From patchwork Thu Mar 8 12:48:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10268045 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5DAD0602C8 for ; Thu, 8 Mar 2018 13:11:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4861B285C5 for ; Thu, 8 Mar 2018 13:11:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3C4CD2918E; Thu, 8 Mar 2018 13:11:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 59E152987E for ; Thu, 8 Mar 2018 13:11:43 +0000 (UTC) Received: from localhost ([::1]:38618 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etvKg-0007ym-R8 for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Mar 2018 08:11:42 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58898) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etuzh-0005Df-IT for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etuzd-00041G-Gy for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:01 -0500 Received: from mail-cys01nam02on0089.outbound.protection.outlook.com ([104.47.37.89]:10504 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etuzd-00040H-6V for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pFejL0C2Pz30AlJXnoyar4bGRdi6XBmbNDe1NPNRKNg=; b=l5QntmjQJyBKiqu29f97wy/KoiKhvUyeQ/cMhuXt896NbZcZhvwT/Cz3cXen8TopgqIzE1rRQwSFA6vNj0fTzvTL26QeGsqfGav1RWwBtDTNCO9HwZ/2JqzqNRZxGvegB6MWttuY6TPKySzXgiCLsfPLLlYlhd/FQIb+vFnSNTw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:49:50 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:44 -0600 Message-Id: <20180308124901.83533-12-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f543eb8d-4af8-43a3-e489-08d584f3163f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:madnOmbf31tGxTXHc6ynRO42SU3ZOiO93ak6ldEO9qy9LzJzazyCn6GkGvUwh2HOr248izauFmjysXSTHpckXuFx0AwFw5GemGgcLJTeJruXHm7DxSBkNr6ATf5Lv7nZmwyLjb5lc4xuXLXvtjFz/syatKC5kDsDx/Q5DMxfYFrfcbIU0lvJfx28Ondhf6BTQ2eCPFGMo+m6samo0inKxF6Um+H5EE7x9587azHOOA0+AKyMEMImpTyCKkHEcHVX; 25:lv81JbUQIX9dU4FE+36roFjpMpvGrvO0L3pH5ncRG80FJHt6i4DU9ipGy0IaLliRV6xo5/QhvR1Jtq3FQGXmG/g5KMmiZp/VTl+YKZNWsQhrc0ficnma13jb0o8N0w+1aykZ1k9gfT3kY5GOMcBy2lqp0Z8fNEq9e7/N3o8mbepEobAkorCei9OxT++ZIUFuBE60SNXDPrIkMGr9tN8KhAor1Wr/iEVcCUevPLseTFzonHdoVPbrgWRUrBpGrbs1HtIuNVgjPrk9HZ9sOFIOGup1E2xtNeq3b1InroD0Mn0EYLYAVpbIhcuR69Cp5IydDjtCtwB0wM2O2XGB5ZMWXQ==; 31:OSzH65Ee6k+JrFnQmcz9yp+ri6S2p8ojkirWSgZAY8VmR61+iZEnHMVRSPvkCtkoYbM/wWEwikh31awXg+9w8d9AvX5WmPGmSiWZeoaESYcjrzqr+3MhVjLQmJ2v/yltVmo1j8xhYMQItVJrinhSG2DpAd4hXouUaRbrQN9AcVTlO3maLzgukybif1b725FBObOBgNqPBijtwZjuxEk1laALiejwmmiUpkGjP+jD63k= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:8QAgcybsqsKXEFxVISo5PNrxC6fM840/RKJOgA06alm86v92Dh4hTCB3sHsgxrQ9U5UNvQDCYewQanxLQ36rnDzXLbLb0vkJQzxMmk9ehUCJMWxQi4LC1KdhCv3k/sMbph/NRpT1I1adFP43zx5yowYu43zsbZiBoF0ws6ciWs8kpeN+nsblBpJpRpafAiGuUmlUJwd2/2V3EqraYPKpna1EhtFCVTKJ1N31ApuPXo0km++q2MHYCZ3islVi3QPWnvtGga1DBgecuZr7MPa6IZsyszq+cD3HccvRQJ/f9wRA0ovi5JdzW0y7HlRW4CibkUAm7PLlfbhIcuME1oFxOsLYqccwJrgdh3iT6G4RNEzHljKPSNB3hkoR0IKBfpUTLNjtp/pgjGrbDMj/iBkBnp0VT+CYlZdijhbGQUC7hB89zmXw37b8R2mCiEVHuaNY1GrTYttAjTf/HHfOjJHNc48in+jzjRRyG8XZweL8OeVTp5AfU5mK7ufcdNPSkBBg; 4:XPSomTbsN4X/BdnpKj9x2pQd2wu0BsM9mmWsiDOA58Fm/hba18JOFzAFjCE3zrWnWQSSWyQ1OPfdWzKhKKe2OODoMcvTmK420QMyoou7etc7ZIjlI1p+lAQicJIa7i7CPlS5n2f8q+ykHszZt58PdDArkejR9Nno07rBU/II1zN6vr0s7PRR3r+2M/PkwR9HF8a0qsdoCXiBZpVzyY44s9a+ebD3SCrKk7QL/+zS6zauHHxZv+eiZTXGUOqkm4OonRSEjPvlpO99j01mnPdwSTUJtbfQCCZKifp4G8/1gN+nZBxugL+ZpnqktGatjc2U X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:8f/aoQYjDQ3A8xHqRthNlELyboNGX0pOS+hNBmE2Y?= =?us-ascii?Q?mnb/JTzKzWDUB6W4jRAYDU4TiWPWKv+w3K53AVqftgTbk9BhJOUlXRQJPn7x?= =?us-ascii?Q?SbnefmqMwKAtEvuO+ic2EEcr/yLL1s5keJoagnp3TiH2tCsuS7daV7Q4X6eK?= =?us-ascii?Q?GeCvjEnjvgD7I1zdrrF2IGgXAHonNUVPeRbZg+ecVtE2rdmNeiUZR0O20aL2?= =?us-ascii?Q?g318Fe+bxZSEYfP28/9BUfsMM0YwZHEm82bSKhEOFg54TDvOz707VBQsl1UN?= =?us-ascii?Q?wpPQ75HacbAJozDtRdQLR9/wlLDz1Ab1su6vZihyjTqnjuOZYFYXe2h4EseY?= =?us-ascii?Q?rDyESdUMKqQIP2Hy1d/TFcIWW8x7+5ljas4hV4os44gIRnfN8MNgVppBKgBv?= =?us-ascii?Q?2QS9p37rfzOznZ3eQYhDc8QLdHVv9nfhqmEu525C4OlXEpxJn+JZ4v08JWZf?= =?us-ascii?Q?hIiRLXixjk5ZkN4I3CmMD22vzVxJyiJvJ13zoDSzwG5KCbc8zS5gZg2JBjgG?= =?us-ascii?Q?MtSgZ3FZ6Lvo4SieAf6rRClQg1QuzjnRYQDwIkPTXOlSYa59HNAu5nUlg+d6?= =?us-ascii?Q?b0ZLRoAh9qHqO9VrRL70hEUWRiMfy/3ILFI/rrhaLaPvYIzTuGDqqNf6xqfF?= =?us-ascii?Q?Igc6hDZPfBILvOJmuQr+JJZuaImJZwFHAOojiy2R1vEAfyXa7YM6omxVFy0R?= =?us-ascii?Q?Mpcde7OdN16IXB8uDXI8EEzKIjwHnUazE2HOZ9u//ngRKUrnqRLpL6vpUW2R?= =?us-ascii?Q?TFxGUbZJ/hWVysFkujybpGN2Jmys2JtNRcbVlSxwVEkyGJsGPDeMw5hsEtvU?= =?us-ascii?Q?0DO9GjI+Pa6JhfIB6oUmjMxhwYkVIN2EYH5qWaZ4fi7Vw47CwVwhuo8ls5ck?= =?us-ascii?Q?oB/pUQ1xqwcYL+WzrOizlaLMIEOEe5QIoBHUz6GryD1s/z4yVenPN8UYJjud?= =?us-ascii?Q?24aZEaUGPzyDOAbO+Ago8XPrHt68PuDOUlkSJfim4WloBF6eURUxy8/ZkQPY?= =?us-ascii?Q?5E2NYd/zzfexsCrAZX+oHeOyl7SO6XT1dTCQi0R0bUifTNUKoKU0yNUHFoNY?= =?us-ascii?Q?Wl0+IhZeBwTpnlA7NgZM4P9oxYTx81Qijh5lfCf/k3z45QJCNSeFwzoLgvd7?= =?us-ascii?Q?e/94y5Iu0dVDaqNBKA6fr6xMNd+3dC1kr43Ndj9cajo6GuNb5RUI60iJ6oda?= =?us-ascii?Q?53oaxRxYf8qE4lPgoyAkkwoPcvfqNkE5flL72POuzJWAwFpg8U2+rf53Dr/b?= =?us-ascii?Q?R5mm/KsMyyyS58RhK/pGmORar8ZHzFtPfUd0j86qvlfowo+rM8jpbrRmLvq+?= =?us-ascii?Q?+f/bc3BLJfkhpA2dbUc7zE=3D?= X-Microsoft-Antispam-Message-Info: tugfAJnRHkrTaQRtjf+F4lP/jgUAExgfZsdn4Y6mFV6Gg+UIGrmytc6ZSG860MlacRdA7zHmpOPqmdCzlzCx7mlOL0I8pPGzgKSgyEmsDnP9SjsNr5uodBaAWA4/op8J/Or1EDG/s4OjMC7hXlbM6X6r9OjoRbsrWV0GMyZmegaNR6LVX2eXSOZ0P4WI9oEa X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:yKGU4JgIYbStHFmzFvd8MpWC3t7+avyTlJS/LxGQOux6zECEWzZH5aj275DGQAnx40Ib0FGx93IYDUzEkyem3kf/jmdwDbjac4s8UuJUl+lyCDrM9xa9DLSoUp5FuQx/xamej21LK9pqQi7uIM9iNvvAuG4wnH0au2nnvbWBhyPmg+6jJSuCAKxbQ71bOhhLMBO7jI8dtbMXK1AESXLWxGIJ9YL7q5qaKANjKHWjJ7lu2nB9TbMO+bLr7li8aUs7JaFix/O80O1GFD7X9ZORMYzfGsuwMNYhVFHbxNQl3D72EUUJtWyGRL4kCymXXV4dznbHq1KSPXJLqnE+c7dfzY6pfTBnaZBWlc9Amy7e18c=; 5:FgNUYZJskEf3+ZLDk9EAbCJNFXd5PuuBEZLoPXzeLzuxF4csgmMURBY+CKD0cFQcel7BTw1kuox5K6aGS4mxBuVYV/9OhOIP3Jrh5G/7w7gt01hTzPf1pujd2qy+1VkJtchs7+biFduNo3RygFXHEhNW5AM4HQa9+oCg4cML9MA=; 24:FdukwlpXRmh1MUJ7gig/3SjgulnPR7X7RoPifQSLbREr7Bw7gnRI+sjxjzRlbO2/DMfCbfLxUrHaFCRZ/tiEuxgXXrN3vwTn6b5VCqh6K8Y=; 7:7dr6JZdoALSbGVKn8uyIX0Zm2Zyjl5SVQkRfSD6K7duEGRaeGNvYS9URGpSohgeP++mjDiE38FkdfHUoE47Me3MhrH85MRFTSgOyrnU7Zn/FSR1ZSOVTf2do0m7c9i87eH9NXkTN3sQMCztvChtMGYX4vwOw1Uju6zSRabLtX3GUGPmPKrjLxZTUPxDXQhzfw6SlCNYtXzyiAyYi9xQcgtmMHVbNk0fR30nKGXVVTn7ZIVPvz5ZHDt52MSjiM8WF SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:IXgjtb/qniPTwRK9LSDSnINpSOSwAm6uKQzB7Xxm9z04V0AcLBTF7y+fl4yUjZVIjxTB4tiAjP9FPQfxW1K+W+f5ad3qXrP0WLMSmrJzSyJDIrefttJnWtXjsB9ECcf1txcU4B32jpqt2T7bwOEjGI3C6iLy4ETYBBUTMfM7t/OA1be4aRsVU5XrQIrc+D4247RV/c5mfiYqCi+9n5wP71Yd14OKfidsgIyjBbp4E9JsMcLtfYABNjA1ZS0lfiEb X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:49:50.6435 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f543eb8d-4af8-43a3-e489-08d584f3163f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.89 Subject: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP When memory encryption is enabled, KVM_SEV_INIT command is used to initialize the platform. The command loads the SEV related persistent data from non-volatile storage and initializes the platform context. This command should be first issued before invoking any other guest commands provided by the SEV firmware. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 16 ++++ include/sysemu/sev.h | 22 +++++ stubs/Makefile.objs | 1 + stubs/sev.c | 21 +++++ target/i386/Makefile.objs | 2 +- target/i386/monitor.c | 11 ++- target/i386/sev-stub.c | 41 +++++++++ target/i386/sev.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++ target/i386/sev_i386.h | 24 +++++ target/i386/trace-events | 3 + 10 files changed, 362 insertions(+), 3 deletions(-) create mode 100644 include/sysemu/sev.h create mode 100644 stubs/sev.c create mode 100644 target/i386/sev-stub.c diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index b91fcb7160d3..a6473522be11 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -38,6 +38,7 @@ #include "qemu/event_notifier.h" #include "trace.h" #include "hw/irq.h" +#include "sysemu/sev.h" #include "hw/boards.h" @@ -103,6 +104,9 @@ struct KVMState #endif KVMMemoryListener memory_listener; QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus; + + /* memory encryption */ + void *memcrypt_handle; }; KVMState *kvm_state; @@ -1636,6 +1640,18 @@ static int kvm_init(MachineState *ms) kvm_state = s; + /* + * if memory encryption object is specified then initialize the memory + * encryption context. + */ + if (ms->memory_encryption) { + kvm_state->memcrypt_handle = sev_guest_init(ms->memory_encryption); + if (!kvm_state->memcrypt_handle) { + ret = -1; + goto err; + } + } + ret = kvm_arch_init(ms, s); if (ret < 0) { goto err; diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h new file mode 100644 index 000000000000..3f6a26e92789 --- /dev/null +++ b/include/sysemu/sev.h @@ -0,0 +1,22 @@ +/* + * QEMU Secure Encrypted Virutualization (SEV) support + * + * Copyright: Advanced Micro Devices, 2016-2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef QEMU_SEV_H +#define QEMU_SEV_H + +#include "sysemu/kvm.h" + +void *sev_guest_init(const char *id); +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); +void sev_set_debug_ops(void *handle, MemoryRegion *mr); +#endif diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs index 2d59d8409162..31b36fdfdb88 100644 --- a/stubs/Makefile.objs +++ b/stubs/Makefile.objs @@ -43,3 +43,4 @@ stub-obj-y += xen-common.o stub-obj-y += xen-hvm.o stub-obj-y += pci-host-piix.o stub-obj-y += ram-block.o +stub-obj-y += sev.o diff --git a/stubs/sev.c b/stubs/sev.c new file mode 100644 index 000000000000..4a5cc5569e5f --- /dev/null +++ b/stubs/sev.c @@ -0,0 +1,21 @@ +/* + * QEMU SEV stub + * + * Copyright Advanced Micro Devices 2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "sysemu/sev.h" + +void *sev_guest_init(const char *id) +{ + return NULL; +} diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs index 76aeaeae2750..741cb080eb17 100644 --- a/target/i386/Makefile.objs +++ b/target/i386/Makefile.objs @@ -5,7 +5,7 @@ obj-$(CONFIG_TCG) += int_helper.o mem_helper.o misc_helper.o mpx_helper.o obj-$(CONFIG_TCG) += seg_helper.o smm_helper.o svm_helper.o obj-$(CONFIG_SOFTMMU) += machine.o arch_memory_mapping.o arch_dump.o monitor.o obj-$(CONFIG_KVM) += kvm.o hyperv.o sev.o -obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o +obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o sev-stub.o # HAX support ifdef CONFIG_WIN32 obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-windows.o diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 27b99adf395b..29de61996371 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -670,6 +670,13 @@ void hmp_info_io_apic(Monitor *mon, const QDict *qdict) SevInfo *qmp_query_sev(Error **errp) { - error_setg(errp, "SEV feature is not available"); - return NULL; + SevInfo *info; + + info = sev_get_info(); + if (!info) { + error_setg(errp, "SEV feature is not available"); + return NULL; + } + + return info; } diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c new file mode 100644 index 000000000000..c86d8c139237 --- /dev/null +++ b/target/i386/sev-stub.c @@ -0,0 +1,41 @@ +/* + * QEMU SEV stub + * + * Copyright Advanced Micro Devices 2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "sev_i386.h" + +SevInfo *sev_get_info(void) +{ + return NULL; +} + +bool sev_enabled(void) +{ + return false; +} + +uint64_t sev_get_me_mask(void) +{ + return ~0; +} + +uint32_t sev_get_cbit_position(void) +{ + return 0; +} + +uint32_t sev_get_reduced_phys_bits(void) +{ + return 0; +} diff --git a/target/i386/sev.c b/target/i386/sev.c index ab42e4a456d2..288612e1aa46 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -11,6 +11,11 @@ * */ +#include +#include + +#include + #include "qemu/osdep.h" #include "qapi/error.h" #include "qom/object_interfaces.h" @@ -18,10 +23,88 @@ #include "sysemu/kvm.h" #include "sev_i386.h" #include "sysemu/sysemu.h" +#include "trace.h" #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +static SEVState *sev_state; + +static const char *const sev_fw_errlist[] = { + "", + "Platform state is invalid", + "Guest state is invalid", + "Platform configuration is invalid", + "Buffer too small", + "Platform is already owned", + "Certificate is invalid", + "Policy is not allowed", + "Guest is not active", + "Invalid address", + "Bad signature", + "Bad measurement", + "Asid is already owned", + "Invalid ASID", + "WBINVD is required", + "DF_FLUSH is required", + "Guest handle is invalid", + "Invalid command", + "Guest is active", + "Hardware error", + "Hardware unsafe", + "Feature not supported", + "Invalid parameter" +}; + +#define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) + +static int +sev_ioctl(int fd, int cmd, void *data, int *error) +{ + int r; + struct kvm_sev_cmd input; + + memset(&input, 0x0, sizeof(input)); + + input.id = cmd; + input.sev_fd = fd; + input.data = (__u64)data; + + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); + + if (error) { + *error = input.error; + } + + return r; +} + +static int +sev_platform_ioctl(int fd, int cmd, void *data, int *error) +{ + int r; + struct sev_issue_cmd arg; + + arg.cmd = cmd; + arg.data = (unsigned long)data; + r = ioctl(fd, SEV_ISSUE_CMD, &arg); + if (error) { + *error = arg.error; + } + + return r; +} + +static const char * +fw_error_to_str(int code) +{ + if (code >= SEV_FW_MAX_ERROR) { + return "unknown error"; + } + + return sev_fw_errlist[code]; +} + static void qsev_guest_finalize(Object *obj) { @@ -219,6 +302,147 @@ static const TypeInfo qsev_guest_info = { } }; +static QSevGuestInfo * +lookup_sev_guest_info(const char *id) +{ + Object *obj; + QSevGuestInfo *info; + + obj = object_resolve_path_component(object_get_objects_root(), id); + if (!obj) { + return NULL; + } + + info = (QSevGuestInfo *) + object_dynamic_cast(obj, TYPE_QSEV_GUEST_INFO); + if (!info) { + return NULL; + } + + return info; +} + +bool +sev_enabled(void) +{ + return sev_state ? true : false; +} + +uint64_t +sev_get_me_mask(void) +{ + return sev_state ? sev_state->me_mask : ~0; +} + +uint32_t +sev_get_cbit_position(void) +{ + return sev_state ? sev_state->cbitpos : 0; +} + +uint32_t +sev_get_reduced_phys_bits(void) +{ + return sev_state ? sev_state->reduced_phys_bits : 0; +} + +SevInfo * +sev_get_info(void) +{ + SevInfo *info; + + info = g_new0(SevInfo, 1); + info->enabled = sev_state ? true : false; + + if (info->enabled) { + info->api_major = sev_state->api_major; + info->api_minor = sev_state->api_minor; + info->build_id = sev_state->build_id; + info->policy = sev_state->policy; + info->state = sev_state->state; + info->handle = sev_state->handle; + } + + return info; +} + +void * +sev_guest_init(const char *id) +{ + SEVState *s; + char *devname; + int ret, fw_error; + uint32_t ebx; + uint32_t host_cbitpos; + struct sev_user_data_status status = {}; + + s = g_new0(SEVState, 1); + s->sev_info = lookup_sev_guest_info(id); + if (!s->sev_info) { + error_report("%s: '%s' is not a valid '%s' object", + __func__, id, TYPE_QSEV_GUEST_INFO); + goto err; + } + + sev_state = s; + s->state = SEV_STATE_UNINIT; + + host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); + host_cbitpos = ebx & 0x3f; + + s->cbitpos = object_property_get_int(OBJECT(s->sev_info), "cbitpos", NULL); + if (host_cbitpos != s->cbitpos) { + error_report("%s: cbitpos check failed, host '%d' requested '%d'", + __func__, host_cbitpos, s->cbitpos); + goto err; + } + + s->reduced_phys_bits = object_property_get_int(OBJECT(s->sev_info), + "reduced-phys-bits", NULL); + if (s->reduced_phys_bits < 1) { + error_report("%s: reduced_phys_bits check failed, it should be >=1," + "' requested '%d'", __func__, s->reduced_phys_bits); + goto err; + } + + s->me_mask = ~(1UL << s->cbitpos); + + devname = object_property_get_str(OBJECT(s->sev_info), "sev-device", NULL); + s->sev_fd = open(devname, O_RDWR); + if (s->sev_fd < 0) { + error_report("%s: Failed to open %s '%s'", __func__, + devname, strerror(errno)); + goto err; + } + g_free(devname); + + ret = sev_platform_ioctl(s->sev_fd, SEV_PLATFORM_STATUS, &status, + &fw_error); + if (ret) { + error_report("%s: failed to get platform status ret=%d" + "fw_error='%d: %s'", __func__, ret, fw_error, + fw_error_to_str(fw_error)); + goto err; + } + s->build_id = status.build; + s->api_major = status.api_major; + s->api_minor = status.api_minor; + + trace_kvm_sev_init(); + ret = sev_ioctl(s->sev_fd, KVM_SEV_INIT, NULL, &fw_error); + if (ret) { + error_report("%s: failed to initialize ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + return s; +err: + g_free(sev_state); + sev_state = NULL; + return NULL; +} + static void sev_register_types(void) { diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index caf879c3b874..924cebcab02d 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -17,7 +17,9 @@ #include "qom/object.h" #include "qapi/error.h" #include "sysemu/kvm.h" +#include "sysemu/sev.h" #include "qemu/error-report.h" +#include "qapi/qapi-commands-misc.h" #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 @@ -30,6 +32,12 @@ #define QSEV_GUEST_INFO(obj) \ OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO) +extern bool sev_enabled(void); +extern uint64_t sev_get_me_mask(void); +extern SevInfo *sev_get_info(void); +extern uint32_t sev_get_cbit_position(void); +extern uint32_t sev_get_reduced_phys_bits(void); + typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass; @@ -58,4 +66,20 @@ struct QSevGuestInfoClass { ObjectClass parent_class; }; +struct SEVState { + QSevGuestInfo *sev_info; + uint8_t api_major; + uint8_t api_minor; + uint8_t build_id; + uint32_t policy; + uint64_t me_mask; + uint32_t cbitpos; + uint32_t reduced_phys_bits; + uint32_t handle; + int sev_fd; + SevState state; +}; + +typedef struct SEVState SEVState; + #endif diff --git a/target/i386/trace-events b/target/i386/trace-events index 3153fd445488..797b716751b7 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -5,3 +5,6 @@ kvm_x86_fixup_msi_error(uint32_t gsi) "VT-d failed to remap interrupt for GSI %" kvm_x86_add_msi_route(int virq) "Adding route entry for virq %d" kvm_x86_remove_msi_route(int virq) "Removing route entry for virq %d" kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" + +# target/i386/sev.c +kvm_sev_init(void) ""