From patchwork Thu Aug 26 22:26:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460819 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 267E1C432BE for ; Thu, 26 Aug 2021 22:27:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0EE3B60E93 for ; Thu, 26 Aug 2021 22:27:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243797AbhHZW2H (ORCPT ); Thu, 26 Aug 2021 18:28:07 -0400 Received: from mail-dm6nam11hn2207.outbound.protection.outlook.com ([52.100.172.207]:43136 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243796AbhHZW2F (ORCPT ); Thu, 26 Aug 2021 18:28:05 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TVq+LiRVbrDnbO6sVkKRm5vnXySfbmbJIQSqzBKLa3bihNWALK7GQpElQWeP9zubGjrQF0Y459vXsshe5FvvL0/LStWByfKfaptIodjnKQBUdM1zIu7WUGie1zWYxYzfLxKsxUY5V8JGSLkibUnMHnGMjF/DPX2KJHdWGSgjTYorpYtjeXLhdki/jHHHcpCUFEad2xLy9jNZdPb6YGm4lCLlYjA54bCOgTYVd7uCmzsOkf7tAioWjCEaqUFGtoJAdT9jQI0qi/X1dBnpaN6sR7IlFrFxJSH8BA9ThI/GRY3bxvgWryaN8xXyGBJD4+7mHPzvP5DdRxjra822ci3NqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FU7FBvCnDgVKQ9DfFebIXTbIUW6gvYS5l+KNu/lKuYM=; b=JP4HE+5XUm1hgD55FxYJdlH9pIMjMdq80Eejw50wz6csmQqHBrlCEBvvwkJeQbbb7KuQZuu6box9CJZZiieHEfOvAycCNSXUzWQ58v7kq5thGgvpj/4xs83Kro8YqIaom1Vkj0IsXRxlUAXwwIZFmHQ5oK9CruBRWhq2cy8G9b9AeysLKL+TQGECLSnUiewvKY0LzRceQAgdnvIpJAw+DqDF0Uki7mx9XePN9qGhhpiA+wNM6FEaEl0KnOdelrZk81SbFB0AlMS9d+Tw+3kxTyPunp4c3iRZVdETkjiQo7LIy3qgOM2PpYVDtsC6lLE7mifc3pQ+J4yawYNMNrltqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FU7FBvCnDgVKQ9DfFebIXTbIUW6gvYS5l+KNu/lKuYM=; b=DiXT+NFeK25trhOakOsj4ITEJxefKRMni0Hb1cvV5cayVYlwUsrSRRReC2SS23c5klgGUULN3g797kFeyTyxhocFPh/zXhfuPT418G6gsUdTOZUcBngNTcDTufxw8T8d9bN56BvCxYgqvcWB0tHpAlN0p6tAhNIbuC28QvzwUMo= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:16 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:16 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 01/12] i386/sev: introduce "sev-common" type to encapsulate common SEV state Date: Thu, 26 Aug 2021 17:26:16 -0500 Message-Id: <20210826222627.3556-2-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA0PR11CA0071.namprd11.prod.outlook.com (2603:10b6:806:d2::16) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA0PR11CA0071.namprd11.prod.outlook.com (2603:10b6:806:d2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Thu, 26 Aug 2021 22:27:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5e26a3c3-8394-4a6f-707e-08d968e0a89f X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1775; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rtox3oSF/ZH4EKcIP7sDBXQCB6YwukBwgTxkVtHQrWufzuNv3WxHvE8dYAVxT3yz4ZB+uD/9PnhwqCmehF54tsRR0WtjnFvxH7Y7cI1ykIntrXgf+xnmwLYIx+xDBtMVrRBN9X7ZMU9MsMYtZvv3JrmT0Xjmxr//BIzIKzqySlJ59E0cg0IpU1plLUc55OrH6ubhKH5zcPt/243M+wO1ZL0toVmY+3A6zHv0jwF0MJ/Xkb+SS5IO1VpmESF7Ad0wnEMX6b/yhVJew+Ip8RXW0gENvguNVmffJOSfs+BD8BuCJD47rXw/QGyRNCM/mLmOJokZg3FDSjDaEa3tUzEyTpE6CPOqcxQ3y2BfC7twhyaIhT3cYUA0dDOcRrRn4H2O3JqAm62bTLFNaC39hyYH6IAG0tnL4hKHWxzywY4QVrhB56lYhv43pciN7bD5ytj3lDci1tRNC11T8RmCFJuIOrOYx8/tx49KQIQe9W9463yeMS43CY2NvY8GK7elha5RKpyWck2QeMFBe+88mFxxe2htHEU7/p+P6Wf/2s/Eun/yON1UWyBRD+TwDzeMjN6Y0dHBJRzS1swchVs/FyQECuqiDu+okf5T9ERlOe8PSoZGeN6HHuijN5RBHbjs4buN1GHoIWHs0LKfkVECktmI1QxNOXChMIyJe8XYMYJ3Qlxu67AAqtbF+3ggDvKOIOtrLE3ucRzRY8J8IsJpu/LcSIuOe0eSYaC3WTnnrxAAu5GfUni0FpW+A8Zt/90QSeSxrVSLv6WfvZw7gJn0fGoijaHG5kuHSdHElLm27CafbWl3Y7s3D3nUZUQ6D5i3kBwPbi/ojiZbpYjqBbjsW9Xiod/iSZCTyCeZu0N/vEGVkm4wsL4ZlgpL5wXgqkf1stHr3K6cRBkQpfPPibBzK3GcfkukYSjWrAGTwVsjMTEk7isetxhZwqOv5mlcAn6iLgW6U2KcwoMSwxHaCcsdPIalCH3R1TWlkFfNKv0dFjAswBkMSmfYVxYtvdIV+aqmDIkQBpbB2wA2h7hqhOmQmw/Y34eMr7PxACKUKEr7//HWdI0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(66556008)(83380400001)(186003)(30864003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: KQ4/wtKFpwnDaB01J2viZvKc2FrW1w3Ng2ZhnckMD/lGg/ztGzsI9WC5vqFHer8nIe6A3tUET7mYPcaLrDDoSRYA0XRIrmfn/NCzGM7LGnJf//tdVjQG2ZpERZLSTluNj6XwbjjVkCTP2qRZmZm9l+gj0tqHiVXeokRy45ViCnaHmA+IC5p9USKLEnOtgJU/SSHcIOYo8f0cSHTQtn0SmTHz3zO3A9tItUlhYp/dLc8bKLqCz/htNvvMHIbYp6iU1p9AfplXX+U/XrUsdkZziViNHRlNa39AMDtkGmZlFKRv1cZvtrd37Ecem3HeDJG3nyUg6ZHAUJdDzlYZVSFg7wciSm7oOlxASKvtBM5DY0UbFEJnQK4SwMeU9AEzfxNtnJjO2BSHcqH+yzrMV6stn9tLrvJGeY4QsF1XB17V1p4tS6JG2qNXkbcDlafYHLzRlhGICDxAkkbpQ37oQvzeLx2+/ckBQvLzAt8XNwQYwO9N9hKOepYNXitfnsb+oKH7XcCjfji09iRkqqViTJmL5LmZLltY5YKqUCrzg1i530iwUIRbzY5Gbsi30xdnAF7HED4IQCGIoFTYL+QvGMiJgSk4du79zm2CFGAH1e7UtXNZs0okKBcM6QCEPvqV0KeumLY5NyUTrCz2N44215mnBRzeskpN8M6ifOAabjR+fs+4tMejMFAUmhUxMaxY0wdcCWwcdrNw6MxWrkD5o668/NFZeeqhKz394Mb4UAzYHtGunsVHRgFUlbnzffB2npN9sOY5LfQyjSS9um0LSq1Y1Qv9sA854FWQVmF1u1lq4LFyoA1shGzaXi9KhcjsRcIcmHRAALFRg5V0Qtw+Uzp8od2iU81CL+muzD1kI8gJgqwBmyvUvGg6Bp6E6Wf+bXyFp5kknXA6xYCS+KVIlpHFtCBPfHtDns8seBbWt8qIztKFGcDz67ig49fUDsaW9+sKWS0ESfzS8zAUjQLfyoPbMlr8mTt+DYjs3shS4rKFZtXySBDGgnwDLlyemwoURWLGGyAiXDE8KciesYqArB8GbI504AArkZf5ut8JqaJLElh0MYnllMbaUwGZIO+VzLctXPoQewY9unyf5ZS6+xOUD3U3++4W8hj8mdpuzotZXMD+Hdra9vsi0kfgd2axqtT7JdaaiNFxe1LWFL955O8n7AMvmcTzrtCfDS4/o6eg7U+hqgoJY0vZGfuVOLwxXCIGtFdaS7E4//lG8uoJ1PHHWtgtPASH1GJIBmgNH7/DOU7CaySzoscKDKgRxcMJBpFqwhZAE+vnRlhOMJPhZBEaxgrlPVgpP+4/vxH40MuGNoKnaG+dmdAqaVchDg8bqpbt X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5e26a3c3-8394-4a6f-707e-08d968e0a89f X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:16.2362 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BJN564CpAG5XtDxLDQALYx5+B2J4vjJoPvNqW28pNkXY7k4W9vAkxsR5j0cpZfwM1i577D8K0LR5s7NqqSSQzw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Currently all SEV/SEV-ES functionality is managed through a single 'sev-guest' QOM type. With upcoming support for SEV-SNP, taking this same approach won't work well since some of the properties/state managed by 'sev-guest' is not applicable to SEV-SNP, which will instead rely on a new QOM type with its own set of properties/state. To prepare for this, this patch moves common state into an abstract 'sev-common' parent type to encapsulate properties/state that is common to both SEV/SEV-ES and SEV-SNP, leaving only SEV/SEV-ES-specific properties/state in the current 'sev-guest' type. This should not affect current behavior or command-line options. As part of this patch, some related changes are also made: - a static 'sev_guest' variable is currently used to keep track of the 'sev-guest' instance. SEV-SNP would similarly introduce an 'sev_snp_guest' static variable. But these instances are now available via qdev_get_machine()->cgs, so switch to using that instead and drop the static variable. - 'sev_guest' is currently used as the name for the static variable holding a pointer to the 'sev-guest' instance. Re-purpose the name as a local variable referring the 'sev-guest' instance, and use that consistently throughout the code so it can be easily distinguished from sev-common/sev-snp-guest instances. - 'sev' is generally used as the name for local variables holding a pointer to the 'sev-guest' instance. In cases where that now points to common state, use the name 'sev_common'; in cases where that now points to state specific to 'sev-guest' instance, use the name 'sev_guest' Signed-off-by: Michael Roth --- qapi/qom.json | 34 +++-- target/i386/sev.c | 329 +++++++++++++++++++++++++++------------------- 2 files changed, 214 insertions(+), 149 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index a25616bc7a..211e083727 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -735,12 +735,29 @@ 'data': { '*filename': 'str' } } ## -# @SevGuestProperties: +# @SevCommonProperties: # -# Properties for sev-guest objects. +# Properties common to objects that are derivatives of sev-common. # # @sev-device: SEV device to use (default: "/dev/sev") # +# @cbitpos: C-bit location in page table entry (default: 0) +# +# @reduced-phys-bits: number of bits in physical addresses that become +# unavailable when SEV is enabled +# +# Since: 2.12 +## +{ 'struct': 'SevCommonProperties', + 'data': { '*sev-device': 'str', + '*cbitpos': 'uint32', + 'reduced-phys-bits': 'uint32' } } + +## +# @SevGuestProperties: +# +# Properties for sev-guest objects. +# # @dh-cert-file: guest owners DH certificate (encoded with base64) # # @session-file: guest owners session parameters (encoded with base64) @@ -749,21 +766,14 @@ # # @handle: SEV firmware handle (default: 0) # -# @cbitpos: C-bit location in page table entry (default: 0) -# -# @reduced-phys-bits: number of bits in physical addresses that become -# unavailable when SEV is enabled -# # Since: 2.12 ## { 'struct': 'SevGuestProperties', - 'data': { '*sev-device': 'str', - '*dh-cert-file': 'str', + 'base': 'SevCommonProperties', + 'data': { '*dh-cert-file': 'str', '*session-file': 'str', '*policy': 'uint32', - '*handle': 'uint32', - '*cbitpos': 'uint32', - 'reduced-phys-bits': 'uint32' } } + '*handle': 'uint32' } } ## # @ObjectType: diff --git a/target/i386/sev.c b/target/i386/sev.c index 83df8c09f6..6acebfbd53 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -34,6 +34,8 @@ #include "exec/confidential-guest-support.h" #include "hw/i386/pc.h" +#define TYPE_SEV_COMMON "sev-common" +OBJECT_DECLARE_SIMPLE_TYPE(SevCommonState, SEV_COMMON) #define TYPE_SEV_GUEST "sev-guest" OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) @@ -48,32 +50,38 @@ OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) * -object sev-guest,id=sev0 \ * -machine ...,memory-encryption=sev0 */ -struct SevGuestState { +struct SevCommonState { ConfidentialGuestSupport parent_obj; /* configuration parameters */ char *sev_device; - uint32_t policy; - char *dh_cert_file; - char *session_file; uint32_t cbitpos; uint32_t reduced_phys_bits; /* runtime state */ - uint32_t handle; uint8_t api_major; uint8_t api_minor; uint8_t build_id; uint64_t me_mask; int sev_fd; SevState state; - gchar *measurement; uint32_t reset_cs; uint32_t reset_ip; bool reset_data_valid; }; +struct SevGuestState { + SevCommonState sev_common; + gchar *measurement; + + /* configuration parameters */ + uint32_t handle; + uint32_t policy; + char *dh_cert_file; + char *session_file; +}; + #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -83,7 +91,6 @@ typedef struct __attribute__((__packed__)) SevInfoBlock { uint32_t reset_addr; } SevInfoBlock; -static SevGuestState *sev_guest; static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { @@ -164,21 +171,21 @@ fw_error_to_str(int code) } static bool -sev_check_state(const SevGuestState *sev, SevState state) +sev_check_state(const SevCommonState *sev_common, SevState state) { - assert(sev); - return sev->state == state ? true : false; + assert(sev_common); + return sev_common->state == state ? true : false; } static void -sev_set_guest_state(SevGuestState *sev, SevState new_state) +sev_set_guest_state(SevCommonState *sev_common, SevState new_state) { assert(new_state < SEV_STATE__MAX); - assert(sev); + assert(sev_common); - trace_kvm_sev_change_state(SevState_str(sev->state), + trace_kvm_sev_change_state(SevState_str(sev_common->state), SevState_str(new_state)); - sev->state = new_state; + sev_common->state = new_state; } static void @@ -245,67 +252,85 @@ static struct RAMBlockNotifier sev_ram_notifier = { .ram_block_removed = sev_ram_block_removed, }; -static void -sev_guest_finalize(Object *obj) +static char * +sev_common_get_sev_device(Object *obj, Error **errp) { + return g_strdup(SEV_COMMON(obj)->sev_device); } -static char * -sev_guest_get_session_file(Object *obj, Error **errp) +static void +sev_common_set_sev_device(Object *obj, const char *value, Error **errp) { - SevGuestState *s = SEV_GUEST(obj); + SEV_COMMON(obj)->sev_device = g_strdup(value); +} - return s->session_file ? g_strdup(s->session_file) : NULL; +static void +sev_common_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_str(oc, "sev-device", + sev_common_get_sev_device, + sev_common_set_sev_device); + object_class_property_set_description(oc, "sev-device", + "SEV device to use"); } static void -sev_guest_set_session_file(Object *obj, const char *value, Error **errp) +sev_common_instance_init(Object *obj) { - SevGuestState *s = SEV_GUEST(obj); + SevCommonState *sev_common = SEV_COMMON(obj); + + sev_common->sev_device = g_strdup(DEFAULT_SEV_DEVICE); - s->session_file = g_strdup(value); + object_property_add_uint32_ptr(obj, "cbitpos", &sev_common->cbitpos, + OBJ_PROP_FLAG_READWRITE); + object_property_add_uint32_ptr(obj, "reduced-phys-bits", + &sev_common->reduced_phys_bits, + OBJ_PROP_FLAG_READWRITE); } +/* sev guest info common to sev/sev-es/sev-snp */ +static const TypeInfo sev_common_info = { + .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT, + .name = TYPE_SEV_COMMON, + .instance_size = sizeof(SevCommonState), + .class_init = sev_common_class_init, + .instance_init = sev_common_instance_init, + .abstract = true, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + static char * sev_guest_get_dh_cert_file(Object *obj, Error **errp) { - SevGuestState *s = SEV_GUEST(obj); - - return g_strdup(s->dh_cert_file); + return g_strdup(SEV_GUEST(obj)->dh_cert_file); } static void sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) { - SevGuestState *s = SEV_GUEST(obj); - - s->dh_cert_file = g_strdup(value); + SEV_GUEST(obj)->dh_cert_file = g_strdup(value); } static char * -sev_guest_get_sev_device(Object *obj, Error **errp) +sev_guest_get_session_file(Object *obj, Error **errp) { - SevGuestState *sev = SEV_GUEST(obj); + SevGuestState *sev_guest = SEV_GUEST(obj); - return g_strdup(sev->sev_device); + return sev_guest->session_file ? g_strdup(sev_guest->session_file) : NULL; } static void -sev_guest_set_sev_device(Object *obj, const char *value, Error **errp) +sev_guest_set_session_file(Object *obj, const char *value, Error **errp) { - SevGuestState *sev = SEV_GUEST(obj); - - sev->sev_device = g_strdup(value); + SEV_GUEST(obj)->session_file = g_strdup(value); } static void sev_guest_class_init(ObjectClass *oc, void *data) { - object_class_property_add_str(oc, "sev-device", - sev_guest_get_sev_device, - sev_guest_set_sev_device); - object_class_property_set_description(oc, "sev-device", - "SEV device to use"); object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, sev_guest_set_dh_cert_file); @@ -321,80 +346,88 @@ sev_guest_class_init(ObjectClass *oc, void *data) static void sev_guest_instance_init(Object *obj) { - SevGuestState *sev = SEV_GUEST(obj); + SevGuestState *sev_guest = SEV_GUEST(obj); - sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE); - sev->policy = DEFAULT_GUEST_POLICY; - object_property_add_uint32_ptr(obj, "policy", &sev->policy, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "handle", &sev->handle, + sev_guest->policy = DEFAULT_GUEST_POLICY; + object_property_add_uint32_ptr(obj, "handle", &sev_guest->handle, OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "reduced-phys-bits", - &sev->reduced_phys_bits, + object_property_add_uint32_ptr(obj, "policy", &sev_guest->policy, OBJ_PROP_FLAG_READWRITE); } -/* sev guest info */ +/* guest info specific sev/sev-es */ static const TypeInfo sev_guest_info = { - .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT, + .parent = TYPE_SEV_COMMON, .name = TYPE_SEV_GUEST, .instance_size = sizeof(SevGuestState), - .instance_finalize = sev_guest_finalize, - .class_init = sev_guest_class_init, .instance_init = sev_guest_instance_init, - .interfaces = (InterfaceInfo[]) { - { TYPE_USER_CREATABLE }, - { } - } + .class_init = sev_guest_class_init, }; bool sev_enabled(void) { - return !!sev_guest; + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } bool sev_es_enabled(void) { - return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES); + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint64_t sev_get_me_mask(void) { - return sev_guest ? sev_guest->me_mask : ~0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->me_mask : ~0; } uint32_t sev_get_cbit_position(void) { - return sev_guest ? sev_guest->cbitpos : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->cbitpos : 0; } uint32_t sev_get_reduced_phys_bits(void) { - return sev_guest ? sev_guest->reduced_phys_bits : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->reduced_phys_bits : 0; } SevInfo * sev_get_info(void) { SevInfo *info; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), + TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - info->api_major = sev_guest->api_major; - info->api_minor = sev_guest->api_minor; - info->build_id = sev_guest->build_id; - info->policy = sev_guest->policy; - info->state = sev_guest->state; - info->handle = sev_guest->handle; + if (sev_guest) { + info->handle = sev_guest->handle; + } + info->api_major = sev_common->api_major; + info->api_minor = sev_common->api_minor; + info->build_id = sev_common->build_id; + info->state = sev_common->state; + /* we only report the lower 32-bits of policy for SNP, ok for now... */ + info->policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); } return info; @@ -452,6 +485,8 @@ sev_get_capabilities(Error **errp) size_t pdh_len = 0, cert_chain_len = 0; uint32_t ebx; int fd; + SevCommonState *sev_common; + char *sev_device; if (!kvm_enabled()) { error_setg(errp, "KVM not enabled"); @@ -462,12 +497,21 @@ sev_get_capabilities(Error **errp) return NULL; } - fd = open(DEFAULT_SEV_DEVICE, O_RDWR); + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + if (!sev_common) { + error_setg(errp, "SEV is not configured"); + } + + sev_device = object_property_get_str(OBJECT(sev_common), "sev-device", + &error_abort); + fd = open(sev_device, O_RDWR); if (fd < 0) { error_setg_errno(errp, errno, "Failed to open %s", DEFAULT_SEV_DEVICE); + g_free(sev_device); return NULL; } + g_free(sev_device); if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, &cert_chain_data, &cert_chain_len, errp)) { @@ -499,7 +543,7 @@ sev_get_attestation_report(const char *mnonce, Error **errp) { struct kvm_sev_attestation_report input = {}; SevAttestationReport *report = NULL; - SevGuestState *sev = sev_guest; + SevCommonState *sev_common; guchar *data; guchar *buf; gsize len; @@ -525,8 +569,10 @@ sev_get_attestation_report(const char *mnonce, Error **errp) return NULL; } + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + /* Query the report length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret < 0) { if (err != SEV_RET_INVALID_LEN) { @@ -542,7 +588,7 @@ sev_get_attestation_report(const char *mnonce, Error **errp) memcpy(input.mnonce, buf, sizeof(input.mnonce)); /* Query the report */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret) { error_setg_errno(errp, errno, "Failed to get attestation report" @@ -579,28 +625,29 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) } static int -sev_launch_start(SevGuestState *sev) +sev_launch_start(SevGuestState *sev_guest) { gsize sz; int ret = 1; int fw_error, rc; struct kvm_sev_launch_start *start; guchar *session = NULL, *dh_cert = NULL; + SevCommonState *sev_common = SEV_COMMON(sev_guest); start = g_new0(struct kvm_sev_launch_start, 1); - start->handle = sev->handle; - start->policy = sev->policy; - if (sev->session_file) { - if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + start->handle = sev_guest->handle; + start->policy = sev_guest->policy; + if (sev_guest->session_file) { + if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { goto out; } start->session_uaddr = (unsigned long)session; start->session_len = sz; } - if (sev->dh_cert_file) { - if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + if (sev_guest->dh_cert_file) { + if (sev_read_file_base64(sev_guest->dh_cert_file, &dh_cert, &sz) < 0) { goto out; } start->dh_uaddr = (unsigned long)dh_cert; @@ -608,15 +655,15 @@ sev_launch_start(SevGuestState *sev) } trace_kvm_sev_launch_start(start->policy, session, dh_cert); - rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); if (rc < 0) { error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); goto out; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); - sev->handle = start->handle; + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + sev_guest->handle = start->handle; ret = 0; out: @@ -627,7 +674,7 @@ out: } static int -sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) +sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { int ret, fw_error; struct kvm_sev_launch_update_data update; @@ -639,7 +686,7 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) update.uaddr = (__u64)(unsigned long)addr; update.len = len; trace_kvm_sev_launch_update_data(addr, len); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, &update, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", @@ -650,11 +697,12 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) } static int -sev_launch_update_vmsa(SevGuestState *sev) +sev_launch_update_vmsa(SevGuestState *sev_guest) { int ret, fw_error; - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, + NULL, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); @@ -666,18 +714,19 @@ sev_launch_update_vmsa(SevGuestState *sev) static void sev_launch_get_measure(Notifier *notifier, void *unused) { - SevGuestState *sev = sev_guest; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = SEV_GUEST(sev_common); int ret, error; guchar *data; struct kvm_sev_launch_measure *measurement; - if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { return; } if (sev_es_enabled()) { /* measure all the VM save areas before getting launch_measure */ - ret = sev_launch_update_vmsa(sev); + ret = sev_launch_update_vmsa(sev_guest); if (ret) { exit(1); } @@ -686,7 +735,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) measurement = g_new0(struct kvm_sev_launch_measure, 1); /* query the measurement blob length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, measurement, &error); if (!measurement->len) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -698,7 +747,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) measurement->uaddr = (unsigned long)data; /* get the measurement blob */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, measurement, &error); if (ret) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -706,11 +755,11 @@ sev_launch_get_measure(Notifier *notifier, void *unused) goto free_data; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_SECRET); /* encode the measurement value and emit the event */ - sev->measurement = g_base64_encode(data, measurement->len); - trace_kvm_sev_launch_measurement(sev->measurement); + sev_guest->measurement = g_base64_encode(data, measurement->len); + trace_kvm_sev_launch_measurement(sev_guest->measurement); free_data: g_free(data); @@ -721,8 +770,10 @@ free_measurement: char * sev_get_launch_measurement(void) { + SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); + if (sev_guest && - sev_guest->state >= SEV_STATE_LAUNCH_SECRET) { + SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { return g_strdup(sev_guest->measurement); } @@ -734,20 +785,21 @@ static Notifier sev_machine_done_notify = { }; static void -sev_launch_finish(SevGuestState *sev) +sev_launch_finish(SevGuestState *sev_guest) { int ret, error; Error *local_err = NULL; trace_kvm_sev_launch_finish(); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, + &error); if (ret) { error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(error)); exit(1); } - sev_set_guest_state(sev, SEV_STATE_RUNNING); + sev_set_guest_state(SEV_COMMON(sev_guest), SEV_STATE_RUNNING); /* add migration blocker */ error_setg(&sev_mig_blocker, @@ -763,26 +815,25 @@ sev_launch_finish(SevGuestState *sev) static void sev_vm_state_change(void *opaque, bool running, RunState state) { - SevGuestState *sev = opaque; + SevCommonState *sev_common = opaque; if (running) { - if (!sev_check_state(sev, SEV_STATE_RUNNING)) { - sev_launch_finish(sev); + if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { + sev_launch_finish(SEV_GUEST(sev_common)); } } } int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { - SevGuestState *sev - = (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); + SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; int ret, fw_error, cmd; uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status = {}; - if (!sev) { + if (!sev_common) { return 0; } @@ -792,29 +843,28 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return -1; } - sev_guest = sev; - sev->state = SEV_STATE_UNINIT; + sev_common->state = SEV_STATE_UNINIT; host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); host_cbitpos = ebx & 0x3f; - if (host_cbitpos != sev->cbitpos) { + if (host_cbitpos != sev_common->cbitpos) { error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", - __func__, host_cbitpos, sev->cbitpos); + __func__, host_cbitpos, sev_common->cbitpos); goto err; } - if (sev->reduced_phys_bits < 1) { + if (sev_common->reduced_phys_bits < 1) { error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1," - " requested '%d'", __func__, sev->reduced_phys_bits); + " requested '%d'", __func__, sev_common->reduced_phys_bits); goto err; } - sev->me_mask = ~(1UL << sev->cbitpos); + sev_common->me_mask = ~(1UL << sev_common->cbitpos); - devname = object_property_get_str(OBJECT(sev), "sev-device", NULL); - sev->sev_fd = open(devname, O_RDWR); - if (sev->sev_fd < 0) { + devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); + sev_common->sev_fd = open(devname, O_RDWR); + if (sev_common->sev_fd < 0) { error_setg(errp, "%s: Failed to open %s '%s'", __func__, devname, strerror(errno)); g_free(devname); @@ -822,7 +872,7 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } g_free(devname); - ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status, + ret = sev_platform_ioctl(sev_common->sev_fd, SEV_PLATFORM_STATUS, &status, &fw_error); if (ret) { error_setg(errp, "%s: failed to get platform status ret=%d " @@ -830,9 +880,9 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) fw_error_to_str(fw_error)); goto err; } - sev->build_id = status.build; - sev->api_major = status.api_major; - sev->api_minor = status.api_minor; + sev_common->build_id = status.build; + sev_common->api_major = status.api_major; + sev_common->api_minor = status.api_minor; if (sev_es_enabled()) { if (!kvm_kernel_irqchip_allowed()) { @@ -853,14 +903,14 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); if (ret) { error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); goto err; } - ret = sev_launch_start(sev); + ret = sev_launch_start(SEV_GUEST(sev_common)); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; @@ -868,13 +918,12 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); - qemu_add_vm_change_state_handler(sev_vm_state_change, sev); + qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; return 0; err: - sev_guest = NULL; ram_block_discard_disable(false); return -1; } @@ -882,13 +931,15 @@ err: int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { - if (!sev_guest) { + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + if (!sev_common) { return 0; } /* if SEV is in update state then encrypt the data else do nothing */ - if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(sev_guest, ptr, len); + if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { + int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); if (ret < 0) { error_setg(errp, "failed to encrypt pflash rom"); return ret; @@ -907,16 +958,17 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, void *hva; gsize hdr_sz = 0, data_sz = 0; MemoryRegion *mr = NULL; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - if (!sev_guest) { + if (!sev_common) { error_setg(errp, "SEV: SEV not enabled."); return 1; } /* secret can be injected only in this state */ - if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_SECRET)) { error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", - sev_guest->state); + sev_common->state); return 1; } @@ -950,7 +1002,7 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, input.trans_uaddr, input.trans_len); - ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_SECRET, &input, &error); if (ret) { error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'", @@ -1026,9 +1078,10 @@ void sev_es_set_reset_vector(CPUState *cpu) { X86CPU *x86; CPUX86State *env; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); /* Only update if we have valid reset information */ - if (!sev_guest || !sev_guest->reset_data_valid) { + if (!sev_common || !sev_common->reset_data_valid) { return; } @@ -1040,11 +1093,11 @@ void sev_es_set_reset_vector(CPUState *cpu) x86 = X86_CPU(cpu); env = &x86->env; - cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff, + cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_common->reset_cs, 0xffff, DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK); - env->eip = sev_guest->reset_ip; + env->eip = sev_common->reset_ip; } int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) @@ -1052,6 +1105,7 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) CPUState *cpu; uint32_t addr; int ret; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); if (!sev_es_enabled()) { return 0; @@ -1065,9 +1119,9 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) } if (addr) { - sev_guest->reset_cs = addr & 0xffff0000; - sev_guest->reset_ip = addr & 0x0000ffff; - sev_guest->reset_data_valid = true; + sev_common->reset_cs = addr & 0xffff0000; + sev_common->reset_ip = addr & 0x0000ffff; + sev_common->reset_data_valid = true; CPU_FOREACH(cpu) { sev_es_set_reset_vector(cpu); @@ -1080,6 +1134,7 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) static void sev_register_types(void) { + type_register_static(&sev_common_info); type_register_static(&sev_guest_info); } From patchwork Thu Aug 26 22:26:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460821 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBC44C4320E for ; Thu, 26 Aug 2021 22:27:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A249E60FD9 for ; Thu, 26 Aug 2021 22:27:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243798AbhHZW2H (ORCPT ); Thu, 26 Aug 2021 18:28:07 -0400 Received: from mail-dm6nam11hn2233.outbound.protection.outlook.com ([52.100.172.233]:31201 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243782AbhHZW2G (ORCPT ); Thu, 26 Aug 2021 18:28:06 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZD+7uAwFjQFjhz7Ud5tXjWEarlz8Jw2nboU/oM+atEGPpku4aPYdC49QhgdLAEQSJAnMXxohgi4K4XQrTFokC9UdNsec/3VL5vnkGc500sjOMz7UK1+ywQyLlHCAmU5WWfhU8r2RmatI+EhLrTPIVz3ff6RYqiwPZspWNxTtMSaw1OvMnCwkyfUpoymei08p2AI8UyE45bLENiG6Oqrp5G92n/2UFWMVcAzX6G/7CNzhKQIfcF4mrIdIz+1vp1N5a0R0N4fvngsAxyBahGSQwl9n7PCJUc0BqvX0yadZPq6oF9fQ4j8416oadQRYfFLZTqjyzv6tD6k77NTY3EJ1PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3tbrnU0fAGnEbABwEPtmLIcEawn8/MPqs/GziiJfE5E=; b=n9stnis5MOOjvzf5uyhYSmnNxqymoKI/LMm1o/IbXXW6qJcGabdt9jRkWIef5w8d5R9gnKZa8IedwzMOgESoFmDzlaNVZZFN8ohyKLk2UAZmmivaNvqpO/MMEGy15eerGrcfW2Jnm10uiXHIT8b4Wkgstmdtqiq9WyOxUJQa1x3dBCKdvrI7Ge98V0KR+2ZmaaVkSQ3utqA4K6TlKvjTot6KZ4S9/uB79TJHalj3dIyYQyG2falBwKsITF2f44f9T7nDNJtUSTrSXeamsYVPX5Pudy3Nm4JUuw5md/3c2Xf0qXb+ukx76gUwlt5dpALqIHZ1Pq6EdGkuceOHPAcOBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3tbrnU0fAGnEbABwEPtmLIcEawn8/MPqs/GziiJfE5E=; b=ex4qtR05xFeS2TrqU0kRqQ2MMXh81ISXFXap/g9G6k6gGO5RrE6BeK/QhYAl5aBtTGmhbzEiIxxuCyO8Y4Z0yDXdcJyFyfYG9034bNpM49ebnu/lM4ffsW6RwbAOBRcd8Suta36sEypjdtskcKfhNX7C51s3O7Qf4kdPh5kPOEM= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:17 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:17 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 02/12] linux-header: add the SNP specific command Date: Thu, 26 Aug 2021 17:26:17 -0500 Message-Id: <20210826222627.3556-3-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA9P221CA0006.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::11) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA9P221CA0006.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Thu, 26 Aug 2021 22:27:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5fbecdda-2926-465b-0f20-08d968e0a99e X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:792; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3RfVDJlwljEM0MSDJ7UqoKt0oryLsTPnVEaAW56EYV1bapiasOvn4AHDgli73lTj/U5w1+DuBFAyJvmuW8fJoZQ93u6BogcAyBkmy0F6GVkx0wzc3ZvBXEt4m/HH7DYGg7lAmVbW64KV7bxr8QMafedwj8O6m5MEW9ouJTbK1a8oIIfRf3CxwKz7aZvM66i3cQn1hbhj5f9mZed6A8yhDlaG/AZfEwIzyuzZq3Vt5RfpASHDfkFa++KJ2VpeXFtulCAQ3j/cKI7Cctz7+NvsaSauygAz0EWshRU02/F5UrlzfG0GdoMrMH/ATP+G+IjrYO2cppxNcSsDd9kZYQ5J9Q7eJ0e93HAWMhDUINfHOq9TjJK7RvDGTuZvQYOuk4qlrEbJqtnvV+XJB6HCAVAkezXDofY1Y3QBjEKhFGcxotcGtzgUJN5HyHfCmtavfBzdkyAatlrzTvJzygx2IZwKbA/NRAaJ2Gm4nxJAY44wbatTPdlQYlBwl3CKSa4cGmtZkXAmls9hrRUa+/pu289LqLjiRJzB+HcV/GOZjVHCk2cnyOkcPt4XEIgUCqFgSp/N5QAr1XWc1iqubDcERhU0Q0aCEABd5MyOzgVUGHAUwz5NgMHyUgguY8y9wWR9+fhcgSqZTUaWlTTrHD5tWXRuRPDpzb4bjyTK8hXn7PS0ztuGZs1kxd9uz+PycJojP4NDWXwtGDadTIhPrqu40bxsaQBK5BZZW1UTgP+lYvKOC09mB/ln0ni675GyoOvF+zz9OnGU07E8AaV3cezobpiibdqHYF7+tgW/Uk8KdGpBvIiWUEmRf6mPcv0NFXOD67TNe93eQ2McNiDkRoKWV7JEGCJ5OK0FQQ2gmE44hujbHs0SIZByH47y0P5d8jQg/nzBS7IRJ5ILf1fwm9gcvBAFAmAGeXBR/AxFNjgdz5kuyg55yYtXIjvAs7uYto0ewTG6sN5H6M7itz3wA1hxkjTrCyO08U1gl2JM2mzT1SXmSL6zZzAoVrVJSb+J5vMe1MQ/KvKo7xM1+gZOOI98WvcDcyGRiwmZKMEu7dIsaIBcLr0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: FCAoXrfGgSVlUlXCRtJCpSfaeOxifvIDJNJaDORtfsshP7ulT3fsa/N3KdxwtqMvA0VsYroiqVoSUuLjdwQXVFFToINCINyPl4Gbc7iSWQ2GA+UZ8ilcMjCur4/NK2vgbolUulUzh4TCzQyNc+8M3dHHXLoO3Yk4WtKCV4k+bYA/ArGUh4d5tCuzp39DhYuHBp/E3q2RnEkEgIbs9DRrREZarzww0S6lc8UHb+oj41FL92lGOfanzvCN3KEuGzkJ2KsxC7RUqP8bRKnR9tRrl7f2/wxftmMf8pNx9qzzzeKqRha6zOWxVAkD52BolFYr6xC9Ukk5zB81sguX8yBPUl6ja4Oul0EfG/AuMwjZJUJu+9jJAXf8YSIkosmC6pWsBmqLuOwQtE0OS5fQoI9QnzuwGslWpg90NP5zi+G/xx0evpHfTl6DrLf+ENI8GHNuhminv27JJlnM9PaiZiF1vplPUieoS/rgfcUfUPbhkVnAhg2/bthZkUQMW0M/r/eHx1KLG6ScRv1v+5z3BnJMB4s192ms+ssJAk4d1N+U3uzML4UC1NtpG+sLFsd9kduXS5YwPjDw9KMb3t13yZ80Lz9wMfu7jhQRwLQKcQUk2DCGm+J76zFDqoLrqxQWYDgyt6thAYMVEMnHW5JEUTweK0PjCPNK+dRW7V86TFJxi4edrPYgScxxHMH2ymxhNuR4wmj16W9eU1+XVP6BjO8SrR2ce7Pl9rxXo949pm2+d1GeR1f7FRlHyIHkZmlQWSsXbPsaZrtYEW22kjRKHLj1R+oCLaj6dSl17Vo+Rc2tMxr7+Tfn8c1i2mqrzIame8seliJzJGgB+mGYsCtqhzzgUHcyBQC+VT5lDTcta0nNNE7/7v+Us7wYXAi2VWvGWDK28A4ImRTGl+rKERo3r0Eym2/7b5cOPZPux5/N+eSrxJs8JyTW+98F720ez1jOX/ryEpLuZjXMX+hzyi4cVzgTJgOGF1FykraLdbTd+EabN0ryaI+HOZN5gRYOdNTR7r7VRG7u0IFU8/8nQtIi8UPbNKjBYEKVObgQALwGUP+qAur1yscQqW8l3l/dOqIwU43/akEsYwGVy5aXNw32XdK7acqXv+/tY2shPU2/X9guo0o8wOA4nz8iqk7YTsGu47PzDIZCeMbS8OOslITrcLPG6DR1eoLSDyjuEZj1IzkdyBkVmhtsQSRwYHTPgH1F3uZPUn6nqXPEfZLgvkcf7g4NTwOMY0vc5NtE011BztrMAYG7o08ZQCnfN5RXETGRRGkd4bF4+feCM0KfyRsBTFB2HYC/V7FBZS8muYQczgqatIXFZv7fzxbyg2BrSB4X6eIp X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5fbecdda-2926-465b-0f20-08d968e0a99e X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:17.8641 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: yoShWYhdFy5uThsDsCkx6cw23xSJCHfTzFwLB2eGD0MWpCws9w1gGJ75HzTIlGuffkzMssDyngCGNMD9z+IyOQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh Sync the kvm.h with the kernel to include the SNP specific commands. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- linux-headers/linux/kvm.h | 50 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index bcaf66cc4d..486c12b4f7 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -1712,6 +1712,12 @@ enum sev_cmd_id { /* Guest Migration Extension */ KVM_SEV_SEND_CANCEL, + /* SNP specific commands */ + KVM_SEV_SNP_INIT, + KVM_SEV_SNP_LAUNCH_START, + KVM_SEV_SNP_LAUNCH_UPDATE, + KVM_SEV_SNP_LAUNCH_FINISH, + KVM_SEV_NR_MAX, }; @@ -1808,6 +1814,50 @@ struct kvm_sev_receive_update_data { __u32 trans_len; }; +struct kvm_snp_init { + __u64 flags; +}; + +struct kvm_sev_snp_launch_start { + __u64 policy; + __u64 ma_uaddr; + __u8 ma_en; + __u8 imi_en; + __u8 gosvw[16]; + __u8 pad[6]; +}; + +#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1 +#define KVM_SEV_SNP_PAGE_TYPE_VMSA 0x2 +#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3 +#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4 +#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5 +#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6 + +struct kvm_sev_snp_launch_update { + __u64 start_gfn; + __u64 uaddr; + __u32 len; + __u8 imi_page; + __u8 page_type; + __u8 vmpl3_perms; + __u8 vmpl2_perms; + __u8 vmpl1_perms; +}; + +#define KVM_SEV_SNP_ID_BLOCK_SIZE 96 +#define KVM_SEV_SNP_ID_AUTH_SIZE 4096 +#define KVM_SEV_SNP_FINISH_DATA_SIZE 32 + +struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE]; + __u8 pad[6]; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Aug 26 22:26:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460823 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B7F6C43216 for ; Thu, 26 Aug 2021 22:27:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 01F8260FD9 for ; Thu, 26 Aug 2021 22:27:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243801AbhHZW2K (ORCPT ); Thu, 26 Aug 2021 18:28:10 -0400 Received: from mail-bn8nam12hn2241.outbound.protection.outlook.com ([52.100.165.241]:35809 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243799AbhHZW2J (ORCPT ); Thu, 26 Aug 2021 18:28:09 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bWYTN6xLON8vWjQDWxRFwtGaf0y/dIVZsdsZOrewHcLctQMqqtimDs5N9PWRsYLQiKiC47rZu2lbJCYJ52mWeeXhgNBtFzJQvp0PmOJrvtxEgB/DyXiUo4jyVTHYUrB/wKPXC8MYGgNV+bRb/0H+CdOWksZCED2p7AnFAj+k4QwQhasSKiAKrRzuifn/pfDh2/Lb6ipGY0+2SNiJ5N6mHLwlquuA6fpx2m39bvU8eJRgKs4hUfZZK3os7K9DO8ksGz+2n9VF2cDMTr3mlKfpslp0xZmdDic/V37LEvUyNyRYzfDML3EuAxo3/x3aOpNcLLgjSiwoHHX8M0BNZunHzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HV7v0NmLhzPtEFGMzP5rFBe6CQyNABf3k+MF8AZqoyA=; b=R84kpH9UjFC6u3XA3x57zUGA4Cxki/H8Ez9iljqk5hTmUM5Lvzq57IfeknC0R9BSP9NFauQGa5zJgR1Ea/m0y72TUhvQdwo4cwflSB1vJ4bWKC5b+97937bPNfOetIb+7z9eUFE5FV8333CU+w14LPcNe3ID2lSOfoh3hiBfDR1xx5m+6PE9Mkej0quJ9KW7dUu/OEsmVY6wRiTsD3ILjCXArx2AdRrwoYx2gtwwLZZraw13F/iNQ72022oT6U+Au5AQvU/YmD0uO+HAad90iFx4oRqbT9SgaX47ULv2zId1CXM9p0Dqljrz35L6nSZiidVS7AiSdkXQv5Yhmj5QYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HV7v0NmLhzPtEFGMzP5rFBe6CQyNABf3k+MF8AZqoyA=; b=Xoj1wjdFBAcNfZsh4rnQCL0MAWhFK58HxX2opWXO5rYsIOElq7ffZxvu4io/T99n3ZTrJ0JfcV+qs+L8DLBwYV16rkElEweMBqfdUn7EtrYMmqnJ9DnnoUXZBgMUrX6kyP3UE6oqebYccagLocDzvmsgif9yJTzJPAhoV6ha75Y= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:19 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:19 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 03/12] i386/sev: introduce 'sev-snp-guest' object Date: Thu, 26 Aug 2021 17:26:18 -0500 Message-Id: <20210826222627.3556-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA9P221CA0003.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::8) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA9P221CA0003.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.21 via Frontend Transport; Thu, 26 Aug 2021 22:27:19 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 21bf55d1-ce56-42c8-06c8-08d968e0aac4 X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kBmCEaAkZ7L+2a7OyyIQqYmFwP9kimjRY9uaQmdz0XkZ7r9oc9X1Bb3kMnY/oKWXuyl6MdZpa6JnJjy0B7JJmR2BmIYaRo063B/sbchO5X188aZWHX28Xu7i0WnV43EVuMfclqm6enJ5RYRZ7KLhO5HVaIzg3uiSC411xlpKsLwaLe67jknJ6pZRLmyX6g/y1dRpkXb9wEe8gXkMGXuEWBBUBrEeq54ZcHBpDQklcQz4XoMGeOIjlPjJX87YsXcq1gOnTDxq2J7vSl7ag9P9nehrRDEtNu3Mz2EIu5v3phwPj/4W6m+lg2Q/5E/lGyQ1zlbhMr3EHBGuxna1ki5YcGxTOLWQ3lY4D5VrsmOVpM8OR2PnvFsiLeYNvzbNjywDBQ1+dbTuHDToOSBtK0ILi7cae3e7cn4eh4G++AetYy6f6xdcX2VcIZvWdqS9MJpDO9rWObJDCh0nBHIzL/E3Ty0CUDJ01CluGMbxFBj8akG33DOEsnaTRjSOMUuij/rK1MiyPVloCymg0iXC2Q8RT2+aBSYI1FdgS5KMLHCaBw+6hZL+LjQaH6sJYFnQp+mfb5wxGI0wN/lbQLzL+1G8lJzPJoX22Ets43bnh+Vy++wNKStvDTbSXDJTMDMIVtIK7s+3jei0hndptH4I24kRly1I16XrmQ8CwYEBt/oPzDhKYxmQORCyhP3Fjq9kB/EivoKuOqqNSZJOHDo+XsQQgZS1X9OCwgzzSzeYV12KlALQq1Ft3oDkc8kwI1LW4Z/DbYfjchcTuV+JxxgwP1zDXuXxy5qDdiiqZLPbrliluNyQvsZ6dsGBwQRPySBONSFGGLLrVT1WNzMw0xZtSbeXadOZX9TFkevEpgF0W2cy2t0kTHlFvs+riMIkbFq+a5zD7/3ngCE9aaDbOoisE+lz4xAHMuR2dcDBpuObgHEy6UpjM3Gi7X7hi6wznjJGmKPPJd8JvQOIMG3gsjuNdDkio/AN9y2MMtC9yg1Gnq06Xsiz1wEAzzWZHO4bsjI03Ow83Et1XFL6f9mgMO7zprOpHZqk30ky9vS+JAocALsubPY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(66556008)(83380400001)(186003)(30864003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: LjQ5/5nmPQE4r/z9m6AE7O4Mz/F72gA1aRiJxoRrlc7T/SSWjgLavKn9ZOylYUXqR4u9FBJYEy+jBbEqPnuXkpUD6DjJp03iY2lWjrmHp/LCgx+EPQRLWndHxs2E0rHq+am7nGqtXSIfTiEhjJnqmByokz5pGYVXKp6cFX5DfHGqdwDyEb3vEL2p98XlEttWRPAQWihcQ+HZbkkT++rMCeY8yVUiihhU2y6M0d1/Gc8oJORuTKertK6vtbGUCMaHtAwT7uJ0WD6+iywm1Sy34NbwSLcWep+5saSbZnOJmM/oWux8suZTqrWHPd5DWBS5VvSLle4uhEjuz+H07u7ir6raKrntI6/iNu8zbpE0MOt9LkB/VWWT2+H6Piskx+9rB2O+ay1RdBUfj4zMf26SzKmp4DvtpAT0NQ/tWEswNV/t+OfgcHZND9R+HsZWTyuAn9vJO8WPKBw45tSOdpSV+7tUKO4G840cFgaYbv1Jg2SqylwdqD4Wcuqp2prjcdme6hyh7RhC+6BYth5u+Uq0d05e1HqxkY24MAKgIKwW37vbTmO7jlndXYQZYfrUP6H6OTXWPcgWGVDj7/3SNlwYT8T7GmjFN16UMF5TP8GBVu8xtNVu59Oimxt9bapfjWvLp3qoeBsFszIakVX7mO3pOjTU55H7PsUMM68ZLHaaROTQ/XDxwzrY6C7ilZz36Byrh3OG37P/nKL93gbHAvBHVISsjasfuuUQuQZqts1sje1Rvpb7w98ge7B40uLSahfk9Nlc2aUYF05dHhhHgrSkNhgYOGQQ/nyC2tZ/zTMxvqeOJlv5oxa2GxbvdQ4cxwYGm1LaaoxA7VsGblhSBumgka++v3aXVCp+HWmh3iRLQAacM8x4WvxY+xFGCHhPXco2p3+cdIx9d9XdyNyystJy7phNHUT+eSDxSYwCsL2LpOWomKEWQKff5tyFv/k7m+5GTgYlPVMteVrdDm2OFZjbepVrZnDbt4X5kHBfJOM21h7jhDzT3lJ6oYUCJy3+eW8W54hofYpbZF933rwDePXn4lyrNhOMMh2U38hcKNuO0phlrK0vBq0DYIitZobFBc56RLllFQ4MVEqrkKFNG+MbC1/+URbG/YUpAb/BQodHA150mnmJmcbcYXlpxTtP0C7C/CvmTva5EQoSa5Kq5Qwef8RYy8FTBOE5+GgZICsiBaCmKYLXtBuwkyWPuj5BDU1QroK9cdJi7oMePfvPNc1JDEiac9hRfXre9FbGO/ugolk7Ne6PPJNBvwXAOUvkhIEcprbkxC9ifcnijw/3XkHD3VZohpnAFjaLhiSviaEXR8GxezS7COvkucu8ynBnTfls X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 21bf55d1-ce56-42c8-06c8-08d968e0aac4 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:19.8155 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Z3gzyGPDKyluR+aeoazTi21a7Tt88iQL5fnSO5NyWhdPY326Cbi/XkMC5UyY9LJecKJcOBVN8Y/hcCq5ez3OCg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh SEV-SNP support relies on a different set of properties/state than the existing 'sev-guest' object. This patch introduces the 'sev-snp-guest' object, which can be used to configure an SEV-SNP guest. For example, a default-configured SEV-SNP guest with no additional information passed in for use with attestation: -object sev-snp-guest,id=sev0 or a fully-specified SEV-SNP guest where all spec-defined binary blobs are passed in as base64-encoded strings: -object sev-snp-guest,id=sev0, \ policy=0x30000, \ init-flags=0, \ id-block=YWFhYWFhYWFhYWFhYWFhCg==, \ id-auth=CxHK/OKLkXGn/KpAC7Wl1FSiisWDbGTEKz..., \ auth-key-enabled=on, \ host-data=LNkCWBRC5CcdGXirbNUV1OrsR28s..., \ guest-visible-workarounds=AA==, \ See the QAPI schema updates included in this patch for more usage details. In some cases these blobs may be up to 4096 characters, but this is generally well below the default limit for linux hosts where command-line sizes are defined by the sysconf-configurable ARG_MAX value, which defaults to 2097152 characters for Ubuntu hosts, for example. Co-developed-by: Michael Roth Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- docs/amd-memory-encryption.txt | 77 ++++++++++- qapi/qom.json | 60 ++++++++ target/i386/sev.c | 245 ++++++++++++++++++++++++++++++++- 3 files changed, 379 insertions(+), 3 deletions(-) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index ffca382b5f..0d82e67fa1 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -22,8 +22,8 @@ support for notifying a guest's operating system when certain types of VMEXITs are about to occur. This allows the guest to selectively share information with the hypervisor to satisfy the requested function. -Launching ---------- +Launching (SEV and SEV-ES) +-------------------------- Boot images (such as bios) must be encrypted before a guest can be booted. The MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images: LAUNCH_START, LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands @@ -113,6 +113,79 @@ a SEV-ES guest: - Requires in-kernel irqchip - the burden is placed on the hypervisor to manage booting APs. +Launching (SEV-SNP) +------------------- +Boot images (such as bios) must be encrypted before a guest can be booted. The +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images: +KVM_SNP_INIT, SNP_LAUNCH_START, SNP_LAUNCH_UPDATE, and SNP_LAUNCH_FINISH. These +four commands together generate a fresh memory encryption key for the VM, +encrypt the boot images for a successful launch. + +KVM_SNP_INIT is called first to initialize the SEV-SNP firmware and SNP +features in the KVM. The feature flags value can be provided through the +'init-flags' property of the 'sev-snp-guest' object. + ++------------+-------+----------+---------------------------------+ +| key | type | default | meaning | ++------------+-------+----------+---------------------------------+ +| init_flags | hex | 0 | SNP feature flags | ++-----------------------------------------------------------------+ + +Note: currently the init_flags must be zero. + +SNP_LAUNCH_START is called first to create a cryptographic launch context +within the firmware. To create this context, guest owner must provide a guest +policy and other parameters as described in the SEV-SNP firmware +specification. The launch parameters should be specified as described in the +QAPI schema for the 'sev-snp-guest' object. + +The SNP_LAUNCH_START uses the following parameters (see the SEV-SNP +specification for more details): + ++--------+-------+----------+----------------------------------------------+ +| key | type | default | meaning | ++--------+-------+----------+----------------------------------------------+ +| policy | hex | 0x30000 | a 64-bit guest policy | +| imi_en | bool | 0 | 1 when IMI is enabled | +| ma_end | bool | 0 | 1 when migration agent is used | +| gosvw | string| 0 | 16-byte base64 encoded string for the guest | +| | | | OS visible workaround. | ++--------+-------+----------+----------------------------------------------+ + +SNP_LAUNCH_UPDATE encrypts the memory region using the cryptographic context +created via the SNP_LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calculates +the measurement of the memory contents as it encrypts. + +SNP_LAUNCH_FINISH finalizes the guest launch flow. Optionally, while finalizing +the launch the firmware can perform checks on the launch digest computing +through the SNP_LAUNCH_UPDATE. To perform the check the user must supply +the id block, authentication blob and host data that should be included in the +attestation report. See the SEV-SNP spec for further details. + +The SNP_LAUNCH_FINISH uses the following parameters, which can be configured +by the corresponding parameters documented in the QAPI schema for the +'sev-snp-guest' object. + ++------------+-------+----------+----------------------------------------------+ +| key | type | default | meaning | ++------------+-------+----------+----------------------------------------------+ +| id_block | string| none | base64 encoded ID block | ++------------+-------+----------+----------------------------------------------+ +| id_auth | string| none | base64 encoded authentication information | ++------------+-------+----------+----------------------------------------------+ +| auth_key_en| bool | 0 | auth block contains author key | ++------------+-------+----------+----------------------------------------------+ +| host_data | string| none | host provided data | ++------------+-------+----------+----------------------------------------------+ + +To launch a SEV-SNP guest (additional parameters are documented in the QAPI +schema for the 'sev-snp-guest' object): + +# ${QEMU} \ + -machine ...,confidential-guest-support=sev0 \ + -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 + Debugging ----------- Since the memory contents of a SEV guest are encrypted, hypervisor access to diff --git a/qapi/qom.json b/qapi/qom.json index 211e083727..ea39585026 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -775,6 +775,64 @@ '*policy': 'uint32', '*handle': 'uint32' } } +## +# @SevSnpGuestProperties: +# +# Properties for sev-snp-guest objects. Many of these are direct arguments +# for the SEV-SNP KVM interfaces documented in the linux kernel source +# documentation under 'amd-memory-encryption.rst'. Additional documentation +# is also available in the QEMU source tree under +# 'amd-memory-encryption.rst'. +# +# In addition to those files, please see the SEV-SNP Firmware Specification +# (Rev 0.9) documentation for the SNP_INIT and +# SNP_LAUNCH_{START,UPDATE,FINISH} firmware interfaces, which the KVM +# interfaces are written against. +# +# @init-flags: as documented for the 'flags' parameter of the +# KVM_SNP_INIT KVM command (default: 0) +# +# @policy: as documented for the 'policy' parameter of the +# KVM_SNP_LAUNCH_START KVM command (default: 0x30000) +# +# @guest-visible-workarounds: 16-byte, base64-encoded blob to report +# hypervisor-defined workarounds, as documented +# for the 'gosvm' parameter of the +# KVM_SNP_LAUNCH_START KVM command. +# (default: all-zero) +# +# @id-block: 8-byte, base64-encoded blob to provide the ID Block +# structure documented in SEV-SNP spec, as documented for the +# 'id_block_uaddr' parameter of the KVM_SNP_LAUNCH_FINISH +# command (default: all-zero) +# +# @id-auth: 4096-byte, base64-encoded blob to provide the ID Authentication +# Information Structure documented in SEV-SNP spec, as documented +# for the 'id_auth_uaddr' parameter of the KVM_SNP_LAUNCH_FINISH +# command (default: all-zero) +# +# @auth-key-enabled: true if 'id-auth' blob contains the Author Key +# documented in the SEV-SNP spec, as documented for the +# 'auth_key_en' parameter of the KVM_SNP_LAUNCH_FINISH +# command (default: false) +# +# @host-data: 32-byte, base64-encoded user-defined blob to provide to the +# guest, as documented for the 'host_data' parameter of the +# KVM_SNP_LAUNCH_FINISH command (default: all-zero) +# +# Since: 6.2 +## +{ 'struct': 'SevSnpGuestProperties', + 'base': 'SevCommonProperties', + 'data': { + '*init-flags': 'uint64', + '*policy': 'uint64', + '*guest-visible-workarounds': 'str', + '*id-block': 'str', + '*id-auth': 'str', + '*auth-key-enabled': 'bool', + '*host-data': 'str' } } + ## # @ObjectType: # @@ -816,6 +874,7 @@ 'secret', 'secret_keyring', 'sev-guest', + 'sev-snp-guest', 's390-pv-guest', 'throttle-group', 'tls-creds-anon', @@ -873,6 +932,7 @@ 'secret': 'SecretProperties', 'secret_keyring': 'SecretKeyringProperties', 'sev-guest': 'SevGuestProperties', + 'sev-snp-guest': 'SevSnpGuestProperties', 'throttle-group': 'ThrottleGroupProperties', 'tls-creds-anon': 'TlsCredsAnonProperties', 'tls-creds-psk': 'TlsCredsPskProperties', diff --git a/target/i386/sev.c b/target/i386/sev.c index 6acebfbd53..ba08b7d3ab 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -38,7 +38,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(SevCommonState, SEV_COMMON) #define TYPE_SEV_GUEST "sev-guest" OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) - +#define TYPE_SEV_SNP_GUEST "sev-snp-guest" +OBJECT_DECLARE_SIMPLE_TYPE(SevSnpGuestState, SEV_SNP_GUEST) /** * SevGuestState: @@ -82,8 +83,23 @@ struct SevGuestState { char *session_file; }; +struct SevSnpGuestState { + SevCommonState sev_common; + + /* configuration parameters */ + char *guest_visible_workarounds; + char *id_block; + char *id_auth; + char *host_data; + + struct kvm_snp_init kvm_init_conf; + struct kvm_sev_snp_launch_start kvm_start_conf; + struct kvm_sev_snp_launch_finish kvm_finish_conf; +}; + #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define DEFAULT_SEV_SNP_POLICY 0x30000 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" typedef struct __attribute__((__packed__)) SevInfoBlock { @@ -364,6 +380,232 @@ static const TypeInfo sev_guest_info = { .class_init = sev_guest_class_init, }; +static void +sev_snp_guest_get_init_flags(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_init_conf.flags, + errp); +} + +static void +sev_snp_guest_set_init_flags(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_init_conf.flags, + errp); +} + +static void +sev_snp_guest_get_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static void +sev_snp_guest_set_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static char * +sev_snp_guest_get_guest_visible_workarounds(Object *obj, Error **errp) +{ + return g_strdup(SEV_SNP_GUEST(obj)->guest_visible_workarounds); +} + +static void +sev_snp_guest_set_guest_visible_workarounds(Object *obj, const char *value, + Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + g_autofree guchar *blob; + gsize len; + + if (sev_snp_guest->guest_visible_workarounds) { + g_free(sev_snp_guest->guest_visible_workarounds); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->guest_visible_workarounds = g_strdup(value); + + blob = g_base64_decode(sev_snp_guest->guest_visible_workarounds, &len); + if (len > sizeof(start->gosvw)) { + error_setg(errp, "parameter length of %lu exceeds max of %lu", + len, sizeof(start->gosvw)); + return; + } + + memcpy(start->gosvw, blob, len); +} + +static char * +sev_snp_guest_get_id_block(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_block); +} + +static void +sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + if (sev_snp_guest->id_block) { + g_free(sev_snp_guest->id_block); + g_free((guchar *)finish->id_block_uaddr); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_block = g_strdup(value); + + finish->id_block_uaddr = (uint64_t)g_base64_decode(sev_snp_guest->id_block, &len); + if (len > KVM_SEV_SNP_ID_BLOCK_SIZE) { + error_setg(errp, "parameter length of %lu exceeds max of %u", + len, KVM_SEV_SNP_ID_BLOCK_SIZE); + return; + } + finish->id_block_en = 1; +} + +static char * +sev_snp_guest_get_id_auth(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_auth); +} + +static void +sev_snp_guest_set_id_auth(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + if (sev_snp_guest->id_auth) { + g_free(sev_snp_guest->id_auth); + g_free((guchar *)finish->id_auth_uaddr); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_auth = g_strdup(value); + + finish->id_auth_uaddr = (uint64_t)g_base64_decode(sev_snp_guest->id_auth, &len); + if (len > KVM_SEV_SNP_ID_AUTH_SIZE) { + error_setg(errp, "parameter length of %lu exceeds max of %u", + len, KVM_SEV_SNP_ID_AUTH_SIZE); + return; + } +} + +static bool +sev_snp_guest_get_auth_key_en(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return !!sev_snp_guest->kvm_finish_conf.auth_key_en; +} + +static void +sev_snp_guest_set_auth_key_en(Object *obj, bool value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + sev_snp_guest->kvm_finish_conf.auth_key_en = value; +} + +static char * +sev_snp_guest_get_host_data(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->host_data); +} + +static void +sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + g_autofree guchar *blob; + gsize len; + + if (sev_snp_guest->host_data) { + g_free(sev_snp_guest->host_data); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->host_data = g_strdup(value); + + blob = g_base64_decode(sev_snp_guest->host_data, &len); + if (len > sizeof(finish->host_data)) { + error_setg(errp, "parameter length of %lu exceeds max of %lu", + len, sizeof(finish->host_data)); + return; + } + + memcpy(finish->host_data, blob, len); +} + +static void +sev_snp_guest_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add(oc, "init-flags", "uint64", + sev_snp_guest_get_init_flags, + sev_snp_guest_set_init_flags, NULL, NULL); + object_class_property_set_description(oc, "init-flags", + "guest initialization flags"); + object_class_property_add(oc, "policy", "uint64", + sev_snp_guest_get_policy, + sev_snp_guest_set_policy, NULL, NULL); + object_class_property_add_str(oc, "guest-visible-workarounds", + sev_snp_guest_get_guest_visible_workarounds, + sev_snp_guest_set_guest_visible_workarounds); + object_class_property_add_str(oc, "id-block", + sev_snp_guest_get_id_block, + sev_snp_guest_set_id_block); + object_class_property_add_str(oc, "id-auth", + sev_snp_guest_get_id_auth, + sev_snp_guest_set_id_auth); + object_class_property_add_bool(oc, "auth-key-enabled", + sev_snp_guest_get_auth_key_en, + sev_snp_guest_set_auth_key_en); + object_class_property_add_str(oc, "host-data", + sev_snp_guest_get_host_data, + sev_snp_guest_set_host_data); +} + +static void +sev_snp_guest_instance_init(Object *obj) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + /* default init/start/finish params for kvm */ + sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY; +} + +/* guest info specific to sev-snp */ +static const TypeInfo sev_snp_guest_info = { + .parent = TYPE_SEV_COMMON, + .name = TYPE_SEV_SNP_GUEST, + .instance_size = sizeof(SevSnpGuestState), + .class_init = sev_snp_guest_class_init, + .instance_init = sev_snp_guest_instance_init, +}; + bool sev_enabled(void) { @@ -1136,6 +1378,7 @@ sev_register_types(void) { type_register_static(&sev_common_info); type_register_static(&sev_guest_info); + type_register_static(&sev_snp_guest_info); } type_init(sev_register_types); From patchwork Thu Aug 26 22:26:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460825 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5C08C432BE for ; Thu, 26 Aug 2021 22:27:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C1E5360FD9 for ; Thu, 26 Aug 2021 22:27:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243807AbhHZW2L (ORCPT ); Thu, 26 Aug 2021 18:28:11 -0400 Received: from mail-bn8nam12hn2225.outbound.protection.outlook.com ([52.100.165.225]:62433 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243803AbhHZW2L (ORCPT ); Thu, 26 Aug 2021 18:28:11 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YbZ3NrtFQ7Wk5JNP7CPFkUw0IXKop9lNQNIMwujIfzbxjDpB5V0NwgcQmFqz+O0Ys/dsgi3RM3kgou5ZwOJTtDZT3YOZmta0D76xXWPfkpvv10JTRzZSnZEwW11cqlfUgpb1ivECn4ujtSaBMwxP37Hzlr43DHOx7xzr60a+F7bOQBLY4wyQUgIhLsDf4DeM3w6MfwRNWdwffXTmI+3I5119AU7YL9vM89kESlqb8WVeIChcSZ1WTpXJVOYMzCk9Nll4xiye96RQuXoJ4UYVm2FkzhGBto10Xg389HoGspK8vqTIHwyzglG2d8bLI3i6Ctf/tVFZ8BR1rus+cSJRXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iGOaVQyXWHuhYSZBWyGLMbnBCq0lUcxi4COaTlsEpoI=; b=k2AW/XN4EiGv1yGgw6nhqzhuWABg05pFWJ9I6Flgf/hYmtYoXsspWE/rSBxSYSe1WvmSH+UPDQL8g/OugXQHXWI8vHI7a7Qfd+FLIY4YrnWFZPfGha2KhOJ7Oly0/DYtVAM3NsRyovEwmnJsMx5DDh+hJWBFvkZ7R+7myqavv3lnsJ6ztosb8DAEHcU2V8Ua7oyQOcYfQAvwTTTm/NFPZUFlbbI5PTw51qQEdnmUm39chDN/qb1M5NaCZe3+1wXl81xATNW22jiRaO3iRJkGDl08AVZVAt0kI0B4oTofm99WQh5ZCmhbp0W0ryZCVwvWTuFVI5UCc5472AR7KYrSig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iGOaVQyXWHuhYSZBWyGLMbnBCq0lUcxi4COaTlsEpoI=; b=WF+2omRqCRikcEirzQ/DQlshAa++PspZmh9mfKjQYLNAx7+vlsuOsTbsAXjSK9qQ8kekGuaA+KVx1WfkpXSi7E2d1f3+mEnEi0cnvcJjmtq9TUz/S+D2gN+Cp5/YdGrLqAGb6rJm8JASkQmJxSFm11S3vdU/wfjCYjGGPV1qjZ8= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:21 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:21 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 04/12] i386/sev: initialize SNP context Date: Thu, 26 Aug 2021 17:26:19 -0500 Message-Id: <20210826222627.3556-5-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA9P221CA0025.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::30) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA9P221CA0025.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Thu, 26 Aug 2021 22:27:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 780a0e95-bb2e-4276-f50b-08d968e0abf2 X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1079; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pR1nxYD4FHyYvHD00jVwcGsdMSHgbOz2oQx3t8BpQUafM0YsT8dluCL7pEMJMKKb0PZretGw1rMsERpXIcyuSDqbQAiWv5KeGWp4/qsN8VJKbq7kJIOsSTioCasFfwNbeq/PBE/r14Kw4cQkBU0bB7uaFq3eak4xY+M49cx9a2Rf0l1Z7wNNuy2X1mXa4UoLW1/5NiqErEl8SHvOpqPY+pKsuZbZCPoGFmfnLfD/xXfWdRSeN5Ehval2WhztKwU8uc4TIlNe55ksxW2YhqmkAPoVanM5zQw+vvNNSzHI8y3EK+TIDBSyUkziqMgofy16WNprM/HIV61Rk7oNfUSBKzf0IWWF/lWpp7kDLFp/OjXRAJI1AIRTSmyQQg8+Xn5136fknp3lNogLvNDN2rqDqsR+U3vpe4KxsdwQkqArAz0zkOedyGfCXq9Rqz3r/PHPmSyYry4oR3y09Z9QCjMjK+rSHMajR5ZiWnKYr810SNMfYAShrT8nJlTamR53lteHGuBSlqe3/3iKDpVvScCWaUk6uJ+huO7OjjuVI4/UxOeKZ9aZGh1klHUREndXNlCO8fDwP/xURsiUOpDfHKHVaI2H37TECn2ZVAc/J+wtTPOPcw3/GePVDlb5uVdnu1pt7CfsTAPgSMRY+Q8dleUvr2e2Mf336cKL3SY62D2tuLEUBmaEgTWURypv5+PGbtX8Ank0YtyQEBhgvSdv91N7SiIKW5g6w1mQEWB4WRn0i8GRhD9e8p4JZvJmVeISWfHRj4SGkxPVzWQZdHQRUfAJbTwY/cNKVB79I8tk5bIBzVhwCOwRXJD+plsgDhGAN8X3bO/Hqx/tKhFxmiqZxDkAPxCCYt1QLGWJkf9NVym6aHjLqO1cu1jm6lsy/cUfuNAJWkz8ynEofXni1jbxJnDciTjLpZzLLWtKVAUspTWA+MVT2mFovZkkR6IvKjaY04VuLhc7eNGWeDo9RULZ/WwdpwaeKfhbvdsmE58kEYSM2wd5Sa1ozB0cOJXxm57n/yYiRNNasqniMo6DE94zT2OphS1bFptrRc3RQ1FUyW0caF0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: cutcjVguLGaf74HaP61tZm2cuZSVxgA68vNqSH+QqZGZzNEN0lDfi+K7SY0DMeQvm2w6NTKZlBEeDH2Mhrtn9Y3W6aSiSufwihQX+eG9vv7H5wsxoVaty/ei/M9NPcPL6ZJorzcMRAUL2srvRXGldHRsi77XeLng5BK6OTJRVSdX6Q7VCNnOwNeyQTabqKgnz27hQlttqehKHoMMds4Id4PzdylH64cWyIHN2fiZfAYIOcGH9Igx7CKP+AjxDhK5vKSh9+7VGbL5qevcKlOFQuq5GN55DP2yKc40b+QHYC2im5i7DNfglq2BVCATvBnZVeDorCIB4HqRLuPJD+gZXa+HIovCO1/L3bdxGgOiPfeDE88NAjkZnuIsFOfaLb/QOG2IXjFwQOaR58JDtIqrCHHK/+hwcxhU03/whKIhrnDK679lTFyQcg/jLpZjDNWW9o6cHwI7hAZZNjIeEHPyHjndc2li0wSNjzNNOVMBDgJje7V9MUjupr/m0tRX0kjEQgNfjEwB8JiwMK2lNo1WsW+VOQ/OxXiTfEMTuu+Hyw9bnL6i4RWvAIFWSpao6M1xNLEjU8MTd5p4lWNEPCfkopF2dLW1eyidj0fnEbazj8mQBskPSnimhKmg9jtBI+YAtxgzbmNEffcE4RnVONhRsvoZeoE5C8B25NNDCadWPgsvdI7oI2AkSbcteNksN2ChEcYrNdB9oZNZ2HxHDsOl3PNRzWHS/Ecd8PqZBnwrTvuJa75YLwsww2KOpcCormiv5UcuF2MeG7J13vbdxeuUMzglxzyUnFWx1BbzvglIDay2WNqynAoaXwIwDxu6Dr48RgSWgzjEhBWaGYWQaGftUtBiUH1bO2ZDTkQtF3FAQpH0ijGzNTbxqT2zohEI+vCbDDJHDN6bM2ov5w0XnUtAgUxT9ufSm1QNujHN5MOw22xQ38tDWAE6pKatH2OWjlc+fNtUbSn8RoYumduzsE7HP51LpwUS8Uuaei5u3QY8YvsmfHJZZL5Vh0l4PfusxNzA+AR6VioFo2bR//4Ocyan63c0pk978uj9Goc2ZiQV/JZ7O0FfTnYxc0HIaVGwOuRjTuAXNzeR521Lg26HPKobSzuiGQ4gBofsBlToveuDefQxHF0L7HrAZswqP6AUS7/UXd8e6flRDJqAzpHWTYk9YzvUha63u1wy5AgTf630MwlaQuEJRioayml+w+isSWqKSPoInoSapyTKEHO/eXzSpe3hZOLpWdCZJKOsM9+NqxoH7Cm4msWcQuVwRh11dj+hgCHE/o+9GAl48x7Dnk3cPnlrWYGswmlC6IKCAfYbTI+C2P4oKLkhVHBJdXpSp7FY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 780a0e95-bb2e-4276-f50b-08d968e0abf2 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:21.7510 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jpCMxidO7h9pcpryJJ8f5CLPyOCCKk7X+FUdfo/64cwKO8M0uvHtPkKvkH2s6U9nDWm1+30Nuhkd+krU5YiT/w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh When SEV-SNP is enabled, the KVM_SNP_INIT command is used to initialize the platform. The command checks whether SNP is enabled in the KVM, if enabled then it allocates a new ASID from the SNP pool and calls the firmware to initialize the all the resources. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev-stub.c | 6 ++++++ target/i386/sev.c | 27 ++++++++++++++++++++++++--- target/i386/sev_i386.h | 1 + 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index 0227cb5177..e4fb8e882e 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -81,3 +81,9 @@ sev_get_attestation_report(const char *mnonce, Error **errp) error_setg(errp, "SEV is not available in this QEMU"); return NULL; } + +bool +sev_snp_enabled(void) +{ + return false; +} diff --git a/target/i386/sev.c b/target/i386/sev.c index ba08b7d3ab..b8bd6ed9ea 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -614,12 +614,21 @@ sev_enabled(void) return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } +bool +sev_snp_enabled(void) +{ + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST); +} + bool sev_es_enabled(void) { ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; - return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); + return sev_snp_enabled() || + (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint64_t @@ -1074,6 +1083,7 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status = {}; + void *init_args = NULL; if (!sev_common) { return 0; @@ -1126,7 +1136,18 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) sev_common->api_major = status.api_major; sev_common->api_minor = status.api_minor; - if (sev_es_enabled()) { + if (sev_snp_enabled()) { + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); + if (!kvm_kernel_irqchip_allowed()) { + error_report("%s: SEV-SNP guests require in-kernel irqchip support", + __func__); + goto err; + } + + cmd = KVM_SEV_SNP_INIT; + init_args = (void *)&sev_snp_guest->kvm_init_conf; + + } else if (sev_es_enabled()) { if (!kvm_kernel_irqchip_allowed()) { error_report("%s: SEV-ES guests require in-kernel irqchip support", __func__); @@ -1145,7 +1166,7 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, cmd, init_args, &fw_error); if (ret) { error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index ae6d840478..e0e1a599be 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -29,6 +29,7 @@ #define SEV_POLICY_SEV 0x20 extern bool sev_es_enabled(void); +extern bool sev_snp_enabled(void); extern uint64_t sev_get_me_mask(void); extern SevInfo *sev_get_info(void); extern uint32_t sev_get_cbit_position(void); From patchwork Thu Aug 26 22:26:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460827 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55BB1C4320A for ; Thu, 26 Aug 2021 22:27:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3E5DF60F4C for ; Thu, 26 Aug 2021 22:27:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243803AbhHZW2N (ORCPT ); Thu, 26 Aug 2021 18:28:13 -0400 Received: from mail-bn8nam12hn2202.outbound.protection.outlook.com ([52.100.165.202]:49841 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243809AbhHZW2M (ORCPT ); Thu, 26 Aug 2021 18:28:12 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B4rioBrvZYvLA4gN5pZmwnvgxRUijVm/Y0N268ZYy7iHvDp94/BvNtKYIEdpW1vczrF1tQORIVlAkwyNStevV5UDnYYvWCgu05+MXuyxyaEuzOe4fzG/1RntOBuLPCTI6lbcLpPSZe0FvXDaHe45aL+fye4f/p8HxZdfOZni3Q+Na+WB/VVqadcjCW5m5RzjNnys20onZmPuAd6OHGdp4uxsKHETG650lz6O/FS6m3vRM8BBut2592uzBAfyC3c/gVlGf885HE4DxWtPZ7yUy/WmUcgz+wGXtyWIqhaCQ9wmZOTj9WQw3F2PbwRN1VIpfIdKjfUlnPvfOfskckJLaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LjJvoPFWhDmiaCLBg0LOzFdUkaf1IvaS55eMyY66ytk=; b=WBy6gtOa1SBmluwA7vLVrTmwJM5iSthpT4SXa7ykp+aDeesVzRqFXi4afNocrdkuk/3C0+K3IYEBd0hq2u99UWsb0BC8TJT8+9Mm5tP677GXDF6kIwlv4v52dkziBV28meOGqeTmwiuhgOv/Twoqw6F4DUD4hfOGZu2kssoP9KTIBSeV7ULmNv4gpvXJVo/SwF0yzACoaeCUHoFgqAoWZUPxFtPI2VdVoCywetsA3i2K8nO9y5/xiImExToEGndsPrW9c+f085UZsCjzEXa02FvXb2fXRlNNlHVUKHpKGpBDM+C3smYEpiFYRjpwu8M6Cn/KeMAF0jiPqX/TWbsOzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LjJvoPFWhDmiaCLBg0LOzFdUkaf1IvaS55eMyY66ytk=; b=oriKxKGzk/l+PnMtYSslrRJPBe+kcSOzmrqqMAUMRL2newgZf+4nXAUjE1XXizNEmXkg/kxPObD8GR0tqEGJ1xrdvip4/q4Qk6GD7SlRPkIWBdnA82k9As0h5GuGGgB+Y9bb/KOZdfFyCqTbuHGFdsXNMYOS+GOpjEel7HH+UXc= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:23 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:23 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 05/12] i386/sev: add the SNP launch start context Date: Thu, 26 Aug 2021 17:26:20 -0500 Message-Id: <20210826222627.3556-6-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA9P221CA0017.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::22) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA9P221CA0017.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Thu, 26 Aug 2021 22:27:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c9b19e41-cd6f-48ad-6cc4-08d968e0acf1 X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:208; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Pd8BhcIR53efWglYYhb6lqUAoMMQ8IfHZp+R63sLWKntsHFG2LPu0X/HXiRR+l3B92ZyW8mEMKFJ3+wwczQu3w4JBkOyx3olaOy7ZC1HWMYljMebr57HYm1l4ZrDW6gGOAGVMjZWfm/HhhUpMMbBnzYtNLEe+BrIGE+5wU7QUxoDazrMimKl9PW1RN5XruosbJ4fm6a91RMAHaiBurxbJNI9g/O287w5lulwObHrDEpzvjeuFi9hFyBCEucNEAjzufJcpDw84sPcplRUfAUntq6g/D4/ka1QobAkJOK6sTWSqa9Yp5TcfFEyJq1hKg9DpJead+LZPidDEf2I4ff4z54m/wo3S7OgAlLU13GYnUBiyZY4DSl1lEOanMxV7l5Iehw9cIzXPIT39yYLoteqiumrB31M/LJxzcL2nFRWwue5FvI1GzVHADnHEpkJKbV5ElkaW53vfdbTUYiOmmxXf0v5DQrXMjVmWu2oS1SIC1L1wLMyDDnta9CLUYHy+EyDxgj83zmnuf5LrOFpLossxMq5OfQHSkrrP/iSKLqe/EqZQGpnOz+ZecxzEVz9J0Kk6ZBOTJum1XR7DjDYNr2rffAKU+NCzq/AMDe285OYc1ip9amZq2NuopZd5AllgsUaF+zCzvkwAA0NvcgBBES/dfzWaoH1pk5YfS11tVZm0+mh0cen5ILJal1fnf7Nh3dnXh1XyXDadIbhGcEVHjzf2Ofqk/K5i/wvtEAlRqYdDJ1p4fd/K6a7s9JN5Z9dtXnNF3gaSiywE2v0KpIE8hR2SRchMbJ3sidW2oD+p+6zjInRP0nUFWOZtm64U7myGHISynVHpvm/3hVsS2Hax+Rmv+sbZhH7IGDc01uS4IDDtDPcXpNKCQzPmc5gw2XZ9G5/Cy7oB9ibIitu7JaaOxW6rrib49iCUKYoKmqKFklNmoSsdWXMSvZlpAoEapKodoe8126R8OkiFfB2qfr7WahNhj1ozZFoz+LEo+OHKU2dx6cR7k4lTKbcV7icEms71nBciaYSyNX/UPCPhigrdsodhzoAlsTmAPOrGkLwzI0Lekk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mzxR+ILaO6WFdS3FbiLgqe33VP3CHlQXD49a4zRwYAbgfZcMPB/AgoU0qv5T5fLSrwEsE2SGotsr7+B1X1W3y1q6mmE4XYnRVcZbuUKiwjFzH7VfqlKHor8SrAuCEpQwYAeoeyuKKpbcxyVtjBTgr1vj1bftNqZl3jyLJzwUwEdDU0g/IzVFYwxJY328BS+LaF3quxVv4inNCd7JE6RvX/OFyEdzmc0VrFqPqSKEk3oobM4WWSAdxcZEkeya/nZzVaGddk8Lqeppx36/OfivQnzC11GmM+HvRGSUllqOh+l+QSvVb8TM5s622K63UDcN3AX8TF8Y3sTRCM77ZfQDzOFAHW+WmQnfe9/D4+8eWDWbvKzjlq+g07+iJB3tjUWpkhOGKFqmPGlMSXP/SYu9k2Na33XY/d3+OObxz8CwH8MhwGwBLWWacoDYzPh68K+eaakA4Xj6eJNM153mP8JMg5P2l/Nf/LQYVHTIoqEjNZcXSkmROGp68Bh/D3ulUQ14GM9Wiiq4RI1878X/2miWwHs2RzqqiG2sw3Kyk8sKV3F/j1DjTtJ/Ca7t6JjUo9Qk0tyL3t9n3Dux1ufAjMzrh6KKMRLy5NsTDe/yETwxNP2QkAl3vkIDtBBZuD7dytlW9kCV4DssP30CsdWzYqCDa2U5GOZ3ytpToiI4gGJwPFrLj67a5Z2BD/cYRXE256l11hXH5Y6ecUasuCBNjcHqkOoF/yAmJCBTGU/9+BCpXKJNQrCduGJfKPJYjb6gn+yu1fnTIrHgkKx0kaJiqyLu44xvsyPojGNUhAAOmjOcaCmTGlELb9cLGDaJCHi85EHvjuoe7DY35m2hEMwst6wlVLR3TO4nwNdCVHHP8eJgSCL6mTwcZ++1jW/CQEyYq7lq4e7iaIH8IgzNGG13dLwcdYEXgQR81t68nKQu90ODSzQg5aJ1wwrVAOUubNCffmBCjJkopVLgC6yRcVNSCgd9NA+h20wDpr7xh5xV4vqdCgaH6tSdSCLVu/gDvNZXoMVsk6BHRHkSOln8/eZGUcRDY7fOPi1DOJffWL4XSKpsG7zYHsoN6csbnjrL+1dO6tAW3vPhfoGOK9iGmiG+dHwuggWyioMtoDME/sQkHkdRQTX0dw8Fk7KM9Im/X0IkqSPo10eXuFWpya9TgJcRiagPXK9hdSq4WByP26QEicuONMcRxjtfMHLlfpvhto4MLlU+YXdW/lA978II70CCRijy//i0hTY/ZI+TztLz5Q9XJOyxRlih+vZfckK2vjzwy1DGgIn9kLPAobHNar4fqYQrHrKt1yqV+Qz4g2zEv1gxH/nfUnZy+JJxazHEV8yZAWvT X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c9b19e41-cd6f-48ad-6cc4-08d968e0acf1 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:23.4197 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PChnfB8Z8DURP0i/4EB4yA/6wTo5H0vOTxJLM28vaadEwtxflcAfY4cbTxVopm408qFFlNnnT3hBUV/sy3IItQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev.c | 29 ++++++++++++++++++++++++++++- target/i386/trace-events | 1 + 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index b8bd6ed9ea..51689d4fa4 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -875,6 +875,28 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) return 0; } +static int +sev_snp_launch_start(SevSnpGuestState *sev_snp_guest) +{ + int fw_error, rc; + SevCommonState *sev_common = SEV_COMMON(sev_snp_guest); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + + trace_kvm_sev_snp_launch_start(start->policy); + + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, + start, &fw_error); + if (rc < 0) { + error_report("%s: SNP_LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, rc, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + + return 0; +} + static int sev_launch_start(SevGuestState *sev_guest) { @@ -1173,7 +1195,12 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - ret = sev_launch_start(SEV_GUEST(sev_common)); + if (sev_snp_enabled()) { + ret = sev_snp_launch_start(SEV_SNP_GUEST(sev_common)); + } else { + ret = sev_launch_start(SEV_GUEST(sev_common)); + } + if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; diff --git a/target/i386/trace-events b/target/i386/trace-events index 2cd8726eeb..18cc14b956 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -11,3 +11,4 @@ kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" +kvm_sev_snp_launch_start(uint64_t policy) "policy 0x%" PRIx64 From patchwork Thu Aug 26 22:26:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460829 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B7ACC432BE for ; Thu, 26 Aug 2021 22:27:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 268EC60E93 for ; Thu, 26 Aug 2021 22:27:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243809AbhHZW2P (ORCPT ); Thu, 26 Aug 2021 18:28:15 -0400 Received: from mail-bn8nam12hn2202.outbound.protection.outlook.com ([52.100.165.202]:17408 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243799AbhHZW2O (ORCPT ); Thu, 26 Aug 2021 18:28:14 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=beoRXoISE9z2LBU1N9jQ3FAjglJheapKaW8/gNrCCGBoAyCjwFxeKvdrezfPF71e17REJFxRGJ2/rdnPpDy0HfCkMMXVl3l4wmEvC1PBd5drWLtWCVMUVe8g2Wu0FC46ypKgZvBv7lFkIRhkuZ5Zd2jCS6GPPhnNPnozswqMKdyNUvkDK6BKG71BRkz21eb2xI7Hb4CCt1x7X6aeSMKXRFJ50qojPQhzp94TViZoVZbudI/c0rW7XKdzSRsnrZV5+bBi27LmoPtFSMiNJXcVavW6QVQvlebkrrIKTmM9Dtm8O28UQNldDIBXVO5x0DK0alnqX6sM0jNbSkLeegXKrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8Y0U6T3TrceInT8zsv9jg8p9uixc2V5XYlE9SNVdYnU=; b=lf13FypuL4aUerOCXCqo3dTUFWUg3fLXh7CautEz6zWKbQSvkFrL6q0J4OQqBiZiLHblLoTk8YTlu/KTLrv6pGiS7dgwA4NE0XMorfFNd7WHAjjbS95tjdP6OgTTKmeeWgJ6Peyf1Gb5aCLA4HSWSD29QcnaCvfCpkM/GbLpdsBUbGR38AoBkJIKbtUX+r+FBsWbOhcAMBNcbbgDNR881K3kMbMT4YHU7nHNPQeS7QNrqFSiRP4DlLtWdKiDJBMbuO+uCl9rYdnk0jCla3UrGsJ0lrzcEKKrAMqxHBicptbXOV6IUNStT8knwTGHOFdxC1dvnofEtJD7MlL+u0r5Sw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8Y0U6T3TrceInT8zsv9jg8p9uixc2V5XYlE9SNVdYnU=; b=rwWHUHt4zpNNlcXpqb2JYZtV1GDBaxTIUoW2esSAJv70QIAWxKF5umaPQWCdeDd8hEWILAzYRssjv5MdA2C4h1BsOFTfVqD06Tvbe8WQFGXkn4yt3pgN1qswX/dlaFMbFnhrbq2Rn405T+FyWsZoGu3WcPrOObuw9sxM/6seqZU= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:25 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:25 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 06/12] i386/sev: add support to encrypt BIOS when SEV-SNP is enabled Date: Thu, 26 Aug 2021 17:26:21 -0500 Message-Id: <20210826222627.3556-7-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA9P221CA0024.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::29) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA9P221CA0024.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.18 via Frontend Transport; Thu, 26 Aug 2021 22:27:24 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c83bb0ef-0250-4bf4-6d62-08d968e0ae02 X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:262; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iuFs9INAzndsl4LFujevoznRAI/3MFO0FuyS3rg2d9oyL2Qy5sTmjk9s+pPXYmRJIC6Do+yjqO1dnPQ9THh2S/zn9+B2vH/IGtwMh4g6qTGbDcwaX8fK43y0eRPd6HutwC0n7uAf/T/H61IiWxwYw5uoTuNWfoqQEwTGvL0m4PQT6ZOUK58YmYrzNS41D9j4BceOf38HGA2y6mtHJ6z4SB7otFFWTUTd2+5sH4PFJP9WIwhoRnJzaf538g8kLm/DJd7oFVR+K35JrSQ2j/YbYJZU2S9zEjVAl+qzE86D684srbvrH79YPZy4jzQ+DPOFwOBydHJFHptUgmXsBOfkh4O0sj9mRb2l8Wjy+mxnJyUTAD/IIqa5TTl+nMUOxeP+cYmdsaMYqN1TwX5vOsvpwVIldVllgGcUK4Owd1ZvcoRo6GKt25R4Lwhdjo5fIjdP+0MLS+Zwv+XAnlOd3q4BSkUedkixolOVEjOBwSFhBu2LF8CIL8kDQJ5GRpmwQOo6BVX7xBbZhnB3Ll291bVkwx5pZCtP5rT8rIAh8g0wR/koQynCPIoZZLQNMAhBNiJ9divffYPezzK57O1HI9cdNuxows8Iruw6xBiQ2DPLerya7RDFKpf+eKxMr/JmYXaGWHNI7Gj36znfnYu3zOgNJ5uyUeI66siAj+oQ2u2U62ZKUJQ5n6Qhzi5xOdypghhBqZKhMoreOBayqxZRYA6bsb7xlpkhERqXm6F95SmynFhOzcrNj2c6Von2Fi9ysbDxf7gXOuzx+gvOEY5l25jj0xCrdIPYwsGM4qxHeKjBAYJUBZR1+D6l+GZEHHPYDGt5cr4oZM8dH/BYlnoZV7n1D+yCCfwVo412MhahksLVqjmieWbDrrSI5iDWuxLaudissZnkUuZTzrypL7g0tVBQs7o6NUmDzMkxJW/Np+kfk0iECWSazC7x4HBXtEmonHr2XTCox13o4NPh/hP/WNSTp9sNuVCcbBOT9EOzjuBpaivBxAtxdPRdG0Ul6RCaukWWqDUlghc+dYewShw37SrhdG1ry3t1usU5Js6CsbILVXI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(6666004)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: AAzUXDvXqH0ST0/i70b+8UE7ob6KOpI5CvDG867qTHuAvTRZynHGXHWf2WCktLl73cn34mCoWr/kA5E6s+Oh3MTGswvmhU6d/kEmdMdESXXLGf5QVBe5j99suEpwWzE5fIl0exn6czEA1LyXEFvGvhB3FrVG+mJXcM8/lsfciqUVyn7kBxZ1Mt5IUt3LXBZXc0QQLkfkmBlak+8pFcOyN0nfN2pz6ajUjyWmK1/y76qF8VK8DwpmxFmbL2B0PPPRU5D7RXaftC7ZqvuAw4nu0Dvc59vpYgP2EdqgZisPFh8yMShCXwfWooy/i1y80d487yOvur2O4KUS1cOzT8Zyc7DQmSzbm7DVO+Sfgg8YraDohLCWyMMFjgE5Bl9jzLp44y77OKvXo5JZ0wq32v1ey+vWxzS/eQYyqYx0Altk4qu1CCzrvdC5I5Z3jKf77BR9Q+2dbvfrT0wxzNw8C4Amg5236lMo2zEykz1rHh1rHeotYMsreoCtHgURuMdaQfoMp27N6LoHP8fjiAr1fPrYOD4rJCRe1eQUgZe5OmEjuDEh9ZT/KSsoYKxH1bzzFsRTTeABElXrS7cscc/vplRSJkwZ6gyYLmIiu81Ny6i40WlNm2ct3l9Vx6mf1uSgVQWpdeUsvEEH3RD7x4REiPQHhv8zWd5U2gcnC1dKpJNgBGRuPcOrHkEqrRuV/zXaKMTfTvvGFHQFQ6HMoPMX63NDsOARedtaHUW7kvz7LwB5YTpARpHFS7c9AqBYXaFz+kLw3p7AO0Yw5zJ8hGYiduP1yxUiE7257TEdhnfQAJ15CI4D0xMnH8r56ILedEnZ1v5H3R2N9iFPpkqwYE+8a6D/Dn09slVLtgCH2KhalqjZSmf19XEXepAx4eJcc/sGrcFKDqKPm+gPnTJ9jKcJgMaea2cfGshfFRwa877g0R3jrS+cF/4tpJCcFOS1J3GEc8wJlFOrTGDAb4DtTQw64vSvCw6rUJDMuOHfTbdLNI+qZAs8NX0jnTPnrPqDCQeDQ8xd/jHIGUepgBA9kjPYx0ziW6Z6xH7rpXUrV5R8suSP9hKMby8NWO6iQHVkjY9UciBOQHEPMYTKbAP8m9ZmqM34IFZac3EoaqKQ06W+lCw28C7jl4HNOsuYKp1lSiPEPB2/YFrunDSF2wdSfEtWnPA2HOuiKPOq/zjbX4KFyTSEmiInfX52EV4p10lO4Ok0U7rweGHdlEWta6n2u8C66w8laaulun5/LFXsWlQSixWVRmqQvNNFrOMLYtfnW8EuyY6c0VbjpFBhFzKLWdsjIlvVhWSIo0GYZfrwFw/ASzJdWr7Y7EPTMNySXm3N+tSdNy5k X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c83bb0ef-0250-4bf4-6d62-08d968e0ae02 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:25.2526 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eQ1FcZe+kg6owZGglcQ+OZpNXKzlGjMJq4mke9LFqYfOoeoKHiyxAQeja++0dokCpnf+rKih7DqqALaUaJe9NA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The KVM_SEV_SNP_LAUNCH_UPDATE command is used for encrypting the bios image used for booting the SEV-SNP guest. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- hw/i386/pc_sysfw.c | 7 ++++--- include/sysemu/sev.h | 2 +- target/i386/sev-stub.c | 2 +- target/i386/sev.c | 40 ++++++++++++++++++++++++++++++++++++++-- target/i386/trace-events | 1 + 5 files changed, 45 insertions(+), 7 deletions(-) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 68d6b1f783..54ccf13c0e 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -149,6 +149,7 @@ static void pc_system_flash_map(PCMachineState *pcms, void *flash_ptr; int flash_size; int ret; + hwaddr gpa; assert(PC_MACHINE_GET_CLASS(pcms)->pci_enabled); @@ -182,11 +183,11 @@ static void pc_system_flash_map(PCMachineState *pcms, } total_size += size; + gpa = 0x100000000ULL - total_size; /* where the flash is mapped */ qdev_prop_set_uint32(DEVICE(system_flash), "num-blocks", size / FLASH_SECTOR_SIZE); sysbus_realize_and_unref(SYS_BUS_DEVICE(system_flash), &error_fatal); - sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, - 0x100000000ULL - total_size); + sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, gpa); if (i == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); @@ -208,7 +209,7 @@ static void pc_system_flash_map(PCMachineState *pcms, exit(1); } - sev_encrypt_flash(flash_ptr, flash_size, &error_fatal); + sev_encrypt_flash(gpa, flash_ptr, flash_size, &error_fatal); } } } diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 94d821d737..78e3bf97e8 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -18,7 +18,7 @@ bool sev_enabled(void); int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp); -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index e4fb8e882e..8b35704937 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -56,7 +56,7 @@ int sev_inject_launch_secret(const char *hdr, const char *secret, return 1; } -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { return 0; } diff --git a/target/i386/sev.c b/target/i386/sev.c index 51689d4fa4..867c0cb457 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -946,6 +946,35 @@ out: return ret; } +static int +sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, hwaddr gpa, uint8_t *addr, + uint64_t len, int type) +{ + int ret, fw_error; + struct kvm_sev_snp_launch_update update = {0}; + + if (!addr || !len) { + error_report("%s: SNP_LAUNCH_UPDATE called with invalid address / length: %lx / %lx", + __func__, gpa, len); + return 1; + } + + update.uaddr = (__u64)(unsigned long)addr; + update.start_gfn = gpa >> TARGET_PAGE_BITS; + update.len = len; + update.page_type = type; + trace_kvm_sev_snp_launch_update(addr, len, type); + ret = sev_ioctl(SEV_COMMON(sev_snp_guest)->sev_fd, + KVM_SEV_SNP_LAUNCH_UPDATE, + &update, &fw_error); + if (ret) { + error_report("%s: SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + } + + return ret; +} + static int sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { @@ -1219,7 +1248,7 @@ err: } int -sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); @@ -1229,7 +1258,14 @@ sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); + int ret; + + if (sev_snp_enabled()) { + ret = sev_snp_launch_update(SEV_SNP_GUEST(sev_common), gpa, ptr, + len, KVM_SEV_SNP_PAGE_TYPE_NORMAL); + } else { + ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); + } if (ret < 0) { error_setg(errp, "failed to encrypt pflash rom"); return ret; diff --git a/target/i386/trace-events b/target/i386/trace-events index 18cc14b956..0c2d250206 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,4 @@ kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" kvm_sev_snp_launch_start(uint64_t policy) "policy 0x%" PRIx64 +kvm_sev_snp_launch_update(void *addr, uint64_t len, int type) "addr %p len 0x%" PRIx64 " type %d" From patchwork Thu Aug 26 22:26:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460831 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91958C432BE for ; Thu, 26 Aug 2021 22:27:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7A60260FDC for ; Thu, 26 Aug 2021 22:27:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243816AbhHZW2R (ORCPT ); Thu, 26 Aug 2021 18:28:17 -0400 Received: from mail-bn8nam12hn2223.outbound.protection.outlook.com ([52.100.165.223]:18432 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243805AbhHZW2Q (ORCPT ); Thu, 26 Aug 2021 18:28:16 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XWpdgEJq4IEFq628TsilOUsEnwkFZbpIrVCM6Le9+LkdrwB0Ra82yE4hz+heyC9auejsRN/z7hQnA/a8+rGX0Svo2irYpVw4WkaenjAsnBLDeo7LxnKMrZgugtcI97z7481lpaXTtfzBaMj8k8+3LCeEier3mF5HLcsx1IdOk3QkwxNJa9+jledbHWthGii9ehwsUhlWsCNHZSM380Yl3N4RmVmP/QcTKD33ZbrtXTDprQ7MPSKdEQWU0JhNyW9WmsbLEuMTlYiGPqlqC5JgfNFs/WzsD/YuCCHKIXnM2h2Qpm5AeSpYG7VPVXDHOYIHt8NS6+YKRVPZYo8DaYACKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yd6nAHvM5keukv7hka7KvDWF8u8LRdbOZvMs6rJwNpk=; b=JTMGNAlodiq8UzjAF7zo/e/i0n4fkxX9TnN4ifmzGeqrdgj8eHyAj1S0C7oYSZNYFjRiQwr/f2Burbz/fQLhApzHiHFrz8/RS9cFEq3m2SIu4AdJ0asYpx+dnClaTslJZUMdtkIqXGfxvFDZCo9536ifaxUY0Y3dHWOVeT31TlS7jmQMx4mVQcv5OFUPwrBWQJ/PDbVA/aedBrZj4N7VVYNr0er1QSjUPq7S/gRgRO6ClgzptO2NXm8ZtUfk+yrPfW2yEPzlN58hBgMQPPkyi3VCUdN+h5GvmNwGvIl1bgyQqnHA+goZooK5wj99iQwvyTeGtXtz/oFhrdZjJgHF+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yd6nAHvM5keukv7hka7KvDWF8u8LRdbOZvMs6rJwNpk=; b=sekz1ODay5VnFYEZsRrhATDSZPKOkMQReerRvRhRXKAdCK6ag5bQmWR8yTNq4la6FeRLo0TmDNXB6nDlSwMDymg+LgNMSW8O6n8USVW5jflnjOV32STcVqQGLkxVtGdq2chovRQ95v7zgiYb2QvHLnffAP5Dk/Do8olcx4jfGSg= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:27 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:27 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 07/12] i386/sev: populate secrets and cpuid page and finalize the SNP launch Date: Thu, 26 Aug 2021 17:26:22 -0500 Message-Id: <20210826222627.3556-8-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA0PR11CA0079.namprd11.prod.outlook.com (2603:10b6:806:d2::24) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA0PR11CA0079.namprd11.prod.outlook.com (2603:10b6:806:d2::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Thu, 26 Aug 2021 22:27:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4d7115f8-03ad-4e4e-1e83-08d968e0af3e X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:525; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2EKhb9kDpwPRYSSCehm9m+oTfD9Rs88JQnq9yLCJDa3DasV4JFGGVv8bbKgmBXuzShjp/OTJ7+ZJkKdDGoCdBhZAfH6tpH2h5PhozuIhbrwwmbmkBm1WZMqI8gPY+InyEBPZV7y26vRsfFWauunMfjZzbu6+1OSZFuDcu2rYLVuqNL5GpHAR+RPcv4gAGGHxUk9KvyF2grUxUebfK6/Upo0VnvsECWPknhPukzBjAYDQ0S3AWu+SGGWexxhmMdLa5JS4MW078DHmnBrK/F+KSpZszXq7IGKcSDVK437UtJMEhhj2fmqtefALczl7TCrAJTpray5g0/FUWzaprvVgy4TihdU6t5luLXcyLxOsidnTrnl2ELgdSvJ+eXPzYf6Rm429x6TLy5UH7Z2PlOQErBjnHsrWtGKcIfB5u5EO2jnrOYEpgAMzHK2aBBZWsMpPZibNO21DKsHR5RUwjZ+Y2JS/fDntAdJ5Dsu0dhq5FTY1fp2sb7q+HwNIdkdXFrYqIPGwb56FlD0Z5xnA5QGNQ43w/303Iu83/PbenBOANJPcZlpDOELnYCLO1A96SPrnTXqRjtCEENl1ETVq3m2Dmlt8gJadDzzZfcwY+cpaf+eICtAuhegMWjkpbpmkK5N1iMqFJDepmnwxmRYVfiHiXHHdryxFTVsIcCQpaSqXwoHcJiLEnz7BJGjVgfphnPrgo6UsELf1lXA9z+Sa200z4C5TDKIKvTsBeM4oU8ratlRekVJa7jVMFC6gVX5VnAPTTfwlR2PKV3cW++pO/txX7kVtH1eDfPUJ5INpFUmoWVuhzvbmEeKpGony96JTImNvbXFEQpcUmSB5wHGOhw6WMf8/UIvnzeEEVjQAE5xicnjqO1Fw240bH7gEK5WtIQNFygxc+sXREY49XnrvAPJeMwq40Lm0mHX4PjyMZcglCgtzWncwVJqbwo/33YoaJq/lXE+vTOYQCs0jhALOC44iLajMIAGosDdmtMded2Iv/twE94XS0VZ9jZZZtYbq2SxSSOC7dlACJjm9maFuAcA9WR7fnNH7ogQHebdL4y64PY0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(6666004)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: v0LuheBf0gxrg8Y5/zVgcFObQPqdlYD7tD53A9l37SoCV5hQpzxzOkdSMT//nUql4tEAFb/c9O55eTBn6yL80onFyqvWdAPV7ndMiZapx6S06Q13F8ZNGBx3/WY4fD30VYCUOaR3jL5krBAD5f4XNobK+Cf6aT65be++9DFBJZmKaiFtLrxj1G+D2jTqRMrOw2y3M72A5Cng6rqnhqWDZutxQObmTgDeKYR/LMQR/BQQFXl9d71NEkbi10eEL6MU6G53rosR5S0GE54c94SMkE3m8WILgPcVu3ld8LRRBwf2hxz81+ikBiUEUYwP76EK1nqSpCwBwYOzUFcqBeguA53axqcQ3Wbs9JAvYfBniyK+JLOCI7w74dQ6rTYBcxQ1EgFwNCtm6fkvrr6TTs42uREmua2BSXItbNNWhgRf1eF0+bK81gYF2xQeRmquQ47lfgYh7JWSDC+UwGVzn5qIXcDnHpVJXS2uSY62jW/eCq9cZ/y6Ly1fu7gpVP9bMwi3KQG4FIuAQ50msgUJ+erOpyQ5tECe6+W1T9HGeaNRTrua5AqgxAmLybUn1jiKjvMzdl2SBbvajz3DQ9bbt1U+VycxAyp9lLBQrRk2CBMT4luGS33PLyY8gzTCOb2o9IngxC4gOvH4pe2qIV4GFTTSFuIiKa4WIDSXvD6zLrmlDucnVTBjOwyL9cGmvv33fUsEL+UhQlR47aN/FFTwsLztPT72NMRZqseCnM0Mboae3DnBwVyVFbHqpqC5hH8DDTKqKdsPr9Epg4J0ekQgruxDwJ40XCASdiHN91hfy+97Dfaed8a6/+p8o0pZpVyd5EOG9Sof33ZQIQ+RIwWPgcZRbgIp7vmVcgRD11CTbdUozSGfgY8OF63HKka68XScw9GcVtBZanOv9zoRxQ8/XXE9DEq/Sevqu12butGUGcEkwvxSrlKn0aCcwYI+xMa6O93kO5sWh7QwplRr7WlADctY0DLZ6OZ4myQ4rIgTOKElm3uCi1kRI0jRLuM/cGkojhaN6pULBT9UmUNyfXlABs8dmsnqpg/WsEF1ahK9pQ6qj1bsrSWwH3ziqCQZSSUIfAUZVAqPkOKrbXgcGpUCtZszeM279AzZSk3aANXZADlZwmUKKlnWsxsR4XXgIvwPGGRbP8POieNsnYkmMMh7tbi/rjxVF8utNkqV7JnbfJ3V8pawC47pOwtAUHULxHJDVESsXnUD/PvFZvYtSLSjGU3/adgwGLzvW2Vv4J5/Dpg40IKmneGK3kERPXafFhtL0sw7Y0iXqLd8tXR5r3Qx2yFeeNiCylsoq4Nl8EpBlEjEFLTMjQvYhwpbIHGm6DC9vJeB X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d7115f8-03ad-4e4e-1e83-08d968e0af3e X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:27.2977 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: G2QRoJ61LxFn7a++bPkVO1usn4aDWhXWGZtFpXAEqZssLNQrfVPg8MOz8Uww7T2GK/fK0Sf1vsJkRGLkJ/tAfg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh During the SNP guest launch sequence, a special secrets and cpuid page needs to be populated by the SEV-SNP firmware. The secrets page contains the VM Platform Communication Key (VMPCKs) used by the guest to send and receive secure messages to the PSP. And CPUID page will contain the CPUID value filtered through the PSP. The guest BIOS (OVMF) reserves these pages in MEMFD and location of it is available through the SNP boot block GUID. While finalizing the guest boot flow, lookup for the boot block and call the SNP_LAUNCH_UPDATE command to populate secrets and cpuid pages. In order to support early boot code, the OVMF may ask hypervisor to request the pre-validation of certain memory range. If such range is present the call SNP_LAUNCH_UPDATE command to validate those address range without affecting the measurement. See the SEV-SNP specification for further details. Finally, call the SNP_LAUNCH_FINISH to finalize the guest boot. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev.c | 189 ++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 2 + 2 files changed, 189 insertions(+), 2 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 867c0cb457..0009c93d28 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -33,6 +33,7 @@ #include "monitor/monitor.h" #include "exec/confidential-guest-support.h" #include "hw/i386/pc.h" +#include "qemu/range.h" #define TYPE_SEV_COMMON "sev-common" OBJECT_DECLARE_SIMPLE_TYPE(SevCommonState, SEV_COMMON) @@ -107,6 +108,19 @@ typedef struct __attribute__((__packed__)) SevInfoBlock { uint32_t reset_addr; } SevInfoBlock; +#define SEV_SNP_BOOT_BLOCK_GUID "bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9" +typedef struct __attribute__((__packed__)) SevSnpBootInfoBlock { + /* Prevalidate range address */ + uint32_t pre_validated_start; + uint32_t pre_validated_end; + /* Secrets page address */ + uint32_t secrets_addr; + uint32_t secrets_len; + /* CPUID page address */ + uint32_t cpuid_addr; + uint32_t cpuid_len; +} SevSnpBootInfoBlock; + static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { @@ -1086,6 +1100,162 @@ static Notifier sev_machine_done_notify = { .notify = sev_launch_get_measure, }; +static int +sev_snp_launch_update_gpa(uint32_t hwaddr, uint32_t size, uint8_t type) +{ + void *hva; + MemoryRegion *mr = NULL; + SevSnpGuestState *sev_snp_guest = + SEV_SNP_GUEST(MACHINE(qdev_get_machine())->cgs); + + hva = gpa2hva(&mr, hwaddr, size, NULL); + if (!hva) { + error_report("SEV-SNP failed to get HVA for GPA 0x%x", hwaddr); + return 1; + } + + return sev_snp_launch_update(sev_snp_guest, hwaddr, hva, size, type); +} + +static bool +detect_first_overlap(uint64_t start, uint64_t end, Range *range_list, + size_t range_count, Range *overlap_range) +{ + int i; + bool overlap = false; + Range new; + + assert(overlap_range); + range_make_empty(overlap_range); + range_init_nofail(&new, start, end - start + 1); + + for (i = 0; i < range_count; i++) { + if (range_overlaps_range(&new, &range_list[i]) && + (range_is_empty(overlap_range) || + range_lob(&range_list[i]) < range_lob(overlap_range))) { + *overlap_range = range_list[i]; + overlap = true; + } + } + + return overlap; +} + +static void snp_ovmf_boot_block_setup(void) +{ + SevSnpBootInfoBlock *info; + uint32_t start, end, sz; + int ret; + Range validated_ranges[2]; + + /* + * Extract the SNP boot block for the SEV-SNP guests by locating the + * SNP_BOOT GUID. The boot block contains the information such as location + * of secrets and CPUID page, additionaly it may contain the range of + * memory that need to be pre-validated for the boot. + */ + if (!pc_system_ovmf_table_find(SEV_SNP_BOOT_BLOCK_GUID, + (uint8_t **)&info, NULL)) { + error_report("SEV-SNP: failed to find the SNP boot block"); + exit(1); + } + + trace_kvm_sev_snp_ovmf_boot_block_info(info->secrets_addr, + info->secrets_len, info->cpuid_addr, + info->cpuid_len, + info->pre_validated_start, + info->pre_validated_end); + + /* Populate the secrets page */ + ret = sev_snp_launch_update_gpa(info->secrets_addr, info->secrets_len, + KVM_SEV_SNP_PAGE_TYPE_SECRETS); + if (ret) { + error_report("SEV-SNP: failed to insert secret page GPA 0x%x", + info->secrets_addr); + exit(1); + } + + /* Populate the cpuid page */ + ret = sev_snp_launch_update_gpa(info->cpuid_addr, info->cpuid_len, + KVM_SEV_SNP_PAGE_TYPE_CPUID); + if (ret) { + error_report("SEV-SNP: failed to insert cpuid page GPA 0x%x", + info->cpuid_addr); + exit(1); + } + + /* + * Pre-validate the range using the LAUNCH_UPDATE_DATA, if the + * pre-validation range contains the CPUID and Secret page GPA then skip + * it. This is because SEV-SNP firmware pre-validates those pages as part + * of adding secrets and cpuid LAUNCH_UPDATE type. + */ + range_init_nofail(&validated_ranges[0], info->secrets_addr, info->secrets_len); + range_init_nofail(&validated_ranges[1], info->cpuid_addr, info->cpuid_len); + start = info->pre_validated_start; + end = info->pre_validated_end; + + while (start < end) { + Range overlap_range; + + /* Check if the requested range overlaps with Secrets and CPUID page */ + if (detect_first_overlap(start, end, validated_ranges, 2, + &overlap_range)) { + if (start < range_lob(&overlap_range)) { + sz = range_lob(&overlap_range) - start; + if (sev_snp_launch_update_gpa(start, sz, + KVM_SEV_SNP_PAGE_TYPE_UNMEASURED)) { + error_report("SEV-SNP: failed to validate gpa 0x%x sz %d", + start, sz); + exit(1); + } + } + + start = range_upb(&overlap_range) + 1; + continue; + } + + /* Validate the remaining range */ + if (sev_snp_launch_update_gpa(start, end - start, + KVM_SEV_SNP_PAGE_TYPE_UNMEASURED)) { + error_report("SEV-SNP: failed to validate gpa 0x%x sz %d", + start, end - start); + exit(1); + } + + start = end; + } +} + +static void +sev_snp_launch_finish(SevSnpGuestState *sev_snp) +{ + int ret, error; + Error *local_err = NULL; + struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; + + trace_kvm_sev_snp_launch_finish(); + ret = sev_ioctl(SEV_COMMON(sev_snp)->sev_fd, KVM_SEV_SNP_LAUNCH_FINISH, finish, &error); + if (ret) { + error_report("%s: SNP_LAUNCH_FINISH ret=%d fw_error=%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + exit(1); + } + + sev_set_guest_state(SEV_COMMON(sev_snp), SEV_STATE_RUNNING); + + /* add migration blocker */ + error_setg(&sev_mig_blocker, + "SEV: Migration is not implemented"); + ret = migrate_add_blocker(sev_mig_blocker, &local_err); + if (local_err) { + error_report_err(local_err); + error_free(sev_mig_blocker); + exit(1); + } +} + + static void sev_launch_finish(SevGuestState *sev_guest) { @@ -1121,7 +1291,12 @@ sev_vm_state_change(void *opaque, bool running, RunState state) if (running) { if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { - sev_launch_finish(SEV_GUEST(sev_common)); + if (sev_snp_enabled()) { + snp_ovmf_boot_block_setup(); + sev_snp_launch_finish(SEV_SNP_GUEST(sev_common)); + } else { + sev_launch_finish(SEV_GUEST(sev_common)); + } } } } @@ -1236,7 +1411,17 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } ram_block_notifier_add(&sev_ram_notifier); - qemu_add_machine_init_done_notifier(&sev_machine_done_notify); + + /* + * The machine done notify event is used by the SEV guest to get the + * measurement of the encrypted images. When SEV-SNP is enabled then + * measurement is part of the attestation report and the measurement + * command does not exist. So skip registering the notifier. + */ + if (!sev_snp_enabled()) { + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); + } + qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; diff --git a/target/i386/trace-events b/target/i386/trace-events index 0c2d250206..db91287439 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -13,3 +13,5 @@ kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" kvm_sev_snp_launch_start(uint64_t policy) "policy 0x%" PRIx64 kvm_sev_snp_launch_update(void *addr, uint64_t len, int type) "addr %p len 0x%" PRIx64 " type %d" +kvm_sev_snp_launch_finish(void) "" +kvm_sev_snp_ovmf_boot_block_info(uint32_t secrets_gpa, uint32_t slen, uint32_t cpuid_gpa, uint32_t clen, uint32_t s, uint32_t e) "secrets 0x%x+0x%x cpuid 0x%x+0x%x pre-validate 0x%x+0x%x" From patchwork Thu Aug 26 22:26:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460833 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E221C4320A for ; Thu, 26 Aug 2021 22:27:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1422160FDC for ; Thu, 26 Aug 2021 22:27:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243818AbhHZW2T (ORCPT ); Thu, 26 Aug 2021 18:28:19 -0400 Received: from mail-mw2nam12hn2244.outbound.protection.outlook.com ([52.100.167.244]:22624 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243821AbhHZW2S (ORCPT ); Thu, 26 Aug 2021 18:28:18 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cctLzdmHPqutwuAvujwXr1xq2G5SOsxS7dHbQs4NfQt1uGuJxCnOCNmHWmE2KMCTwOcp7SAE3jXn1jaB/KJYmRiPk7efM3qCs+NlWdy6vSCoN7oBF7NImdzy3HyoF+ledeab2Sm1crZBbqjZe2ZdjmTCmkr2H4ssGnFKiJU2fdCD0Aw5wLuSRS+LT1P5I0qpYDGjINem9nB9alwGFKO8QLoiIDFHUbtZ86mGeiP2+S32j6+QSTte5zyLMEpLsY1q6Zntfoe9h3FCdqx8AWoGRgCiPt3iDkVOLrHZaC7C8JCh5dCosbnenZG2kW1f3j7BuU4NRj0+CCw3zTGmVg4vaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oCIF4V+DyRUxL1XZ+BPubHZ0R8xCProyq9AHNkHqtqQ=; b=FvPrm/KIn21bzMatgDLdxyVAwF2pz6auc/OXSeuOXqF/wLsmzyqc34UfsGBK/NKWTzNP9tZcZ4kI/OQVMNxSSHwVaODhVECwKwISE2RVsTC8dl6Sf0zlIjHjQFtlbJVirqIXkXagfObmfwSDdUjg10xivYDf6Cr/ReXa7EewR5HnJ0ZdwiKVce4JK77kjL1Hu3cJ5esigpoAooev6xWCOYcjdHGiyp9DUs+dPgX56n3XbM74HKu9Z2tY/fNO8H29M94V0baYZ62L8CUcQp/zdtkcRLpbCV/OP55Z4PQBoU3YgckUHwdK9eMGDr+gobf7/kNfybdddYBQVPOWqyKtrQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oCIF4V+DyRUxL1XZ+BPubHZ0R8xCProyq9AHNkHqtqQ=; b=JU0MTIbmGjFQFcveFTTUEGs7TDjIRgdNudjFiVALTd6dMzkgi9Vd6onbBFN5lgiROelrxDml6vDzZrPLoQAywXtXUwEVo/YFD4GkN5bGept2UEKP+Hk6bKYi1Ermw/FRViAvlh6G79Exasy7sTXkPPL5Y9icFRqCFAfE6VT7TX4= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:29 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:29 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 08/12] target/i386: set SEV-SNP CPUID bit when SNP enabled Date: Thu, 26 Aug 2021 17:26:23 -0500 Message-Id: <20210826222627.3556-9-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA0PR11CA0074.namprd11.prod.outlook.com (2603:10b6:806:d2::19) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA0PR11CA0074.namprd11.prod.outlook.com (2603:10b6:806:d2::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Thu, 26 Aug 2021 22:27:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f8e7c910-bed2-47d5-9a28-08d968e0b04d X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:457; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: l0feJavaDRTD3cHM4oON3A1yhbggufivrmAVlgCQ1sgvadJT5HcZ/4gT1T+JQe9GcTWSoX0Rx8RnmI6kdTZ7N91CjHhllh1MRHua8n4ubofV6NCxuhR4txJlc8FfwLNGDk0qbFW/Smah/3JVDMIUenqLowFlyi+5F+xLk5O8/kX6G0+B5gCfVD3RhZoQy/gluz+oBSonDheYuXVxMwTXXQv0YMxFcOKySnBJysg+jjNL9l8urWaqSxXf/qFhz4cP6NrwbEWcbeaIQBXxo/JFKFbnXe2wNZBULrAbBSyEVk/ThNOoMIZyF8Z5g4FBKbW1I2Bun5Ep1jJDb5gXDyGK6GwIVDt9IityD6F1rgNw9xrlihhNj/2wso44eSm0SNBWDvp1FQtIspKlQB3VKFMsmGvvaEjO7pYC4ej5NnnpRaHMzsLh4YR/jHe6YohtDZQFGWcY0a00k9K4D1lqgM/NxQQdVfSlPM5CFCl+uL1LS1dDn962nZVLTtEWUPX5/gARM6Gw6+mnZP51Bq1OddQ1hawHX9XtBIMjRuJGikveceLMkpJ3YDObrkIuFPHDAKDRE4MsU3y6qNjlK3ppHeOUTGR4PbDFHg/sqONM0T+yY1DNTBDidfMX6TzP7jiA5Ug1jLxcf6Zv1wY/9pTTwwlofxVGhEa6DHoXau6XS1w6+ArKNGSY2Vb16O5NzS4GJTpL5cs5SXIPhxhxIOjnRy9XZC2mHQSmHQu3tOaZ3SJnXKWRuA6gFhusEMU9vu4hBwEvJVWPH6R7KYs5LRHvMgaEE8J94pyzlZC/P5DfpBxOWPRc6KLtwNDl0nk98SWhqwxuy6CBXwIy7rrqbMfjnjasQp9XjuTrePZuFKYVhH9/sM1qmyPTNEqnFVRKsfVp4qN0Iwqsn2p1oxSGFKxAG2vCm3oG48Fq0rGVFXZ5Va7oJd1vFzxsOdQLoWQD1FpSZt3CqCt/VEE6W1oZXHKcRCx2jN/5+se/Y5iTipJx6oY7aqPdGCp44Hkagw3B3k++5TFF8zhS8Iwao1VJYDLXbZL99L/RcsBVtY0T99U29LaFN9M= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(4744005)(956004)(2616005)(6666004)(66556008)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: lJ2V4nvRSN6OwagZwWQFit9e6sMMv4fqbXq4cDTjUlHeyT/ff7/XcEpVA60MrSm12ZbhC/SaFxBUOrewkYF8EvzOG7bwZesox5BDYGg194E0z6A/Wx8K4ulhhW4MiPDOfBjCoCNprNoS6MxbkZTSwPAhK/xwS3+Xs6Q/2xQhwrSHrJ8X704ite/OW1RVF/HUOeFNR/BsAy5miDAZZjIJBbyidEY+yIAb5eeQepaztg0nyjYfbnSifpgvppctBcBrR2ENlAdDQ+sFRmdgR3SHJJRvfRTAsV47dn0GIZCxaevrW+eKsYYQubkbiH50sqMyJ+UX9e+bCrBSQJrabspZT+rzAL5vNorQEQSn7Q+WDndabW/Q0wqHWEk8VUu47YsXpRSQKFvG01jOgJQqOl2yQLZQNCPOepN8iQN14BLS7NzvJPcZlsBaXpPaHefYBTQBp2sEhWjp46GB8gW8AL64QhqEctmVQpQX76/wRK7aWDprqgS6rlrc2cXgNnp9bLWx73Sgu9DX6RzIHVFetUXQEac9lh4N3c8nKx9VkS1nMaNHhCReBSW/3UGnshKpPAqxg2QcKyJZ4O1QFAEbV+lbfODK01AgluOM7aOhF4eNXDjIjBsgX/sxZHVXc3i81EH6cDhoejv8g+JK7844VkS5CIidIVNJBgaLicMYNrDvQuh6QV0LnYssassuxkBvPiWZvHiUfwgk/TqkOAr4BQbGfJ1dKOfUS2sR5kf9B1amn6BQ5pWqzDvL5LhS9weIQ3L0NximJa+4HOHZibh3tZMW6al5u4OdgyrG9ZQl4QKaE2Ep+k7Dw+VXwLM65DsiNiama0CirX8SjfAGT7TR318QMfmhkGi3fcaS61y5dCARs5LHNFvWkXz7wio6mI6cfFKyC5trIz9RWPrndBDhfOoJ9ybSCT91ec6GnlyD/dpqfzGgZe9/yfCjpA8baO5vmPtJhrpJsNLRjY0AwcHZbQYtLBCt8Hjg8cHEVDKbwklhZaXsuDExP2/t75+h2fSzEUvRAT0VTKkCroMm9tLNRPOJRf2aemNDMwCh5gqAzH9s57v7geWZfAzoLj0IdetLocQIWeN8pwIdaH721jJDzVcbwehEUpjQizn7XM+ggKD05GJ4rgnmXW3ffY2LpU1+vR8i1D2jFX12oXm830DrglyVL7CWNLoh0y7vrasZaRV6efHvs1L5SsUvx3FDeoKR6Zt0H7KZJrJA3wtOfkFjHdDEVDVXXWrHuTe7bkF0dTDVwqSHxYOgJpnSTBADdnHW3rXyMyc7Q5dhQ+vPcB3RFSf0aeX9qhHV207grKeAa/HnxAfYTfkxjpi1VgzWhRztHyL4 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f8e7c910-bed2-47d5-9a28-08d968e0b04d X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:29.0818 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: U5Vmw4OJD7jfCj/U2eGwQJbjdzrAX52+EyH7WVFP0lvYgC8V4w/LnjCHSOKi6MwcJD5YCVzk2TfRAo+xCtD9iA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org SNP guests will rely on this bit to determine certain feature support. Signed-off-by: Michael Roth --- target/i386/cpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 97e250e876..f0b441f692 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -5619,6 +5619,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, case 0x8000001F: *eax = sev_enabled() ? 0x2 : 0; *eax |= sev_es_enabled() ? 0x8 : 0; + *eax |= sev_snp_enabled() ? 0x10 : 0; *ebx = sev_get_cbit_position(); *ebx |= sev_get_reduced_phys_bits() << 6; *ecx = 0; From patchwork Thu Aug 26 22:26:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460809 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D71CFC432BE for ; Thu, 26 Aug 2021 22:27:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BC86760FD9 for ; Thu, 26 Aug 2021 22:27:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243757AbhHZW17 (ORCPT ); Thu, 26 Aug 2021 18:27:59 -0400 Received: from mail-dm6nam11hn2214.outbound.protection.outlook.com ([52.100.172.214]:9051 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243741AbhHZW15 (ORCPT ); Thu, 26 Aug 2021 18:27:57 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vwo/dxYc7V1MeNHaXfi+vsuv5zfT+2M4TQy6nrrjmUkVGHCTRT0iosQSzECAX32z0rPnJN4pgWxPAftBJMRKT2nAaWlKKqrTM3jTv4tqNQZHbDQVdrY5908dRNt8T1rD7OHKXc4tGwKo4o3AF6bjDq/JX+7P7r7VD8iZxw27P0fIkfTKWnBrlealxiqZfsq43RLSfsdTgZZ259apdtiLbo+JKHNJgB89cGVJzXXAvIVxTu0tUFupFHfyRXa65n0DB3nUhgzUk1swgJtoTZxQTW/GzUfHcBd59o7JL1cGbP3s0UqTIw0zmOq/Vzck7g6zidWRm4NjaqNwZIfgLiTcSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AINeXt4JL6rLvM2kc+eJBxIf24grk+YWdOJHS+kPyiI=; b=H/zR4L6goJIT73jhiM3ebbRZ7PH+yC7o11kfLcbsvRZ0yCbrYNcTlg5T/CS72E520xrVj4W1o+oOtiZoMZq0mZIsC27SOKD4/7Zq10ExcyCuUuucXmTsXsjNGioKwck1EcCLTz01Zu9uhH8XTaET+g4mpU21zT11G1zcq0g1Iq3aCAlytAPg2Ax/fHyBO5oFSVxb8+q/rtWEobw/KqB424Sj2nfG0p3lGxg1H+FK4vkXUefV3o7mm0fZJQbUEDbqlZmCbopS7dNHkliIt7PlsOfmCsQBk4nPXjdss8FN5xzlsIMK4MjCz5UO0wMAW7L+EUE8ioe3TxLO+cCRv7D/gQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AINeXt4JL6rLvM2kc+eJBxIf24grk+YWdOJHS+kPyiI=; b=xczVXvj+kuxj/6oad3FdjWu2OOMR5/ko/bnuX6wF/LN7WsJeN/UWrzkMIN25apstLyp58cCUXC0jhTF86iQ3l6Gq4XQKWIk28NvMPdchNk92Tk5BjtkNmw1UcID7KgWQMHZwDUNK8Mes3gelOkFYQnrccvNKrsZ1QT3cu/u7Ysg= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB4293.namprd12.prod.outlook.com (2603:10b6:610:7e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Thu, 26 Aug 2021 22:27:07 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:07 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 09/12] target/i386: allow versioned CPUs to specify new cache_info Date: Thu, 26 Aug 2021 17:26:24 -0500 Message-Id: <20210826222627.3556-10-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SN7PR04CA0018.namprd04.prod.outlook.com (2603:10b6:806:f2::23) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SN7PR04CA0018.namprd04.prod.outlook.com (2603:10b6:806:f2::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Thu, 26 Aug 2021 22:27:07 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4d802d89-6ba4-4fba-d299-08d968e0a355 X-MS-TrafficTypeDiagnostic: CH2PR12MB4293: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2I3JaCcLtzSLC62FE6lNTV8U9nAUYt5TY1/yndmraqGixe7gFhsr4c07vIMRZDwB7OZBIJ8Lf48ucBrgKyNL/0RY9RVYICXE7HiEBog86+c1td3S+Y+mtErB7nEMSaPa3c3TFexmm+eWP437cHAnHz0Aar7iVjSpAMlK7o1hovQROoV3qSobtDomlQgJF3iO2YBdI7NDoa7j2xd9wmaAdWx2Q3oWKbxh0kZ+NLzBBVVldmp7bePXhPOdDL5DKyuuGvu772I53vaFAfyvT7TPi+OPrAySus8E0gG7MP+t5LaN2jSDJASLIzVsddtDuZ9Py3EwfNFJ2/DY0hu6mHQTQ8Hjfx2UXRQ1naf+rrBvoCvjgk0MntR2bReuOd0wn1IE47pBoQSwza6Z7T+gZs/gxobpU46VzkYMcVlsjhj/Q4XXEfu1imBB9Utlm4fTEt4QLP4misjW7OkW1ybWN7ujsaHwMzYGIlEBgV2y35X2K31cgJhYSKt+nUSuzuwTObuyrwxSkpSJSoLj13S9IrUA9gCiZ+nIl9effZbzpzvIDj7+8FHufOQnPASH/hULA7Q4F3qM5PT7O1vPf3LM0MGFE88u9T4JmqyPLwBa7nAWNzyI2BUY2OWfoe+on/LLXDUZULDpYCEL0VrtDCJY6Wz88h/kZXnURUcfCzhGp7Iw7USybS2KhgnG8/jwzrjqZz8QSaT+6JNF35dg/ykeg4mEXYB5CzYvSZtUk9K2VlR71NRJGjpClRqaj3rhMcvdgkI7Fwax27YYV980KkrkN0m+8LcV/LIP8s6IGs7D0I/PY/v9aUC2WVkJ6fqbnFkP/ps/R8QdcUJQzq6glH1rZQXeFLvFnHP2l08+u2TkMHN67QPyasH7OSuZ9lSKJHkoj6u7uJK/GDDg+Mxsdl6AE99xqRAy/oJqqvADk+kkFDzAdHuFn3FIrOuiby6RSsF2QCbEprhdmbf4aQMKbVFcPkw/onUQgPyQQKtxXYJv6sEhto0EbHUpNFIaxHIMmIGKMfGAqMb9Q5tOnTX0cdEfcozhBAi5O8hwlNUJON6KtGwW7ms= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(366004)(38100700002)(38350700002)(508600001)(6916009)(54906003)(66556008)(66476007)(1076003)(2906002)(5660300002)(6496006)(8936002)(52116002)(86362001)(316002)(186003)(6486002)(6666004)(2616005)(4326008)(26005)(83380400001)(66946007)(36756003)(44832011)(956004)(8676002)(7416002)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: iQe56Ny+wWkxF0aPxLPegwdaMPKwg4Zyf8tBVgoyVpwYk8mzl7aD1zFmVQn+ZY2WubfDfXjxwGQh9C9zyD35iP7x0U6V3VUetG9NV/ML68XwpzTb7TYv00rtNg036mFxAST5Knlqr0JHiZ+tl7ey1wVIx52YHiXarRYLp/RzXraedTycAyJQbg5/D5EcYseGEFudbGbrt2YdkoRzX6NZUb4hVMOj30jINc0uDx/o3oVZ/k1vyypA0wrFcoO5UNR6xRIpIzNXxdShnV9lAliehfT3S/RU7vJkN7BwOgBY8frpuXrFdTJyY8lH5wJBdAP+nDPnlt8Sw7lS8yjZWjMc90Xks7mnqY/4pmp3PbNztzBK3dPTE0io6KTpLQR8bNBYtQ9YIRwwanoGMKR2uN04afkXdAcZQGF2el1e587QXsV1uOzH9akK2uKqkpMsX5LnsHPq+uxePJA7wFc+2SzAIKNlc5ox2DqiWBOKEQKvS2lxQ2E4HL9+jZDKdDFwRjY3HBKB7CahkuVQETOF1BVTjXhSjUuc6Ybq/auFtMYan6JxGa7uVkJflLMf8wOsFVLLWt/CHYYXY62NudKgfmY2VYFljy9BSOyzYTTPUNjOtfDZm7vy0beEnT1BjEyHODKZrb8OBkPG5fIpcON8vOq3P30TvH2+7raJdw+597qfYI9geIVpQORXXHtfSNk2YmzrGXbO156PL7msPGcwxdLgnb5M6O0s6ciENh7tsoiv2t+kFXbaxrNDkkP9jkXOW55Uls/lI8Z9LiY9UzRAVamAm7Ve+MwJqlSkzL2vgY5FVGjCSfRwKzhsZq8CJM+R3cBQbT0G0WkE57kzKF24UkqUMiu2cPtYgFt7ykAKi7etpdRBgBOImhUq5i47dZ5dJjpsvKHL0ba0Is89BR3urLojrNZVDd5+QFDTJkBkRw7qWo5lie2CAZCuF3Wlwihc6Yvjr0fiLyxFH+DSTu3LnrAR9uiI5WcL8rqfwsSdbczKz9U1tkkU/EFc9tIGvXmYsjdlG2DevYTRAwUvMhbliOYxuQfUJs5aKVCQbov3IRrAsiDST3LtqnhdV7cVx6/hshHGYfeUDyPTM5WmkvOwufEK0IrodbHyp3n9+JvB3CbVX9Wza8Ga/BqVlvllplaIkOsYyRcij27n3sV99f5vCbqPzplUA3knemK8VJzRzifHM3ZFAnNfqynipef2A7bSKCQH7ToXG97HRVUwNTc7e2z5G2hAEbKg34p8Pa8LXMk76vSlI4FfVKrUv8Osl4uZPeE1i8VI8HnfF61+BOuOADj3bAkjqFY9zQPIVJMGw+IKNL2Cahj8NqYXp7Rp0FKn1C8R X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d802d89-6ba4-4fba-d299-08d968e0a355 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:07.4508 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +d3go2orx/l6cReyVCl//T9b17QP/XUgKYEhO8/cnKzSC/3ca08hMWEffT8NG3rY/fxy1bDVbN6YQEb5pEKZuA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4293 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org New EPYC CPUs versions require small changes to their cache_info's. Because current QEMU x86 CPU definition does not support cache versions, we would have to declare a new CPU type for each such case. To avoid this duplication, the patch allows new cache_info pointers to be specificed for a new CPU version. Co-developed-by: Wei Huang Signed-off-by: Wei Huang Signed-off-by: Michael Roth --- target/i386/cpu.c | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index f0b441f692..85d387163a 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1458,6 +1458,7 @@ typedef struct X86CPUVersionDefinition { const char *alias; const char *note; PropValue *props; + const CPUCaches *const cache_info; } X86CPUVersionDefinition; /* Base definition for a CPU model */ @@ -4975,6 +4976,32 @@ static void x86_cpu_apply_version_props(X86CPU *cpu, X86CPUModel *model) assert(vdef->version == version); } +/* Apply properties for the CPU model version specified in model */ +static const CPUCaches *x86_cpu_get_version_cache_info(X86CPU *cpu, + X86CPUModel *model) +{ + const X86CPUVersionDefinition *vdef; + X86CPUVersion version = x86_cpu_model_resolve_version(model); + const CPUCaches *cache_info = model->cpudef->cache_info; + + if (version == CPU_VERSION_LEGACY) { + return cache_info; + } + + for (vdef = x86_cpu_def_get_versions(model->cpudef); vdef->version; vdef++) { + if (vdef->cache_info) { + cache_info = vdef->cache_info; + } + + if (vdef->version == version) { + break; + } + } + + assert(vdef->version == version); + return cache_info; +} + /* * Load data from X86CPUDefinition into a X86CPU object. * Only for builtin_x86_defs models initialized with x86_register_cpudef_types. @@ -5007,7 +5034,7 @@ static void x86_cpu_load_model(X86CPU *cpu, X86CPUModel *model) } /* legacy-cache defaults to 'off' if CPU model provides cache info */ - cpu->legacy_cache = !def->cache_info; + cpu->legacy_cache = !x86_cpu_get_version_cache_info(cpu, model); env->features[FEAT_1_ECX] |= CPUID_EXT_HYPERVISOR; @@ -6234,14 +6261,17 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) /* Cache information initialization */ if (!cpu->legacy_cache) { - if (!xcc->model || !xcc->model->cpudef->cache_info) { + const CPUCaches *cache_info = + x86_cpu_get_version_cache_info(cpu, xcc->model); + + if (!xcc->model || !cache_info) { g_autofree char *name = x86_cpu_class_get_model_name(xcc); error_setg(errp, "CPU model '%s' doesn't support legacy-cache=off", name); return; } env->cache_info_cpuid2 = env->cache_info_cpuid4 = env->cache_info_amd = - *xcc->model->cpudef->cache_info; + *cache_info; } else { /* Build legacy cache information */ env->cache_info_cpuid2.l1d_cache = &legacy_l1d_cache; From patchwork Thu Aug 26 22:26:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460811 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FA68C4320A for ; Thu, 26 Aug 2021 22:27:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2324F60FD9 for ; Thu, 26 Aug 2021 22:27:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243768AbhHZW2B (ORCPT ); Thu, 26 Aug 2021 18:28:01 -0400 Received: from mail-dm6nam11hn2239.outbound.protection.outlook.com ([52.100.172.239]:3008 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243752AbhHZW16 (ORCPT ); Thu, 26 Aug 2021 18:27:58 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mX2QD2Hau4qzjDM7GbJVxmTk9cfjvHyF+//UhG/meW15/m/bnxM3wrfz1osYyrMQo76yOO2YOm1nn9pfCEdgKRQESEasPIolh7KLAMi2qBhI21HEK8VapSfKjzx6ix0larthqD8A4Z+b0vlYzgXrGqB+41OWVY5EWsIfBBC2Y5gnLgWvVXitfsfiRws1J94150kVf2KKA81RHim3svbvdLj6LunCx2JP57Tfrwd52BiQ79OyVNQFTWsU0JzkHciuvoaiQLAZu54hvytlPYRFqDhoNHvP52mW8dqD4OlpuP3n7pUghmqmZty6C8AK5i+zGowYRoLnRg1oXLCHJJxiyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ptkfNS7CJnmRZOVylvDJ4BEuceFQJsPgNWd50EsnjsI=; b=HB1yYBZkP+Z/B08dYDG7HncIxecaKrgO21FxPu+PgBrYFq3x4kqK+k23COL/db77uXlsgX4tq9iAwvC52M8FTLsGGC2JhZDdu9eCkxqpe0sMvxyGLuyMv1lFBnSpiMnPJ8paW8/dyv6+AAG15HCMm9zBCoghCU/556vIrNAXu1qtY+nLKcBEg2rOwrHHSBSnb1QXKX2PB3gH1+L56X26ecCaCc3etfJhI9aac0MXGsNWZsN0DS7S9CYVxx+3Jp2hen+YU1TUbN5cSj9mTTceScxv5qiT+wilJIGvQYPIku9sg7j11DxaIJNmEOAHmpxYes2WpsK2NkYdfb1/IGC18g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ptkfNS7CJnmRZOVylvDJ4BEuceFQJsPgNWd50EsnjsI=; b=bV2HmFT+wureybpabzmOos2VNiZA/7etMaI+rySIt6Q5FzN4SuSVyrGECFsKerERNEgpyQpHKjL7Atyg0TJd0ezbg7fr56+V/nizlXsBN2W5L5wsnPRmzTYAltXZII9+/HP7QxQxUykXazhQomdXXJywiN3yU1GxfXXwL1YqPtQ= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB4293.namprd12.prod.outlook.com (2603:10b6:610:7e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Thu, 26 Aug 2021 22:27:09 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:09 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 10/12] target/i386: add new EPYC CPU versions with updated cache_info Date: Thu, 26 Aug 2021 17:26:25 -0500 Message-Id: <20210826222627.3556-11-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SN7PR04CA0007.namprd04.prod.outlook.com (2603:10b6:806:f2::12) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SN7PR04CA0007.namprd04.prod.outlook.com (2603:10b6:806:f2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Thu, 26 Aug 2021 22:27:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: dcb9eccd-bd82-463e-bf05-08d968e0a454 X-MS-TrafficTypeDiagnostic: CH2PR12MB4293: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: r5wARpzZVzGw0zxLE02RRcqvRhuUg2ffkQFGmhFoiF+Z/OFT8rOBynRKzcs0dzrSW/d54LG6C8ZaQhly+wulw+Sg/z2I1zjQncZApkHENhn3Vx+eA2ULPxP7WMf85sUh742kxt45F3bp8XAA7rLlADsI6ePbmn182dgsqb2zP/zhcJQo4oW5etOSMSanIy29+VIuxWJasFexNVXr7OrG+uTit38I2Gi6Tnvu93xiUlZ3NlZk3vF83OGVTWNTS0J/MYaDpd2Fz5LJo2yax7ZUMEUaDLiObIuKKHYNUhliqiPeqIidH5K7O7FRmxBGfhbzkYGMkDYFVlfNPU7jTg/3WjL9r7CZwQSRtIp00ZVkkMTjV79sxC4CgNrBozh2uysQ1lPBw6Mgd88LRIfKj4DVRyhLrTlATJ8M7EhwNtwnNUaRcs3hCCxPi9eGjofdEJF1/5vL7wi6wBNKPXpLA5LHEtiyDxWhST5PqBDtlWxdIVFdVRx2GjOOH40JvtjR1LB4pRdj+L7LnZ7XC1iarVlFZWRTbBYDx7vtbOBIDtv0ESWxF2/fE8Tv0DdDIsDH318u8Om9k5SdOowm12N+ZnST/AAYc21Iq9vldXcEWmAWIeI+KEfBieAySeFj1JLNzcKyW0L0igMFx2LE76voIM5z5zbTqcbYSSCBeoSoiPRibHo6DTwUB4QVu8PKoxlpGxMI0nuSswYEFjQom9L2KfCjq2I4VvVqlZbkCKh1EdCZwdyCDHTZulOMcxZ/+klTe3LH6b/4Usa+aSt+2cI0Cu0xZmfj5S5VSj8jBOLqll37KTBKsIzhLQ6Y6D+0rxv9bFyGy0gePnkE2PUWqOGougo8yw1v6BiG4hdTdOU1IVHaHNc55Qzz72buTWwEOaHpn4KEcd5fJ6qzpHaGFnXLKr6PoIZ8DO5rlmwW2nf+4h5PqJAGqBIYOcfhsm72NgXFNd6jcWG6dnQ53qks1/5CT9QwIgqWurAzTYH7jvH996NSslSFoujivqggt6AqJmZa/s4ifI2oXDgT/cnYhhecVLi4/vQLUAafTUEby08JiGvBqAk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(366004)(38100700002)(38350700002)(508600001)(6916009)(54906003)(15650500001)(66556008)(66476007)(1076003)(2906002)(5660300002)(6496006)(8936002)(52116002)(86362001)(316002)(186003)(6486002)(6666004)(2616005)(4326008)(26005)(83380400001)(66946007)(36756003)(44832011)(956004)(8676002)(7416002)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: T3bcylOwBB5V46Zc+kSDzBH69jx1gHsRD2jK9aCNyVVaMwyX0/v2Gk0whulqwIIf12LVQNwFvuA0yChPoYlDzZ+JxVEdMbGC0RKXB2etR3LnkjfvqAlWgA4SiXxzUlXSjQFW2qwTCfPiF/Nqf3JFleSab0ygPVgUqxt2NKFvEsJQDLIhkp+AHqXlwlb+NLNgLeGoKIR9UoLPHwoYpsq0diXAWHTA82YtoeZ9aLN31MUdSuzairnP7ldVUK3w8PbXQc2pLssB+fho1vgCb9sDEguThaHNhHBXQ/9z4EkjD6p+cHjYNXtiFmI41UOhm17PMbWbVAOGhdxUWWqUZ6VnDMxcS3qOf1N0XijaY4xvFDCUzi8Dkk2B/hA3Z/IgrT6RVXiw6EYfYQsHlPwimYJr3r3cGUmwV6jy0ka5MQyPzmWXsDLhZGc2C+Cg8di7wliAbjIlAcezRpbbbEFAMX/wYUfwPvs+6AubmyOrATU0c5jhioTH3RDgHvOox4HrlFRH744ovAMlY+E7KKXPTlDYotXiNbJmL0i091pNI394M83WkLj4KED/h2H1lmmAGwQJFEz3+kYy/2Q1Owc7fRxipp5doUoW/G1eyJOIRzmbjBoG+cHcX9Hlum3KNAiqANfI34NuNZVyrrmwCP2u2ifRcIqXM00wJr2P6sczjsfro1cozOylCz8KAKGhzTTHiLkiiTA4GMl85z6jmkwSRVSkxpKnVmQ4zAd0GEL0jeyYgaL4MUvUs7YOLrd7MyBh4jjoPpXz42sIDiibNy1iejCPqJhMzbuNsNHUnoh+gfAiywtSyt7thblAiB8HTUPK9KuIsefdmRbfm7uH9dlEdARf6RwG6HF74wg0H0zSIverSHIU8sgaRmkE8i9EnnyGL0smLpLFHEqG6X2Ly9ixc8Zd09USrXq9+YtqylT1U1E+unvubskHl20VZJvXb6wiUmVezs9dhNvNNMMuyPAEggSSO2nKLFiwkYMhCEXmzc/iITV1L4GpwLCOtybLBS9biIZIoFlLWUJtc+3g4/KdXU56LYNgDZDkWWIUlt5guFiJcqfc6VVBpXNOIGkumtqTXwAV7rWlBJQbD0gZ+PCmMXfzxkWHBjqfDK6HTsGau4tl4CAey/U66Td/0G0adICnyxaB/xgBhlHXS9NPCW/k12XQmJ/o2d8Hmno8m7AcOKY2b9AdQ70of/zLfg0sm/Mtbr4EclVhFLPRJowgAYtXyOEYcV5o8IrouXTAJEzafErozTV7qbph7G/kPd0iEISJe0CLO1eHgCm4yjxX5zg6jQ/4Rk2K2JC0jQnHojktLMEutOEN5DwyWPgF1poM4iuNM0BI X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: dcb9eccd-bd82-463e-bf05-08d968e0a454 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:08.9900 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tJ7/4YncYxyzXJQXPrtTF0KRzbL1P9tP5NOm1WNeblaavTBxTyPgLkZbBzIC9xD8PDtMVO8MACL3ueYIqXw9Dg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4293 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org This patch introduces new EPYC cpu versions: EPYC-v4, EPYC-Rome-v3, and EPYC-Milan-v2. The only difference vs. older models is an updated cache_info with the 'complex_indexing' bit unset, since this bit is not currently defined for AMD and may cause problems should it be used for something else in the future. Setting this bit will also cause CPUID validation failures when running SEV-SNP guests. Signed-off-by: Michael Roth --- target/i386/cpu.c | 184 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 184 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 85d387163a..45e456b557 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1567,6 +1567,56 @@ static const CPUCaches epyc_cache_info = { }, }; +static CPUCaches epyc_v4_cache_info = { + .l1d_cache = &(CPUCacheInfo) { + .type = DATA_CACHE, + .level = 1, + .size = 32 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 64, + .lines_per_tag = 1, + .self_init = 1, + .no_invd_sharing = true, + }, + .l1i_cache = &(CPUCacheInfo) { + .type = INSTRUCTION_CACHE, + .level = 1, + .size = 64 * KiB, + .line_size = 64, + .associativity = 4, + .partitions = 1, + .sets = 256, + .lines_per_tag = 1, + .self_init = 1, + .no_invd_sharing = true, + }, + .l2_cache = &(CPUCacheInfo) { + .type = UNIFIED_CACHE, + .level = 2, + .size = 512 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 1024, + .lines_per_tag = 1, + }, + .l3_cache = &(CPUCacheInfo) { + .type = UNIFIED_CACHE, + .level = 3, + .size = 8 * MiB, + .line_size = 64, + .associativity = 16, + .partitions = 1, + .sets = 8192, + .lines_per_tag = 1, + .self_init = true, + .inclusive = true, + .complex_indexing = false, + }, +}; + static const CPUCaches epyc_rome_cache_info = { .l1d_cache = &(CPUCacheInfo) { .type = DATA_CACHE, @@ -1617,6 +1667,56 @@ static const CPUCaches epyc_rome_cache_info = { }, }; +static const CPUCaches epyc_rome_v3_cache_info = { + .l1d_cache = &(CPUCacheInfo) { + .type = DATA_CACHE, + .level = 1, + .size = 32 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 64, + .lines_per_tag = 1, + .self_init = 1, + .no_invd_sharing = true, + }, + .l1i_cache = &(CPUCacheInfo) { + .type = INSTRUCTION_CACHE, + .level = 1, + .size = 32 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 64, + .lines_per_tag = 1, + .self_init = 1, + .no_invd_sharing = true, + }, + .l2_cache = &(CPUCacheInfo) { + .type = UNIFIED_CACHE, + .level = 2, + .size = 512 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 1024, + .lines_per_tag = 1, + }, + .l3_cache = &(CPUCacheInfo) { + .type = UNIFIED_CACHE, + .level = 3, + .size = 16 * MiB, + .line_size = 64, + .associativity = 16, + .partitions = 1, + .sets = 16384, + .lines_per_tag = 1, + .self_init = true, + .inclusive = true, + .complex_indexing = false, + }, +}; + static const CPUCaches epyc_milan_cache_info = { .l1d_cache = &(CPUCacheInfo) { .type = DATA_CACHE, @@ -1667,6 +1767,56 @@ static const CPUCaches epyc_milan_cache_info = { }, }; +static const CPUCaches epyc_milan_v2_cache_info = { + .l1d_cache = &(CPUCacheInfo) { + .type = DATA_CACHE, + .level = 1, + .size = 32 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 64, + .lines_per_tag = 1, + .self_init = 1, + .no_invd_sharing = true, + }, + .l1i_cache = &(CPUCacheInfo) { + .type = INSTRUCTION_CACHE, + .level = 1, + .size = 32 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 64, + .lines_per_tag = 1, + .self_init = 1, + .no_invd_sharing = true, + }, + .l2_cache = &(CPUCacheInfo) { + .type = UNIFIED_CACHE, + .level = 2, + .size = 512 * KiB, + .line_size = 64, + .associativity = 8, + .partitions = 1, + .sets = 1024, + .lines_per_tag = 1, + }, + .l3_cache = &(CPUCacheInfo) { + .type = UNIFIED_CACHE, + .level = 3, + .size = 32 * MiB, + .line_size = 64, + .associativity = 16, + .partitions = 1, + .sets = 32768, + .lines_per_tag = 1, + .self_init = true, + .inclusive = true, + .complex_indexing = false, + }, +}; + /* The following VMX features are not supported by KVM and are left out in the * CPU definitions: * @@ -3935,6 +4085,16 @@ static const X86CPUDefinition builtin_x86_defs[] = { { /* end of list */ } } }, + { + .version = 4, + .note = "compatible with SEV-SNP CPUID enforcement", + .props = (PropValue[]) { + { "model-id", + "AMD EPYC-v4 Processor" }, + { /* end of list */ } + }, + .cache_info = &epyc_v4_cache_info + }, { /* end of list */ } } }, @@ -4054,6 +4214,16 @@ static const X86CPUDefinition builtin_x86_defs[] = { { /* end of list */ } } }, + { + .version = 3, + .note = "compatible with SEV-SNP CPUID enforcement", + .props = (PropValue[]) { + { "model-id", + "AMD EPYC-Rome-v3 Processor" }, + { /* end of list */ } + }, + .cache_info = &epyc_rome_v3_cache_info + }, { /* end of list */ } } }, @@ -4111,6 +4281,20 @@ static const X86CPUDefinition builtin_x86_defs[] = { .xlevel = 0x8000001E, .model_id = "AMD EPYC-Milan Processor", .cache_info = &epyc_milan_cache_info, + .versions = (X86CPUVersionDefinition[]) { + { .version = 1 }, + { + .version = 2, + .note = "compatible with SEV-SNP CPUID enforcement", + .props = (PropValue[]) { + { "model-id", + "AMD EPYC-Milan-v2 Processor" }, + { /* end of list */ } + }, + .cache_info = &epyc_milan_v2_cache_info + }, + { /* end of list */ } + } }, }; From patchwork Thu Aug 26 22:26:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460815 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DD58C432BE for ; Thu, 26 Aug 2021 22:27:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1F66C60E93 for ; Thu, 26 Aug 2021 22:27:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243778AbhHZW2D (ORCPT ); Thu, 26 Aug 2021 18:28:03 -0400 Received: from mail-dm6nam11hn2225.outbound.protection.outlook.com ([52.100.172.225]:47361 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243764AbhHZW2C (ORCPT ); Thu, 26 Aug 2021 18:28:02 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eepTJ0F8KtgqoF1p4sz2khFvqkS46aNyj3gKN+BD8rW1GloapfOdIAecIW7DEULGkpBegA25Z6WbP2AFp861C7oskWD7ByjeBiIki1zVSD4i6r2RVKGxJ/LUH1T6FrmaAl/TJrlAqPNcXcZ5GHyyIjz5fdDMZycP1I48hT5/pPR1vLo32QpZJOKfRi/bFFsGHtk2b4bCpEMs2bqlBjoJs2ALk0m8fYLgKUKKi1AhR7NObn41lCvQexf9S4pkv5ERtNn5jzg9+WCMo4Iw5UGbsFvY5n80ODyuRu+TG9eB4ozuKvK+/WSSKUzyrAxXc8iBiE7qPm6DrBrqT9gZhQoHDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+COgJlQSZtZ2EaaufkaqxyCvux1xLYqGTWWciI8S6lI=; b=Ads0Pi9Rme27nhUdvMlNVH4RMLRaaYzlzXHQ45Bi5Ppwm/uJEaQkvmGja5xQJF/Bd+MwqB1cCQYvlm3ees8kF0YLk6YOlaTuViQKrOXblQQmlGC94k2sdbHwDlbUDkiFtlGg46L7lfZXTJjkZwJzA9y0xHJQWzbhNrZFX5khc/2ghI+vipdyvOzz7xD+gmTJEAC+Eer4HvLg5ag9SuOQ6cU/EonHiZEk533nIKF6W/BVe8RgimYI53U/R0Y5u9BOJhvu1RKGYTkzDcSUADZt+NFdwbDOT9BI8xg9bxoRV1khTbH3vN6yXq9dtmhJVR0/m/aKcKqPDwxv/B4SgFpmmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+COgJlQSZtZ2EaaufkaqxyCvux1xLYqGTWWciI8S6lI=; b=ZItGjn89110ye/3VL6VHw/S27lHvIsSXSw+exDIsME2Lfti9jgyTaIPOXrI2zTkGtXljK/WXZKqa8p8xNgUVnMKKrQi+oAGwbDKW/QNcG63ZkFbP8iO23tyR30Cs9NGiw0Oz1V6+kKJ6Iz+e7x8M5CitEUXgUKskq5zJBOBhA6M= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:12 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:12 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 11/12] i386/sev: sev-snp: add support for CPUID validation Date: Thu, 26 Aug 2021 17:26:26 -0500 Message-Id: <20210826222627.3556-12-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA0PR11CA0067.namprd11.prod.outlook.com (2603:10b6:806:d2::12) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA0PR11CA0067.namprd11.prod.outlook.com (2603:10b6:806:d2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.18 via Frontend Transport; Thu, 26 Aug 2021 22:27:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: beb8c79a-92ba-4a13-5634-08d968e0a691 X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2449; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DmiEU9wagF08pitKrB5IyLy9D44adZbmzX8Smbq+71yAP4KU2syh/9wUOfrOz9GNYIeqXGN50vMYIzl7maSXidjwbXR9qwoCL7TUokX5YN60yLrLwjNOR7nh7OVQ9e0vEQyB+QvA1dVXsPIUcuZ614ZS4Q0RCbEUtvnyZtmC+G9RpMybmMbJWlFq/kQ84toocPspwcLXkexFPFYh3fxJ+0m700kRJkMLp8apW+S9EWfQ1kB7rDd+P67g8gIWZ3qsZis4chfVLLFVzTTHlSMVGOnN/R83ixrb5Fuh9WF1u1KXgbLb6mMImrhPrOgh6GS72mM3d2lU74NiESilxrbKqj54TwMGkZnLOpyhoh5kJ1B5xM2Ui4pnrWnL5LlcBl6HQw5GTdlV8pnzXs+10d5EhYBEt45IP1/1ylDCV+YBGiFGPLasq3MYPK+IwKjCnTcSJ9EGWLmhWmkon2gYIJ1N3YKurBUD9YxUU8/ygUUdsmYKHqqdlxwNQYVVhah/Ta1sGW/A3JA1mPbcU1vTIjlEuYyP7rToWYaMdWJFbbYVgb669o7ukR+fLzjNX9yYs5XIayMi/kWlMHHx8jYeuLPeyuPDFUqvrcI/13EO6vcu1D+hQrZ3VFId/Lv4l2iZNtKhlEVYvuYNIFR2i38dshTfin1mcWV3YllGm0c073QgDkyptbee4kx2TEfZJYzbsSIL1Ha8Is2PKPoax2T/2ggbCEZttc1U1GatEPGWWS1FBTorCsY3I836TITfXYayEgUjmm4TXSG8jysiSX8YrpZa4MpRcqud21oPqpxzDiC96Vraj5JwjvFJc/xx3Nl4psiNiMonU70g+xuKgfG4t56NBR/nNWsJrak6Bm0Fucc7rKl3SGQi19+w6+/uza8mC4LDSnqMrDEMT25cGoff5w7umBHDQ96kUXfoQqVlLXCInUooxCiUxc1RMJy6HDDfQod9Gg4V7mXmeVZ40cm8dnJqgJ38vk2joJuChXVfWrHyW/Fbiadk835TXMEKPSjYZmGfbonzI4FBysiMI7RjSbnOz+BU/peWsS63FMtcbBV1Vnk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(6666004)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: xT5c+HdCyVNtJC2Zkr6TF7fKW/cnK8ezw9xICV+giJ04TozLrZbb+ssSUr5hQI4vCV27mpFMCwLjvO+2ToqCOxnaoqrlTNYjPQ3sjHsO4albWgIQnfLahnL2vxQZx51dQ3BD0jsK09KWL2/BaoOXZnEZMsmHSvGAN8iuGN0JmwuArM7QJ85jqRnrAfzhGkjrXalaVWmQUWrxuO4qpLDpNqDvwh/AW9fycsgq5R6BXOLlhcWbkkUjIl234EWFcfZCKQtd4XOeqwjaeQtSsG9goxG0xKH7D57KAM0vI6f2tvqZ8TepC17Ow2Y4N5/WUPyOZOwixkq34pYX7FR6FshdE+zR/IklCQByNyylP7quGX4e7+kmWZpqgtLDpiU9CEuJ+13easBtYWNhLdsX39yBoJ8+uWB9oKSrKlAES+G/bLG6E8eET8vXCrxtQJwxIbIexD7ioNDMik47fc6Wzs188eSbqhtIUKlVkcGikPwD+hdldiqX5kZ7UpOkbaJ7wyyUboUzwZQUvLtDy+tOUwnCqmPNI6qA5g1GodxRCV7SOOUDWLtyd3i1NG26mXnHDrOpQVcmkyoF5XLs0D+Mwh60CwjlfdRGEo1xR2iEDPWxFJJmAKV9095t1nntTYxcJ6NlRDxy6ANSqv/lunU/NhfIbRYFFLd+GFF8TcMi+qf0GRG4vz4PkOyR8EdOTBnD6A5Fa6dKpf+28pK7trULQAz/oaurSfWCylzutvck6aP08cUE//1TRbKbwwVH+/8JwFMvZepYiI612H3nKwON6QQc4IXcOus2dYoWxzDsRv2RLps550SBPAf7ddksIQbE2qAXuGEfn2Be2LyxqshbI0+cxfVQIb0KjOcjbIhWYoV0LNg3M+NwyExOTEU9BaPMC+HmqemK9FgKVWPbbOxeAcIYcAy4hkg6kXkd7kGlWXLhdjYXMelR2jBSnS24P5OUGBZ5sagK+MgoG419WnjOdHN5oGw/tkYUcQY26undg3cNdjA9oYpmHBOMwNI57r/kBqMZPcQ7fsxCtI5pt27OicdTsNVIo+CcguswZjdSzgCS1WWeyIR+tPst6d9y12LvWeLx77dew25pGA/HNTp7isp0B/3h7iq7gnZXK14QVroYn/YKyZ3AiIaZ6GN7aCwAIWIWTrQv2xWNMu+CxpENY5UTRQ2wZIUa6u0b95tOTmj18LMFOwUHFUSKK9Wv6QtvXfM63tpp/CaiZNuNxMP+vhrAwcGYEyxKosv0lcDFfrw1RAggQ02xpE8EaA+LMVKMqqS/BWMbZxRq9diWjTNhL9O44l6kKVXacVn0Ss1Y9qcF41gwdAc0q8Yhh6YJqeuE/ZF3 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: beb8c79a-92ba-4a13-5634-08d968e0a691 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:12.7445 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uncT576zmPbhUxKqixaYgU2cEArhT6MPhVXozUaxAITs7R2Ac5xhmSPAhiPrmkpFqmb0cgo6UF4ZPVHVx+JI4Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org SEV-SNP firmware allows a special guest page to be populated with a table of guest CPUID values so that they can be validated through firmware before being loaded into encrypted guest memory where they can be used in place of hypervisor-provided values[1]. As part of SEV-SNP guest initialization, use this process to validate the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest start. [1]: SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6 Signed-off-by: Michael Roth --- target/i386/sev.c | 146 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 143 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 0009c93d28..72a6146295 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -153,6 +153,36 @@ static const char *const sev_fw_errlist[] = { #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) +/* doesn't expose this, so re-use the max from kvm.c */ +#define KVM_MAX_CPUID_ENTRIES 100 + +typedef struct KvmCpuidInfo { + struct kvm_cpuid2 cpuid; + struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES]; +} KvmCpuidInfo; + +#define SNP_CPUID_FUNCTION_MAXCOUNT 64 +#define SNP_CPUID_FUNCTION_UNKNOWN 0xFFFFFFFF + +typedef struct { + uint32_t eax_in; + uint32_t ecx_in; + uint64_t xcr0_in; + uint64_t xss_in; + uint32_t eax; + uint32_t ebx; + uint32_t ecx; + uint32_t edx; + uint64_t reserved; +} __attribute__((packed)) SnpCpuidFunc; + +typedef struct { + uint32_t count; + uint32_t reserved1; + uint64_t reserved2; + SnpCpuidFunc entries[SNP_CPUID_FUNCTION_MAXCOUNT]; +} __attribute__((packed)) SnpCpuidInfo; + static int sev_ioctl(int fd, int cmd, void *data, int *error) { @@ -1141,6 +1171,117 @@ detect_first_overlap(uint64_t start, uint64_t end, Range *range_list, return overlap; } +static int +sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info, + const KvmCpuidInfo *kvm_cpuid_info) +{ + size_t i; + + memset(snp_cpuid_info, 0, sizeof(*snp_cpuid_info)); + + for (i = 0; kvm_cpuid_info->entries[i].function != 0xFFFFFFFF; i++) { + const struct kvm_cpuid_entry2 *kvm_cpuid_entry; + SnpCpuidFunc *snp_cpuid_entry; + + kvm_cpuid_entry = &kvm_cpuid_info->entries[i]; + snp_cpuid_entry = &snp_cpuid_info->entries[i]; + + snp_cpuid_entry->eax_in = kvm_cpuid_entry->function; + if (kvm_cpuid_entry->flags == KVM_CPUID_FLAG_SIGNIFCANT_INDEX) { + snp_cpuid_entry->ecx_in = kvm_cpuid_entry->index; + } + snp_cpuid_entry->eax = kvm_cpuid_entry->eax; + snp_cpuid_entry->ebx = kvm_cpuid_entry->ebx; + snp_cpuid_entry->ecx = kvm_cpuid_entry->ecx; + snp_cpuid_entry->edx = kvm_cpuid_entry->edx; + + if (snp_cpuid_entry->eax_in == 0xD && + (snp_cpuid_entry->ecx_in == 0x0 || snp_cpuid_entry->ecx_in == 0x1)) { + snp_cpuid_entry->ebx = 0x240; + } + } + + if (i > SNP_CPUID_FUNCTION_MAXCOUNT) { + error_report("SEV-SNP: CPUID count '%lu' exceeds max '%u'", + i, SNP_CPUID_FUNCTION_MAXCOUNT); + return -1; + } + + snp_cpuid_info->count = i; + + return 0; +} + +static void +sev_snp_cpuid_report_mismatches(SnpCpuidInfo *old, + SnpCpuidInfo *new) +{ + size_t i; + + for (i = 0; i < old->count; i++) { + SnpCpuidFunc *old_func, *new_func; + + old_func = &old->entries[i]; + new_func = &new->entries[i]; + + if (memcmp(old_func, new_func, sizeof(SnpCpuidFunc))) { + error_report("SEV-SNP: CPUID validation failed for function %x, index: %x.\n" + "provided: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x\n" + "expected: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x", + old_func->eax_in, old_func->ecx_in, + old_func->eax, old_func->ebx, old_func->ecx, old_func->edx, + new_func->eax, new_func->ebx, new_func->ecx, new_func->edx); + } + } +} + +static int +sev_snp_launch_update_cpuid(uint32_t cpuid_addr, uint32_t cpuid_len) +{ + KvmCpuidInfo kvm_cpuid_info; + SnpCpuidInfo snp_cpuid_info; + CPUState *cs = first_cpu; + MemoryRegion *mr = NULL; + void *snp_cpuid_hva; + int ret; + + snp_cpuid_hva = gpa2hva(&mr, cpuid_addr, cpuid_len, NULL); + if (!snp_cpuid_hva) { + error_report("SEV-SNP: unable to access CPUID memory range at GPA %d", + cpuid_addr); + return 1; + } + + /* get the cpuid list from KVM */ + memset(&kvm_cpuid_info.entries, 0xFF, + KVM_MAX_CPUID_ENTRIES * sizeof(struct kvm_cpuid_entry2)); + kvm_cpuid_info.cpuid.nent = KVM_MAX_CPUID_ENTRIES; + + ret = kvm_vcpu_ioctl(cs, KVM_GET_CPUID2, &kvm_cpuid_info); + if (ret) { + error_report("SEV-SNP: unable to query CPUID values for CPU: '%s'", + strerror(-ret)); + } + + ret = sev_snp_cpuid_info_fill(&snp_cpuid_info, &kvm_cpuid_info); + if (ret) { + error_report("SEV-SNP: failed to generate CPUID table information"); + exit(1); + } + + memcpy(snp_cpuid_hva, &snp_cpuid_info, sizeof(snp_cpuid_info)); + + ret = sev_snp_launch_update_gpa(cpuid_addr, cpuid_len, + KVM_SEV_SNP_PAGE_TYPE_CPUID); + if (ret) { + sev_snp_cpuid_report_mismatches(&snp_cpuid_info, snp_cpuid_hva); + error_report("SEV-SNP: failed update CPUID page"); + exit(1); + } + + return 0; +} + static void snp_ovmf_boot_block_setup(void) { SevSnpBootInfoBlock *info; @@ -1176,10 +1317,9 @@ static void snp_ovmf_boot_block_setup(void) } /* Populate the cpuid page */ - ret = sev_snp_launch_update_gpa(info->cpuid_addr, info->cpuid_len, - KVM_SEV_SNP_PAGE_TYPE_CPUID); + ret = sev_snp_launch_update_cpuid(info->cpuid_addr, info->cpuid_len); if (ret) { - error_report("SEV-SNP: failed to insert cpuid page GPA 0x%x", + error_report("SEV-SNP: failed to populate cpuid tables GPA 0x%x", info->cpuid_addr); exit(1); } From patchwork Thu Aug 26 22:26:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 12460817 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 101C1C43216 for ; Thu, 26 Aug 2021 22:27:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EBC7E60FD9 for ; Thu, 26 Aug 2021 22:27:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243790AbhHZW2E (ORCPT ); Thu, 26 Aug 2021 18:28:04 -0400 Received: from mail-dm6nam11hn2210.outbound.protection.outlook.com ([52.100.172.210]:54368 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S243764AbhHZW2D (ORCPT ); Thu, 26 Aug 2021 18:28:03 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HN1iLeJAaPoQsdojU21/liyShiO6koabel459X/QiN3buNHmdwGVDZv3tbLZ2pTWfMojJOsws/G0kcWGD+ToGhYtluY9/3jpsyNtdDhF2wuJPGAJC2Ie2+cKkdsTwevUW3urDNZwsDYYcIV5YKCVWmNshifG3JZBfsZitN+C4laPlT4dR3p8WDG8U9oCP7QUiyFOOctApdYireOThwBWCvi6tECHjjkSAA9ZioUkN22D+uddElneXtaqVbkQSBVt5mGrM1s8/geusM9stg7Zlph7KSQRRd2Eyeb9j7ENvSlTjAzEfxhnFWMlk93+W91ZlzQIl+rCeFd8jXV6FaGrrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8/wkLwzfkOgt/2bG/cujvUbHRaOsA55eoytZuC+4wqA=; b=ZCVBULMRwYhtx8owbPBgJYnCEKmoxf/q1BFvdr0QyLst54qSNBBYD8VUQJEluPRyjpCsDX7mNKzc6vNm9GXJpiAOLmui8dkv+YVAbyzQfrUBR91Pbp1sN/8G6Zxjg+oBxks9sucw2CcGeNjqDQNp4HjxsNbOH9QxlfPwgnLM+ZGXbhB9t5UYsz1LEqPuTP6n4eiHo0fD6BjI9XMCdSMjAa5LXCNP2jzGxv8c+gmQp5IOaR1TlbBk+ze5PbJGZeBtbtAXV7Da/hOMsbQh2PxN0hnL6ibDCdjJua4C5hosAhVlNaOS2F8JuKdKFrFVpTD+foospqkBu25Gx2wLRPrxIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8/wkLwzfkOgt/2bG/cujvUbHRaOsA55eoytZuC+4wqA=; b=aRA4I+MtPiLFIIlPruY+yas3xlgGOuFsypUk/zW7MjjfxMuuKp2JO1+0eOdMyt5yuU6sc0jUIjUfMvGl2f5dmpCY/RJ+4DiINxjebpit4lo1cZYdGFhmZ3Ascbz+ldGbmPQPHJCkncsuRfXSHigRppO8RWy+3A/uwCYehq/9+2Y= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:14 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:14 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 12/12] i386/sev: update query-sev QAPI format to handle SEV-SNP Date: Thu, 26 Aug 2021 17:26:27 -0500 Message-Id: <20210826222627.3556-13-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA0PR11CA0082.namprd11.prod.outlook.com (2603:10b6:806:d2::27) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA0PR11CA0082.namprd11.prod.outlook.com (2603:10b6:806:d2::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.18 via Frontend Transport; Thu, 26 Aug 2021 22:27:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5682fe39-3908-4abd-bdb5-08d968e0a78e X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1091; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6A4VcQp/oSFycSxY7pSffXkaQZQRZ2bhRkpquDlfXXRkFYQHrKOtk+JW9rE2yGuq7+mElcJrPw/ae72KZ3kfPCykQ6wUJqm7QR7lKLPu5NSq6NWQY8QdGcPHGS+FXWlkwDkAfMUMN2hQN1aIOwyvr8ewKGLoP+JujL6wXO1kpXxwsQrZ4B83Hfh6DVm52oBlz5TD+7yrz+RXCwSZX3sq4lTqXquJp/hcus6i58ldEP7zstAaK1Y94XueOBHKIjxs0DkvB+s0trP34MImbh/FO+rOmi4qj/+z8zhix7Fi0uwZhA9vLr96bZJHMBEDCdb0yJBCCCK8PHsE7iT41OJn/VMWXv167KVTmmE5Q3g2gbkct56JhdLeBnrc3nDCdsKbRjjbRp5NNn6gjg0ori7bH7beUg0tj3zilARJ/atD1xVVP9rx1tHE2o2Up/dHEKCx0dp3ufDgkQmT6R7Cr95x17OY1KD3vcxU2AF/RrXAuYfnVDMTOzNU08PqAlwmoFpDRLrVGl+jClL4BTXGEx4RrZgE8FvdAKbQkVgu54QPbcUpOxgzaVdr/vcYKBgdQgDg+GwYwD7DgcUecO83qKBzk40JsMfn+f6R3htAJjjf4d7zkjTT5NJa/KaJkoHlg/Ir7ndDdypkdvvEfLFoJME0V7R0UVuy8ob8BwiRKm4jwyqYPGYuIrGxsorTMXbytl7uTX52+7wLiCTLCmeqTUK9yYh2s5ilmNJ6i3OsdOXv1o1my4GNJE1hyhLTrEJov37lsKi64nwfbMnouGRVBnTC8Ed7OcKZ2cNd2UUJ7fh2WbxZwcQuFp0m4jBf93ss74PV50NuMAVutQmmcXmenf7PnxQx4ax+u8UWRWVGgYANX2TFgFVnmBtYMouxo/xnmgnd57CGCHFvuwlUtKS+MlOkSY5sU2vAT2co9NewoA+Rn01oSsU72eSfWU6D37H9vgUoTVbutNy1qaQiQw45TMtYDGqW7gukgWSSmrBdYJK5ylBNBMl4rJgETd8qnIVeO9PCcXuh8msICpJq6yeLmbf7dtsE4hbRkphcd0/qHLFDkng= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:CH2PR12MB4133.namprd12.prod.outlook.com;PTR:;CAT:OSPM;SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(6666004)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(15650500001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: HYlvLfs+4hRx6MWMDCOVMFiWlZe7riTGugsciDzMw0I1YPf9B3Drhvlnnkoq6KXlkPnqWFvGFnQy8ML6IM0O+N8ITxyGAqWXjqhOU/Jq1qkf2l3t2VZ8RbU8NlxSFYxkL8er969HMq4WtC8+0Cc3PMduKyx2BbY3u1jOCUI6ZfgIz8dbO/Eu3jyAe3V4FZFC/1bzOZUgU8sksW6Vle2xmCXH81o9PcLG4/LLHzrkR3fkNonsfnOBJygBpP/4rtaOzchDbTfb3NYcd+KMifluft5wVP6cMeGar07k69APj3fMB+mG+9pG87H6BiYyfm+TIp6/gBlwIMijUTrVT1bKjwUrJkZfcs14/1ibFVULxu3NoBS2/zDdQmVSOD8qblchepYCvZ2TNG6kzc9IOl6A83JAD/gUmNAZ6+BAX/8RpPzrrM+2OCAUQkb9lBCnmAzNoo1vckIdBqe0cML/wajzQnbkCOehyrFSLJgDCc/+b+5729xbhvpRuwQW9g/yWS9I8+zClyFBGwwJO3brAiV4s+Qj8dLbNcJlygoBKf0Pvs6ZNVfRabhOgkJxLnY/7qARNHAB3dVzSDDcdRgY2mixnSyDndskBqAP3SoX9laaIULXjx5bqt4zxaHKSCmz1Lt3VoYzb1do3H/HcvfB+DYyEHYxmeYrMSXs3i+0gL/NZEcv9nX0gQt/m/muD+6uuW646xMeO7w8/mpZBDHFdEiZke60dnT8l3O6eZtxcyciilpAmYRaQ7+VcALFj4U2GQBpeKitnOuVOks1pO4Ez0NhFbAHh5Cy9F1nTH57REUnVcAba74+CofaYHqb8tmfkQrbZYhOxto5LXDb6fZBw2qf1gOhqNmEjk8FpG3TcwqUSk69KoH+7MlkgtzDsx+S1oXtkEJJXHAZ0eX8eZF4chPJ1Q/3kjrP+wmGFoWZdAu2LvY0azoTRZOkc2HwER87YuNQ0zzwx2OxmYlLmg2pRyrnKO7JwgLmPg+Bl4koY1n3uWwwzJYnPVqHeu+Zv8qR2RV59FDk98cVtL2QIjg5cgw2x/pBH/6EljNXETZ9oWtGzHaFQic00OYThEq9yMuOenSwVZddt+O8VBadZouovxBmZ0E63hrVXNNQj+Rx5fYIM3smrjzi6zqNE8JVAJj2pwPMSsgBGaWDtkC0WkmvtOlu6dEPQHhFtQG/MLtx33+imDCWBO5Me/lfrPPzPw0QPIMX2sIEvNk5Ab89CjZ6BwNpC8q1ZZs9HWGgUkrInlyaNXzkhJ/Hn77E1KwI9b2D/xzhIgPZBl8nkWTWwcCLq+v1/SNGRy5Y3p+EwRfVQZ1vBaCVD9r/W7YZA//ZOngP5AmI X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5682fe39-3908-4abd-bdb5-08d968e0a78e X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:14.4441 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bm+ZOJRI499a0Nvk3qxYqik/smfyARx7SOLZrA4OvBK7VFOMvnWUuU1OO8aIfL2oOczSOZiGCVQNp3KCc37LQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Most of the current 'query-sev' command is relevant to both legacy SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions: - 'policy' is a 64-bit field for SEV-SNP, not 32-bit, and the meaning of the bit positions has changed - 'handle' is not relevant to SEV-SNP To address this, this patch adds a new 'sev-type' field that can be used as a discriminator to select between SEV and SEV-SNP-specific fields/formats without breaking compatibility for existing management tools (so long as management tools that add support for launching SEV-SNP guest update their handling of query-sev appropriately). The corresponding HMP command has also been fixed up similarly. Signed-off-by: Michael Roth --- qapi/misc-target.json | 71 +++++++++++++++++++++++++++++++++--------- target/i386/monitor.c | 29 +++++++++++++---- target/i386/sev.c | 22 +++++++------ target/i386/sev_i386.h | 3 ++ 4 files changed, 95 insertions(+), 30 deletions(-) diff --git a/qapi/misc-target.json b/qapi/misc-target.json index 3b05ad3dbf..80f994ff9b 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -81,6 +81,49 @@ 'send-update', 'receive-update' ], 'if': 'TARGET_I386' } +## +# @SevGuestType: +# +# An enumeration indicating the type of SEV guest being run. +# +# @sev: The guest is a legacy SEV or SEV-ES guest. +# @sev-snp: The guest is an SEV-SNP guest. +# +# Since: 6.2 +## +{ 'enum': 'SevGuestType', + 'data': [ 'sev', 'sev-snp' ], + 'if': 'TARGET_I386' } + +## +# @SevGuestInfo: +# +# Information specific to legacy SEV/SEV-ES guests. +# +# @policy: SEV policy value +# +# @handle: SEV firmware handle +# +# Since: 2.12 +## +{ 'struct': 'SevGuestInfo', + 'data': { 'policy': 'uint32', + 'handle': 'uint32' }, + 'if': 'TARGET_I386' } + +## +# @SevSnpGuestInfo: +# +# Information specific to SEV-SNP guests. +# +# @policy: SEV-SNP policy value +# +# Since: 6.2 +## +{ 'struct': 'SevSnpGuestInfo', + 'data': { 'policy': 'uint64' }, + 'if': 'TARGET_I386' } + ## # @SevInfo: # @@ -94,25 +137,25 @@ # # @build-id: SEV FW build id # -# @policy: SEV policy value -# # @state: SEV guest state # -# @handle: SEV firmware handle +# @sev-type: Type of SEV guest being run # # Since: 2.12 ## -{ 'struct': 'SevInfo', - 'data': { 'enabled': 'bool', - 'api-major': 'uint8', - 'api-minor' : 'uint8', - 'build-id' : 'uint8', - 'policy' : 'uint32', - 'state' : 'SevState', - 'handle' : 'uint32' - }, - 'if': 'TARGET_I386' -} +{ 'union': 'SevInfo', + 'base': { 'enabled': 'bool', + 'api-major': 'uint8', + 'api-minor' : 'uint8', + 'build-id' : 'uint8', + 'state' : 'SevState', + 'sev-type' : 'SevGuestType' }, + 'discriminator': 'sev-type', + 'data': { + 'sev': 'SevGuestInfo', + 'sev-snp': 'SevSnpGuestInfo' }, + 'if': 'TARGET_I386' } + ## # @query-sev: diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 119211f0b0..85a8bc2bef 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -692,20 +692,37 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict) { SevInfo *info = sev_get_info(); - if (info && info->enabled) { - monitor_printf(mon, "handle: %d\n", info->handle); + if (!info || !info->enabled) { + monitor_printf(mon, "SEV is not enabled\n"); + goto out; + } + + if (sev_snp_enabled()) { monitor_printf(mon, "state: %s\n", SevState_str(info->state)); monitor_printf(mon, "build: %d\n", info->build_id); monitor_printf(mon, "api version: %d.%d\n", info->api_major, info->api_minor); monitor_printf(mon, "debug: %s\n", - info->policy & SEV_POLICY_NODBG ? "off" : "on"); - monitor_printf(mon, "key-sharing: %s\n", - info->policy & SEV_POLICY_NOKS ? "off" : "on"); + info->u.sev_snp.policy & SEV_SNP_POLICY_DBG ? "on" + : "off"); + monitor_printf(mon, "SMT allowed: %s\n", + info->u.sev_snp.policy & SEV_SNP_POLICY_SMT ? "on" + : "off"); + monitor_printf(mon, "SEV type: %s\n", SevGuestType_str(info->sev_type)); } else { - monitor_printf(mon, "SEV is not enabled\n"); + monitor_printf(mon, "handle: %d\n", info->u.sev.handle); + monitor_printf(mon, "state: %s\n", SevState_str(info->state)); + monitor_printf(mon, "build: %d\n", info->build_id); + monitor_printf(mon, "api version: %d.%d\n", + info->api_major, info->api_minor); + monitor_printf(mon, "debug: %s\n", + info->u.sev.policy & SEV_POLICY_NODBG ? "off" : "on"); + monitor_printf(mon, "key-sharing: %s\n", + info->u.sev.policy & SEV_POLICY_NOKS ? "off" : "on"); + monitor_printf(mon, "SEV type: %s\n", SevGuestType_str(info->sev_type)); } +out: qapi_free_SevInfo(info); } diff --git a/target/i386/sev.c b/target/i386/sev.c index 72a6146295..fac2755e68 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -704,25 +704,27 @@ sev_get_info(void) { SevInfo *info; SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - SevGuestState *sev_guest = - (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), - TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - if (sev_guest) { - info->handle = sev_guest->handle; - } info->api_major = sev_common->api_major; info->api_minor = sev_common->api_minor; info->build_id = sev_common->build_id; info->state = sev_common->state; - /* we only report the lower 32-bits of policy for SNP, ok for now... */ - info->policy = - (uint32_t)object_property_get_uint(OBJECT(sev_common), - "policy", NULL); + + if (sev_snp_enabled()) { + info->sev_type = SEV_GUEST_TYPE_SEV_SNP; + info->u.sev_snp.policy = + object_property_get_uint(OBJECT(sev_common), "policy", NULL); + } else { + info->sev_type = SEV_GUEST_TYPE_SEV; + info->u.sev.handle = SEV_GUEST(sev_common)->handle; + info->u.sev.policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); + } } return info; diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index e0e1a599be..948d8f1079 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -28,6 +28,9 @@ #define SEV_POLICY_DOMAIN 0x10 #define SEV_POLICY_SEV 0x20 +#define SEV_SNP_POLICY_SMT 0x10000 +#define SEV_SNP_POLICY_DBG 0x80000 + extern bool sev_es_enabled(void); extern bool sev_snp_enabled(void); extern uint64_t sev_get_me_mask(void);