From patchwork Thu Mar 8 12:48:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10268003 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 06C8C6016D for ; Thu, 8 Mar 2018 13:00:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EA3A12990A for ; Thu, 8 Mar 2018 13:00:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DE98729910; Thu, 8 Mar 2018 13:00:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 507592990A for ; Thu, 8 Mar 2018 13:00:04 +0000 (UTC) Received: from localhost ([::1]:38515 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etv9P-0006HN-H1 for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Mar 2018 08:00:03 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59028) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etuzy-0005XK-T2 for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etuzo-000498-Va for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:18 -0500 Received: from mail-cys01nam02on0045.outbound.protection.outlook.com ([104.47.37.45]:6862 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etuzo-00048e-NN for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5g1Yc9LMBRtAZ4v0k+NYU371bpCZTD3j7HCPXiCNJFw=; b=tjWUR/qyY9SMkXR1TFhp6puiyfyr3ftkpHY5zrbVGYuW6d/bl8CLlmFGSqhdO7U5/HO0ofgF9GSwvkIvDaGzurJVJYK36bBpKjRQSzy+qIqfk8RpKocpz6jGEs1/9Y5nnC8P4tB6gze3/lQZok29DsCjIZ1svE5AdAoGX0jJN9g= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:50:02 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:49 -0600 Message-Id: <20180308124901.83533-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 320b046e-7e14-4f62-b848-08d584f31da9 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:sYEpZ0Ibl/1paC7/uvq26iDTYNjyCBA0ibYPMaIOg0KSyyHv9zot2b8SI994EM5FpGk2ghhBdvSO8Z4MsQGBxNpLYlD5i0DDqTOaMwdaJshDiZ/p038yu3m2nlyA07pn4lXUTkMNfLZcL8jSgkZPLhlubAapjifSGTykF0U17yg4Uksi9Uao/2LU2SH2ndGrpSjj4JNxLCtSBzXrUmwIICYy+CmYIJ/Z+P1Re7ivSCnGNMvzxl5I3TmQUudGcPhJ; 25:X4GqNom9+XUIEQMca1XdBlgh48zTNAN0E/PbyvCdbJshdP7+47snCo65adEnLRQTde74cDg0RM0JIl10aj5QT7+ZgJ9mAtXUfhPx2ooflrOZn3f5nGx2zkkFbLN019xQPgrvL5/yUeWa5/8+JNUtdL1YMHH3lZGth37zB+wDg8JRXlC24B/vPAbJbDBTJ+DBeshlmrE49CMVb7VCMLTtvDtguG1tlWSsyUaumJqg585tH/8Pn7ZslO+HQK7Sa/ldX4G5n+3Cb7vYwX9pzRwvz6IPNMQWDyWFBYOVd/mfDSnjjy1zi5QUpD8gxadBIJ/KxP6hWSc4BNNLC12wB4eV4g==; 31:CK/VMm1308Nr2/L+NMyoDZML9fDDDM6x2AsMYf70d98TEXgkZvZf6JHBBFjFz8b/5qOZhXwlqdZ8DS6ya7ira/Q1HM+OIsv3EpqkDhx2u+dpUsREl+YS1vPqxHPuDJUhLaY8NCdt/N7BN+BzLyt0GoofdQm8RztWZWi8EqavYFR8fzsk1zDCJyP7WyuK3uoBbP6gb1NjqOobiyTegInsLLJDA65I+xEINBAiG8N+5Hk= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:e5e98g64G1tcr+WlT472dD/734tmOon2ujrLtaEFwdSBtakRTKs9oMIVTM5vnRisnbnKj2hpTpmIY+0JoybJLD5xS8mPkBlTl6QGN1CBRi5djFX+BclpqN7AfjYWNIBzoZvF8ewMtLz+Sp2uKOID1+M3wW2gDb8ZtHe5hpaCT0LetlnQM5F9dQBVxyzS2aRldLQQfDPfNh0kzEptc7ABYWXTHTWl6WRbFsdu+ldzR/BRYYlJDY1liJbYZWA4N0GWzgaAZwR/wuLwoWPIcKuZcW+gVqQY5Ttm47Jy+FRusHTuVYDBUCWP3N/XTPKH5jDTLRV/laOtp/4I5TPkHE7X5DkGssK7VEwvk1fKXAhXnPH0/BHeN663pCNc1hqBH1XzL9pyXRqEmXUDYnXzS8JhSRIFt7FgfFmgIVMVyLIh4yHE/BepTbPzCUEPLbYi+EIVKltPe3qVuw53IlTxZaZWGGZQROoDsHlhsaRFHwk7JvhjX3/Y1CgIbCcdUefeJgos; 4:G31niTQ2skFFPI7aXfIJNHp9L/usr5dxxMxO63+y4jQieXTJgthsbaz/Cu+qIDCpyZEOdycz40gmgk/uIn5tPIvmWCq1LJEIFOd5i0hAcYcL4sOIGCAzsugXxfy21rro+H1ldVhB+PJAbvztFkYfGhQG9SI5zTV7wpeLpQOch461iF1XiMM1BpXEvQJ7Lgyl/IlzgmRNpuCSJQgIhkZqG6KvbqyZMSnNb6LCTQSw5IvjNGNG6su9y4eRrS/29H7ISxyF2pG1gbKBBoxGMEJRMEo5R7FWtAuVym3qve/6Tnsvv7VZSyHBgmZp+ZDZmjsu X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(575784001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:9w8mBM2YUQ/4h0XoEGehRCTFIBCxyFRB2Ck0tLiHD?= =?us-ascii?Q?mrL7jkruSrhsaMY4V8zxPZt5Xu933zhW1846EGFmgllrwMj6w/KHNE/oJDHY?= =?us-ascii?Q?yRFIn/E+G9zuTWDvOGiCaAp0E/l0Fy0xza8+XRafGNiFgnkcMW1kC08wLcI5?= =?us-ascii?Q?KInJqNFL1WyKe/gSoen0wuDFoMMFavpidxNbZV84iw2kL7KBq9Q6zggYifHv?= =?us-ascii?Q?xFhoMaV1LhNTNxw7Y38rj93Ym3dcxwtevuocLOla3Ff2ep82pz/FV3N6PItb?= =?us-ascii?Q?PfxWRMpIgTGs2lJzAr/THGiSb2hy65B6dbsHFDkIP4bLdTErHYGT02QvkrK/?= =?us-ascii?Q?5yLwMEjDAXU0kI8X/YETAxTL2ExZG9If4/1rMPeS/jXTn3YJZPFHUEJINPkt?= =?us-ascii?Q?hXuLV7G8G0PXjTw7xA6rspI/h+vvQibkud/nUBgeebbBwYEbJCxae1rj1Gzf?= =?us-ascii?Q?TPaoKB3OJFpFRU0SSj4QEYd3dVfB87MANTLRSik/qwSKyAm1/4cTlF7xd0CF?= =?us-ascii?Q?atNK9FFZUAvmNcxuOiKH1LPdHkM6R+ZsoGa1IywQ8uQP+FUptuj2q4HNe83P?= =?us-ascii?Q?Nw7wt6NyO9ufC1+jwnaKQANIDuqByah+HvhEyhunNnZquorChLgbwcsN/n9C?= =?us-ascii?Q?ovggUZNqCdklmxUtSZFb/A6C/g2l76ErgsAq6fqJF2uofbtbhL38Mvl9Gmsj?= =?us-ascii?Q?HcIGUtja5o1HgYt1Vi+qySQRS1xdMZyoQYuTkj5XjLforf+WKCRrZMll8D7a?= =?us-ascii?Q?maP8yS+4IQaAtim0C/WRmSWrpavBJJqEiNFNQQuPKLeRbg961pUQh5sp+r7b?= =?us-ascii?Q?BCAW4sesAz1PAKOyTaIJN1hHUiSMGzJn9irAyGisIORmy2yu7JZLHkKn3dZ7?= =?us-ascii?Q?2RVVfPaljIPgYgFaif3El9IvdvuG4VCrTx/9LqnDkvXRu9OeZ+reQRCy9BU+?= =?us-ascii?Q?ByHUx8jXClNaLmASgW4gjRFJG8iBu4uBZr4GC66eiOAojD89G+SE23HGHyeT?= =?us-ascii?Q?w2aUHpEuJ7VORBCjaSYGjmuDQdXSt8S+4awXtYTSHXGuCGv6g8PLdbDZpR9P?= =?us-ascii?Q?01kYTu1xRHTj+u1HecT37rZ8F5oNMj15Ed5njlACoa4QtfWYwXDthQi6baRL?= =?us-ascii?Q?WrNsv/ZuXMt7fw2VqyZ8ZudUDx0JovvRWaTuJDAt0qRyxPvFYmQOL9vMoRg/?= =?us-ascii?Q?66AMRofAtggRWJlWkOeugwdpTmT5kRcTXeIdUpic65octQnnupLc+TXp5Tk3?= =?us-ascii?Q?YQDXiMxTbgWuku2SW45t1cnEru7Ws46yPbISe+jg0RVurEaFQcVeyQlgs1ed?= =?us-ascii?Q?jOJMJGU1jiBdS7SsIPcBDfs4ucR+HQcX8skHMXv0An6?= X-Microsoft-Antispam-Message-Info: B+H03sI6Hv2sWz8HmVA9LmuzlJQJY5DpzcC9/Tv+Q34tLhOBLSvLsPaiOvLsWzUSdBRHJVxkMC+iV3w8XJmqUkxRuxrnaagItvZF/ITXhPIJkGj0iIMFUmljXt2kXpQ9dxvJoHr1LFD7YZJW/x04O/qDhmlHNuOGVWIGAxwID7/IPHQE58o/Zb+Udi3mZf3m X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:9kNmswZKJoMFibbgdMeL/NNZMhO7qY7sXnYFNGWWd2GRUgCnJW83g0vF3y0D+HxGMdrwWMFUOxW0u1Au9pl7xA13UdlPsRluoerLjIDqat+RlH8QG/xm9yRCpibUkBbdNqwgNW4c3WOQAlWoz/KC4db74IggVSz1UtrDqyUueP7TCZu0FG29OOjZ3hsg5+sKjgG77k2tzZj3A9mMjKRaXETJrnzq+tEEjrkexD1XTJMeWrMw3aGyxq/VVS6XkbzcnFhgYmA46f5Gs0ZjVLmdO7L+/j+ZY4bn4iIp0bpiY3nkxFZZl59ipla79NH23Gc9XKedP+l1JVB5o/erAi/LTLXZg1KPbRf3P36jzURS5u0=; 5:/VxsoTLT65GEQ0Xy5pQKObV1XaVPX4wXu4BMWzDs+ADzd6xEqj8XmwbEKX+4l0v3xgu/v/51gbk3GCOT7fm2n/1u8QNF4H+j2elNsptilNxVgdSw9C7FEPgttOElyl+aKaUB7CkXC3ZvFpo7K+76XsFSSJ6kPo2//joou0uqkfc=; 24:y92JgjlO2TWvDDM2WSm38ii8oG6FS9Eobu3Ix2XT6BooRODUUx9iroUUwmOmQqFOWN/6yx2cFNlwDjsIEInBoQaMAiVHyHyTgMIhyVxvnxg=; 7:eq13VLHs7eGWMJ98mf3TBt//JPUOdlyiW6Z9cdDfNcLh76QJPm26pVs5PhkL1WfYw7Z87SkdNLC4maStInU4AEVdMSjORUJ7yvnw198L1V9rwMV/hwLSODyVS1GH449Uc4LdZnd+v7YDpyeswaJ9DApbnD+LGjgCuHx6z0bW8a4FcMcTqqgY08YWSoXh9ZFAw4YFfRg9ojkO/wFdZgRdmNuX3P3ldW+IDHQrF8mSpRxRiMDsKJldukYIJWxRsR4u SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:7mmhACjgm13a/Bpb68x9l7YpF90VAAfMUFCNsfbIpu9CKKNR7Wn9Bt99keeUJPA8jDNifWdhgx8Xsg7ZkJAm80daQ55Sia2XIHqor1ttTETDAnMadEGa7hhNLRSxI9EnzmtSgEjhvHd2tajf2MSbSqZYDdDPQkIADYoPdUvA8BQrR/jW5+Sp9ZUFViMMZOcSNPvYnP6gbe8FOatdnmgibftoY+eacoQ3+8vKFb1T7e4YqCTzatKEmfvNNjMMAg7j X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:50:02.9249 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 320b046e-7e14-4f62-b848-08d584f31da9 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.45 Subject: [Qemu-devel] [PATCH v12 16/28] sev/i386: add command to encrypt guest memory region X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 2 ++ stubs/sev.c | 5 +++++ target/i386/sev.c | 43 +++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 4 files changed, 51 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 975ba3845234..411aa87719e6 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1680,6 +1680,8 @@ static int kvm_init(MachineState *ms) ret = -1; goto err; } + + kvm_state->memcrypt_encrypt_data = sev_encrypt_data; } ret = kvm_arch_init(ms, s); diff --git a/stubs/sev.c b/stubs/sev.c index 4a5cc5569e5f..2e20f3b73a5b 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,11 @@ #include "qemu-common.h" #include "sysemu/sev.h" +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + return 1; +} + void *sev_guest_init(const char *id) { return NULL; diff --git a/target/i386/sev.c b/target/i386/sev.c index eee693745103..cb0bf84742ed 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -105,6 +105,13 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static bool +sev_check_state(SevState state) +{ + assert(sev_state); + return sev_state->state == state ? true : false; +} + static void sev_set_guest_state(SevState new_state) { @@ -486,6 +493,29 @@ sev_launch_start(SEVState *s) return 0; } +static int +sev_launch_update_data(uint8_t *addr, uint64_t len) +{ + int ret, fw_error; + struct kvm_sev_launch_update_data update; + + if (!addr || !len) { + return 1; + } + + update.uaddr = (__u64)addr; + update.len = len; + trace_kvm_sev_launch_update_data(addr, len); + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + &update, &fw_error); + if (ret) { + error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + } + + return ret; +} + void * sev_guest_init(const char *id) { @@ -571,6 +601,19 @@ err: return NULL; } +int +sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + assert(handle); + + /* if SEV is in update state then encrypt the data else do nothing */ + if (sev_check_state(SEV_STATE_LUPDATE)) { + return sev_launch_update_data(ptr, len); + } + + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 9402251e9991..c0cd8e93217f 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" +kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64