG4BZoqvzvc/3Q62s= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Wed, 7 Mar 2018 16:51:13 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 7 Mar 2018 10:50:23 -0600 Message-Id: <20180307165038.88640-14-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180307165038.88640-1-brijesh.singh@amd.com> References: <20180307165038.88640-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0095.namprd05.prod.outlook.com (2603:10b6:803:22::33) To SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ecc63f9d-df8c-4a69-bfcf-08d5844ba388 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:Nnp+OOF1xqCFuCKdkyK2WCRoRqhnyvzhMMWZYyi+mqImSvqPBu2bfD4yHco17vJYfJsDvEROe2ws53EX26ymnKw1U5hOmaR3OU6ZrF1KvZvyB/VJOltalYATNkG3ynsfUKwlMEn4CgqTKJE0d+EkV90PAAFzauGqPlGEfuypE7BrP7Y04eojEEPImYTlXR+JYZfHb6NILuFZBFr6h5tlgkbLDCOHmmZziCefSx9c81NxeJSGyPyYetOVYsVmUXgI; 25:dXsEowEiWT+iCZODApKHHYTr1mpOV/OJp7DmfeWw0ED95hJhHg+93Ri4zvZ3OrBti7QwSudaGOZj7mDxOdCRjFqpQOGazf32zmy1YmH3GcvPWxSRSQHSmYkpq9XZc5UoRuHUnGbrNDPrIjUTDUP36JeMDpSJdHKhmFSMjQ142hsMUvYD+5s9dj3xx4isbAsxO7nT7yWCkYijk1pm4AvqVj+Ixpc+2DnssHckvrxoHsXRTCzGYrxAg7lJToqYu2ZoS23PiFecaCHhlce8l/YqeUxrlAJRjKNU3bKQLEHOlAJbm4hRFbYgONAr2pSvG0wOe8J0DvU1gjhATO1aAD/v1A==; 31:TLjCr6DNLPfPe/yIZEUvMEwcW6s2jnBCRohTG1getj+AT+DkyD8m86ryiB8+rmxRMU7qKgiBR9cTzbYrwv5UNSL+VQdXAfz7zkZZyR1E/rj4ddvx5p7+e9EnRNKhLwGoKDx3tF5PRPKsHLupEaIKsjo0dAjPy/vjcFTf9ziqt3KJ5y13gJeCp1wvJbVonQU629CUV6kIfD7sgLH7RE0Q+Bo5GA1bxW3LobBsdPXWv4o= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:EDcHiH1JeDr58C7qRfEv59gj7aq8UfXrBxRNmYFLDR/JlkxEVD2EtnUTBvuDHWYqKpedhgNxBWsPgcH7pKMHZPHChFYMVE2bx9m25vmbBpDy4Tv/AkfvX10MBi/BzreC6HT71jBTOVSZvXxvSbQ9rVx1nwxytJnSQzdsoBPtQngi5LN2PN1/DWBxwKnSDPjyXUQikxpevlK1TlSkq9m3k6tVTd3m9eOWnXruafPo97+GqJL0zrJkPHOyXt1lRkZtEl09C08aZMDlGe9kvVemPzawNBjibt641vkfS0uIVbWWMyyN+5aIPxsedlXgy7Mcfdo8K8zwqX70ZH2WjBkbdmC+EgkXiFVkK86K+YmM1VMOZPmScrdkVRl7gU2rJIuH2QXPipVyw6jp7coVHDIEsbBLuGCv88cy1okO5BfOV5v6p1ihzVWUxCZMoUIQE/tgpV7Cgm4myNOACqTO1y38B5hO4PfVQORN9+F9hI/2tPrpHFLfhEPIrnirY1XbY86b; 4:j54B2FWSnqP+Ex46pejGeEu5XRuCk+7Cx2/ZNa8g4/xR22RboTVO654+spIAM+mSBN5EMvP+Zo9kTbLmMO932i271oFboI2+tDAm+8OU3ExUvlM1k7BgQ+bgaDzELO3MK4C2W9uzwoYxmRD5t0gwGjWCV9UkxOz6cNfa4QbWqLX5sHrW/LW9PwdAk7zXhx+qykPr9IVfj+kRXgfHdnNGFYcWhcdeGaidYcXVX1lSP6mFG8HBzmSoVOBmFA8P6dkpoemKJgBKhXKOlswAP8bIoM193YaLoUR7kx2tKHjO1LCXUx7Ap5BLPEQal/2B23OXRL+LB9Fb1UK8kNafeJyDLg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Forefront-PRVS: 0604AFA86B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(346002)(396003)(366004)(189003)(199004)(53936002)(8666007)(2950100002)(6486002)(6666003)(6916009)(53416004)(3846002)(1076002)(6116002)(4326008)(54906003)(8656006)(2906002)(25786009)(59450400001)(386003)(68736007)(478600001)(48376002)(50466002)(105586002)(2361001)(2351001)(86362001)(66066001)(106356001)(47776003)(186003)(16526019)(51416003)(76176011)(52116002)(7696005)(26005)(16586007)(316002)(50226002)(8936002)(8676002)(81156014)(81166006)(36756003)(7416002)(97736004)(305945005)(7736002)(39060400002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:2kylpPeUcUOcJHFtIOOmX9DLGgYOMv3dqAnnIdFTy?= =?us-ascii?Q?RXB4W8UbMhShZ8NC5EFsne2rlBqMqFQP0/wWrDlX1ybUqTc3Cnt2qFa86tOm?= =?us-ascii?Q?nSzKIWiyNNfOSVOrasVFxVODIGv9nCbyODoiY2FY9ffCT/2DIGYtFyu5EGmy?= =?us-ascii?Q?IzYA1NYm+AQmsjHpZZ88Htern5UUv4EzedvNNXuRSguNRzYQ29zbggcR6g4a?= =?us-ascii?Q?51wQFsh+WIJt49zbniQ8Rvmh+v3xWqcpjVmVp1Fy8H6yUSFSby8/oQKYKgaa?= =?us-ascii?Q?T6As/t6f4OY9aqiSxezEo3UXPic30RgL/DJn5bb2dqDOJ6aMv7Cq18W5zl1T?= =?us-ascii?Q?EIcyW2c3WGh3eIzHuRNEwrsH88e+imZ2bLCykLngm3fkI9W8+AvpLctgXzTV?= =?us-ascii?Q?sgP31L9xWwlkpO0TSNvvRZA2v3Av6ChLUJgaeV0Sywqo5cEKyZpq0XP/9aky?= =?us-ascii?Q?B+esGtyc5EzjGtr1CjyXWOvCQrUyapHbkZOWK47HvP/4D2Zw0o0LSXsMYTvJ?= =?us-ascii?Q?R/dOPnXPUvfURJdI5KKiW52NRRJXLveFibvj8EBhh+KxINQvbzaIlunV+Yl9?= =?us-ascii?Q?5g9N4m2k7Dcjp/GYpiF/9XRlWoJPJPzNomCJ3audRyFyaCEDQSwiPExkjEPr?= =?us-ascii?Q?KcvUPvOHmxvFSyTvga9T3OGr3uXnjv9nL+dCCKe1wXp/Y5L0SB36XgloaAkZ?= =?us-ascii?Q?3GcwjEyR1AFjrXmAVpJqhR6qj1G4h9pRvwvYySto1a/mipB0eVb8P2QO6bbw?= =?us-ascii?Q?Yb/y9xuXuaCvGAvXuxMqaLcgFjpV7jV5nCg+jpylpGossyDLkap0ep+B73Nc?= =?us-ascii?Q?8wG+JQfOItXBwLneZC9xYSNDIQaOGfiFDKd81mIl+cAPH5Sc1KNJNzc9DO3d?= =?us-ascii?Q?FxYueRJrzJOZwQS4q3TiScuJtnYrD02MTzSciB209dx3/tlm3GyaC6gYYsCD?= =?us-ascii?Q?Q4eVvys7X+gZu0KI9plkOp6hJnHf84m6aCiIOVr/h1+rjfzFU6ALde19ERy2?= =?us-ascii?Q?JVH0HEyqh8N0Vaxm+6uWRSHFJykKYXYYYEeHrC8F/gN5snQahFwyWc/yTKnn?= =?us-ascii?Q?gcFK+1Mp0C9IbTTvAxcAVtE35tyv70koG55NXQybaQyhixDc8BZYAKOhFzbK?= =?us-ascii?Q?xgLnGK1Ge1TFQwkMuWnv8D07lRqF8eCTS3HRji3PnyxyojCehOIKQiqXFfCI?= =?us-ascii?Q?k2Uo3wngmnqy2WEAvKR7Z1OkvlYd40tQSkBg0lBmKfsdSPRzp8ZXvF9iXECu?= =?us-ascii?Q?Uoj0fngGjQdQGoxhXV+/s0DVQN3t+g54ujUm7KzopEQPljnYWDhlkbqMT0QQ?= =?us-ascii?Q?HMRXHLxZuFAv4bDAHygCAo=3D?= X-Microsoft-Antispam-Message-Info: EVvMVleKbljl6LDeZEJCfQ6BzCUQZKoAh7ATpfw43ukEu4i4P7F+0hle1xq+LsSFD0TCpFC4t4yFhf32S7jn5HJ39b/7h5Mnta9hIYgybRq/iCTJna3HamQhYDpWcZmLHU/JCvQBbBADQRlmIN/I2D661eMeqsZXM6fG/TPvXCngwLtUKxrNxNqUhX3W75Z+ X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:UpClD3TuAyeJCbqiqf5kB2ct0NSEmESSGUoBM+1l8gLhIXNatVOQfheixeSBGWopVzb0cfwW8rnIyniAwUgXRZr2u+dcM26fPcHqyLjgJebRSsVl7160E8vWxqBhbfA3ki+d8GoeppEqGLp4W2QIYKmCjHG/6GuVicvr9HgtWZizMKDi8fHHpOIroIyqb/feg0t8mekL/mIsUeBed0JXoDGvIf0mHbI7b1a/AJ+aFWJeIgtr2eazr9XBfE60Hpd4uNJOp2EChVCPgHawUDr2FBO//P/AZikZmTOK5hhVX9w9BeqLVUW7CbT7ZV/pWmCti1aqFbId2cgVbKJr6o9BjOwat9+UbColuhhkE0f9qyc=; 5:0RdtNnqN9y1uocflbK+utONH9oKTOwyxgyxt+ZIFlNoccI7yfiLnN9xxg4bUixaepIs5kOnENGbIcxQZN0upysHrukQOyBlQL6TCp6HtVRedikR85wjkDbx/l7046DH5BhfkrtWedSdR+yqTvRC9TUqySDJNQTMJklyqG0ap8GE=; 24:pYW+AZxbXC9sZGR0f9pFdyqZsw7m28vGW00B7M2uxMB7BbJspCjip+GrLNg7EG9uF0jT/o7a5GavhTRuhFyowFAPtdNnaUPjENuSdqVCZ0k=; 7:si4UUjBeayU+5gkwDB4C4+UUp3ZoGb3+e4+0u8Cryh61TKkAnVI28WUQKjxYR9jVhCBdjKcYRscSWCYZg/kxMMThnuGmTODE0YUhhr02ZP9G99N+XLqle3bov9heJwFsDejloTPkJVA3LV3+ezZI+joAhgp79H9XWrAIXG3qS4GR5Ej+FbyHuiTiEp7tcxLLEuynwK7o2tklYd9ArC5a25ue3RtCKxmkZu8+HKsLz3gD3WrOwRmlfplGBWpPeYY6 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:2oI64GjqeZYXZM5s3dgH7TAZNsq0s4fH9f0L/PnyNo60Bb7eMqBm0gi1a2+uuJOX/jEGz+Z/6qahtzuXjmJhG71CNEj5hhkEGzGRukUJJvyxooiOvKXJ4l7owa5QRLsMsiVMs77Pzz4OmwXG+X6KPGCGXiU6RTsNpKaVxWrbwUPBHB169tANK7DdyqWXorJWhi522vApvmiv3477w3J+saUiFr3AVHAk9s42VNWdAKsnCs2sXkgXxKrK2BFIajcF X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2018 16:51:13.6980 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ecc63f9d-df8c-4a69-bfcf-08d5844ba388 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.38.77 Subject: [Qemu-devel] [PATCH v11 13/28] kvm: introduce memory encryption APIs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 30 ++++++++++++++++++++++++++++++ accel/stubs/kvm-stub.c | 14 ++++++++++++++ include/sysemu/kvm.h | 25 +++++++++++++++++++++++++ 3 files changed, 69 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a6473522be11..975ba3845234 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -107,6 +107,8 @@ struct KVMState /* memory encryption */ void *memcrypt_handle; + int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len); + void (*memcrypt_debug_ops)(void *handle, MemoryRegion *mr); }; KVMState *kvm_state; @@ -142,6 +144,34 @@ int kvm_get_max_memslots(void) return s->nr_slots; } +bool kvm_memcrypt_enabled(void) +{ + if (kvm_state && kvm_state->memcrypt_handle) { + return true; + } + + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_encrypt_data) { + return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle, + ptr, len); + } + + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_debug_ops) { + kvm_state->memcrypt_debug_ops(kvm_state->memcrypt_handle, mr); + } +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s = kvm_state; diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index c964af3e1c97..5739712a67e3 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -105,6 +105,20 @@ int kvm_on_sigbus(int code, void *addr) return 1; } +bool kvm_memcrypt_enabled(void) +{ + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 85002ac49a54..d69bd1ff2b07 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -231,6 +231,31 @@ int kvm_destroy_vcpu(CPUState *cpu); */ bool kvm_arm_supports_user_irq(void); +/** + * kvm_memcrypt_enabled - return boolean indicating whether memory encryption + * is enabled + * Returns: 1 memory encryption is enabled + * 0 memory encryption is disabled + */ +bool kvm_memcrypt_enabled(void); + +/** + * kvm_memcrypt_encrypt_data: encrypt the memory range + * + * Return: 1 failed to encrypt the range + * 0 succesfully encrypted memory region + */ +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len); + +/** + * kvm_memcrypt_set_debug_ram_ops: set debug_ram_ops callback + * + * When debug_ram_ops is set, debug access to this memory region will use + * memory encryption APIs. + */ +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr); + + #ifdef NEED_CPU_H #include "cpu.h"