From patchwork Wed Jul 10 20:22:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038921 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DBCB7138D for ; Wed, 10 Jul 2019 20:26:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CD30D2897D for ; Wed, 10 Jul 2019 20:26:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BE57F28987; Wed, 10 Jul 2019 20:26:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 62A952897D for ; Wed, 10 Jul 2019 20:26:30 +0000 (UTC) Received: from localhost ([::1]:36830 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJAb-0005k7-9Y for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:26:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57050) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7H-0001UJ-UN for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7G-0002H2-Tu for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:03 -0400 Received: from mail-eopbgr710059.outbound.protection.outlook.com ([40.107.71.59]:24298 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7G-0002Ap-MZ for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z4FQhedDI2J/9O6at+OtRsW2z1M94UnOeJHXHRF+rtw=; b=Dun06QnXwX/c9zRaAQii9qNCLsV0kE3r7dfcq/n7qyXi9viQzpxNyJ6grx+Vugc7iDx8XwBbDBy9wqlYakDaPOggPXok3s1yQWcl/LFXOMzpmXdd6C56dF5MJzPGJBa5Ja1jX0YW8HNZ38GgBGlF5hB4EHA0JChop75ynNJH9hY= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2618.namprd12.prod.outlook.com (20.176.116.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Wed, 10 Jul 2019 20:22:59 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:22:59 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 01/13] linux-headers: update kernel header to include SEV migration commands Thread-Index: AQHVN11EMkFIntZma0SStKtaLoP2zw== Date: Wed, 10 Jul 2019 20:22:59 +0000 Message-ID: <20190710202219.25939-2-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c2e25255-81a9-47e9-2858-08d7057466a8 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2618; x-ms-traffictypediagnostic: DM6PR12MB2618: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:21; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(136003)(39860400002)(376002)(396003)(189003)(199004)(5640700003)(14444005)(8676002)(99286004)(66066001)(53936002)(2351001)(6116002)(3846002)(6436002)(6486002)(305945005)(7736002)(76176011)(52116002)(6916009)(6512007)(81166006)(5660300002)(8936002)(66946007)(66476007)(81156014)(386003)(6506007)(2501003)(2906002)(486006)(476003)(50226002)(68736007)(2616005)(446003)(86362001)(478600001)(25786009)(316002)(11346002)(54906003)(66446008)(64756008)(256004)(71200400001)(71190400001)(66556008)(14454004)(102836004)(1076003)(26005)(36756003)(4326008)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2618; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ro+x98rfVNk6WONi6kGQTY2KglXpbNfhhvB+WX+cS2sOe5U+zpBX2dIFQjtStYV3B54UGq1a8un7jqq4X4LclZCLZE+ZvJNZHkspFZzMkQiVL17qc/iMxavKPrfPXosKVfEYDHgAClKOTyoFM9YujK7tCeYgjJbNdBRJ1WYtAhulb3kAE0audJr10pHuiRNE54dROMoHrh/9pngk8gH9FKWATNOlp7arvR3VHUCDzbvy3gw1ivG7hEQTGOe8oVDGBX4PtUsX91VqUXhsVKSHrVi1194xiOxKNN1Y+nQfgVgT9jwWlI6tU1F5iTZGkrhRIKS8iYGuMnvjsxlS5NQ0j5laTcC9aowiiLoCkefTtxpBM1wc9xtwH3nKP/r4pxHxnsKXVsYpra/uuJSIpMJWLu2pZn967vZXDRe1rA+ejjk= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2e25255-81a9-47e9-2858-08d7057466a8 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:22:59.4405 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2618 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.59 Subject: [Qemu-devel] [PATCH v2 01/13] linux-headers: update kernel header to include SEV migration commands X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Brijesh Singh --- linux-headers/linux/kvm.h | 53 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index c8423e760c..2b0a2a97b8 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -492,6 +492,16 @@ struct kvm_dirty_log { }; }; +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + /* for KVM_CLEAR_DIRTY_LOG */ struct kvm_clear_dirty_log { __u32 slot; @@ -1451,6 +1461,9 @@ struct kvm_enc_region { /* Available with KVM_CAP_ARM_SVE */ #define KVM_ARM_VCPU_FINALIZE _IOW(KVMIO, 0xc2, int) +#define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_bitmap) +#define KVM_SET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc3, struct kvm_page_enc_bitmap) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ @@ -1531,6 +1544,46 @@ struct kvm_sev_dbg { __u32 len; }; +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_cert_uaddr; + __u32 plat_cert_len; + __u64 amd_cert_uaddr; + __u32 amd_cert_len; + __u64 session_uaddr; + __u32 session_len; +}; + +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u64 session_uaddr; + __u32 session_len; +}; + +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Wed Jul 10 20:23:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038917 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 755E517EF for ; Wed, 10 Jul 2019 20:24:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 653502896F for ; Wed, 10 Jul 2019 20:24:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 59E3828978; Wed, 10 Jul 2019 20:24:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DAA532897A for ; Wed, 10 Jul 2019 20:24:09 +0000 (UTC) Received: from localhost ([::1]:36814 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ8L-0002uR-68 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:24:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57065) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7I-0001UK-Ng for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7H-0002Hq-FG for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:04 -0400 Received: from mail-eopbgr710059.outbound.protection.outlook.com ([40.107.71.59]:24298 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7H-0002Ap-6x for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sS+ovNKVJ/7a5sXKjQgKLa3nZqVtaXZaMEwfSfzlysc=; b=WVVnzjFVI56JO2+mw6Hj/opuHt9tKijwcjCox5daQHDmWufTTalPsDOgEab0GYV2ZOKFl6mUmu6yT2s2LbGf0fUdv6PiJjj4I2PgyrGDDQGAbnqDOkp3x0P03Q2EvwYyuGqdGQ9MsdALm5m82ODlu4MIJ8oqIt9REQAr4nxRmf4= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2618.namprd12.prod.outlook.com (20.176.116.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Wed, 10 Jul 2019 20:23:00 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:00 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 02/13] kvm: introduce high-level API to support encrypted page migration Thread-Index: AQHVN11E6BDm0AOVHUu1X3S27NYERQ== Date: Wed, 10 Jul 2019 20:23:00 +0000 Message-ID: <20190710202219.25939-3-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e2a40572-4b62-43ec-8a71-08d7057466ff x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2618; x-ms-traffictypediagnostic: DM6PR12MB2618: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2512; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(136003)(39860400002)(376002)(396003)(189003)(199004)(5640700003)(14444005)(8676002)(99286004)(66066001)(53936002)(2351001)(6116002)(3846002)(6436002)(6486002)(305945005)(7736002)(76176011)(52116002)(6916009)(6512007)(81166006)(5660300002)(8936002)(66946007)(66476007)(81156014)(386003)(6506007)(2501003)(2906002)(486006)(476003)(50226002)(68736007)(2616005)(446003)(86362001)(478600001)(25786009)(316002)(11346002)(54906003)(66446008)(64756008)(256004)(71200400001)(71190400001)(66556008)(14454004)(102836004)(1076003)(26005)(36756003)(4326008)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2618; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: TjDGzPu45zlUEtp/p0IqtkGy3txcsrYg21CEydL0NIeQ3iB6ORNmVBRAPzMksugdJDwiEuOnUBmcxGQp8ztVyxu+MtNH1ogaXgBkVHf99XeJBz6FWEGNXWrbSkZMvZdhiNxfj9Havq4+HNp6IBCp1gSkHJ3Ndm40jYq/CACY/4rNBml8sqITctvDocj9tyIca892Z+dswxPjv5xFCf369VpeKfxIpaQpq6b+d+in80+nFCilDyc+11T3CZLBeQ43/KExVNHLJyr9ljYANJNWJ+B0OzW/0csRDXdB5F0YyqsuHcOF7WUyAKtXAih0j64BItZ5TB9Op07D8Sjdpm1+Z9wvdCsjZWa7HZ+LZ7F662pus5ZD4Anc+BkcZbVbyRGJ+3RoK2omxbSpKkmYynmSim50zNkh+PpVf3WJOeokQ6I= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e2a40572-4b62-43ec-8a71-08d7057466ff X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:00.0731 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2618 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.59 Subject: [Qemu-devel] [PATCH v2 02/13] kvm: introduce high-level API to support encrypted page migration X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP When memory encryption is enabled in VM, the guest pages will be encrypted with the guest-specific key, to protect the confidentiality of data in transit. To support the live migration we need to use platform specific hooks to access the guest memory. The kvm_memcrypt_save_outgoing_page() can be used by the sender to write the encrypted pages and metadata associated with it on the socket. The kvm_memcrypt_load_incoming_page() can be used by receiver to read the incoming encrypted pages from the socket and load into the guest memory. Signed-off-by: Brijesh Singh <> --- accel/kvm/kvm-all.c | 27 +++++++++++++++++++++++++++ accel/kvm/sev-stub.c | 11 +++++++++++ accel/stubs/kvm-stub.c | 12 ++++++++++++ include/sysemu/kvm.h | 12 ++++++++++++ include/sysemu/sev.h | 3 +++ 5 files changed, 65 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 3d86ae5052..162a2d5085 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -110,6 +110,10 @@ struct KVMState /* memory encryption */ void *memcrypt_handle; int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len); + int (*memcrypt_save_outgoing_page)(void *ehandle, QEMUFile *f, + uint8_t *ptr, uint32_t sz, uint64_t *bytes_sent); + int (*memcrypt_load_incoming_page)(void *ehandle, QEMUFile *f, + uint8_t *ptr); }; KVMState *kvm_state; @@ -165,6 +169,29 @@ int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) return 1; } +int kvm_memcrypt_save_outgoing_page(QEMUFile *f, uint8_t *ptr, + uint32_t size, uint64_t *bytes_sent) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_save_outgoing_page) { + return kvm_state->memcrypt_save_outgoing_page(kvm_state->memcrypt_handle, + f, ptr, size, bytes_sent); + } + + return 1; +} + +int kvm_memcrypt_load_incoming_page(QEMUFile *f, uint8_t *ptr) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_load_incoming_page) { + return kvm_state->memcrypt_load_incoming_page(kvm_state->memcrypt_handle, + f, ptr); + } + + return 1; +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s = kvm_state; diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index 4f97452585..c12a8e005e 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -24,3 +24,14 @@ void *sev_guest_init(const char *id) { return NULL; } + +int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, + uint32_t size, uint64_t *bytes_sent) +{ + return 1; +} + +int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr) +{ + return 1; +} diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index 6feb66ed80..e14b879531 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -114,6 +114,18 @@ int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) return 1; } +int kvm_memcrypt_save_outgoing_page(QEMUFile *f, uint8_t *ptr, + uint32_t size, uint64_t *bytes_sent) +{ + return 1; +} + +int kvm_memcrypt_load_incoming_page(QEMUFile *f, uint8_t *ptr) +{ + return 1; +} + + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index acd90aebb6..bb6bcc143c 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -247,6 +247,18 @@ bool kvm_memcrypt_enabled(void); */ int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len); +/** + * kvm_memcrypt_save_outgoing_buffer - encrypt the outgoing buffer + * and write to the wire. + */ +int kvm_memcrypt_save_outgoing_page(QEMUFile *f, uint8_t *ptr, uint32_t size, + uint64_t *bytes_sent); + +/** + * kvm_memcrypt_load_incoming_buffer - read the encrypt incoming buffer and copy + * the buffer into the guest memory space. + */ +int kvm_memcrypt_load_incoming_page(QEMUFile *f, uint8_t *ptr); #ifdef NEED_CPU_H #include "cpu.h" diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 98c1ec8d38..752a71b1c0 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -18,4 +18,7 @@ void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); +int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, + uint32_t size, uint64_t *bytes_sent); +int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr); #endif From patchwork Wed Jul 10 20:23:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038919 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AA7F1138D for ; Wed, 10 Jul 2019 20:24:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C5212896F for ; Wed, 10 Jul 2019 20:24:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8F4B72897A; Wed, 10 Jul 2019 20:24:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 20E532896F for ; Wed, 10 Jul 2019 20:24:13 +0000 (UTC) Received: from localhost ([::1]:36816 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ8O-000323-F4 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:24:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57086) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7L-0001VQ-4x for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7K-0002Lv-1u for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:07 -0400 Received: from mail-eopbgr710085.outbound.protection.outlook.com ([40.107.71.85]:55454 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7J-0002KJ-Oq for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u7f0U8yyQZeeDC6NdaZzAq3WQnoSQ3/6zyYS1SxqRdQ=; b=cXzPnJBXwIDv8mQi6s2FAxZrSKkjkpX77x9TsTcFAIbX0VXN3x9zWeHOQU7ON0t0XUZRNVGqSFKbJ3Crjt3M0e49zvF7vD0kwe3ASoYmGJbUz1GyZ+BqOL2wvIygCwHGnArVtooplfU+AYMknngLdlE0L3MtjsG8TU1X/2tkApc= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2618.namprd12.prod.outlook.com (20.176.116.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Wed, 10 Jul 2019 20:23:00 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:00 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 03/13] migration/ram: add support to send encrypted pages Thread-Index: AQHVN11E5yX2Qel2IUGBE0XocGCcPw== Date: Wed, 10 Jul 2019 20:23:00 +0000 Message-ID: <20190710202219.25939-4-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 318875e0-9f7c-4ed2-910b-08d70574675c x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2618; x-ms-traffictypediagnostic: DM6PR12MB2618: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(136003)(39860400002)(376002)(396003)(189003)(199004)(43544003)(5640700003)(14444005)(8676002)(99286004)(66066001)(53936002)(2351001)(6116002)(3846002)(6436002)(6486002)(305945005)(7736002)(76176011)(52116002)(6916009)(6512007)(81166006)(5660300002)(8936002)(66946007)(66476007)(81156014)(386003)(6506007)(2501003)(2906002)(486006)(476003)(50226002)(68736007)(2616005)(446003)(86362001)(478600001)(25786009)(316002)(11346002)(54906003)(66446008)(64756008)(256004)(71200400001)(71190400001)(66556008)(14454004)(102836004)(1076003)(26005)(36756003)(4326008)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2618; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: d4IoCi04P8duoXK700VPH2o/b2pvep07HL72gWSkMjpxQxEkqJzOX4QniWsOJtlembvKvGxP5rynzgXFIR2me7gVkILtv0mPqlIvmdCdnvx6SO4V0UJc0xJ0J7AaU7DjnwKRjRVS+r5fgZnn2vpRlVH9bd/wrQz0tetxnKrwrVffV8uVjiybwiQMvyfPY8yB2rtmXZ4wEtSu9kszpj6i19IpXh/fKXMkOBaj+ZePWJkIpxH6TesQE30PuKsY+sGHEL959sQCEEshjiYTd7vHG+fUBZXl5PJfrNm0eoJAARmNLuhzdnKg+QKjHtWig97mI451anP2zRWYi820bjZkfg52V8uu4FbaTNMcXZlFPBiVW0qFgSzgrKFMSZIpKQHrZS49YBWJgrYIfIHn0BAiQi2bepAlgEqbxUZmVG1eKWk= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 318875e0-9f7c-4ed2-910b-08d70574675c X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:00.6528 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2618 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.85 Subject: [Qemu-devel] [PATCH v2 03/13] migration/ram: add support to send encrypted pages X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP When memory encryption is enabled, the guest memory will be encrypted with the guest specific key. The patch introduces RAM_SAVE_FLAG_ENCRYPTED_PAGE flag to distinguish the encrypted data from plaintext. Encrypted pages may need special handling. The kvm_memcrypt_save_outgoing_page() is used by the sender to write the encrypted pages onto the socket, similarly the kvm_memcrypt_load_incoming_page() is used by the target to read the encrypted pages from the socket and load into the guest memory. Signed-off-by: Brijesh Singh --- migration/ram.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/migration/ram.c b/migration/ram.c index 908517fc2b..3c8977d508 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -57,6 +57,7 @@ #include "qemu/uuid.h" #include "savevm.h" #include "qemu/iov.h" +#include "sysemu/kvm.h" /***********************************************************/ /* ram save/restore */ @@ -76,6 +77,7 @@ #define RAM_SAVE_FLAG_XBZRLE 0x40 /* 0x80 is reserved in migration.h start with 0x100 next */ #define RAM_SAVE_FLAG_COMPRESS_PAGE 0x100 +#define RAM_SAVE_FLAG_ENCRYPTED_PAGE 0x200 static inline bool is_zero_range(uint8_t *p, uint64_t size) { @@ -460,6 +462,9 @@ static QemuCond decomp_done_cond; static bool do_compress_ram_page(QEMUFile *f, z_stream *stream, RAMBlock *block, ram_addr_t offset, uint8_t *source_buf); +static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss, + bool last_stage); + static void *do_data_compress(void *opaque) { CompressParam *param = opaque; @@ -2006,6 +2011,36 @@ static int ram_save_multifd_page(RAMState *rs, RAMBlock *block, return 1; } +/** + * ram_save_encrypted_page - send the given encrypted page to the stream + */ +static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss, + bool last_stage) +{ + int ret; + uint8_t *p; + RAMBlock *block = pss->block; + ram_addr_t offset = pss->page << TARGET_PAGE_BITS; + uint64_t bytes_xmit; + + p = block->host + offset; + + ram_counters.transferred += + save_page_header(rs, rs->f, block, + offset | RAM_SAVE_FLAG_ENCRYPTED_PAGE); + + ret = kvm_memcrypt_save_outgoing_page(rs->f, p, + TARGET_PAGE_SIZE, &bytes_xmit); + if (ret) { + return -1; + } + + ram_counters.transferred += bytes_xmit; + ram_counters.normal++; + + return 1; +} + static bool do_compress_ram_page(QEMUFile *f, z_stream *stream, RAMBlock *block, ram_addr_t offset, uint8_t *source_buf) { @@ -2450,6 +2485,16 @@ static int ram_save_target_page(RAMState *rs, PageSearchStatus *pss, return res; } + /* + * If memory encryption is enabled then use memory encryption APIs + * to write the outgoing buffer to the wire. The encryption APIs + * will take care of accessing the guest memory and re-encrypt it + * for the transport purposes. + */ + if (kvm_memcrypt_enabled()) { + return ram_save_encrypted_page(rs, pss, last_stage); + } + if (save_compress_page(rs, block, offset)) { return 1; } @@ -4271,7 +4316,8 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) } if (flags & (RAM_SAVE_FLAG_ZERO | RAM_SAVE_FLAG_PAGE | - RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE)) { + RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE | + RAM_SAVE_FLAG_ENCRYPTED_PAGE)) { RAMBlock *block = ram_block_from_stream(f, flags); /* @@ -4391,6 +4437,12 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) break; } break; + case RAM_SAVE_FLAG_ENCRYPTED_PAGE: + if (kvm_memcrypt_load_incoming_page(f, host)) { + error_report("Failed to encrypted incoming data"); + ret = -EINVAL; + } + break; case RAM_SAVE_FLAG_EOS: /* normal exit */ multifd_recv_sync_main(); From patchwork Wed Jul 10 20:23:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038935 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1925B13B1 for ; Wed, 10 Jul 2019 20:31:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0B7D5287E3 for ; Wed, 10 Jul 2019 20:31:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F41072882D; Wed, 10 Jul 2019 20:30:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 10ED5287E3 for ; Wed, 10 Jul 2019 20:30:58 +0000 (UTC) Received: from localhost ([::1]:36888 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJEw-0002f4-8h for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:30:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57149) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7N-0001a3-T3 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7L-0002PY-Od for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:09 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7L-0002MZ-C3 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4ZPFbQ5tk01R05nbv01ZCuCdEDptHDOEFGh8dh0fsjc=; b=MhZZknJQU+WD7sCGFMxWpnMPzCNfybv36UO0ljFj0fXUHYg2PBbGlsd+99ThH5Kz8Ht8qrv2h0yaYkz//+IAzCl0uHCJhNqZfIKopAd6pxW9fr28YC4jp21jwrrvx1dlOC0SYtxtlSXluzmmuPMbYubnX6wVYxA27i0qN65Lkjw= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:05 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:05 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 04/13] kvm: add support to sync the page encryption state bitmap Thread-Index: AQHVN11F+Po2QzUWe02pucGkrz+7bA== Date: Wed, 10 Jul 2019 20:23:01 +0000 Message-ID: <20190710202219.25939-5-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: af942760-5217-48e9-ad6c-08d7057467b8 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:428; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(43544003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(14444005)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(6666004)(4326008)(66476007)(66946007)(30864003)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: uTdOn14jHseACF1pEwWxE4Bx3zVIQRxz73uU/7RD+pBGeZou9zpLzVIt3L/HIHQ5bY8eu1xE4EehRCCoM1vHxscEIqbxU02Ree5mAB08bM9iz9oiVPW20ZfW40QmhQ9eKUsUOMSCqR2ZW0IkEN1Ir3pfySmXeB5zxCoiQDfo6I0rWV7h8zm4Vg9EQKcaws6Xe9hGt6RmrycU4bmTDwVoqp71oKtRAmOUKf6iQIMIRhamoqJcEObN5GKSK3zzVquj3z3cX2iNrifICOIVZig/D2oQhYEbgSCwYEiqHOFswleQELCCBUZzLLiSB5R9l693cb+pnfhhPVNjJNbF2iANqWyVA39gMy0twOQ8/8xd43BuJCw2b5bkkCoYqsUj+bw8Hm2otMLLhYr1jnBqw2rdpG9rz6UvtIa8OLqSOTg01bY= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: af942760-5217-48e9-ad6c-08d7057467b8 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:01.3164 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 04/13] kvm: add support to sync the page encryption state bitmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The SEV VMs have concept of private and shared memory. The private memory is encrypted with guest-specific key, while shared memory may be encrypted with hyperivosr key. The KVM_GET_PAGE_ENC_BITMAP can be used to get a bitmap indicating whether the guest page is private or shared. A private page must be transmitted using the SEV migration commands. Add a cpu_physical_memory_sync_encrypted_bitmap() which can be used to sync the page encryption bitmap for a given memory region. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 38 ++++++++++ include/exec/ram_addr.h | 161 ++++++++++++++++++++++++++++++++++++++-- include/exec/ramlist.h | 3 +- migration/ram.c | 28 ++++++- 4 files changed, 222 insertions(+), 8 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 162a2d5085..c935e9366c 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -504,6 +504,37 @@ static int kvm_get_dirty_pages_log_range(MemoryRegionSection *section, #define ALIGN(x, y) (((x)+(y)-1) & ~((y)-1)) +/* sync page_enc bitmap */ +static int kvm_sync_page_enc_bitmap(KVMMemoryListener *kml, + MemoryRegionSection *section, + KVMSlot *mem) +{ + unsigned long size; + KVMState *s = kvm_state; + struct kvm_page_enc_bitmap e = {}; + ram_addr_t pages = int128_get64(section->size) / getpagesize(); + ram_addr_t start = section->offset_within_region + + memory_region_get_ram_addr(section->mr); + + size = ALIGN(((mem->memory_size) >> TARGET_PAGE_BITS), + /*HOST_LONG_BITS*/ 64) / 8; + e.enc_bitmap = g_malloc0(size); + e.start_gfn = mem->start_addr >> TARGET_PAGE_BITS; + e.num_pages = pages; + if (kvm_vm_ioctl(s, KVM_GET_PAGE_ENC_BITMAP, &e) == -1) { + DPRINTF("KVM_GET_PAGE_ENC_BITMAP ioctl failed %d\n", errno); + g_free(e.enc_bitmap); + return 1; + } + + cpu_physical_memory_set_encrypted_lebitmap(e.enc_bitmap, + start, pages); + + g_free(e.enc_bitmap); + + return 0; +} + /** * kvm_physical_sync_dirty_bitmap - Grab dirty bitmap from kernel space * This function updates qemu's dirty bitmap using @@ -553,6 +584,13 @@ static int kvm_physical_sync_dirty_bitmap(KVMMemoryListener *kml, } kvm_get_dirty_pages_log_range(section, d.dirty_bitmap); + + if (kvm_memcrypt_enabled() && + kvm_sync_page_enc_bitmap(kml, section, mem)) { + g_free(d.dirty_bitmap); + return -1; + } + g_free(d.dirty_bitmap); } diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h index f96777bb99..6fc6864194 100644 --- a/include/exec/ram_addr.h +++ b/include/exec/ram_addr.h @@ -51,6 +51,8 @@ struct RAMBlock { unsigned long *unsentmap; /* bitmap of already received pages in postcopy */ unsigned long *receivedmap; + /* bitmap of page encryption state for an encrypted guest */ + unsigned long *encbmap; }; static inline bool offset_in_ramblock(RAMBlock *b, ram_addr_t offset) @@ -314,9 +316,41 @@ static inline void cpu_physical_memory_set_dirty_range(ram_addr_t start, } #if !defined(_WIN32) -static inline void cpu_physical_memory_set_dirty_lebitmap(unsigned long *bitmap, + +static inline void cpu_physical_memory_set_encrypted_range(ram_addr_t start, + ram_addr_t length, + unsigned long val) +{ + unsigned long end, page; + unsigned long * const *src; + + if (length == 0) { + return; + } + + end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS; + page = start >> TARGET_PAGE_BITS; + + rcu_read_lock(); + + src = atomic_rcu_read(&ram_list.dirty_memory[DIRTY_MEMORY_ENCRYPTED])->blocks; + + while (page < end) { + unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE; + unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE; + unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset); + + atomic_xchg(&src[idx][BIT_WORD(offset)], val); + page += num; + } + + rcu_read_unlock(); +} + +static inline void cpu_physical_memory_set_dirty_enc_lebitmap(unsigned long *bitmap, ram_addr_t start, - ram_addr_t pages) + ram_addr_t pages, + bool enc_map) { unsigned long i, j; unsigned long page_number, c; @@ -349,10 +383,14 @@ static inline void cpu_physical_memory_set_dirty_lebitmap(unsigned long *bitmap, if (bitmap[k]) { unsigned long temp = leul_to_cpu(bitmap[k]); - atomic_or(&blocks[DIRTY_MEMORY_MIGRATION][idx][offset], temp); - atomic_or(&blocks[DIRTY_MEMORY_VGA][idx][offset], temp); - if (tcg_enabled()) { - atomic_or(&blocks[DIRTY_MEMORY_CODE][idx][offset], temp); + if (enc_map) { + atomic_xchg(&blocks[DIRTY_MEMORY_ENCRYPTED][idx][offset], temp); + } else { + atomic_or(&blocks[DIRTY_MEMORY_MIGRATION][idx][offset], temp); + atomic_or(&blocks[DIRTY_MEMORY_VGA][idx][offset], temp); + if (tcg_enabled()) { + atomic_or(&blocks[DIRTY_MEMORY_CODE][idx][offset], temp); + } } } @@ -372,6 +410,17 @@ static inline void cpu_physical_memory_set_dirty_lebitmap(unsigned long *bitmap, * especially when most of the memory is not dirty. */ for (i = 0; i < len; i++) { + + /* If its encrypted bitmap update, then we need to copy the bitmap + * value as-is to the destination. + */ + if (enc_map) { + cpu_physical_memory_set_encrypted_range(start + i * TARGET_PAGE_SIZE, + TARGET_PAGE_SIZE * hpratio, + leul_to_cpu(bitmap[i])); + continue; + } + if (bitmap[i] != 0) { c = leul_to_cpu(bitmap[i]); do { @@ -387,6 +436,21 @@ static inline void cpu_physical_memory_set_dirty_lebitmap(unsigned long *bitmap, } } } + +static inline void cpu_physical_memory_set_encrypted_lebitmap(unsigned long *bitmap, + ram_addr_t start, + ram_addr_t pages) +{ + return cpu_physical_memory_set_dirty_enc_lebitmap(bitmap, start, pages, true); +} + +static inline void cpu_physical_memory_set_dirty_lebitmap(unsigned long *bitmap, + ram_addr_t start, + ram_addr_t pages) +{ + return cpu_physical_memory_set_dirty_enc_lebitmap(bitmap, start, pages, false); +} + #endif /* not _WIN32 */ bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start, @@ -406,6 +470,7 @@ static inline void cpu_physical_memory_clear_dirty_range(ram_addr_t start, cpu_physical_memory_test_and_clear_dirty(start, length, DIRTY_MEMORY_MIGRATION); cpu_physical_memory_test_and_clear_dirty(start, length, DIRTY_MEMORY_VGA); cpu_physical_memory_test_and_clear_dirty(start, length, DIRTY_MEMORY_CODE); + cpu_physical_memory_test_and_clear_dirty(start, length, DIRTY_MEMORY_ENCRYPTED); } @@ -474,5 +539,89 @@ uint64_t cpu_physical_memory_sync_dirty_bitmap(RAMBlock *rb, return num_dirty; } + +static inline bool cpu_physical_memory_test_encrypted(ram_addr_t start, + ram_addr_t length) +{ + unsigned long end, page; + bool enc = false; + unsigned long * const *src; + + if (length == 0) { + return enc; + } + + end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS; + page = start >> TARGET_PAGE_BITS; + + rcu_read_lock(); + + src = atomic_rcu_read(&ram_list.dirty_memory[DIRTY_MEMORY_ENCRYPTED])->blocks; + + while (page < end) { + unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE; + unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE; + unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset); + + enc |= atomic_read(&src[idx][BIT_WORD(offset)]); + page += num; + } + + rcu_read_unlock(); + + return enc; +} + +static inline +void cpu_physical_memory_sync_encrypted_bitmap(RAMBlock *rb, + ram_addr_t start, + ram_addr_t length) +{ + ram_addr_t addr; + unsigned long word = BIT_WORD((start + rb->offset) >> TARGET_PAGE_BITS); + unsigned long *dest = rb->encbmap; + + /* start address and length is aligned at the start of a word? */ + if (((word * BITS_PER_LONG) << TARGET_PAGE_BITS) == + (start + rb->offset) && + !(length & ((BITS_PER_LONG << TARGET_PAGE_BITS) - 1))) { + int k; + int nr = BITS_TO_LONGS(length >> TARGET_PAGE_BITS); + unsigned long * const *src; + unsigned long idx = (word * BITS_PER_LONG) / DIRTY_MEMORY_BLOCK_SIZE; + unsigned long offset = BIT_WORD((word * BITS_PER_LONG) % + DIRTY_MEMORY_BLOCK_SIZE); + unsigned long page = BIT_WORD(start >> TARGET_PAGE_BITS); + + rcu_read_lock(); + + src = atomic_rcu_read( + &ram_list.dirty_memory[DIRTY_MEMORY_ENCRYPTED])->blocks; + + for (k = page; k < page + nr; k++) { + unsigned long bits = atomic_read(&src[idx][offset]); + dest[k] = bits; + + if (++offset >= BITS_TO_LONGS(DIRTY_MEMORY_BLOCK_SIZE)) { + offset = 0; + idx++; + } + } + + rcu_read_unlock(); + } else { + ram_addr_t offset = rb->offset; + + for (addr = 0; addr < length; addr += TARGET_PAGE_SIZE) { + long k = (start + addr) >> TARGET_PAGE_BITS; + if (cpu_physical_memory_test_encrypted(start + addr + offset, + TARGET_PAGE_SIZE)) { + set_bit(k, dest); + } else { + clear_bit(k, dest); + } + } + } +} #endif #endif diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h index bc4faa1b00..2a5eab8b11 100644 --- a/include/exec/ramlist.h +++ b/include/exec/ramlist.h @@ -11,7 +11,8 @@ typedef struct RAMBlockNotifier RAMBlockNotifier; #define DIRTY_MEMORY_VGA 0 #define DIRTY_MEMORY_CODE 1 #define DIRTY_MEMORY_MIGRATION 2 -#define DIRTY_MEMORY_NUM 3 /* num of dirty bits */ +#define DIRTY_MEMORY_ENCRYPTED 3 +#define DIRTY_MEMORY_NUM 4 /* num of dirty bits */ /* The dirty memory bitmap is split into fixed-size blocks to allow growth * under RCU. The bitmap for a block can be accessed as follows: diff --git a/migration/ram.c b/migration/ram.c index 3c8977d508..d179867e1b 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -1680,6 +1680,9 @@ static void migration_bitmap_sync_range(RAMState *rs, RAMBlock *rb, rs->migration_dirty_pages += cpu_physical_memory_sync_dirty_bitmap(rb, 0, length, &rs->num_dirty_pages_period); + if (kvm_memcrypt_enabled()) { + cpu_physical_memory_sync_encrypted_bitmap(rb, 0, length); + } } /** @@ -2465,6 +2468,22 @@ static bool save_compress_page(RAMState *rs, RAMBlock *block, ram_addr_t offset) return false; } +/** + * encrypted_test_bitmap: check if the page is encrypted + * + * Returns a bool indicating whether the page is encrypted. + */ +static bool encrypted_test_bitmap(RAMState *rs, RAMBlock *block, + unsigned long page) +{ + /* ROM devices contains the unencrypted data */ + if (memory_region_is_rom(block->mr)) { + return false; + } + + return test_bit(page, block->encbmap); +} + /** * ram_save_target_page: save one target page * @@ -2491,7 +2510,8 @@ static int ram_save_target_page(RAMState *rs, PageSearchStatus *pss, * will take care of accessing the guest memory and re-encrypt it * for the transport purposes. */ - if (kvm_memcrypt_enabled()) { + if (kvm_memcrypt_enabled() && + encrypted_test_bitmap(rs, pss->block, pss->page)) { return ram_save_encrypted_page(rs, pss, last_stage); } @@ -2724,6 +2744,8 @@ static void ram_save_cleanup(void *opaque) block->bmap = NULL; g_free(block->unsentmap); block->unsentmap = NULL; + g_free(block->encbmap); + block->encbmap = NULL; } xbzrle_cleanup(); @@ -3251,6 +3273,10 @@ static void ram_list_init_bitmaps(void) block->unsentmap = bitmap_new(pages); bitmap_set(block->unsentmap, 0, pages); } + if (kvm_memcrypt_enabled()) { + block->encbmap = bitmap_new(pages); + bitmap_set(block->encbmap, 0, pages); + } } } } From patchwork Wed Jul 10 20:23:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038927 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DB53814E5 for ; Wed, 10 Jul 2019 20:27:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CF49C2897D for ; Wed, 10 Jul 2019 20:27:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C3C6428987; Wed, 10 Jul 2019 20:27:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 692212897D for ; Wed, 10 Jul 2019 20:27:58 +0000 (UTC) Received: from localhost ([::1]:36850 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJC1-0008Vo-QC for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:27:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57144) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7N-0001Zz-M6 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7M-0002QK-7t for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:09 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7M-0002MZ-0d for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FeTDeSXk5UJ0lTYp0jJ/ZxI2hlobY20/tTfLvw3jj2g=; b=MJ8JvvPpo3T1MoPSDtRf0O8rcikd+dBvpR+LExjnbw713G+UC9iYgosTNDYihCbbvRDrYZighZRQXYuF4VUrRRZmwAEfNCtxOndKQjSosXszJSuJ0ADyPPvaqBkKt/W+ldFJ7Lqd2Q1zlYexc9ke6Yb74E13azC0a8SL0N+vHOc= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:06 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:06 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 05/13] doc: update AMD SEV API spec web link Thread-Index: AQHVN11FsCWhkaVSwkOeWx6da1F3Ew== Date: Wed, 10 Jul 2019 20:23:01 +0000 Message-ID: <20190710202219.25939-6-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2f300fef-1bc3-47dd-35f6-08d705746819 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-ms-exchange-purlcount: 4 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:296; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(966005)(1076003)(316002)(14444005)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(6666004)(4326008)(66476007)(66946007)(4744005)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(6306002)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: OOheKRd5kGkJgmkZIIFz0sKs5cm3o+IfFWJWCwUQDmneTwkmg9XWIpxfKd5V2snWjw+QrDoVUxisfTSoG+GPblAvCyzq8TDXB75SjBl5+QDrVNh2VSiO5vnNz9/cgmusWG6hZALkfLfzp+1LFGi65VGWdzR+bFQVYRois8fZUNptdRcLcyQUZL9Eua8mmR+9VDIpsjwbhFf3xeKy7y1HSkkoyhkyHVhGWvrs7D6CMS4LCBA0ZaOLmuFe8XYLYEn4TjtJLhOPqRjoO+GYJ0bnmyj4sCl6g6z9HRG/+znoReiCQ9PFJxwU0ylXN4+26wLGqBm9hFuZdBlRjBw9IqaFWJKeMc6lajmd+NZ6Gbg6bbiFthSW6cRwvchwaYLzlYMbishcYZeHPNQkWH7xjpadbUOtX2mX0LyvrLJnW5LiMoU= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2f300fef-1bc3-47dd-35f6-08d705746819 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:01.9680 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 05/13] doc: update AMD SEV API spec web link X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index 43bf3ee6a5..abb9a976f5 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -98,7 +98,7 @@ AMD Memory Encryption whitepaper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf Secure Encrypted Virtualization Key Management: -[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf +[1] https://developer.amd.com/sev/ (Secure Encrypted Virtualization API) KVM Forum slides: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf From patchwork Wed Jul 10 20:23:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038929 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C599914E5 for ; Wed, 10 Jul 2019 20:27:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BA1072897D for ; Wed, 10 Jul 2019 20:27:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AE8672898C; Wed, 10 Jul 2019 20:27:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4C7992897D for ; Wed, 10 Jul 2019 20:27:59 +0000 (UTC) Received: from localhost ([::1]:36852 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJC2-00006Z-MP for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:27:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57171) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7P-0001aJ-9I for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7M-0002RU-NW for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:11 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7M-0002MZ-G8 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6VFhbhSUUfHPJ3xcCQhWIsLPNFiovMczV1q4Ej8/iIc=; b=OVh8bqW4JXZ3Q1hilJ2yuTan9OZhCI8WPcHSTQdx6iYItY14fEbJYtOqj6NmWzATs0hq/6eUbx4q3u/j3WhISVKEe++IuMX9mZdjq/enbtHimyBJUFmNG4l+gtN9h7q/mrToN67XGqwKek4GSzJoEf2QB2DHIdkQWG6RmPCjI30= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:07 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:07 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 06/13] doc: update AMD SEV to include Live migration flow Thread-Index: AQHVN11GoaOgtO+6VkC360S37Y86xw== Date: Wed, 10 Jul 2019 20:23:03 +0000 Message-ID: <20190710202219.25939-7-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cc27c6de-7ba6-4b72-32a5-08d705746906 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3173; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(14444005)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(6666004)(4326008)(66476007)(66946007)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(15650500001)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: TzEetSjmESHtmv7YN9XEOS/ixBFtutJTSRMujh2C3aq5HZHox6hsyswmD+IM2qXF1eyYIwuszgYlXRZ281vi8rg8MUVUlJeb3O9186FpkSG+PHhw7zxCR7bowsx2tVADzTiW2b5JzyAPztSNO1nQ0h1eU6n8Vc0kHJ5fquqjZlkP7wZM+WLScFepH7oc5/YWMk80KZPE/rX6pef/Ar3gxr7Aco/TTW3bdZhSA7JIkm/gUcRIPLhRopuvJtBTHE0rZ0kAa2vSRMTi6B1jepYJXSZP8xjKHs7O8gmPKDPWjalSQfVT0hauKRmuT7CMy/VlJG3qPbgYnB4JIpEFHPP/qf5CPZzFCdLfSnDVe6luhoeBPxjjt0GRUGsXtreol95hOEvbDbX3bgI43AoV4ycXpNF2h/Jse9p89ozDIOnx6Uk= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cc27c6de-7ba6-4b72-32a5-08d705746906 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:03.5991 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 06/13] doc: update AMD SEV to include Live migration flow X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 42 +++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index abb9a976f5..374f4b0a94 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -89,7 +89,47 @@ TODO Live Migration ---------------- -TODO +AMD SEV encrypts the memory of VMs and because a different key is used +in each VM, the hypervisor will be unable to simply copy the +ciphertext from one VM to another to migrate the VM. Instead the AMD SEV Key +Management API provides sets of function which the hypervisor can use +to package a guest page for migration, while maintaining the confidentiality +provided by AMD SEV. + +SEV guest VMs have the concept of private and shared memory. The private +memory is encrypted with the guest-specific key, while shared memory may +be encrypted with the hypervisor key. The migration APIs provided by the +SEV API spec should be used for migrating the private pages. The +KVM_GET_PAGE_ENC_BITMAP ioctl can be used to get the guest page encryption +bitmap. The bitmap can be used to check if the given guest page is +private or shared. + +Before initiating the migration, we need to know the targets machine's public +Diffie-Hellman key (PDH) and certificate chain. It can be retrieved +with the 'query-sev-capabilities' QMP command or using the sev-tool. The +migrate-set-sev-info object can be used to pass the target machine's PDH and +certificate chain. + +e.g +(QMP) migrate-sev-set-info pdh= plat-cert= \ + amd-cert= +(QMP) migrate tcp:0:4444 + + +During the migration flow, the SEND_START is called on the source hypervisor +to create outgoing encryption context. The SEV guest policy dectates whether +the certificate passed through the migrate-sev-set-info command will be +validate. SEND_UPDATE_DATA is called to encrypt the guest private pages. +After migration is completed, SEND_FINISH is called to destroy the encryption +context and make the VM non-runnable to protect it against the cloning. + +On the target machine, RECEIVE_START is called first to create an +incoming encryption context. The RECEIVE_UPDATE_DATA is called to copy +the receieved encrypted page into guest memory. After migration has +completed, RECEIVE_FINISH is called to make the VM runnable. + +For more information about the migration see SEV API Appendix A +Usage flow (Live migration section). References ----------------- From patchwork Wed Jul 10 20:23:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038923 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9B75B14E5 for ; Wed, 10 Jul 2019 20:26:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8FAB02897D for ; Wed, 10 Jul 2019 20:26:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8379728987; Wed, 10 Jul 2019 20:26:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 964FF2897D for ; Wed, 10 Jul 2019 20:26:31 +0000 (UTC) Received: from localhost ([::1]:36832 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJAc-0005mG-WB for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:26:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57172) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7P-0001aK-9j for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7N-0002SV-8F for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:11 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7M-0002MZ-Vs for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K8uge0AoXxCn7HhHZpXoVTV/1NtO/YqS3QW46+orWF4=; b=R5gKf0IJPfTrW2Ok+M3rHK8m9OmhjrrydKioCLysM7YA4pT/DVNZpXCCr5vpsm9L3ZHOh2w298CC7uAL6kO8sWL/AofMBqtdjEw3hPKcFuYPRvC2GqmbX/M6z1KQvjfzlPrPO3ZnX7aH6i4bqglzF/afMtxfuJ9316oboZaO37Y= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:07 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:07 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 07/13] target/i386: sev: do not create launch context for an incoming guest Thread-Index: AQHVN11HJRKfeyUcOEyRbk+hnT3d+g== Date: Wed, 10 Jul 2019 20:23:04 +0000 Message-ID: <20190710202219.25939-8-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0bde2da0-5ff3-4a87-9264-08d7057469be x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:595; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(6666004)(4326008)(66476007)(66946007)(4744005)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: euPratxahNQuJSGJeZxWPFXSB06x3oDRfZig8bskwQS4B+3tUCY6e7nsMKTkdvpC8r9WGfOr0Amo0+1WaH7Wh5sigNIlpzHJLiSoD9gCXAeLbIpRiX8TIYOu7OXvYUeLPK0KWaSrKnZieURX8R0iMrlfNFjb6eV3ylowH+fjDJQXubtoROnfBvjdy9B6brmu0Gie0ivC4E5U2bnpXHl2ieRiA+HblNpiLfp8PIfwwYm/o5bbdzR2364V5ZZUtddOHVamrf7nlk2WsuUybx3kcGDJdsSxQS+xQP033Qc3/8dTShcJQG8d7k2W72NoY4qrhNpZUS6ewwDnZx/1+7g8m44UsbGh5JLY9L0Mu3cUZ1x3VScFKUl2hUYiD4X65hv/6qw5BiLElWy6IsGGrAhqedG3MRBllAVUXd0Rur3YAE8= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0bde2da0-5ff3-4a87-9264-08d7057469be X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:04.9054 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 07/13] target/i386: sev: do not create launch context for an incoming guest X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The LAUNCH_START is used for creating an encryption context to encrypt newly created guest, for an incoming guest the RECEIVE_START should be used. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- target/i386/sev.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 6dbdc3cdf1..49baf8fef0 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -789,10 +789,16 @@ sev_guest_init(const char *id) goto err; } - ret = sev_launch_start(s); - if (ret) { - error_report("%s: failed to create encryption context", __func__); - goto err; + /* + * The LAUNCH context is used for new guest, if its an incoming guest + * then RECEIVE context will be created after the connection is established. + */ + if (!runstate_check(RUN_STATE_INMIGRATE)) { + ret = sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } } ram_block_notifier_add(&sev_ram_notifier); From patchwork Wed Jul 10 20:23:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038933 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E9E0B138D for ; Wed, 10 Jul 2019 20:30:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB8822882D for ; Wed, 10 Jul 2019 20:30:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF18028837; Wed, 10 Jul 2019 20:30:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 63115287E7 for ; Wed, 10 Jul 2019 20:30:59 +0000 (UTC) Received: from localhost ([::1]:36890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJEw-0002fF-Kx for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:30:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57220) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7S-0001cl-0D for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7P-0002VO-8l for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:13 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7O-0002MZ-Ne for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XCwJf/vy1vfgC82I+2J59nLHSF5FAZJ/E8lMaNycqyU=; b=OiF8xPgpSMoqTGIjXY4JWrWXmpCYGcPC7UsCfoiZvWXKZYi9AuKq9MQtJwTcsIKmPysM5exwRlS+pVFwgEPFTu8bM19xldWlL1fcZIEJe47j/3Ub/UeKyET4bBm/qMvWu0odJH+QtlwS2sf/4ri/Nq/YXAq+pGdOV2uJW4vrb4g= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:08 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:08 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 08/13] misc.json: add migrate-set-sev-info command Thread-Index: AQHVN11IB0jBOURssEaB+JuEzUXc9g== Date: Wed, 10 Jul 2019 20:23:06 +0000 Message-ID: <20190710202219.25939-9-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8aeb044e-1e6f-43d8-2b20-08d705746a6f x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1332; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(14444005)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(4326008)(66476007)(66946007)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: +Npc5CYcQErpA8tdT2Sm4XN2grA+jINXf7ymJDwUjE2AZV8jPP5ilHE5D0UZosBdgH8Qai5SEIXZ/hJMymx/uAyMOl1ixCvCrYQFRibOGvLodFsc7p1TP499DSLnIr4+rFAuVZXgaE61tvuu0XOYxLO2Z19TA+sLT1oaIZObtaJT7iXqoYACAoIkt8+15BPda0UVw+o4kFLH151LvlVyjaqkzH4Zq92D62dN7WMvNob5OVe2+6xFd5jfqjNZRfmwq3jptO8em89GsTQ6g0qQRO42SvQ6/Fg+wo+jVInVaHZOP2oWjhahVM5BRaMQ8b8AdBbMLIySB621cEdiNXp2+d+L9EmLhEQXVNgP6ex/G22Ax2Xzyu69WX/mrqeettRGFTZuORa8hOCeOCr9+/tRaEMlgIvZPo1Gjro244AwPlo= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8aeb044e-1e6f-43d8-2b20-08d705746a6f X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:06.4175 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 08/13] misc.json: add migrate-set-sev-info command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The command can be used by the hypervisor to specify the target Platform Diffie-Hellman key (PDH) and certificate chain before starting the SEV guest migration. The values passed through the command will be used while creating the outgoing encryption context. Signed-off-by: Brijesh Singh --- qapi/misc-target.json | 18 ++++++++++++++++++ target/i386/monitor.c | 10 ++++++++++ target/i386/sev-stub.c | 5 +++++ target/i386/sev.c | 11 +++++++++++ target/i386/sev_i386.h | 9 ++++++++- 5 files changed, 52 insertions(+), 1 deletion(-) diff --git a/qapi/misc-target.json b/qapi/misc-target.json index a00fd821eb..938dcaea14 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -266,3 +266,21 @@ ## { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 'if': 'defined(TARGET_ARM)' } + +## +# @migrate-set-sev-info: +# +# The command is used to provide the target host information used during the +# SEV guest. +# +# @pdh the target host platform diffie-hellman key encoded in base64 +# +# @plat-cert the target host platform certificate chain encoded in base64 +# +# @amd-cert AMD certificate chain which include ASK and OCA encoded in base64 +# +# Since 4.2 +# +## +{ 'command': 'migrate-set-sev-info', + 'data': { 'pdh': 'str', 'plat-cert': 'str', 'amd-cert' : 'str' }} diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 1f3b532fc2..4a5f50fb45 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -736,3 +736,13 @@ SevCapability *qmp_query_sev_capabilities(Error **errp) return data; } + +void qmp_migrate_set_sev_info(const char *pdh, const char *plat_cert, + const char *amd_cert, Error **errp) +{ + if (sev_enabled()) { + sev_set_migrate_info(pdh, plat_cert, amd_cert); + } else { + error_setg(errp, "SEV is not enabled"); + } +} diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index e5ee13309c..173bfa6374 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -48,3 +48,8 @@ SevCapability *sev_get_capabilities(void) { return NULL; } + +void sev_set_migrate_info(const char *pdh, const char *plat_cert, + const char *amd_cert) +{ +} diff --git a/target/i386/sev.c b/target/i386/sev.c index 49baf8fef0..6c902d0be8 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -825,6 +825,17 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) return 0; } +void sev_set_migrate_info(const char *pdh, const char *plat_cert, + const char *amd_cert) +{ + SEVState *s = sev_state; + + s->remote_pdh = g_base64_decode(pdh, &s->remote_pdh_len); + s->remote_plat_cert = g_base64_decode(plat_cert, + &s->remote_plat_cert_len); + s->amd_cert = g_base64_decode(amd_cert, &s->amd_cert_len); +} + static void sev_register_types(void) { diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 55313441ae..3f3449b346 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -39,7 +39,8 @@ extern uint32_t sev_get_cbit_position(void); extern uint32_t sev_get_reduced_phys_bits(void); extern char *sev_get_launch_measurement(void); extern SevCapability *sev_get_capabilities(void); - +extern void sev_set_migrate_info(const char *pdh, const char *plat_cert, + const char *amd_cert); typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass; @@ -81,6 +82,12 @@ struct SEVState { int sev_fd; SevState state; gchar *measurement; + guchar *remote_pdh; + size_t remote_pdh_len; + guchar *remote_plat_cert; + size_t remote_plat_cert_len; + guchar *amd_cert; + size_t amd_cert_len; }; typedef struct SEVState SEVState; From patchwork Wed Jul 10 20:23:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038925 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D25C614E5 for ; Wed, 10 Jul 2019 20:26:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C2B1F2897D for ; Wed, 10 Jul 2019 20:26:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B670F2898C; Wed, 10 Jul 2019 20:26:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E52312897D for ; Wed, 10 Jul 2019 20:26:35 +0000 (UTC) Received: from localhost ([::1]:36836 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJAh-0005vg-9R for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:26:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57219) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7S-0001ci-03 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7P-0002Wv-Pp for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:13 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7P-0002MZ-GP for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jBRuuIDMFB8q3Dva7DMtm5N6syGItNt052ObYFIMgV4=; b=BXXiFggYdHNWF6/aHVavehXBPVUrlIh24+U05CZNL3G8bMDXYaSg7Tpp+UvNSq/6WtE4RaFLfkkI5VDmqiNcDw2bGGdyC7St45L7O2z7LexzxfyP0LUTR1KoiULJdOr/obFaB7FASI/4CbfEDpaJ7xOGHZcvBbCzgAQWCInLcRU= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:08 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:08 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 09/13] target/i386: sev: add support to encrypt the outgoing page Thread-Index: AQHVN11IaqK7FcbkLkWZ1Xb4sWP7gA== Date: Wed, 10 Jul 2019 20:23:07 +0000 Message-ID: <20190710202219.25939-10-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ce43dbf9-d231-4d43-f3ed-08d705746b58 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:214; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(14444005)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(4326008)(66476007)(66946007)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: D50bmLQtV3ASBpsX78JDbXgwbNSA6g9pQj7Y/+quu43XheXZl0wdxHDkQpfx2JejJYLB6fcRvpG7NMkTmJNI/My/gNl8lp9XdYOpzkVC8F1QvKYw+Vy/CDwY5IZah3j/2vOL/jrjd3vLBLSi97RcVcUt2JGYHQzIV1o+GxtQFazMZluuvCPowxOJ3eBBxXCP/0X6iaE696TzNgd4WMT40yhc70H2Arw+mQDU16tIUTBNc3chUV2fIthlfDRqfnxQDBLoqoat7mMPXpeXvSHMeCidD2oHtGeeQGyrhelF1r1ZUIVlwpFxs6UdNl0iipW0fGl3oux0RfMA252mr0ybs+e4416eeGZjXJUbe12h2Mt/VNeg1mPvcIGPGiRe2ggbGin7OQyIwjk+4l0TemoqcBdm5GGe1fDtHyETGTOEONo= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce43dbf9-d231-4d43-f3ed-08d705746b58 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:07.2980 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 09/13] target/i386: sev: add support to encrypt the outgoing page X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The sev_save_outgoing_page() provide the implementation to encrypt the guest private pages during the transit. The routines uses the SEND_START command to create the outgoing encryption context on the first call then uses the SEND_UPDATE_DATA command to encrypt the data before writing it to the socket. While encrypting the data SEND_UPDATE_DATA produces some metadata (e.g MAC, IV). The metadata is also sent to the target machine. After migration is completed, we issue the SEND_FINISH command to transition the SEV guest state from sending to unrunnable state. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 1 + target/i386/sev.c | 229 +++++++++++++++++++++++++++++++++++++++ target/i386/sev_i386.h | 2 + target/i386/trace-events | 3 + 4 files changed, 235 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index c935e9366c..a9fb447248 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1792,6 +1792,7 @@ static int kvm_init(MachineState *ms) } kvm_state->memcrypt_encrypt_data = sev_encrypt_data; + kvm_state->memcrypt_save_outgoing_page = sev_save_outgoing_page; } ret = kvm_arch_init(ms, s); diff --git a/target/i386/sev.c b/target/i386/sev.c index 6c902d0be8..28b36c8035 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -27,6 +27,8 @@ #include "sysemu/sysemu.h" #include "trace.h" #include "migration/blocker.h" +#include "migration/qemu-file.h" +#include "migration/misc.h" #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -718,6 +720,39 @@ sev_vm_state_change(void *opaque, int running, RunState state) } } +static void +sev_send_finish(void) +{ + int ret, error; + + trace_kvm_sev_send_finish(); + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_SEND_FINISH, 0, &error); + if (ret) { + error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + } + + sev_set_guest_state(SEV_STATE_RUNNING); +} + +static void +sev_migration_state_notifier(Notifier *notifier, void *data) +{ + MigrationState *s = data; + + if (migration_has_finished(s) || + migration_in_postcopy_after_devices(s) || + migration_has_failed(s)) { + if (sev_check_state(SEV_STATE_SEND_UPDATE)) { + sev_send_finish(); + } + } +} + +static Notifier sev_migration_state_notify = { + .notify = sev_migration_state_notifier, +}; + void * sev_guest_init(const char *id) { @@ -804,6 +839,7 @@ sev_guest_init(const char *id) ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, s); + add_migration_state_change_notifier(&sev_migration_state_notify); return s; err: @@ -836,6 +872,199 @@ void sev_set_migrate_info(const char *pdh, const char *plat_cert, s->amd_cert = g_base64_decode(amd_cert, &s->amd_cert_len); } +static int +sev_get_send_session_length(void) +{ + int ret, fw_err = 0; + struct kvm_sev_send_start *start; + + start = g_new0(struct kvm_sev_send_start, 1); + + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_SEND_START, start, &fw_err); + if (fw_err != SEV_RET_INVALID_LEN) { + ret = -1; + error_report("%s: failed to get session length ret=%d fw_error=%d '%s'", + __func__, ret, fw_err, fw_error_to_str(fw_err)); + goto err; + } + + ret = start->session_len; +err: + g_free(start); + return ret; +} + +static int +sev_send_start(SEVState *s, QEMUFile *f, uint64_t *bytes_sent) +{ + gsize pdh_len = 0, plat_cert_len; + int session_len, ret, fw_error; + struct kvm_sev_send_start *start; + guchar *pdh = NULL, *plat_cert = NULL, *session = NULL; + + if (!s->remote_pdh || !s->remote_plat_cert) { + error_report("%s: missing remote PDH or PLAT_CERT", __func__); + return 1; + } + + start = g_new0(struct kvm_sev_send_start, 1); + + start->pdh_cert_uaddr = (unsigned long) s->remote_pdh; + start->pdh_cert_len = s->remote_pdh_len; + + start->plat_cert_uaddr = (unsigned long)s->remote_plat_cert; + start->plat_cert_len = s->remote_plat_cert_len; + + start->amd_cert_uaddr = (unsigned long)s->amd_cert; + start->amd_cert_len = s->amd_cert_len; + + /* get the session length */ + session_len = sev_get_send_session_length(); + if (session_len < 0) { + ret = 1; + goto err; + } + + session = g_new0(guchar, session_len); + start->session_uaddr = (unsigned long)session; + start->session_len = session_len; + + /* Get our PDH certificate */ + ret = sev_get_pdh_info(s->sev_fd, &pdh, &pdh_len, + &plat_cert, &plat_cert_len); + if (ret) { + error_report("Failed to get our PDH cert"); + goto err; + } + + trace_kvm_sev_send_start(start->pdh_cert_uaddr, start->pdh_cert_len, + start->plat_cert_uaddr, start->plat_cert_len, + start->amd_cert_uaddr, start->amd_cert_len); + + ret = sev_ioctl(s->sev_fd, KVM_SEV_SEND_START, start, &fw_error); + if (ret < 0) { + error_report("%s: SEND_START ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + qemu_put_be32(f, start->policy); + qemu_put_be32(f, pdh_len); + qemu_put_buffer(f, (uint8_t *)pdh, pdh_len); + qemu_put_be32(f, start->session_len); + qemu_put_buffer(f, (uint8_t *)start->session_uaddr, start->session_len); + *bytes_sent = 12 + pdh_len + start->session_len; + + sev_set_guest_state(SEV_STATE_SEND_UPDATE); + +err: + g_free(start); + g_free(pdh); + g_free(plat_cert); + return ret; +} + +static int +sev_send_get_packet_len(int *fw_err) +{ + int ret; + struct kvm_sev_send_update_data *update; + + update = g_malloc0(sizeof(*update)); + if (!update) { + return -1; + } + + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_SEND_UPDATE_DATA, update, fw_err); + if (*fw_err != SEV_RET_INVALID_LEN) { + ret = -1; + error_report("%s: failed to get session length ret=%d fw_error=%d '%s'", + __func__, ret, *fw_err, fw_error_to_str(*fw_err)); + goto err; + } + + ret = update->hdr_len; + +err: + g_free(update); + return ret; +} + +static int +sev_send_update_data(SEVState *s, QEMUFile *f, uint8_t *ptr, uint32_t size, + uint64_t *bytes_sent) +{ + int ret, fw_error; + guchar *trans; + struct kvm_sev_send_update_data *update; + + /* If this is first call then query the packet header bytes and allocate + * the packet buffer. + */ + if (!s->send_packet_hdr) { + s->send_packet_hdr_len = sev_send_get_packet_len(&fw_error); + if (s->send_packet_hdr_len < 1) { + error_report("%s: SEND_UPDATE fw_error=%d '%s'", + __func__, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + s->send_packet_hdr = g_new(gchar, s->send_packet_hdr_len); + } + + update = g_new0(struct kvm_sev_send_update_data, 1); + + /* allocate transport buffer */ + trans = g_new(guchar, size); + + update->hdr_uaddr = (unsigned long)s->send_packet_hdr; + update->hdr_len = s->send_packet_hdr_len; + update->guest_uaddr = (unsigned long)ptr; + update->guest_len = size; + update->trans_uaddr = (unsigned long)trans; + update->trans_len = size; + + trace_kvm_sev_send_update_data(ptr, trans, size); + + ret = sev_ioctl(s->sev_fd, KVM_SEV_SEND_UPDATE_DATA, update, &fw_error); + if (ret) { + error_report("%s: SEND_UPDATE_DATA ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + qemu_put_be32(f, update->hdr_len); + qemu_put_buffer(f, (uint8_t *)update->hdr_uaddr, update->hdr_len); + *bytes_sent = 4 + update->hdr_len; + + qemu_put_be32(f, update->trans_len); + qemu_put_buffer(f, (uint8_t *)update->trans_uaddr, update->trans_len); + *bytes_sent += (4 + update->trans_len); + +err: + g_free(trans); + g_free(update); + return ret; +} + +int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, + uint32_t sz, uint64_t *bytes_sent) +{ + SEVState *s = sev_state; + + /* + * If this is a first buffer then create outgoing encryption context + * and write our PDH, policy and session data. + */ + if (!sev_check_state(SEV_STATE_SEND_UPDATE) && + sev_send_start(s, f, bytes_sent)) { + error_report("Failed to create outgoing context"); + return 1; + } + + return sev_send_update_data(s, f, ptr, sz, bytes_sent); +} + static void sev_register_types(void) { diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 3f3449b346..2fdca5190d 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -88,6 +88,8 @@ struct SEVState { size_t remote_plat_cert_len; guchar *amd_cert; size_t amd_cert_len; + gchar *send_packet_hdr; + size_t send_packet_hdr_len; }; typedef struct SEVState SEVState; diff --git a/target/i386/trace-events b/target/i386/trace-events index 789c700d4a..b41516cf9f 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -15,3 +15,6 @@ kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64 kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" +kvm_sev_send_start(uint64_t pdh, int l1, uint64_t plat, int l2, uint64_t amd, int l3) "pdh 0x%" PRIx64 " len %d plat 0x%" PRIx64 " len %d amd 0x%" PRIx64 " len %d" +kvm_sev_send_update_data(void *src, void *dst, int len) "guest %p trans %p len %d" +kvm_sev_send_finish(void) "" From patchwork Wed Jul 10 20:23:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038937 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E0EEB13B1 for ; Wed, 10 Jul 2019 20:33:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D3F1D28988 for ; Wed, 10 Jul 2019 20:33:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C60AF2899E; Wed, 10 Jul 2019 20:33:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3E51828988 for ; Wed, 10 Jul 2019 20:33:29 +0000 (UTC) Received: from localhost ([::1]:36908 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJHM-0005Iz-Ix for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:33:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57218) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7S-0001cg-01 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7Q-0002XR-7s for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:13 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7Q-0002MZ-0B for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hgwBKSesx8nNb/GpifaMtqM9wXT9opm01pUp8M3qvcY=; b=NnVMfFyr0QIjLH7h1BjFw5sFuUO0OkkFf5yR0iGZC8ImdZhDmUD5csyvPj2f8z/w1gJmsOMQK1JvgdP50L7mYVRob3g141LXTJi/NHgOdZkeZm2wxEPn/wEvuwoWHcmTbip0dw6kdjCxeSLG7TsLP4sUAhvZSvsZi2Xp9AbWeMU= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:09 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:09 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 10/13] target/i386: sev: add support to load incoming encrypted page Thread-Index: AQHVN11Ji+wliLaTF0elg6lb5gX0sg== Date: Wed, 10 Jul 2019 20:23:07 +0000 Message-ID: <20190710202219.25939-11-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 32fd1439-a55b-404f-c238-08d705746bb4 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1186; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(14444005)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(4326008)(66476007)(66946007)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 08gmRQfJp2ynmBEA8ZmI/1Jq1FWCBQ6PYNeJTEiWJF16b8fO42tOMVX8fKnSp7E8dI7xLx4VW4gkxEnk7medwLzpuAIrZ4moLxSnMsvJK3iKKtqHmfEWykIewLpQHy8m+28fTmzBl4+7Gpa8fs4+yhwxkR2D+kBg2znzvXbefV/Cmg1Cj9ic/phL9iNfEdx4L0cTv2fbDRHaQLplTfUgO3oTaUclDXymd5PFWzJ3nBgMJDyykNcwX1PsuilBX7ROD9VhO1besqtuh6ojKBLyTNw3rBDHYiJ9j5nHvrvGA2xIZ9u+1NheNGtA2yM1CF5ZDKc/BOSRIA8e2/pJzYBX4DL2XEjLLzvF6d2y2Zv5KHoixaF1VnQEWjIaeukD4AtnS0djoUsMbMkgbaabxAZa75Sx4iJmNzXzevRac1uZpWM= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 32fd1439-a55b-404f-c238-08d705746bb4 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:07.9127 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 10/13] target/i386: sev: add support to load incoming encrypted page X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The sev_load_incoming_page() provide the implementation to read the incoming guest private pages from the socket and load it into the guest memory. The routines uses the RECEIVE_START command to create the incoming encryption context on the first call then uses the RECEIEVE_UPDATE_DATA command to load the encrypted pages into the guest memory. After migration is completed, we issue the RECEIVE_FINISH command to transition the SEV guest to the runnable state so that it can be executed. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 1 + target/i386/sev.c | 126 ++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 3 + 3 files changed, 129 insertions(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a9fb447248..7f94dba6f9 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1793,6 +1793,7 @@ static int kvm_init(MachineState *ms) kvm_state->memcrypt_encrypt_data = sev_encrypt_data; kvm_state->memcrypt_save_outgoing_page = sev_save_outgoing_page; + kvm_state->memcrypt_load_incoming_page = sev_load_incoming_page; } ret = kvm_arch_init(ms, s); diff --git a/target/i386/sev.c b/target/i386/sev.c index 28b36c8035..09a62d6f88 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -708,13 +708,34 @@ sev_launch_finish(SEVState *s) } } +static int +sev_receive_finish(SEVState *s) +{ + int error, ret = 1; + + trace_kvm_sev_receive_finish(); + ret = sev_ioctl(s->sev_fd, KVM_SEV_RECEIVE_FINISH, 0, &error); + if (ret) { + error_report("%s: RECEIVE_FINISH ret=%d fw_error=%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + goto err; + } + + sev_set_guest_state(SEV_STATE_RUNNING); +err: + return ret; +} + + static void sev_vm_state_change(void *opaque, int running, RunState state) { SEVState *s = opaque; if (running) { - if (!sev_check_state(SEV_STATE_RUNNING)) { + if (sev_check_state(SEV_STATE_RECEIVE_UPDATE)) { + sev_receive_finish(s); + } else if (!sev_check_state(SEV_STATE_RUNNING)) { sev_launch_finish(s); } } @@ -1065,6 +1086,109 @@ int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, return sev_send_update_data(s, f, ptr, sz, bytes_sent); } +static int +sev_receive_start(QSevGuestInfo *sev, QEMUFile *f) +{ + int ret = 1; + int fw_error; + struct kvm_sev_receive_start *start; + gchar *session = NULL, *pdh_cert = NULL; + + start = g_new0(struct kvm_sev_receive_start, 1); + + /* get SEV guest handle */ + start->handle = object_property_get_int(OBJECT(sev), "handle", + &error_abort); + + /* get the source policy */ + start->policy = qemu_get_be32(f); + + /* get source PDH key */ + start->pdh_len = qemu_get_be32(f); + pdh_cert = g_new(gchar, start->pdh_len); + qemu_get_buffer(f, (uint8_t *)pdh_cert, start->pdh_len); + start->pdh_uaddr = (unsigned long)pdh_cert; + + /* get source session data */ + start->session_len = qemu_get_be32(f); + session = g_new(gchar, start->session_len); + qemu_get_buffer(f, (uint8_t *)session, start->session_len); + start->session_uaddr = (unsigned long)session; + + trace_kvm_sev_receive_start(start->policy, session, pdh_cert); + + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_RECEIVE_START, start, &fw_error); + if (ret < 0) { + error_report("Error RECEIVE_START ret=%d fw_error=%d '%s'", + ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", &error_abort); + sev_set_guest_state(SEV_STATE_RECEIVE_UPDATE); +err: + g_free(start); + g_free(session); + g_free(pdh_cert); + + return ret; +} + +static int sev_receive_update_data(QEMUFile *f, uint8_t *ptr) +{ + int ret = 1, fw_error = 0; + gchar *hdr = NULL, *trans = NULL; + struct kvm_sev_receive_update_data *update; + + update = g_new0(struct kvm_sev_receive_update_data, 1); + + /* get packet header */ + update->hdr_len = qemu_get_be32(f); + hdr = g_new(gchar, update->hdr_len); + qemu_get_buffer(f, (uint8_t *)hdr, update->hdr_len); + update->hdr_uaddr = (unsigned long)hdr; + + /* get transport buffer */ + update->trans_len = qemu_get_be32(f); + trans = g_new(gchar, update->trans_len); + update->trans_uaddr = (unsigned long)trans; + qemu_get_buffer(f, (uint8_t *)update->trans_uaddr, update->trans_len); + + update->guest_uaddr = (unsigned long) ptr; + update->guest_len = update->trans_len; + + trace_kvm_sev_receive_update_data(trans, ptr, update->guest_len, + hdr, update->hdr_len); + + ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_RECEIVE_UPDATE_DATA, + update, &fw_error); + if (ret) { + error_report("Error RECEIVE_UPDATE_DATA ret=%d fw_error=%d '%s'", + ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } +err: + g_free(trans); + g_free(update); + g_free(hdr); + return ret; +} + +int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr) +{ + SEVState *s = (SEVState *)handle; + + /* If this is first buffer and SEV is not in recieiving state then + * use RECEIVE_START command to create a encryption context. + */ + if (!sev_check_state(SEV_STATE_RECEIVE_UPDATE) && + sev_receive_start(s->sev_info, f)) { + return 1; + } + + return sev_receive_update_data(f, ptr); +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index b41516cf9f..609752cca7 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -18,3 +18,6 @@ kvm_sev_launch_finish(void) "" kvm_sev_send_start(uint64_t pdh, int l1, uint64_t plat, int l2, uint64_t amd, int l3) "pdh 0x%" PRIx64 " len %d plat 0x%" PRIx64 " len %d amd 0x%" PRIx64 " len %d" kvm_sev_send_update_data(void *src, void *dst, int len) "guest %p trans %p len %d" kvm_sev_send_finish(void) "" +kvm_sev_receive_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" +kvm_sev_receive_update_data(void *src, void *dst, int len, void *hdr, int hdr_len) "guest %p trans %p len %d hdr %p hdr_len %d" +kvm_sev_receive_finish(void) "" From patchwork Wed Jul 10 20:23:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038939 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 964DE138B for ; Wed, 10 Jul 2019 20:33:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 88BB328988 for ; Wed, 10 Jul 2019 20:33:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7BD752899E; Wed, 10 Jul 2019 20:33:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 052F628988 for ; Wed, 10 Jul 2019 20:33:31 +0000 (UTC) Received: from localhost ([::1]:36910 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJHO-0005NH-Bh for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:33:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57250) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7U-0001e1-27 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7S-0002Zr-07 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:15 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7Q-0002MZ-Fs for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+q2hxSWpVoaLTRFkzr1vcjcXO2ngxQ2qbpLwULgbziU=; b=gQ+Am1nlas6JAnKsyWXz6Hv9I14tjusa+yqSIMbYNTyyQgI0iiHBi24mrwoj6euaZMXCyvkBaajKCtMzMZxYAuHxFwg6bRWWOydGnuuY/o9EJ7X9VAcY+VUALssXYnZ/9+SfLx/lFzOw2TN/auaNi8EPiwG7Mml/fdmQtMPIcjo= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:09 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:09 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 11/13] kvm: introduce high-level API to migrate the page encryption bitmap Thread-Index: AQHVN11Jxe+loFjtdk2DhA2ugTPBnA== Date: Wed, 10 Jul 2019 20:23:08 +0000 Message-ID: <20190710202219.25939-12-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 552597ba-3914-4d1f-0aba-08d705746c06 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:854; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(4326008)(66476007)(66946007)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 2NCqnSq8pjrIQ9bdnpJCbi8pBIn0rwfKI4THljc7KsFOdPImMGGycUTshOsOGv57+H1x/ciVOhNcS/EcPUgIumMFS/7RazPsyrVL+Pe8a7CXnjlwoS0ti/gYFtBy1YcjjkYzFV8wKwQ2cZFuxMMwfDDDrkoydlBDgiD2aS3lLqr08WHbYd1my87JRy8atEnwqIGemF8wMks0c4TkFxFpP6aotnSlMzX0EuYkhJSoAwuH0A119SZSck7MrXAZmx74Ko884rAZuKfGSzqcEGDs/RD9apPiYgVPbPsCq7y+teokX2KlMudFqnPaG5OdR1+6JbOpvwejBjfMlaxcNzz3VQ3aHqU1NEJDqQI6LJtupaYrl9ygFTQTpP+i3DGhbAbJ5+ICaUFp5UXbsJWHsuxft33+y9qL3dLsO/hFiLBdLxI= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 552597ba-3914-4d1f-0aba-08d705746c06 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:08.4014 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 11/13] kvm: introduce high-level API to migrate the page encryption bitmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Encrypted VMs have concept of private and shared memory. The private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hyperivosr key. The guest OS uses a hypercall to notify the page encryption state to the hypervisor. The hypervisor maintain a bitmap of page encryption state. This bitmap should be migrated to ensure that target machine can function correctly. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 37 +++++++++++++++++++++++++++++++++++++ accel/kvm/sev-stub.c | 11 +++++++++++ accel/stubs/kvm-stub.c | 10 ++++++++++ include/sysemu/kvm.h | 13 +++++++++++++ include/sysemu/sev.h | 3 +++ 5 files changed, 74 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 7f94dba6f9..442b1af36e 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -114,6 +114,9 @@ struct KVMState uint8_t *ptr, uint32_t sz, uint64_t *bytes_sent); int (*memcrypt_load_incoming_page)(void *ehandle, QEMUFile *f, uint8_t *ptr); + int (*memcrypt_load_incoming_page_enc_bitmap)(void *ehandle, QEMUFile *f); + int (*memcrypt_save_outgoing_page_enc_bitmap)(void *ehandle, QEMUFile *f, + uint64_t start, uint64_t length); }; KVMState *kvm_state; @@ -192,6 +195,40 @@ int kvm_memcrypt_load_incoming_page(QEMUFile *f, uint8_t *ptr) return 1; } +int kvm_memcrypt_load_incoming_page_enc_bitmap(QEMUFile *f) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_load_incoming_page_enc_bitmap) { + return kvm_state->memcrypt_load_incoming_page_enc_bitmap( + kvm_state->memcrypt_handle, f); + } + + return 1; +} + +int kvm_memcrypt_save_outgoing_page_enc_bitmap(QEMUFile *f) +{ + KVMMemoryListener *kml = &kvm_state->memory_listener; + KVMState *s = kvm_state; + int ret = 1, i; + + if (s->memcrypt_handle && + s->memcrypt_save_outgoing_page_enc_bitmap) { + + /* iterate through all the registered slots and send the bitmap */ + for (i = 0; i < s->nr_slots; i++) { + KVMSlot *mem = &kml->slots[i]; + ret = s->memcrypt_save_outgoing_page_enc_bitmap(s->memcrypt_handle, + f, mem->start_addr, mem->memory_size); + if (ret) { + return 1; + } + } + } + + return ret; +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s = kvm_state; diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index c12a8e005e..7acd7211e6 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -35,3 +35,14 @@ int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr) { return 1; } + +int sev_load_incoming_page_enc_bitmap(void *handle, QEMUFile *f) +{ + return 1; +} + +int sev_save_outgoing_page_enc_bitmap(void *handle, QEMUFile *f, + uint64_t start, uint64_t length) +{ + return 1; +} diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index e14b879531..ae607787e7 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -125,6 +125,16 @@ int kvm_memcrypt_load_incoming_page(QEMUFile *f, uint8_t *ptr) return 1; } +int kvm_memcrypt_load_incoming_page_enc_bitmap(QEMUFile *f) +{ + return 1; +} + +int kvm_memcrypt_save_outgoing_page_enc_bitmap(QEMUFile *f) +{ + return 1; +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index bb6bcc143c..8aa06b4462 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -260,6 +260,19 @@ int kvm_memcrypt_save_outgoing_page(QEMUFile *f, uint8_t *ptr, uint32_t size, */ int kvm_memcrypt_load_incoming_page(QEMUFile *f, uint8_t *ptr); +/** + * kvm_memcrypt_load_incoming_page_enc_bitmap: read the page encryption bitmap + * from the socket and pass it to the hypervisor. + */ +int kvm_memcrypt_load_incoming_page_enc_bitmap(QEMUFile *f); + +/** + * kvm_memcrypt_save_outgoing_page_enc_bitmap: write the page encryption bitmap + * on socket. + */ +int kvm_memcrypt_save_outgoing_page_enc_bitmap(QEMUFile *f); + + #ifdef NEED_CPU_H #include "cpu.h" diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 752a71b1c0..e08886ca33 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -21,4 +21,7 @@ int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, uint32_t size, uint64_t *bytes_sent); int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr); +int sev_load_incoming_page_enc_bitmap(void *handle, QEMUFile *f); +int sev_save_outgoing_page_enc_bitmap(void *handle, QEMUFile *f, + uint64_t start, uint64_t length); #endif From patchwork Wed Jul 10 20:23:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038941 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EA207138B for ; Wed, 10 Jul 2019 20:34:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC6FE28988 for ; Wed, 10 Jul 2019 20:34:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D0D8E289A0; Wed, 10 Jul 2019 20:34:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5150D28988 for ; Wed, 10 Jul 2019 20:34:59 +0000 (UTC) Received: from localhost ([::1]:36930 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJIo-000737-Nh for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:34:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57307) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7Y-0001fq-6E for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7V-0002dv-Rq for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:19 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7U-0002MZ-18 for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hVZwyG19gNDYgzLx26Rmjpd9gBSMifIOcZmiFf05UYg=; b=oYaJT7i6XwrR6i8Lu+uZqVtZeVr40LDXhoszDRntAHkWxWcRt1Qn60TpHnXQQUsVX9dAAlo9qV7u02HJge42cYXyBs9DWlmMPGgY9kC1Cdb2hCuyypK/oeFCxWiJ4Jn9TDJHC8mtzCQdtC2Jxb6NyV49xRH5rDeA5rqyiUvK0pg= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:10 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:10 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 12/13] migration: add support to migrate page encryption bitmap Thread-Index: AQHVN11JNOx08kq+nEiBgv3DRmN3NA== Date: Wed, 10 Jul 2019 20:23:08 +0000 Message-ID: <20190710202219.25939-13-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f9a90104-272e-440b-399b-08d705746c51 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:556; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(14444005)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(4326008)(66476007)(66946007)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 83dsrjFKSd/B9z+CJqN+R5429XTTna6o/hbvcXj++gGhaWmSJJB4eLXM10egq2JiK1Nf8huCVjRYTyOe9ZKLq/J+UAol5mYbld13pMtrAUKZLlPMFTi2GhCAdnfyEs3dnZfMulw56tqoDFMgy8LsSpQmApGshfqpvHzCCO+Q4FFnW5eHI8rsVttQVzHWXikBjxhBpNbrN5vORHTHDI3Gh0XLEg4AbHRzJmSaJYcUJnkjmBwROMEsV9lcOk36TBpkdSgYn+I9uKlYUHKTFpinf4wyu5Ds+HFvbDsfhYOna8m8wGY4C5/JMkMuKh8CysfLWk6zEI3raUGPf1+VZgi+A3WEfmFY+y/wtLoqQmvIxpNicbo/RLw8L7hrVu32ALOjiP+t5e7GfxZasu9lIW2OIsN1peK2WJJSKzS2K/zh7XE= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f9a90104-272e-440b-399b-08d705746c51 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:08.9291 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 12/13] migration: add support to migrate page encryption bitmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP When memory encryption is enabled, the hypervisor maintains a page encryption bitmap which is referred by hypervisor during migratoin to check if page is private or shared. The bitmap is built during the VM bootup and must be migrated to the target host so that hypervisor on target host can use it for future migration. The KVM_{SET,GET}_PAGE_ENC_BITMAP can be used to get and set the bitmap for a given gfn range. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 4 +++ migration/ram.c | 11 +++++++ target/i386/sev.c | 67 ++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 4 files changed, 84 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 442b1af36e..9e23088a94 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1831,6 +1831,10 @@ static int kvm_init(MachineState *ms) kvm_state->memcrypt_encrypt_data = sev_encrypt_data; kvm_state->memcrypt_save_outgoing_page = sev_save_outgoing_page; kvm_state->memcrypt_load_incoming_page = sev_load_incoming_page; + kvm_state->memcrypt_load_incoming_page_enc_bitmap = + sev_load_incoming_page_enc_bitmap; + kvm_state->memcrypt_save_outgoing_page_enc_bitmap = + sev_save_outgoing_page_enc_bitmap; } ret = kvm_arch_init(ms, s); diff --git a/migration/ram.c b/migration/ram.c index d179867e1b..3a4bdf3c03 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -78,6 +78,7 @@ /* 0x80 is reserved in migration.h start with 0x100 next */ #define RAM_SAVE_FLAG_COMPRESS_PAGE 0x100 #define RAM_SAVE_FLAG_ENCRYPTED_PAGE 0x200 +#define RAM_SAVE_FLAG_PAGE_ENCRYPTED_BITMAP 0x400 /* used in target/i386/sev.c */ static inline bool is_zero_range(uint8_t *p, uint64_t size) { @@ -3595,6 +3596,10 @@ static int ram_save_complete(QEMUFile *f, void *opaque) flush_compressed_data(rs); ram_control_after_iterate(f, RAM_CONTROL_FINISH); + if (kvm_memcrypt_enabled()) { + ret = kvm_memcrypt_save_outgoing_page_enc_bitmap(f); + } + rcu_read_unlock(); multifd_send_sync_main(); @@ -4469,6 +4474,12 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) ret = -EINVAL; } break; + case RAM_SAVE_FLAG_PAGE_ENCRYPTED_BITMAP: + if (kvm_memcrypt_load_incoming_page_enc_bitmap(f)) { + error_report("Failed to load page enc bitmap"); + ret = -EINVAL; + } + break; case RAM_SAVE_FLAG_EOS: /* normal exit */ multifd_recv_sync_main(); diff --git a/target/i386/sev.c b/target/i386/sev.c index 09a62d6f88..93c6a90806 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -63,6 +63,7 @@ static const char *const sev_fw_errlist[] = { }; #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) +#define RAM_SAVE_FLAG_PAGE_ENCRYPTED_BITMAP 0x400 static int sev_ioctl(int fd, int cmd, void *data, int *error) @@ -1189,6 +1190,72 @@ int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr) return sev_receive_update_data(f, ptr); } +#define ALIGN(x, y) (((x)+(y)-1) & ~((y)-1)) + +int sev_load_incoming_page_enc_bitmap(void *handle, QEMUFile *f) +{ + void *bmap; + unsigned long npages; + unsigned long bmap_size, base_gpa; + struct kvm_page_enc_bitmap e = {}; + + base_gpa = qemu_get_be64(f); + npages = qemu_get_be64(f); + bmap_size = qemu_get_be64(f); + + bmap = g_malloc0(bmap_size); + qemu_get_buffer(f, (uint8_t *)bmap, bmap_size); + + trace_kvm_sev_load_page_enc_bitmap(base_gpa, npages << TARGET_PAGE_BITS); + + e.start_gfn = base_gpa >> TARGET_PAGE_BITS; + e.num_pages = npages; + e.enc_bitmap = bmap; + if (kvm_vm_ioctl(kvm_state, KVM_SET_PAGE_ENC_BITMAP, &e) == -1) { + error_report("KVM_SET_PAGE_ENC_BITMAP ioctl failed %d", errno); + g_free(bmap); + return 1; + } + + g_free(bmap); + + return 0; +} + +int sev_save_outgoing_page_enc_bitmap(void *handle, QEMUFile *f, + unsigned long start, uint64_t length) +{ + uint64_t size; + struct kvm_page_enc_bitmap e = {}; + + if (!length) { + return 0; + } + + size = ALIGN((length >> TARGET_PAGE_BITS), /*HOST_LONG_BITS*/ 64) / 8; + e.enc_bitmap = g_malloc0(size); + e.start_gfn = start >> TARGET_PAGE_BITS; + e.num_pages = length >> TARGET_PAGE_BITS; + + trace_kvm_sev_save_page_enc_bitmap(start, length); + + if (kvm_vm_ioctl(kvm_state, KVM_GET_PAGE_ENC_BITMAP, &e) == -1) { + error_report("%s: KVM_GET_PAGE_ENC_BITMAP ioctl failed %d", + __func__, errno); + g_free(e.enc_bitmap); + return 1; + } + + qemu_put_be64(f, RAM_SAVE_FLAG_PAGE_ENCRYPTED_BITMAP); + qemu_put_be64(f, start); + qemu_put_be64(f, e.num_pages); + qemu_put_be64(f, size); + qemu_put_buffer(f, (uint8_t *)e.enc_bitmap, size); + + g_free(e.enc_bitmap); + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 609752cca7..4c2be570f9 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -21,3 +21,5 @@ kvm_sev_send_finish(void) "" kvm_sev_receive_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" kvm_sev_receive_update_data(void *src, void *dst, int len, void *hdr, int hdr_len) "guest %p trans %p len %d hdr %p hdr_len %d" kvm_sev_receive_finish(void) "" +kvm_sev_save_page_enc_bitmap(uint64_t start, uint64_t len) "start 0x%" PRIx64 " len 0x%" PRIx64 +kvm_sev_load_page_enc_bitmap(uint64_t start, uint64_t len) "start 0x%" PRIx64 " len 0x%" PRIx64 From patchwork Wed Jul 10 20:23:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11038931 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CE443138D for ; Wed, 10 Jul 2019 20:28:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C15F728987 for ; Wed, 10 Jul 2019 20:28:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B5AE62899E; Wed, 10 Jul 2019 20:28:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6535A28987 for ; Wed, 10 Jul 2019 20:28:04 +0000 (UTC) Received: from localhost ([::1]:36854 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJC7-0000EY-36 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 10 Jul 2019 16:28:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57338) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlJ7Z-0001gf-PG for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlJ7Y-0002hM-3Z for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:21 -0400 Received: from mail-eopbgr790080.outbound.protection.outlook.com ([40.107.79.80]:1472 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hlJ7W-0002MZ-5Q for qemu-devel@nongnu.org; Wed, 10 Jul 2019 16:23:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a9gVZ6RztduKXnvjS5igCjoaS50ZrP1TTzubVxiPikA=; b=oS6EWmBhQDn5xw+8lXl/vHtkkm5Gz3Ej4xaTBwtFQ4YynG6DoUCIDh0hwvM9paFyvgKAZ3f5t3HubIaEdGDC/UtWJctWyp9TIbjAJInSwU/L+zBgDIhNaTd3iY3Ljk6BbnzanzL1SpMX9PIlHWMjIWCkl1mdbPFFZs6oBVX6JzI= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3820.namprd12.prod.outlook.com (10.255.173.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Wed, 10 Jul 2019 20:23:11 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::bc1a:a30d:9da2:1cdd%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 20:23:11 +0000 From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v2 13/13] target/i386: sev: remove migration blocker Thread-Index: AQHVN11KSpt0eCtFYEaoi78d5RGioQ== Date: Wed, 10 Jul 2019 20:23:09 +0000 Message-ID: <20190710202219.25939-14-brijesh.singh@amd.com> References: <20190710202219.25939-1-brijesh.singh@amd.com> In-Reply-To: <20190710202219.25939-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM3PR11CA0020.namprd11.prod.outlook.com (2603:10b6:0:54::30) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 59c5c7b3-bee3-4afe-ff8d-08d705746ca7 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3820; x-ms-traffictypediagnostic: DM6PR12MB3820: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:124; x-forefront-prvs: 0094E3478A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(189003)(199004)(256004)(8936002)(2616005)(1076003)(316002)(476003)(81166006)(478600001)(54906003)(81156014)(2351001)(8676002)(486006)(25786009)(6436002)(6486002)(4326008)(66476007)(66946007)(4744005)(446003)(53936002)(50226002)(71190400001)(66446008)(68736007)(6506007)(14454004)(386003)(5660300002)(36756003)(66066001)(186003)(6512007)(99286004)(305945005)(102836004)(26005)(2501003)(11346002)(64756008)(52116002)(5640700003)(66556008)(76176011)(86362001)(6116002)(6916009)(3846002)(7736002)(71200400001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3820; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: eIpOvBVansTOdzrRV+Gvybajc8l11qaDTULCX1dKrHWdrxLJO6UU4uMVdfrFBFEiTdXZAq7XhnmnLvoDuL7ilDxFTbfU+mZrDUMnSgSefPpQiBF5fA435pJgTtONmVBJzGSMgEootirMVdj4V4JNMQoJnVlNhiSRVo5dyK6DQKiuwMKputTIVCPdD31Kve10ds/SdAEQAvi/LHy8mUcbyL5sHc0Oe4Hyda3Khitvz4Y7kdz/hsEltpKbUXJC2bk36bsyi9+9OF8NW00RZBFy9ruBGZ3LjvYw/IX89hWgmRHDmH8VACDmA5+mXFcN7kpbfi51qRcdhTKUI5ZS0VJjVC0p2pAlww0Tfjd4y2ZiYPFqwyegyy/P5kAX3gClFeZf544pJithYPiM5Lissi6NVeIwVdm7fTbI/oRiN6WOpoU= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 59c5c7b3-bee3-4afe-ff8d-08d705746ca7 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 20:23:09.5238 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3820 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.79.80 Subject: [Qemu-devel] [PATCH v2 13/13] target/i386: sev: remove migration blocker X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- target/i386/sev.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 93c6a90806..48336515a2 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -34,7 +34,6 @@ #define DEFAULT_SEV_DEVICE "/dev/sev" static SEVState *sev_state; -static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { "", @@ -686,7 +685,6 @@ static void sev_launch_finish(SEVState *s) { int ret, error; - Error *local_err = NULL; trace_kvm_sev_launch_finish(); ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); @@ -697,16 +695,6 @@ sev_launch_finish(SEVState *s) } sev_set_guest_state(SEV_STATE_RUNNING); - - /* add migration blocker */ - error_setg(&sev_mig_blocker, - "SEV: Migration is not implemented"); - ret = migrate_add_blocker(sev_mig_blocker, &local_err); - if (local_err) { - error_report_err(local_err); - error_free(sev_mig_blocker); - exit(1); - } } static int