| Message ID | 20190806165429.19327-7-brijesh.singh@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add SEV guest live migration support | expand |
* Singh, Brijesh (brijesh.singh@amd.com) wrote: > When memory encryption is enabled in VM, the guest RAM will be encrypted > with the guest-specific key, to protect the confidentiality of data while > in transit we need to platform specific hooks to save or migrate the > guest RAM. The MemoryEncryptionOps introduced in this patch will be later > used by the migration. > > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> OK, I can imagine adding some Error ** parameters to those perhaps or maybe some different length types; but for now that's a good start; Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> > --- > include/hw/boards.h | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/include/hw/boards.h b/include/hw/boards.h > index c5446a39cf..ba80c236fe 100644 > --- a/include/hw/boards.h > +++ b/include/hw/boards.h > @@ -105,6 +105,29 @@ typedef struct { > CPUArchId cpus[0]; > } CPUArchIdList; > > +/** > + * The functions registers with MachineMemoryEncryptionOps will be used during > + * the encrypted guest migration. > + */ > +struct MachineMemoryEncryptionOps { > + /* Initialize the platform specific state before starting the migration */ > + int (*save_setup)(const char *pdh, const char *plat_cert, > + const char *amd_cert); > + > + /* Write the encrypted page and metadata associated with it */ > + int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size, > + uint64_t *bytes_sent); > + > + /* Load the incoming encrypted page into guest memory */ > + int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr); > + > + /* Write the page encryption state bitmap */ > + int (*save_outgoing_bitmap)(QEMUFile *f); > + > + /* Load the incoming page encryption bitmap */ > + int (*load_incoming_bitmap)(QEMUFile *f); > +}; > + > /** > * MachineClass: > * @deprecation_reason: If set, the machine is marked as deprecated. The > @@ -228,6 +251,7 @@ struct MachineClass { > unsigned cpu_index); > const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine); > int64_t (*get_default_cpu_node_id)(const MachineState *ms, int idx); > + struct MachineMemoryEncryptionOps *memory_encryption_ops; > }; > > /** > -- > 2.17.1 > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
diff --git a/include/hw/boards.h b/include/hw/boards.h index c5446a39cf..ba80c236fe 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -105,6 +105,29 @@ typedef struct { CPUArchId cpus[0]; } CPUArchIdList; +/** + * The functions registers with MachineMemoryEncryptionOps will be used during + * the encrypted guest migration. + */ +struct MachineMemoryEncryptionOps { + /* Initialize the platform specific state before starting the migration */ + int (*save_setup)(const char *pdh, const char *plat_cert, + const char *amd_cert); + + /* Write the encrypted page and metadata associated with it */ + int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size, + uint64_t *bytes_sent); + + /* Load the incoming encrypted page into guest memory */ + int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr); + + /* Write the page encryption state bitmap */ + int (*save_outgoing_bitmap)(QEMUFile *f); + + /* Load the incoming page encryption bitmap */ + int (*load_incoming_bitmap)(QEMUFile *f); +}; + /** * MachineClass: * @deprecation_reason: If set, the machine is marked as deprecated. The @@ -228,6 +251,7 @@ struct MachineClass { unsigned cpu_index); const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine); int64_t (*get_default_cpu_node_id)(const MachineState *ms, int idx); + struct MachineMemoryEncryptionOps *memory_encryption_ops; }; /**
When memory encryption is enabled in VM, the guest RAM will be encrypted with the guest-specific key, to protect the confidentiality of data while in transit we need to platform specific hooks to save or migrate the guest RAM. The MemoryEncryptionOps introduced in this patch will be later used by the migration. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- include/hw/boards.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)