From patchwork Thu May 30 11:16:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680186 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2066.outbound.protection.outlook.com [40.107.220.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5041416F0F3 for ; Thu, 30 May 2024 11:16:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067811; cv=fail; b=DPWnKE7xYwIoF43n7jNIOprgCRLDj1h+xJ++lwzBnuLg0Nr7D9Gopp8NPwZcLUiCa17VbITZLr4oZO8g5zexnqhTyHDsMTJ9ygvdGcPmeBPJR2WkWouYUdwGj4bF2mwujqB+4lMD2IXaZyqLk/sT5p9gWgqbW1dqjDzgjgEyrVM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067811; c=relaxed/simple; bh=OlU79fW+oAqIF8r4+Q1tIBUS5LmkzdX+wV6EyWSbnHg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VUuL9P7DpdORdTaF9+b1XrnRRazmSYSgD/3G3iv/VsNh1RlrS6Nd58p0ufWSe+ZpXerAayh+F7VG7XoFsLZaaifI+oXihpIKzoR5PUAqShbp3qwrG6wyVsqAbUhvvwdE/UednY271XJiD7wTN40iIXscD2Su4N5rL1TlZMFSDCs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=1L5ZO1qf; arc=fail smtp.client-ip=40.107.220.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="1L5ZO1qf" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Bmg4yI4X0hR5wxxil6w6dwHF24qvhP+DRKZNLe0JV7p6JMHjg8NrAV2eRF0btQ8ttJgeLbwVkhX0iDWdhTgkB9Ahuu1EjlPYolY8YwIPD2bsGbi55UdDtbvo84rK5BkKE096icXEDTIISReGCa1NqH7dtaXnIC3QLV7GaSMWlYl8AYar95+JWFZawhBGxMUzzpj4xDHndvGdh/g9nmlwcBEBBMykZmQdBz73mNOB3lYtmR5QUimBbOsXpPz7sL8th8DUqSv3BfY6oiIJzHpkipdrIlglkgdmmftS7bop0cqYoWDin/HKaXCsVUfCuJFjFZhTmh3tpBDI4BF3f97s2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IHDPUk3qDcJUq2+XauMilZ6tBTfb5QzNxjQVcPify5U=; b=naVuXZW/gqis8LzNym8UGdNAHmBLQ+FOmPMJuaZhkUEADRlW85WFNf7wPnIaKv5d4IVK8u7a1sU0NN1EYaQHUSDxltzkumkCL4PHa38d5RDz5wwhtVK5XkUkO9iSNWp9YJ0kp0MPudXHP+kBLTVbb6q//61XijOLfh9KuHfY5ks+8HVDYvIjTQyyu9APp0Ck4Pro6UIe7wqUuXcGQH7lQ0Uhj2KteKjX3kaCNwgRko5eP5MAsWUngHTmVdV06AenlIz+TCtNdnBfnOieE3+Yx32RHTMh/KCoVSqRcUo7z/tQrGnPvve7ai1Q5MJcuTliSLU5p9SPZZw1lum1eLs3zA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IHDPUk3qDcJUq2+XauMilZ6tBTfb5QzNxjQVcPify5U=; b=1L5ZO1qfsmHjHUF/C2F7CmN3M+U1pgthcs3hPAeXWDzvheDkW/gxVeb1Qs7/MgAcDXNwKx9m/itY/E7quAiGpnvE/ykkTqL7KPitsRS4TEywq6m7VJ8BZrRpPEetWYcjAAJv/JPamtPKUsrGjrKFlLOi8drQHUz3R8DvHn/YTps= Received: from BL0PR02CA0137.namprd02.prod.outlook.com (2603:10b6:208:35::42) by DS7PR12MB6262.namprd12.prod.outlook.com (2603:10b6:8:96::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30; Thu, 30 May 2024 11:16:45 +0000 Received: from BN2PEPF00004FBD.namprd04.prod.outlook.com (2603:10b6:208:35:cafe::50) by BL0PR02CA0137.outlook.office365.com (2603:10b6:208:35::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30 via Frontend Transport; Thu, 30 May 2024 11:16:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBD.mail.protection.outlook.com (10.167.243.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:45 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:44 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:44 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 01/31] i386/sev: Replace error_report with error_setg Date: Thu, 30 May 2024 06:16:13 -0500 Message-ID: <20240530111643.1091816-2-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB03.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBD:EE_|DS7PR12MB6262:EE_ X-MS-Office365-Filtering-Correlation-Id: 7f98420b-847b-4f10-32a2-08dc8099fd8e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|82310400017|376005|36860700004; X-Microsoft-Antispam-Message-Info: BA2Ft6ME4jmqtZN/fU6pUCOLAsMt5ivr0OoAmH+RF7EjCpMP1MnfMPpTGHcoC/4ghJuUfrUHHSpMP8RuQAY/V/nQPtV7I1cYvRQMaREDexU/t25SAzDEmtZLZlqhox6/GZyf+B8ehb8fEwM/FKQUY72cRQ0VERON1NZcvu5VpqIP5bkQi/U/8E75Y4lz4M33M8GuYG7upNoL4jnvZQMLq0wk4jK77S44l8j+7xnDfjAQ75mRwp7A6uDSulgDrsimC/qVkR7rHYNBlui2neTf7WJ/ZuZPsTGs68aVvO0SGaYC+nKYnQAT8VXHycJO5+DjIIdZqRZfLA01ceXqkasNdb5+ozWYyFMJKSkm+tUZCY+r2gcwbslbmUp1OabVsdr+65LokycNApOBDzsYgGY9rFqoib54le0eqSErXXrO4M1/qnyDRqOMPCX2QaH5AE/G9j/doK7zAcFIzMpUWh8Wcl111b05EMAAnnwQIOnOLO1psPyPfHdSOOtnvJNmorEEmajRcnsmr+vC8EkzkCCjYcXSKyVa1Zjlx47bFAuQNZYpP5yoQf5fjUd+6UZugWs+ewTPmPMFp4inCanKZ/CTOiw51GYzKhouZqz1urkfFOWwUxtVgASOBYLTvBxirHCEPWStufxwRQ+/BqCKbpLF4TE1L66OpWci3rQTyUMev3+Q4POOltHthUA+NzNAl5/KtNtNOoR2AdR5ltUj0+/WQLnU87Nc1mXUljtDPIz4SAjwwktBnK6EdNJ3L4WKzEcE0JeVofgAlPfY0u+dwqGXSiZUADQAIgnTluBQ/KEh4AhNUsnfxs/Yakhqkbu1SQiVSZwVJdPjiZKSMQmgwIgHZfJPhdEdsTn+t+7RU2xaFcN1ce4BV1eECWpWVU6fLp/OHODG2kc4nheN9h38XVIPbxZGRJsbZMKMn0k8PAZm4AVeiGSOA+QaeUgfiZr5PVdMp/HC0ssZzsqX46xPaV/ux/ZFWL1rUjNijZ7KOi1OUOcE4BkBrqWNYvfGLCMj199Ms8IGjMvWHa/Ew8jxM4TZQD+AI3+0PFyGrwYPZzW9GubgIQzbsrrcaOsuORdSwCoZ3gBexnDG2LABSST3tz2LL9/R7jBCvgzNUMGqfGze/Eo5syRnyzQoMt7G2swJVcWm6UYhEfsmcaEJSJMcNEldPLgYk1pgoy4YNypEP5+HknFDGwq51jIoK2c27HQVdQCq4w0SwRLgjfCi608YAp1bWVqRicYVQqJ8wcd6gB288RlXDWIthGNld5M3JzBQ0fo/2ExlXG+JO3ZOcIwAUzZGl2IUt1c9HqG4S5OuCnnvNLguEc0JIDawe435rkIoZC+KrTuFtisXmgKwWspzgNp/4w800JakjXvdpk7FM8NyM8g= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400017)(376005)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:45.1605 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7f98420b-847b-4f10-32a2-08dc8099fd8e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBD.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6262 Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index d30b68c11e..67ed32e5ea 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -952,13 +952,13 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (sev_es_enabled()) { if (!kvm_kernel_irqchip_allowed()) { - error_report("%s: SEV-ES guests require in-kernel irqchip support", - __func__); + error_setg(errp, "%s: SEV-ES guests require in-kernel irqchip" + "support", __func__); goto err; } if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { - error_report("%s: guest policy requires SEV-ES, but " + error_setg(errp, "%s: guest policy requires SEV-ES, but " "host SEV-ES support unavailable", __func__); goto err; From patchwork Thu May 30 11:16:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680185 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2059.outbound.protection.outlook.com [40.107.93.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C48E116F82B for ; Thu, 30 May 2024 11:16:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.59 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067810; cv=fail; b=eI1ylJqf5TJ/YCOBedCrKCQkuB9sE3u7JJtNiLX/fEHiAMXVn5oz0WnN2Wzv4icT3ux4+TlQhfjPKjgTsu9qKovjHvqQTYwCAw+X3I2OOmRaiKg1WLo7kOxygPadY3luaN9y31sQuBTMIEp4+thrWLpaxYdomZNDIxasflZ2gs0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067810; c=relaxed/simple; bh=bdYh5IEf/NehVUrPR95TLSgGo2HJLLTWm1/hMJsueBU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qd5NZInaqniv97kImaoCJn0F2RVXiuXlwle1Qq0U7azj6aR2GqC/Q/aQ/yoo1to1vjBMTudJ/1TGRzFsPRBpOCA6hVuya+/cEK+0nAimUK6n6EfzXlrs+jQeZ/CVH1P1B6cjArbPoOvrBtx1aVfu1dleK3hJVvS4NKrYONfUE+I= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=16fIXoh9; arc=fail smtp.client-ip=40.107.93.59 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="16fIXoh9" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LFJDS57Q0Ghx3sMvGIhxqXIHisKY/UzqUIhyjHt1TFG7EyBhl1RmcOZC8sG9VlhlTK4/98nUPQB79feRfMJK7VFMyjkOFjh0NE1Mh+lvcPlJbcBpQOJRK7Z2jwfphBYtWrKBMumBzK3EZM/hcToSVf7U6AK3z0qv8hEYByP2z1qUC2+xwwbNVyhwnBVTFV4h2L47TSSe8gtPb4hSqFk2soe75CC/5UpR1BOuAqgX2KBaEj95CqhZIfDhY83OqhKneuQrlTNvqzXufpwnQ+JaCddwJ94/q2Wd6JE7H6D3n1mVwXTJtXDgR8hluCXCwHuPkkF49hRA+6GBwt6iL2pxGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4JkClulmXbQtFW6h696tZ77G1l+wWY734mqZS78QWKY=; b=Du6QjqngS/G0X6fPExO6JaKqM7UtG75H+l4ZsnEf9eMEvMpKVXrrQq3E5GyXfVojqYt2ZpEbdq3a/9BGOwNl9vxP2W2FmBqX/zRGJxpFRbZsdHg7qvUv8nIymZCuyDCyASOItXmZboY9q0ZuaW61/rkiR7W4RPD6m8Sk2AWGsBufagNcTC5hJZHiLYA3o/yzlcC8ZstwR3uoQunY/tAxTxMDedUsjgn/FZyq5kB1eW8X7+GFbKED+I6DGarDHttvkMwotzQSeGjXFHCIZ7FNSuKKWZ1tQIrvR8UxDiQKfW5zU3vS3oxrSh8dhoJXWK3xSrVELSslFQcdxn5/EbWSaw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4JkClulmXbQtFW6h696tZ77G1l+wWY734mqZS78QWKY=; b=16fIXoh9yPQ9DlTj7ihXSk1kX4rG23SVRDM8euEO28aHXt29CG2/ObdRqrysLQSC8FI+V734wdGdlC6UtP/3D1ijELNJTiBdHRam2FjzRzSO+p9Zr/QKL7D4ThViprzWZHz2TG0bfKU8QnrIyjUb/OipjWkndRRJXKTPxKNWwU4= Received: from BL0PR02CA0137.namprd02.prod.outlook.com (2603:10b6:208:35::42) by CY8PR12MB8300.namprd12.prod.outlook.com (2603:10b6:930:7d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30; Thu, 30 May 2024 11:16:46 +0000 Received: from BN2PEPF00004FBD.namprd04.prod.outlook.com (2603:10b6:208:35:cafe::c4) by BL0PR02CA0137.outlook.office365.com (2603:10b6:208:35::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30 via Frontend Transport; Thu, 30 May 2024 11:16:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBD.mail.protection.outlook.com (10.167.243.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:45 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:45 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:45 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 02/31] linux-headers: Update to current kvm/next Date: Thu, 30 May 2024 06:16:14 -0500 Message-ID: <20240530111643.1091816-3-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB03.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBD:EE_|CY8PR12MB8300:EE_ X-MS-Office365-Filtering-Correlation-Id: 7030d750-8580-42c7-410c-08dc8099fdfe X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|82310400017|36860700004|376005|1800799015; X-Microsoft-Antispam-Message-Info: J3D99eiDaseJ+RtXk0vB8FLUVh9mnr7aOtMfAPDWpeEWQgFU7sKsa7uf3NiFUqwL20+D5f8q2Kd+QnQkY/+DqKzaUYnxpoXUPjve8KgPNsDc/asny6zYjIJt4am4W62B/67eAoD2HPFgNo5e1bk6tQTCdgwkiwEGWuRI5aX3bHzibprEKvmBIXw4DpOQxHgW5IhLSCtLCp3a3HqEk9Gx49z4RA+SM7Wc9JTJHOi9jZ6CCb2dfykG0mI35bC1bGz9U2Bpi2+5kKfOshVrcvEDQWhgLmCpVSCbFxjPQhJnRdNUsgFaLesHtoVCloyFFJVcNeAKvtUVRBtymaTi/FNbC8aJUc3EA5vnoA8SSftxtF/QTSlsE4HSINWwkXluKhvzPNBMiB9DC2owRjRw0eB3jtuQ/HRz24KxBqv8ChUBaUSSVlUwI8nyF+LeLRTc7YF4hEgzWKbBPoQfX8n+t1q6GljyqN+kiJDy5GJDY2qkotQacVN9kwGcDAQ4eKm7ooMToHepz6PfofxNJLPf03hRGKG5q1d0FQ0tom2R05cMkR9mxKuZnjjgvqV+jUwOTf/7h6UIv7497+Ch3wI6yWQoIRY97fi6hSKh1Ll+8AkJVDXEER2NsVm1ELe672iMQJrpoXNzA1e7wgzhKTydVMWnvhFCgADsYu3Ch9o4NW/CpdItTNf9yaE01A27BkVeZ28WRMUZRHJOXodHz13aZXGhxaHy6JaCgotQqZCrvdCA7buRF163Dk9P4PVYWUCDlKZZ7aE3Ax1C9fQgNvfqbsDaWsASdNmhwth5czgHsrBhqOp/jJJOhyCB37rvGV+nfvgTiq03aUxllgXt4cGRY3sw1fm2lNjvShPXrCUD4OxXh6NM79acUjYlQmvzfH44WWtvmOSppgXGwzgh+huAq3lQa4SgQpyD6jqW8zlSRD+fB9ZWPYJbT0V/tKNY1H5PmtI+TGNNdnOUhf2Vd/VdAbw4KfcF3n6Cut9wJ/6e+7DRqy81cSmgoDnSWTMFQwJGd91vJnWl9xNN5wWdLzIOl1E7pFNUNKy5ACOKFliRFB0DWdTKDXBp7OwDdwBbEEslO5t1Uor5+AEm5F4jzUU46ybwKAR+25unAqeNHXhOFiOeeLM4ub7lsioXw4V2Wb18WKEtsWYtdjPmpIXUPx69pWAKRrOE2KH8i2cblvQICn6NyLuM4gIZyQAuosn2XnakL0ddC0hAiYlVhRbOMaAQLMgrCL47zdijBaRRisK1OgtE9rbqpCXotKAFN36vcDnj2i6HnJ5JuEhT1GCjlHGXDnN6iAQKR2ez7UndhPsTCZGvA8Advsbr8d9LYeia7HjeqWxM X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400017)(36860700004)(376005)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:45.8949 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7030d750-8580-42c7-410c-08dc8099fdfe X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBD.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB8300 Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- linux-headers/asm-loongarch/bitsperlong.h | 23 ++++++++++ linux-headers/asm-loongarch/kvm.h | 4 ++ linux-headers/asm-loongarch/mman.h | 9 ++++ linux-headers/asm-riscv/kvm.h | 1 + linux-headers/asm-riscv/mman.h | 36 +++++++++++++++- linux-headers/asm-s390/mman.h | 36 +++++++++++++++- linux-headers/asm-x86/kvm.h | 52 ++++++++++++++++++++++- linux-headers/linux/vhost.h | 15 ++++--- 8 files changed, 166 insertions(+), 10 deletions(-) diff --git a/linux-headers/asm-loongarch/bitsperlong.h b/linux-headers/asm-loongarch/bitsperlong.h index 6dc0bb0c13..485d60bee2 100644 --- a/linux-headers/asm-loongarch/bitsperlong.h +++ b/linux-headers/asm-loongarch/bitsperlong.h @@ -1 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Copyright (C) 2012 ARM Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#ifndef __ASM_BITSPERLONG_H +#define __ASM_BITSPERLONG_H + +#define __BITS_PER_LONG 64 + #include + +#endif /* __ASM_BITSPERLONG_H */ diff --git a/linux-headers/asm-loongarch/kvm.h b/linux-headers/asm-loongarch/kvm.h index 109785922c..f9abef3823 100644 --- a/linux-headers/asm-loongarch/kvm.h +++ b/linux-headers/asm-loongarch/kvm.h @@ -17,6 +17,8 @@ #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 #define KVM_DIRTY_LOG_PAGE_OFFSET 64 +#define KVM_GUESTDBG_USE_SW_BP 0x00010000 + /* * for KVM_GET_REGS and KVM_SET_REGS */ @@ -72,6 +74,8 @@ struct kvm_fpu { #define KVM_REG_LOONGARCH_COUNTER (KVM_REG_LOONGARCH_KVM | KVM_REG_SIZE_U64 | 1) #define KVM_REG_LOONGARCH_VCPU_RESET (KVM_REG_LOONGARCH_KVM | KVM_REG_SIZE_U64 | 2) +/* Debugging: Special instruction for software breakpoint */ +#define KVM_REG_LOONGARCH_DEBUG_INST (KVM_REG_LOONGARCH_KVM | KVM_REG_SIZE_U64 | 3) #define LOONGARCH_REG_SHIFT 3 #define LOONGARCH_REG_64(TYPE, REG) (TYPE | KVM_REG_SIZE_U64 | (REG << LOONGARCH_REG_SHIFT)) diff --git a/linux-headers/asm-loongarch/mman.h b/linux-headers/asm-loongarch/mman.h index 8eebf89f5a..d0dbfe9587 100644 --- a/linux-headers/asm-loongarch/mman.h +++ b/linux-headers/asm-loongarch/mman.h @@ -1 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __ASM_MMAN_H +#define __ASM_MMAN_H + #include + +#define PROT_BTI 0x10 /* BTI guarded page */ +#define PROT_MTE 0x20 /* Normal Tagged mapping */ + +#endif /* ! _UAPI__ASM_MMAN_H */ diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h index b1c503c295..e878e7cc39 100644 --- a/linux-headers/asm-riscv/kvm.h +++ b/linux-headers/asm-riscv/kvm.h @@ -167,6 +167,7 @@ enum KVM_RISCV_ISA_EXT_ID { KVM_RISCV_ISA_EXT_ZFA, KVM_RISCV_ISA_EXT_ZTSO, KVM_RISCV_ISA_EXT_ZACAS, + KVM_RISCV_ISA_EXT_SSCOFPMF, KVM_RISCV_ISA_EXT_MAX, }; diff --git a/linux-headers/asm-riscv/mman.h b/linux-headers/asm-riscv/mman.h index 8eebf89f5a..8db7c2a3be 100644 --- a/linux-headers/asm-riscv/mman.h +++ b/linux-headers/asm-riscv/mman.h @@ -1 +1,35 @@ -#include +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ +#ifndef _ASM_POWERPC_MMAN_H +#define _ASM_POWERPC_MMAN_H + +#include + + +#define PROT_SAO 0x10 /* Strong Access Ordering */ + +#define MAP_RENAME MAP_ANONYMOUS /* In SunOS terminology */ +#define MAP_NORESERVE 0x40 /* don't reserve swap pages */ +#define MAP_LOCKED 0x80 + +#define MAP_GROWSDOWN 0x0100 /* stack-like segment */ +#define MAP_DENYWRITE 0x0800 /* ETXTBSY */ +#define MAP_EXECUTABLE 0x1000 /* mark it as an executable */ + + +#define MCL_CURRENT 0x2000 /* lock all currently mapped pages */ +#define MCL_FUTURE 0x4000 /* lock all additions to address space */ +#define MCL_ONFAULT 0x8000 /* lock all pages that are faulted in */ + +/* Override any generic PKEY permission defines */ +#define PKEY_DISABLE_EXECUTE 0x4 +#undef PKEY_ACCESS_MASK +#define PKEY_ACCESS_MASK (PKEY_DISABLE_ACCESS |\ + PKEY_DISABLE_WRITE |\ + PKEY_DISABLE_EXECUTE) +#endif /* _ASM_POWERPC_MMAN_H */ diff --git a/linux-headers/asm-s390/mman.h b/linux-headers/asm-s390/mman.h index 8eebf89f5a..8db7c2a3be 100644 --- a/linux-headers/asm-s390/mman.h +++ b/linux-headers/asm-s390/mman.h @@ -1 +1,35 @@ -#include +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ +#ifndef _ASM_POWERPC_MMAN_H +#define _ASM_POWERPC_MMAN_H + +#include + + +#define PROT_SAO 0x10 /* Strong Access Ordering */ + +#define MAP_RENAME MAP_ANONYMOUS /* In SunOS terminology */ +#define MAP_NORESERVE 0x40 /* don't reserve swap pages */ +#define MAP_LOCKED 0x80 + +#define MAP_GROWSDOWN 0x0100 /* stack-like segment */ +#define MAP_DENYWRITE 0x0800 /* ETXTBSY */ +#define MAP_EXECUTABLE 0x1000 /* mark it as an executable */ + + +#define MCL_CURRENT 0x2000 /* lock all currently mapped pages */ +#define MCL_FUTURE 0x4000 /* lock all additions to address space */ +#define MCL_ONFAULT 0x8000 /* lock all pages that are faulted in */ + +/* Override any generic PKEY permission defines */ +#define PKEY_DISABLE_EXECUTE 0x4 +#undef PKEY_ACCESS_MASK +#define PKEY_ACCESS_MASK (PKEY_DISABLE_ACCESS |\ + PKEY_DISABLE_WRITE |\ + PKEY_DISABLE_EXECUTE) +#endif /* _ASM_POWERPC_MMAN_H */ diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h index 31c95c2dfe..1c8f918234 100644 --- a/linux-headers/asm-x86/kvm.h +++ b/linux-headers/asm-x86/kvm.h @@ -695,6 +695,11 @@ enum sev_cmd_id { /* Second time is the charm; improved versions of the above ioctls. */ KVM_SEV_INIT2, + /* SNP-specific commands */ + KVM_SEV_SNP_LAUNCH_START = 100, + KVM_SEV_SNP_LAUNCH_UPDATE, + KVM_SEV_SNP_LAUNCH_FINISH, + KVM_SEV_NR_MAX, }; @@ -709,7 +714,9 @@ struct kvm_sev_cmd { struct kvm_sev_init { __u64 vmsa_features; __u32 flags; - __u32 pad[9]; + __u16 ghcb_version; + __u16 pad1; + __u32 pad2[8]; }; struct kvm_sev_launch_start { @@ -820,6 +827,48 @@ struct kvm_sev_receive_update_data { __u32 pad2; }; +struct kvm_sev_snp_launch_start { + __u64 policy; + __u8 gosvw[16]; + __u16 flags; + __u8 pad0[6]; + __u64 pad1[4]; +}; + +/* Kept in sync with firmware values for simplicity. */ +#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1 +#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3 +#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4 +#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5 +#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6 + +struct kvm_sev_snp_launch_update { + __u64 gfn_start; + __u64 uaddr; + __u64 len; + __u8 type; + __u8 pad0; + __u16 flags; + __u32 pad1; + __u64 pad2[4]; +}; + +#define KVM_SEV_SNP_ID_BLOCK_SIZE 96 +#define KVM_SEV_SNP_ID_AUTH_SIZE 4096 +#define KVM_SEV_SNP_FINISH_DATA_SIZE 32 + +struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 vcek_disabled; + __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE]; + __u8 pad0[3]; + __u16 flags; + __u64 pad1[4]; +}; + #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) @@ -870,5 +919,6 @@ struct kvm_hyperv_eventfd { #define KVM_X86_SW_PROTECTED_VM 1 #define KVM_X86_SEV_VM 2 #define KVM_X86_SEV_ES_VM 3 +#define KVM_X86_SNP_VM 4 #endif /* _ASM_X86_KVM_H */ diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h index bea6973906..b95dd84eef 100644 --- a/linux-headers/linux/vhost.h +++ b/linux-headers/linux/vhost.h @@ -179,12 +179,6 @@ /* Get the config size */ #define VHOST_VDPA_GET_CONFIG_SIZE _IOR(VHOST_VIRTIO, 0x79, __u32) -/* Get the count of all virtqueues */ -#define VHOST_VDPA_GET_VQS_COUNT _IOR(VHOST_VIRTIO, 0x80, __u32) - -/* Get the number of virtqueue groups. */ -#define VHOST_VDPA_GET_GROUP_NUM _IOR(VHOST_VIRTIO, 0x81, __u32) - /* Get the number of address spaces. */ #define VHOST_VDPA_GET_AS_NUM _IOR(VHOST_VIRTIO, 0x7A, unsigned int) @@ -228,10 +222,17 @@ #define VHOST_VDPA_GET_VRING_DESC_GROUP _IOWR(VHOST_VIRTIO, 0x7F, \ struct vhost_vring_state) + +/* Get the count of all virtqueues */ +#define VHOST_VDPA_GET_VQS_COUNT _IOR(VHOST_VIRTIO, 0x80, __u32) + +/* Get the number of virtqueue groups. */ +#define VHOST_VDPA_GET_GROUP_NUM _IOR(VHOST_VIRTIO, 0x81, __u32) + /* Get the queue size of a specific virtqueue. * userspace set the vring index in vhost_vring_state.index * kernel set the queue size in vhost_vring_state.num */ -#define VHOST_VDPA_GET_VRING_SIZE _IOWR(VHOST_VIRTIO, 0x80, \ +#define VHOST_VDPA_GET_VRING_SIZE _IOWR(VHOST_VIRTIO, 0x82, \ struct vhost_vring_state) #endif From patchwork Thu May 30 11:16:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680184 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2056.outbound.protection.outlook.com [40.107.223.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D304E16F82E for ; Thu, 30 May 2024 11:16:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067810; cv=fail; b=Nl6QxA2F8YZO4D+sZ5C7JyoX0MzTxFfwv1J0ug3njC6frSRhYtV/eFycj2rf5rhTL6HdeY+59l4J/snIm8HuziDN1kKqGJzH9TvEwEmyoLzYeNlhU24p7NrEbXVaMl1Cl1F51uSZpRW0SFe7va/TdlOHiAItxIQBPJMdGqvQJmU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067810; c=relaxed/simple; bh=b7zEI1iZraElWXOcrkLpozOBFFF8OhhaHHf+MeG4JMc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=P3T5N7lsmxtg/1y25RR1Ww7FmdZXy71d0DE7Bi1ODueEBAP1sPtgq3JC9YYiioKsZHARPBFUE50bQxISRp4qaZ+r0HrgwJsNZ0YWvo0FBt4mvBxKPJTZlhjNGGkJ97Vdmr4XuHbINCyJG7Y4TcOgNmYUj/J1PmpBrN+9uulh93A= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=WNbnb9nK; arc=fail smtp.client-ip=40.107.223.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="WNbnb9nK" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IhTDZQ4IEc308shUUOGOxwtqHcawTD9ssJFwbOO3yWCkYcXRa8zGd18efHRllxLorMkMsmMwxtKLzGrAu/M5lr3w2moZYwqAUWyTo4HT8SiLaYrFwNH4+aM/0K2ihivLITPsYhdpsB5iQd96uVcldpUY9bccoBl96jlA1NvLH7FR+5fxBN6dBGMQzrOIveclRJNA/f32v62r/juQwYQZ5B+qo2ioLrx70CbPKPK0opSnClvx1bfrsJwk3V61gFMEDwV/1dhLEzTeTjrVTD8qdsGYgCCydSN+8rPiDJcVbtT6V85T13TzovXNLXfFJXaTeZedkdiLbk1kC/GHfahLUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fvtFIXaNhcG550phznRGtO4sw8XWIei4P4Fi4fuREL8=; b=KXzm5cwXrfsm0jldPgzSdoHggbFpFJayTq73FT+1a8TcmNdUOnYo3SmxMKZHLds5N3KNP6wz89wr/5MqzYkMmmnoycKCna4u88+pRmfJEhuhcYC/XV2bevffURim+22S4SL2E7QIcvbtHBc2poyRQrc5QD/DcFxUuZHWeHnW+LmpefTqGixZvOTIPdi6xtMdgzk8b9pVc4dg+Uu54I5uVaiqcJZuPwKLRcaYmKc8nB4piGaANd1bVAwvrr/FKVCKz37len7h0NaqlvVMIEr8CAjZ/79cTvtMzNY4ZSGCT28wxsxZlqqdYjy1/GgTl/8ckOn7PweoEBAMoQ5DDMSRZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fvtFIXaNhcG550phznRGtO4sw8XWIei4P4Fi4fuREL8=; b=WNbnb9nKiBluGR5oN3X6pRUZe77Z2pLUUnrzxpLcTwkHiAnCnLZE34dP4U5+Qjq6aV3cOBTxSukW9ZUU5vtrdRT1Jl3l0XAR3KlxcQMHcxPhtFSVRK0H9e4ftNzHFBL0UKnyzgG3vedheJrPR38ZRoJEoOPBjKD8nRjTWixTuw8= Received: from BL0PR02CA0117.namprd02.prod.outlook.com (2603:10b6:208:35::22) by DM4PR12MB6011.namprd12.prod.outlook.com (2603:10b6:8:6b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.17; Thu, 30 May 2024 11:16:46 +0000 Received: from BN2PEPF00004FBD.namprd04.prod.outlook.com (2603:10b6:208:35:cafe::8c) by BL0PR02CA0117.outlook.office365.com (2603:10b6:208:35::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.29 via Frontend Transport; Thu, 30 May 2024 11:16:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBD.mail.protection.outlook.com (10.167.243.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:46 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:46 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:45 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 03/31] memory: Introduce memory_region_init_ram_guest_memfd() Date: Thu, 30 May 2024 06:16:15 -0500 Message-ID: <20240530111643.1091816-4-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB03.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBD:EE_|DM4PR12MB6011:EE_ X-MS-Office365-Filtering-Correlation-Id: 91c60e61-17f0-4ec2-3e22-08dc8099fe3c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|82310400017|376005|36860700004; X-Microsoft-Antispam-Message-Info: zTo0QpD0/82t4N/RWz6WpKLwRwMt/GUWvo+eNOsIrSQ7gCL0/He5QUfGHATHU4ynjJMOituKIPMXPeK2/jU6/P/qoUHhQwxJbOAuulgLGxDH6ypu0OvAOUHi1h5f/XpSQQwtbxB+QvqTVr8m8+AfwdQxNdyGtcgJCNAFnKC/wap8Zg6aZ84zMjHq0jeAFo+qbw91ZHVGBvB5+xyusRKkgsrqPv+1He1IKDFwmd1UvtLKz+7VoTmNO2fwfRBD0JC2G3XtQpLnuw50ya/zYDTZBnG3quvTKQc/QcAkZRqZ+iN/saLx34XD8g/mf559LU7KrnE5vquuDAbbjFHdqdN7Hw8dxcnHIfVScu6HL55RI9LCGLuqOd8DRPlb+RQE4F050MaySMX79Ag6d+9SsANwMPZy1E6DWE/RWOi1gYt1CuafBdAellSOYM0cKrt42I7VXI0DMFfXwUSyGdtS1sUaT08XJODWEuLDgiC8CC8DaXrJuJpNGWk/7N++lxXvfEknJRa72dw8qxpAnTbDzS6L4vaN8LQjlVm5eshmRO3MCSlxPlwIxN1/FcFd8N5kSd3ahYdcefOgykWsYToM0fvUZUvN2Hf03oKiPXP2cf7FU8FgKtCb8LPhAWBwbtRsDbfsZgEcF0P1SBDGxcDgbymyGcdIVcj5eaI3ZOqQ8DhKxTMnaS9pQlsUHpErYBM29PCckuMdMQ+Y8+fdw7O0NRbDDeJUwKObMHfYms1qcwMWiUmOY3xe1b1M31oWB2V94ZrfZ0ZBhsx3tjSQf0w+ShfhixHiBFLIWKxCCSy78N7TxxHrrcm1hUe5E4rpk2i2s9kH3PKkZrlnmyYD0wbxcWjsalWPGc20SSXjZwsDG+s00eCZYMYldVR62YcUv9ougur1HR1JK61d/cUc4kgMEEh9OVVybGSudo7LIBcE2Ub7vgOnsi/RdQ46jqCkIE/uV3GvN5WUj9P5DwmO7bW0ysGvIEKh4raH5IDyQWpTI6DyEsAcsRj4CGYocJqKbfBHoHbBd11DvP68F5WM3F0tgr41PwgTgokDMJS/u1ekDWrJHnE2PPLXW7YLzPerht0UwuwZreYGvmRWh5LjhOfGhGLYxheWP9btFcTEVa2nSji3CXhTFXftrzWJLDOede+KU9pqypsULfpkpoKvhLuWycioOiL/kduKE/Yxiyj7XKsvLux5eJY1CI8M7+YYqY86Vzic7x0L0yguXmcXrKEUoUg9SjjAK3q3XaFA8nG69lAkvYXnWdZNcdLES6Uo0JsrYal9vXUYBVMii2l1YV4JDqFq1vQVuYPGb1hVwPI46bR0F5dLKoi0b4UuQVjmj4eLYpIcDSp7qgYmV3u7TmeaUujMT+4sswOSDlWdQV1hYhqp5w3YyAPfq515+R55iOeRphcl X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400017)(376005)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:46.3011 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 91c60e61-17f0-4ec2-3e22-08dc8099fe3c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBD.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6011 From: Xiaoyao Li Introduce memory_region_init_ram_guest_memfd() to allocate private guset memfd on the MemoryRegion initialization. It's for the use case of TDVF, which must be private on TDX case. Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- include/exec/memory.h | 6 ++++++ system/memory.c | 24 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/include/exec/memory.h b/include/exec/memory.h index 9cdd64e9c6..1be58f694c 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -1638,6 +1638,12 @@ bool memory_region_init_ram(MemoryRegion *mr, uint64_t size, Error **errp); +bool memory_region_init_ram_guest_memfd(MemoryRegion *mr, + Object *owner, + const char *name, + uint64_t size, + Error **errp); + /** * memory_region_init_rom: Initialize a ROM memory region. * diff --git a/system/memory.c b/system/memory.c index 9540caa8a1..74cd73ebc7 100644 --- a/system/memory.c +++ b/system/memory.c @@ -3649,6 +3649,30 @@ bool memory_region_init_ram(MemoryRegion *mr, return true; } +bool memory_region_init_ram_guest_memfd(MemoryRegion *mr, + Object *owner, + const char *name, + uint64_t size, + Error **errp) +{ + DeviceState *owner_dev; + + if (!memory_region_init_ram_flags_nomigrate(mr, owner, name, size, + RAM_GUEST_MEMFD, errp)) { + return false; + } + /* This will assert if owner is neither NULL nor a DeviceState. + * We only want the owner here for the purposes of defining a + * unique name for migration. TODO: Ideally we should implement + * a naming scheme for Objects which are not DeviceStates, in + * which case we can relax this restriction. + */ + owner_dev = DEVICE(owner); + vmstate_register_ram(mr, owner_dev); + + return true; +} + bool memory_region_init_rom(MemoryRegion *mr, Object *owner, const char *name, From patchwork Thu May 30 11:16:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680187 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2057.outbound.protection.outlook.com [40.107.93.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C863316F830 for ; Thu, 30 May 2024 11:16:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067813; cv=fail; b=E2Kj6nEjQifPc0K1kNSTXcF8haBIO7zVcx5tZ80Zet+8gwEEls61CbfFJLT7aOKjHV/V2WDKp5hYOqtIAdefYV4MJO6OigEqcLFwv424HwQaido4D+gEYTnHAsGWld2FUj9cIJtv2AMatdCwhew/aBCbg51w8LapDH/iVLah+Yk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067813; c=relaxed/simple; bh=pv/GFED0Ah2xUHZSwFcBzWrnHs4YVdWyVSsUB5dThI0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=upnUV6+Xy36EQm64P37E6lqW+BUBjTuZJxI6wSFs6qrqWUVAyQmvPG4p/KipJvt2aQyhNSaRkYjS3AvkZEESmKwzRubfvETD2vn/LDkxog4vlYZFqAOc1iKn+fG5R0hDbAYHzEk04yIhB+a13d/B/WjUJQmo6zqfau6+8sw1Qww= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ouvsnxIq; arc=fail smtp.client-ip=40.107.93.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ouvsnxIq" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bCV7nIun82nSz3ucO9Jk25I+rOpjwd39FnHl3lFUfOHdZ2lVG9oyUK+swa5R8gvHnmjZEvCSszCVB04vft0JLQ/Pa0jA75jftHxdEkSfbf3WW3omMslcj8kuz8skoCMfOI64axDhY/k3ZwFaI7QxaqUm4IHaH5b1AWhhgwYqO+qw9YSNPdORa1ctL1Wk3IDKxygYSvhDcVpK0LO7gjo2E/6pHU+jBqti77AKJITxsp6MvuGBJyG8F4+hEuKbbP0wB3lZqaB5zTng/3J+Bycboo6yKazPhXFCyzgoOiiltoYMo1luNDQezRHzPsGfgNUEJbcoHOlAVcCWsoGL5IinIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5aP9MGMS0DX9SB8CXH/hAuwXlAEJqo/eM9+pqt2QVM8=; b=RRxelFDUWp4dF/apm1F1BKIYN8D7bKEZrKe01Vb5xY/V6TiAsamNW5g1j7aVMF+l0IRYBwjcu8mTmR4puXMsArYLByriE+FHQJ8qW/2hdy6NkXHa1plvhViPDDqSmjz1fTjg+zQ1CNC/B523X5Be+y5ybEal0VZ2ay79RByn8AqKb6hYOhSyEFlTEMOcm1RcaCyZyCTHgjKUdZXT9uQ5qTs0NcG+vMsbSohinqu5egV9gD4cxiXN1oVTj75n3tljEWs2TGxbYt65VCCHCkXfExYwzeTIWxh8FVlHcmsUbT2kIlFAJFuD9JznyLkQ8+WOOV+Pd8m1EYcgmpBxS/V13w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5aP9MGMS0DX9SB8CXH/hAuwXlAEJqo/eM9+pqt2QVM8=; b=ouvsnxIqUnKzrfTCknBwDorS3XVJ3H5bu++bax+FQ4rBMYM6Dqg1hX8D/V4zeWMLUyMHbgfBzous/er89FSKQnuvyqrGeaKfatJFEbhLP/bZSJ5H3P/qB4pQ/XKBx42PEmaPNoP52b2YDpjp2R3QRnvewiOmDBf/HUb9NmOwbW8= Received: from BN1PR14CA0019.namprd14.prod.outlook.com (2603:10b6:408:e3::24) by DM4PR12MB5913.namprd12.prod.outlook.com (2603:10b6:8:66::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30; Thu, 30 May 2024 11:16:48 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::9e) by BN1PR14CA0019.outlook.office365.com (2603:10b6:408:e3::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22 via Frontend Transport; Thu, 30 May 2024 11:16:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:47 +0000 Received: from SATLEXMB05.amd.com (10.181.40.146) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:47 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB05.amd.com (10.181.40.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:46 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:46 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 04/31] i386/sev: Introduce "sev-common" type to encapsulate common SEV state Date: Thu, 30 May 2024 06:16:16 -0500 Message-ID: <20240530111643.1091816-5-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB05.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|DM4PR12MB5913:EE_ X-MS-Office365-Filtering-Correlation-Id: 37ab8fbe-0111-4c53-1299-08dc8099fee3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|82310400017|1800799015|36860700004|376005; X-Microsoft-Antispam-Message-Info: pSOZpYpV9hhwFskKYVQ4P8O/01bktzR3yTCq6G4dKj1lNYz1CAubDdhv0b4x2X+Nr07QAw5X5zRzPhVy8WYUVSvVc0h+/1OYyS8XdDWW1ymZhxZnH8EMms4eyMoWi8Myi3aL7bacTHw4ckbLdZT9ldXBKtPgdRlaGLDG2E1e/dujcQzoh1fCwrulqTMwFyVJYFY7hiUMUrD6E/3LndgowZXhsZHLrG/fVroVWEjCLFWxJpMUJWunkDTmv2N8fYApf8c57a7Hisb96FmfP4769SvOzaHdwLbtw4ttjWztq4Eetj6Pt8VOW8a+38kVIik3xygsg5Udkg4nTB8TKuLljPyRaXOgv3kUOhy1IBGSSCkH62o3c25YNDElk3Tq0JF3RuSUn+k1CDRbQ9Hea6WTpYdzQBKLOZuhQI4GuFu7LrUJ2eD/ck2/OtCVsk7d0kMQl9EejwtjXm8loXi7h5gNkgUZio0/R0eqfilBAqqUcDWLbB6o4nSt4BuWh6aQGFRbN3iiweOqbbJEk5yKapN5mX1+dZ3uVQPM8d+9sCFEBJzPH3cWKHjPMw2z8ToCV271KYLXdSxhGudMK2OVJX3R7GtYGnBy7k1yPQQmqKvOPW+NfUFd5r+Lhgp85Z7oCQyJxsJybDUVSiLsh+cw6tensui9dXqQbWCU5M4109Vus4qLIjq0wTdZbIe6QdbZ8WVL00088gedBXMWdrCyINgxMc1lSP6j0XtrQjaY72yoZHYC9cY0/QNUGQZZtEIDh4akw1R1NeKcH1oK2cHyTACE7YG7q1X8hIcfJmErB0/i94PQ8GFTJ+H7n4cB89L6H3g+rmqV2F8cy5ExStIXiLfDJFSxbP/IFO87sgThbd04uFH1aDRNTWODXnbAfSm/S+q/pCzGxoHjmVJ2MRu0Xa7sIFKSr2zer7vXL2snejdN0e+PmJ8Q338bBV882SYuaYKHdf8HjC47FyDGJEsuJB0sXsT5uTLEd08GuDDdLaG8l+bx1RrJnKgb2iPe7WO0oDsx2fy7SjQPHaAn2Sc0N9aTdsaWEa5aujxXdTRvKhjr04EjP5AavgvH3x/WYIdMBcd5TWF89bS9klyIB0yJJRMf59p5mVyBcR7uD+d75XADzxgQSj28y/dgqfxg+srZPJwghspY2/01gvH+fh0Am17wpFW3xsPyGSxpJuAnBS8sBq3TsDyJwoJfBwUQpO7CRXuHY3cpaKHw6gt1m/ClMgeHWItE7z3f8xQVALGNSDWyCEu73GvAUhBn/3ubjvvYNfMmPxNw6N+74YKtrKdmgDBdSkLc+6wgFBCs4AvRbfqElGwZnjBnIhy+QlcViOZKRqmjNsBCN8x/F9Q5OvVhLVN7zP8GqsTZJYkkv9d5sZjWZ3ZmsmIGhlcp1gutpeS2FJLU X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400017)(1800799015)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:47.3944 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 37ab8fbe-0111-4c53-1299-08dc8099fee3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5913 From: Michael Roth Currently all SEV/SEV-ES functionality is managed through a single 'sev-guest' QOM type. With upcoming support for SEV-SNP, taking this same approach won't work well since some of the properties/state managed by 'sev-guest' is not applicable to SEV-SNP, which will instead rely on a new QOM type with its own set of properties/state. To prepare for this, this patch moves common state into an abstract 'sev-common' parent type to encapsulate properties/state that are common to both SEV/SEV-ES and SEV-SNP, leaving only SEV/SEV-ES-specific properties/state in the current 'sev-guest' type. This should not affect current behavior or command-line options. As part of this patch, some related changes are also made: - a static 'sev_guest' variable is currently used to keep track of the 'sev-guest' instance. SEV-SNP would similarly introduce an 'sev_snp_guest' static variable. But these instances are now available via qdev_get_machine()->cgs, so switch to using that instead and drop the static variable. - 'sev_guest' is currently used as the name for the static variable holding a pointer to the 'sev-guest' instance. Re-purpose the name as a local variable referring the 'sev-guest' instance, and use that consistently throughout the code so it can be easily distinguished from sev-common/sev-snp-guest instances. - 'sev' is generally used as the name for local variables holding a pointer to the 'sev-guest' instance. In cases where that now points to common state, use the name 'sev_common'; in cases where that now points to state specific to 'sev-guest' instance, use the name 'sev_guest' In order to enable kernel-hashes for SNP, pull it from SevGuestProperties to its parent SevCommonProperties so it will be available for both SEV and SNP. Signed-off-by: Michael Roth Co-developed-by: Dov Murik Signed-off-by: Dov Murik Acked-by: Markus Armbruster (QAPI schema) Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta --- qapi/qom.json | 40 ++-- target/i386/sev.c | 494 ++++++++++++++++++++++++++-------------------- target/i386/sev.h | 3 + 3 files changed, 306 insertions(+), 231 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index 38dde6d785..056b38f491 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -875,20 +875,12 @@ 'data': { '*filename': 'str' } } ## -# @SevGuestProperties: +# @SevCommonProperties: # -# Properties for sev-guest objects. +# Properties common to objects that are derivatives of sev-common. # # @sev-device: SEV device to use (default: "/dev/sev") # -# @dh-cert-file: guest owners DH certificate (encoded with base64) -# -# @session-file: guest owners session parameters (encoded with base64) -# -# @policy: SEV policy value (default: 0x1) -# -# @handle: SEV firmware handle (default: 0) -# # @cbitpos: C-bit location in page table entry (default: 0) # # @reduced-phys-bits: number of bits in physical addresses that become @@ -898,6 +890,27 @@ # designated guest firmware page for measured boot with -kernel # (default: false) (since 6.2) # +# Since: 9.1 +## +{ 'struct': 'SevCommonProperties', + 'data': { '*sev-device': 'str', + '*cbitpos': 'uint32', + 'reduced-phys-bits': 'uint32', + '*kernel-hashes': 'bool' } } + +## +# @SevGuestProperties: +# +# Properties for sev-guest objects. +# +# @dh-cert-file: guest owners DH certificate (encoded with base64) +# +# @session-file: guest owners session parameters (encoded with base64) +# +# @policy: SEV policy value (default: 0x1) +# +# @handle: SEV firmware handle (default: 0) +# # @legacy-vm-type: Use legacy KVM_SEV_INIT KVM interface for creating the VM. # The newer KVM_SEV_INIT2 interface syncs additional vCPU # state when initializing the VMSA structures, which will @@ -909,14 +922,11 @@ # Since: 2.12 ## { 'struct': 'SevGuestProperties', - 'data': { '*sev-device': 'str', - '*dh-cert-file': 'str', + 'base': 'SevCommonProperties', + 'data': { '*dh-cert-file': 'str', '*session-file': 'str', '*policy': 'uint32', '*handle': 'uint32', - '*cbitpos': 'uint32', - 'reduced-phys-bits': 'uint32', - '*kernel-hashes': 'bool', '*legacy-vm-type': 'bool' } } ## diff --git a/target/i386/sev.c b/target/i386/sev.c index 67ed32e5ea..79eb21c7d0 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -40,49 +40,63 @@ #include "hw/i386/pc.h" #include "exec/address-spaces.h" -#define TYPE_SEV_GUEST "sev-guest" -OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) +OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) +OBJECT_DECLARE_TYPE(SevGuestState, SevGuestStateClass, SEV_GUEST) - -/** - * SevGuestState: - * - * The SevGuestState object is used for creating and managing a SEV - * guest. - * - * # $QEMU \ - * -object sev-guest,id=sev0 \ - * -machine ...,memory-encryption=sev0 - */ -struct SevGuestState { +struct SevCommonState { X86ConfidentialGuest parent_obj; int kvm_type; /* configuration parameters */ char *sev_device; - uint32_t policy; - char *dh_cert_file; - char *session_file; uint32_t cbitpos; uint32_t reduced_phys_bits; bool kernel_hashes; - bool legacy_vm_type; /* runtime state */ - uint32_t handle; uint8_t api_major; uint8_t api_minor; uint8_t build_id; int sev_fd; SevState state; - gchar *measurement; uint32_t reset_cs; uint32_t reset_ip; bool reset_data_valid; }; +struct SevCommonStateClass { + X86ConfidentialGuestClass parent_class; + +}; + +/** + * SevGuestState: + * + * The SevGuestState object is used for creating and managing a SEV + * guest. + * + * # $QEMU \ + * -object sev-guest,id=sev0 \ + * -machine ...,memory-encryption=sev0 + */ +struct SevGuestState { + SevCommonState parent_obj; + gchar *measurement; + + /* configuration parameters */ + uint32_t handle; + uint32_t policy; + char *dh_cert_file; + char *session_file; + bool legacy_vm_type; +}; + +struct SevGuestStateClass { + SevCommonStateClass parent_class; +}; + #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -128,7 +142,6 @@ typedef struct QEMU_PACKED PaddedSevHashTable { QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); -static SevGuestState *sev_guest; static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { @@ -209,21 +222,21 @@ fw_error_to_str(int code) } static bool -sev_check_state(const SevGuestState *sev, SevState state) +sev_check_state(const SevCommonState *sev_common, SevState state) { - assert(sev); - return sev->state == state ? true : false; + assert(sev_common); + return sev_common->state == state ? true : false; } static void -sev_set_guest_state(SevGuestState *sev, SevState new_state) +sev_set_guest_state(SevCommonState *sev_common, SevState new_state) { assert(new_state < SEV_STATE__MAX); - assert(sev); + assert(sev_common); - trace_kvm_sev_change_state(SevState_str(sev->state), + trace_kvm_sev_change_state(SevState_str(sev_common->state), SevState_str(new_state)); - sev->state = new_state; + sev_common->state = new_state; } static void @@ -290,121 +303,61 @@ static struct RAMBlockNotifier sev_ram_notifier = { .ram_block_removed = sev_ram_block_removed, }; -static void -sev_guest_finalize(Object *obj) -{ -} - -static char * -sev_guest_get_session_file(Object *obj, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - return s->session_file ? g_strdup(s->session_file) : NULL; -} - -static void -sev_guest_set_session_file(Object *obj, const char *value, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - s->session_file = g_strdup(value); -} - -static char * -sev_guest_get_dh_cert_file(Object *obj, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - return g_strdup(s->dh_cert_file); -} - -static void -sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - s->dh_cert_file = g_strdup(value); -} - -static char * -sev_guest_get_sev_device(Object *obj, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - return g_strdup(sev->sev_device); -} - -static void -sev_guest_set_sev_device(Object *obj, const char *value, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - sev->sev_device = g_strdup(value); -} - -static bool sev_guest_get_kernel_hashes(Object *obj, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - return sev->kernel_hashes; -} - -static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - sev->kernel_hashes = value; -} - -static bool sev_guest_get_legacy_vm_type(Object *obj, Error **errp) -{ - return SEV_GUEST(obj)->legacy_vm_type; -} - -static void sev_guest_set_legacy_vm_type(Object *obj, bool value, Error **errp) -{ - SEV_GUEST(obj)->legacy_vm_type = value; -} - bool sev_enabled(void) { - return !!sev_guest; + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } bool sev_es_enabled(void) { - return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES); + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint32_t sev_get_cbit_position(void) { - return sev_guest ? sev_guest->cbitpos : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->cbitpos : 0; } uint32_t sev_get_reduced_phys_bits(void) { - return sev_guest ? sev_guest->reduced_phys_bits : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->reduced_phys_bits : 0; } static SevInfo *sev_get_info(void) { SevInfo *info; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), + TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - info->api_major = sev_guest->api_major; - info->api_minor = sev_guest->api_minor; - info->build_id = sev_guest->build_id; - info->policy = sev_guest->policy; - info->state = sev_guest->state; - info->handle = sev_guest->handle; + if (sev_guest) { + info->handle = sev_guest->handle; + } + info->api_major = sev_common->api_major; + info->api_minor = sev_common->api_minor; + info->build_id = sev_common->build_id; + info->state = sev_common->state; + /* we only report the lower 32-bits of policy for SNP, ok for now... */ + info->policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); } return info; @@ -530,6 +483,8 @@ static SevCapability *sev_get_capabilities(Error **errp) size_t pdh_len = 0, cert_chain_len = 0, cpu0_id_len = 0; uint32_t ebx; int fd; + SevCommonState *sev_common; + char *sev_device; if (!kvm_enabled()) { error_setg(errp, "KVM not enabled"); @@ -540,12 +495,21 @@ static SevCapability *sev_get_capabilities(Error **errp) return NULL; } - fd = open(DEFAULT_SEV_DEVICE, O_RDWR); + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + if (!sev_common) { + error_setg(errp, "SEV is not configured"); + } + + sev_device = object_property_get_str(OBJECT(sev_common), "sev-device", + &error_abort); + fd = open(sev_device, O_RDWR); if (fd < 0) { error_setg_errno(errp, errno, "SEV: Failed to open %s", DEFAULT_SEV_DEVICE); + g_free(sev_device); return NULL; } + g_free(sev_device); if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, &cert_chain_data, &cert_chain_len, errp)) { @@ -588,7 +552,7 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, { struct kvm_sev_attestation_report input = {}; SevAttestationReport *report = NULL; - SevGuestState *sev = sev_guest; + SevCommonState *sev_common; g_autofree guchar *data = NULL; g_autofree guchar *buf = NULL; gsize len; @@ -613,8 +577,10 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, return NULL; } + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + /* Query the report length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret < 0) { if (err != SEV_RET_INVALID_LEN) { @@ -630,7 +596,7 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, memcpy(input.mnonce, buf, sizeof(input.mnonce)); /* Query the report */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret) { error_setg_errno(errp, errno, "SEV: Failed to get attestation report" @@ -670,26 +636,27 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) } static int -sev_launch_start(SevGuestState *sev) +sev_launch_start(SevGuestState *sev_guest) { gsize sz; int ret = 1; int fw_error, rc; struct kvm_sev_launch_start start = { - .handle = sev->handle, .policy = sev->policy + .handle = sev_guest->handle, .policy = sev_guest->policy }; guchar *session = NULL, *dh_cert = NULL; + SevCommonState *sev_common = SEV_COMMON(sev_guest); - if (sev->session_file) { - if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + if (sev_guest->session_file) { + if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { goto out; } start.session_uaddr = (unsigned long)session; start.session_len = sz; } - if (sev->dh_cert_file) { - if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + if (sev_guest->dh_cert_file) { + if (sev_read_file_base64(sev_guest->dh_cert_file, &dh_cert, &sz) < 0) { goto out; } start.dh_uaddr = (unsigned long)dh_cert; @@ -697,15 +664,15 @@ sev_launch_start(SevGuestState *sev) } trace_kvm_sev_launch_start(start.policy, session, dh_cert); - rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); if (rc < 0) { error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); goto out; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); - sev->handle = start.handle; + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + sev_guest->handle = start.handle; ret = 0; out: @@ -715,7 +682,7 @@ out: } static int -sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) +sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { int ret, fw_error; struct kvm_sev_launch_update_data update; @@ -727,7 +694,7 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) update.uaddr = (uintptr_t)addr; update.len = len; trace_kvm_sev_launch_update_data(addr, len); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, &update, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", @@ -738,11 +705,12 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) } static int -sev_launch_update_vmsa(SevGuestState *sev) +sev_launch_update_vmsa(SevGuestState *sev_guest) { int ret, fw_error; - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, + NULL, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); @@ -754,18 +722,19 @@ sev_launch_update_vmsa(SevGuestState *sev) static void sev_launch_get_measure(Notifier *notifier, void *unused) { - SevGuestState *sev = sev_guest; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = SEV_GUEST(sev_common); int ret, error; g_autofree guchar *data = NULL; struct kvm_sev_launch_measure measurement = {}; - if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { return; } if (sev_es_enabled()) { /* measure all the VM save areas before getting launch_measure */ - ret = sev_launch_update_vmsa(sev); + ret = sev_launch_update_vmsa(sev_guest); if (ret) { exit(1); } @@ -773,7 +742,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) } /* query the measurement blob length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, &measurement, &error); if (!measurement.len) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -785,7 +754,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) measurement.uaddr = (unsigned long)data; /* get the measurement blob */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, &measurement, &error); if (ret) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -793,17 +762,19 @@ sev_launch_get_measure(Notifier *notifier, void *unused) return; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_SECRET); /* encode the measurement value and emit the event */ - sev->measurement = g_base64_encode(data, measurement.len); - trace_kvm_sev_launch_measurement(sev->measurement); + sev_guest->measurement = g_base64_encode(data, measurement.len); + trace_kvm_sev_launch_measurement(sev_guest->measurement); } static char *sev_get_launch_measurement(void) { + SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); + if (sev_guest && - sev_guest->state >= SEV_STATE_LAUNCH_SECRET) { + SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { return g_strdup(sev_guest->measurement); } @@ -832,19 +803,20 @@ static Notifier sev_machine_done_notify = { }; static void -sev_launch_finish(SevGuestState *sev) +sev_launch_finish(SevGuestState *sev_guest) { int ret, error; trace_kvm_sev_launch_finish(); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, + &error); if (ret) { error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(error)); exit(1); } - sev_set_guest_state(sev, SEV_STATE_RUNNING); + sev_set_guest_state(SEV_COMMON(sev_guest), SEV_STATE_RUNNING); /* add migration blocker */ error_setg(&sev_mig_blocker, @@ -855,38 +827,40 @@ sev_launch_finish(SevGuestState *sev) static void sev_vm_state_change(void *opaque, bool running, RunState state) { - SevGuestState *sev = opaque; + SevCommonState *sev_common = opaque; if (running) { - if (!sev_check_state(sev, SEV_STATE_RUNNING)) { - sev_launch_finish(sev); + if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { + sev_launch_finish(SEV_GUEST(sev_common)); } } } static int sev_kvm_type(X86ConfidentialGuest *cg) { - SevGuestState *sev = SEV_GUEST(cg); + SevCommonState *sev_common = SEV_COMMON(cg); + SevGuestState *sev_guest = SEV_GUEST(sev_common); int kvm_type; - if (sev->kvm_type != -1) { + if (sev_common->kvm_type != -1) { goto out; } - kvm_type = (sev->policy & SEV_POLICY_ES) ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; - if (kvm_is_vm_type_supported(kvm_type) && !sev->legacy_vm_type) { - sev->kvm_type = kvm_type; + kvm_type = (sev_guest->policy & SEV_POLICY_ES) ? + KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; + if (kvm_is_vm_type_supported(kvm_type) && !sev_guest->legacy_vm_type) { + sev_common->kvm_type = kvm_type; } else { - sev->kvm_type = KVM_X86_DEFAULT_VM; + sev_common->kvm_type = KVM_X86_DEFAULT_VM; } out: - return sev->kvm_type; + return sev_common->kvm_type; } static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { - SevGuestState *sev = SEV_GUEST(cgs); + SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; int ret, fw_error, cmd; uint32_t ebx; @@ -899,8 +873,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return -1; } - sev_guest = sev; - sev->state = SEV_STATE_UNINIT; + sev_common->state = SEV_STATE_UNINIT; host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); host_cbitpos = ebx & 0x3f; @@ -910,9 +883,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * register of CPUID 0x8000001F. No need to verify the range as the * comparison against the host value accomplishes that. */ - if (host_cbitpos != sev->cbitpos) { + if (host_cbitpos != sev_common->cbitpos) { error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", - __func__, host_cbitpos, sev->cbitpos); + __func__, host_cbitpos, sev_common->cbitpos); goto err; } @@ -921,16 +894,17 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * the EBX register of CPUID 0x8000001F, so verify the supplied value * is in the range of 1 to 63. */ - if (sev->reduced_phys_bits < 1 || sev->reduced_phys_bits > 63) { + if (sev_common->reduced_phys_bits < 1 || + sev_common->reduced_phys_bits > 63) { error_setg(errp, "%s: reduced_phys_bits check failed," " it should be in the range of 1 to 63, requested '%d'", - __func__, sev->reduced_phys_bits); + __func__, sev_common->reduced_phys_bits); goto err; } - devname = object_property_get_str(OBJECT(sev), "sev-device", NULL); - sev->sev_fd = open(devname, O_RDWR); - if (sev->sev_fd < 0) { + devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); + sev_common->sev_fd = open(devname, O_RDWR); + if (sev_common->sev_fd < 0) { error_setg(errp, "%s: Failed to open %s '%s'", __func__, devname, strerror(errno)); g_free(devname); @@ -938,7 +912,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } g_free(devname); - ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status, + ret = sev_platform_ioctl(sev_common->sev_fd, SEV_PLATFORM_STATUS, &status, &fw_error); if (ret) { error_setg(errp, "%s: failed to get platform status ret=%d " @@ -946,9 +920,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) fw_error_to_str(fw_error)); goto err; } - sev->build_id = status.build; - sev->api_major = status.api_major; - sev->api_minor = status.api_minor; + sev_common->build_id = status.build; + sev_common->api_major = status.api_major; + sev_common->api_minor = status.api_minor; if (sev_es_enabled()) { if (!kvm_kernel_irqchip_allowed()) { @@ -966,14 +940,14 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev)) == KVM_X86_DEFAULT_VM) { + if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; - ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); } else { struct kvm_sev_init args = { 0 }; - ret = sev_ioctl(sev->sev_fd, KVM_SEV_INIT2, &args, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_INIT2, &args, &fw_error); } if (ret) { @@ -982,7 +956,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - ret = sev_launch_start(sev); + sev_launch_start(SEV_GUEST(sev_common)); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; @@ -990,13 +964,12 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); - qemu_add_vm_change_state_handler(sev_vm_state_change, sev); + qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; return 0; err: - sev_guest = NULL; ram_block_discard_disable(false); return -1; } @@ -1004,13 +977,15 @@ err: int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { - if (!sev_guest) { + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + if (!sev_common) { return 0; } /* if SEV is in update state then encrypt the data else do nothing */ - if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(sev_guest, ptr, len); + if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { + int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); if (ret < 0) { error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; @@ -1030,16 +1005,17 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, void *hva; gsize hdr_sz = 0, data_sz = 0; MemoryRegion *mr = NULL; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - if (!sev_guest) { + if (!sev_common) { error_setg(errp, "SEV not enabled for guest"); return 1; } /* secret can be injected only in this state */ - if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_SECRET)) { error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", - sev_guest->state); + sev_common->state); return 1; } @@ -1073,7 +1049,7 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, input.trans_uaddr, input.trans_len); - ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_SECRET, &input, &error); if (ret) { error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'", @@ -1180,9 +1156,10 @@ void sev_es_set_reset_vector(CPUState *cpu) { X86CPU *x86; CPUX86State *env; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); /* Only update if we have valid reset information */ - if (!sev_guest || !sev_guest->reset_data_valid) { + if (!sev_common || !sev_common->reset_data_valid) { return; } @@ -1194,11 +1171,11 @@ void sev_es_set_reset_vector(CPUState *cpu) x86 = X86_CPU(cpu); env = &x86->env; - cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff, + cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_common->reset_cs, 0xffff, DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK); - env->eip = sev_guest->reset_ip; + env->eip = sev_common->reset_ip; } int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) @@ -1206,6 +1183,7 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) CPUState *cpu; uint32_t addr; int ret; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); if (!sev_es_enabled()) { return 0; @@ -1219,9 +1197,9 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) } if (addr) { - sev_guest->reset_cs = addr & 0xffff0000; - sev_guest->reset_ip = addr & 0x0000ffff; - sev_guest->reset_data_valid = true; + sev_common->reset_cs = addr & 0xffff0000; + sev_common->reset_ip = addr & 0x0000ffff; + sev_common->reset_data_valid = true; CPU_FOREACH(cpu) { sev_es_set_reset_vector(cpu); @@ -1267,12 +1245,13 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) hwaddr mapped_len = sizeof(*padded_ht); MemTxAttrs attrs = { 0 }; bool ret = true; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); /* * Only add the kernel hashes if the sev-guest configuration explicitly * stated kernel-hashes=on. */ - if (!sev_guest->kernel_hashes) { + if (!sev_common->kernel_hashes) { return false; } @@ -1363,8 +1342,30 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return ret; } +static char * +sev_common_get_sev_device(Object *obj, Error **errp) +{ + return g_strdup(SEV_COMMON(obj)->sev_device); +} + static void -sev_guest_class_init(ObjectClass *oc, void *data) +sev_common_set_sev_device(Object *obj, const char *value, Error **errp) +{ + SEV_COMMON(obj)->sev_device = g_strdup(value); +} + +static bool sev_common_get_kernel_hashes(Object *obj, Error **errp) +{ + return SEV_COMMON(obj)->kernel_hashes; +} + +static void sev_common_set_kernel_hashes(Object *obj, bool value, Error **errp) +{ + SEV_COMMON(obj)->kernel_hashes = value; +} + +static void +sev_common_class_init(ObjectClass *oc, void *data) { ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); @@ -1373,10 +1374,87 @@ sev_guest_class_init(ObjectClass *oc, void *data) x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "sev-device", - sev_guest_get_sev_device, - sev_guest_set_sev_device); + sev_common_get_sev_device, + sev_common_set_sev_device); object_class_property_set_description(oc, "sev-device", "SEV device to use"); + object_class_property_add_bool(oc, "kernel-hashes", + sev_common_get_kernel_hashes, + sev_common_set_kernel_hashes); + object_class_property_set_description(oc, "kernel-hashes", + "add kernel hashes to guest firmware for measured Linux boot"); +} + +static void +sev_common_instance_init(Object *obj) +{ + SevCommonState *sev_common = SEV_COMMON(obj); + + sev_common->kvm_type = -1; + + sev_common->sev_device = g_strdup(DEFAULT_SEV_DEVICE); + + object_property_add_uint32_ptr(obj, "cbitpos", &sev_common->cbitpos, + OBJ_PROP_FLAG_READWRITE); + object_property_add_uint32_ptr(obj, "reduced-phys-bits", + &sev_common->reduced_phys_bits, + OBJ_PROP_FLAG_READWRITE); +} + +/* sev guest info common to sev/sev-es/sev-snp */ +static const TypeInfo sev_common_info = { + .parent = TYPE_X86_CONFIDENTIAL_GUEST, + .name = TYPE_SEV_COMMON, + .instance_size = sizeof(SevCommonState), + .instance_init = sev_common_instance_init, + .class_size = sizeof(SevCommonStateClass), + .class_init = sev_common_class_init, + .abstract = true, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static char * +sev_guest_get_dh_cert_file(Object *obj, Error **errp) +{ + return g_strdup(SEV_GUEST(obj)->dh_cert_file); +} + +static void +sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) +{ + SEV_GUEST(obj)->dh_cert_file = g_strdup(value); +} + +static char * +sev_guest_get_session_file(Object *obj, Error **errp) +{ + SevGuestState *sev_guest = SEV_GUEST(obj); + + return sev_guest->session_file ? g_strdup(sev_guest->session_file) : NULL; +} + +static void +sev_guest_set_session_file(Object *obj, const char *value, Error **errp) +{ + SEV_GUEST(obj)->session_file = g_strdup(value); +} + +static bool sev_guest_get_legacy_vm_type(Object *obj, Error **errp) +{ + return SEV_GUEST(obj)->legacy_vm_type; +} + +static void sev_guest_set_legacy_vm_type(Object *obj, bool value, Error **errp) +{ + SEV_GUEST(obj)->legacy_vm_type = value; +} + +static void +sev_guest_class_init(ObjectClass *oc, void *data) +{ object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, sev_guest_set_dh_cert_file); @@ -1387,11 +1465,6 @@ sev_guest_class_init(ObjectClass *oc, void *data) sev_guest_set_session_file); object_class_property_set_description(oc, "session-file", "guest owners session parameters (encoded with base64)"); - object_class_property_add_bool(oc, "kernel-hashes", - sev_guest_get_kernel_hashes, - sev_guest_set_kernel_hashes); - object_class_property_set_description(oc, "kernel-hashes", - "add kernel hashes to guest firmware for measured Linux boot"); object_class_property_add_bool(oc, "legacy-vm-type", sev_guest_get_legacy_vm_type, sev_guest_set_legacy_vm_type); @@ -1402,41 +1475,30 @@ sev_guest_class_init(ObjectClass *oc, void *data) static void sev_guest_instance_init(Object *obj) { - SevGuestState *sev = SEV_GUEST(obj); - - sev->kvm_type = -1; + SevGuestState *sev_guest = SEV_GUEST(obj); - sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE); - sev->policy = DEFAULT_GUEST_POLICY; - object_property_add_uint32_ptr(obj, "policy", &sev->policy, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "handle", &sev->handle, + sev_guest->policy = DEFAULT_GUEST_POLICY; + object_property_add_uint32_ptr(obj, "handle", &sev_guest->handle, OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "reduced-phys-bits", - &sev->reduced_phys_bits, + object_property_add_uint32_ptr(obj, "policy", &sev_guest->policy, OBJ_PROP_FLAG_READWRITE); object_apply_compat_props(obj); } -/* sev guest info */ +/* guest info specific sev/sev-es */ static const TypeInfo sev_guest_info = { - .parent = TYPE_X86_CONFIDENTIAL_GUEST, + .parent = TYPE_SEV_COMMON, .name = TYPE_SEV_GUEST, .instance_size = sizeof(SevGuestState), - .instance_finalize = sev_guest_finalize, - .class_init = sev_guest_class_init, .instance_init = sev_guest_instance_init, - .interfaces = (InterfaceInfo[]) { - { TYPE_USER_CREATABLE }, - { } - } + .class_size = sizeof(SevGuestStateClass), + .class_init = sev_guest_class_init, }; static void sev_register_types(void) { + type_register_static(&sev_common_info); type_register_static(&sev_guest_info); } diff --git a/target/i386/sev.h b/target/i386/sev.h index 9e10d09539..668374eef3 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -20,6 +20,9 @@ #include "exec/confidential-guest-support.h" +#define TYPE_SEV_COMMON "sev-common" +#define TYPE_SEV_GUEST "sev-guest" + #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 #define SEV_POLICY_ES 0x4 From patchwork Thu May 30 11:16:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680188 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2075.outbound.protection.outlook.com [40.107.237.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01A13176AAA for ; Thu, 30 May 2024 11:16:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067813; cv=fail; b=mCtnRqxyUjkXfT9rQHfyM7gTOynzAzKBLaGOTDPJsOPXA/kwqTvcDEN7+L2bFIFANT26uM0yvcRvcgtBzXIylLBc/uDGSheZKrk3JXTYAQmlHwPCbFB5E819fBGO8Bgzd0dLl12zzzvFcHlGXVIdW5Rzg+xOJUDo9Xsso19gAvk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067813; c=relaxed/simple; bh=6RlaGcjpm0vUT/PeSqpajHJw0s3jPUfxGtk8Mx98KWg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=a/qYDmBbXfGW0hE/QgFfDOKJfz2T/n+JCCNTjJvaRSwxTK8YDyQRG3TD0rCJ9EMT+Iyv1B1bJmlpYC5Wc3nuhglRZsGr062RDw2xlNiFnKz6gRi78fpIekx2QqXiILdVviOFoZEg4Wvjn8fVs8eClWYFBtWeFpVlGoJDRlbbpTY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=YyldVAUY; arc=fail smtp.client-ip=40.107.237.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="YyldVAUY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CZ25h6nPel6YP1xa92jItvV7H2hpgEftC8oB1bBPLDRV7+LrqTopgKvATwbTROvRquKOAxw9Jwg7Vp3Ir7xzCA+UEJ3y59DBCQH4tswhvIr6ohDlHYvrC0q6rXxaFRimCiFmLvKXMNkeBSbXLKsbCDzv8quCLfY0JR39yyp9/W5ESR0tAEaSnhmHKYgOmOmvy1k8RSY21ovsS3bbJE0WGVPGz4/ult9FCboxmqpPrfIg/nwhhGtJyhkmSuZQVWcAJ38BVXnswjZ5E2qvKkChGKTk4Swa8LJQ3pIDSGbd3oRiF5WpiiwcNGeJP1aS1Jd9v/yn3sXb57QGhwKpeP1C7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5MTmqXtxbAymjMh9a8KMG452ISgw8nzMe9Mhwjt6V/I=; b=YC1RgP/ld9V1qutGUPH0lrs/m3s7p6GNPDM7RPyLZbAbm7K2ldev3pkWwrnwE0SGgFcoSqoScFgYKqJ373xDQx6oyT+vHPhHFIKzUy6X8G0euBg+ngpyS/WvTIYNV/q8SIpKAWDBux8lTujefKh2+fkHGYiXTNg7DbmWhz58p4aj7+u7u2wjdlAz5uL6O4JI/8Q4kL9HS5IhCvC1nVjVfEJOMjSAspE3cd1gg40uOFkrvL9CGs+aWj29bYHjvjf2lFh1QiWpqOcyRJFEz6QqMXe+PIUNlU2/Sr1iaNI5WfdmfaQ0x3AlY1XudMIBYh6qE8m9JI036UOFX59X0lgG8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5MTmqXtxbAymjMh9a8KMG452ISgw8nzMe9Mhwjt6V/I=; b=YyldVAUYF/v1cIhwOclXF5HbullHbxvGAyxZNvOtV3NO3jls8waNYwmJHH1wCLKbWlCgfYqTChk+Mvbhi5vX+/Ykli/3P7DwuzQv1/yjRCe1HN1P1t/qkNamkWUp8y9xLX1avNZlL6nPfq7x29dZAtKPOg7Q9d+RJpxe4oLGyVU= Received: from BL1PR13CA0111.namprd13.prod.outlook.com (2603:10b6:208:2b9::26) by CYYPR12MB8940.namprd12.prod.outlook.com (2603:10b6:930:bd::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.17; Thu, 30 May 2024 11:16:48 +0000 Received: from BN3PEPF0000B072.namprd04.prod.outlook.com (2603:10b6:208:2b9:cafe::d0) by BL1PR13CA0111.outlook.office365.com (2603:10b6:208:2b9::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.20 via Frontend Transport; Thu, 30 May 2024 11:16:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B072.mail.protection.outlook.com (10.167.243.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:48 +0000 Received: from SATLEXMB05.amd.com (10.181.40.146) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:47 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB05.amd.com (10.181.40.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:47 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:46 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 05/31] i386/sev: Move sev_launch_update to separate class method Date: Thu, 30 May 2024 06:16:17 -0500 Message-ID: <20240530111643.1091816-6-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB05.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B072:EE_|CYYPR12MB8940:EE_ X-MS-Office365-Filtering-Correlation-Id: 73a015c3-100a-434f-990d-08dc8099ff5a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|82310400017|376005|1800799015|36860700004; X-Microsoft-Antispam-Message-Info: j7Pt71R1zo4OBKD/wPCq736LFvjKYl5/P+CeRpHf4esKGcpT3kcQdSiGL3JZl/6ej1ijXMpwAaZLPYyoyjbVo+g2qO5TQDvoeCSfEKfj6pBrGZ9Jrozzoi/fdvGpTCOyV1ZCBvtdgiN+2eyG7un3oepjz/m1SFpUtsb5mGlbCZVicCXVdEL5+zZoQzICGGqtl0Uw1gIjSnMfsRISzcpeAnZNwx/UhdL8ktihxJUTFykRks6mcPd6dgG+pfqm8qrJhsonQPRwgMUwHWqEFKSQpwTRMmLImiIkHy/s4LMFz2Ap8UEcCBs+6Bzbxls0K4LwlnajHiy++4NOIFrtJN6LDYsbGqRAIt6UITNi96PcfLYfIzscv1pR6WzY85IIuodDBL/jDpBS1/Oz2FZQbWS8w+MLH6j+5QpfrattBQeUyuTkfAqjZv4pBxvbEadX58hFVkPkiDzAhyNa3c1NmQNeDEkAIH5abXQu/ymfXRA0PsAZN4VEwUPQaZ436CFBT6JSeDNLuwIi+X51vIaQ+xJbfKAfxTjaxU0PXZNASFOU5m88vZelLr8s9lYn5Mwjivs8Axf2w06HI7MVeAl5JwfUeP3q2tfOdhhLYhH+h/IQRozC5CFA8g58W8AxUT/tKQBegYOhuXpkVtUTDWRQbFZtop5AKY54IR4G4n4/yk8/sKsrzBFvDeeFOOvkE9MuBfwbrGsv7DVTe6hAP5asdoM4NKQBWZ0PTBbXNk/6p3HbeyNItJQ0/j93bXs1MEd/P+6VKuOXNaj9pCAjXBtm+UTk6YeI6igIlytiJTKXGIMVuUwnfau8q7DQzA6ktGoeBwh/6AInNG21Kd7yOiIUFtU/Q6m+Op8lBZBlEG65gKaEl6ZMYd/s3h+mRlDP9mxRfSMu+B5gjTai7p9Mj+gHnIlcG3m6/k0IyMxS+QMeYENeZydrrQW/yJ8PQkhzMiy81hSQDSCaA1GfOXNVwPCKl0CyDJRJICF3N4NPMe094K8/edLmCPBodyU/iLOgLnDNNbJNTAE0W6mCWvJyXiQ8uYjJ64Ekaw1pnWxxxpRcIpYlsW5K0egxdydkJhcjTiDTwLAg9HJWSOp0/Krv/EgDkYEwguXZl+Mam8zoiQ34BrqfIpoPPcgc4IJY1ILcSMYazRs3Tur8/8jruCohh/YZ3pvW/dCQe8uxPVQuDBhr7HONQD1pJk2AE9zOgEERVXoCGtTgOQcoSScc5Seb+g7uIluSSJKN46iJ7FL0hIFX6K/iMKsZn40+x9OdXP83FxueHZN2AsH6rwCt0dX0Eb7424J9Ny19S/UqUfiSeuTq6lVlfPFKJ9XbUbp3pzP9nesuA3niyVwTioOx0SyXMauPX//ebhXAFRUpbaZbhExviZTdFnU= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400017)(376005)(1800799015)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:48.1778 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 73a015c3-100a-434f-990d-08dc8099ff5a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B072.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR12MB8940 When sev-snp-guest objects are introduced there will be a number of differences in how the launch data is handled compared to the existing sev-guest object. Move sev_launch_start() to a class method to make it easier to implement SNP-specific launch update functionality later. Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 79eb21c7d0..3bdb88f2ed 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -69,6 +69,8 @@ struct SevCommonState { struct SevCommonStateClass { X86ConfidentialGuestClass parent_class; + /* public */ + int (*launch_start)(SevCommonState *sev_common); }; /** @@ -636,16 +638,16 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) } static int -sev_launch_start(SevGuestState *sev_guest) +sev_launch_start(SevCommonState *sev_common) { gsize sz; int ret = 1; int fw_error, rc; + SevGuestState *sev_guest = SEV_GUEST(sev_common); struct kvm_sev_launch_start start = { .handle = sev_guest->handle, .policy = sev_guest->policy }; guchar *session = NULL, *dh_cert = NULL; - SevCommonState *sev_common = SEV_COMMON(sev_guest); if (sev_guest->session_file) { if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { @@ -866,6 +868,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status = {}; + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); ret = ram_block_discard_disable(true); if (ret) { @@ -956,7 +959,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - sev_launch_start(SEV_GUEST(sev_common)); + ret = klass->launch_start(sev_common); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; @@ -1455,6 +1458,10 @@ static void sev_guest_set_legacy_vm_type(Object *obj, bool value, Error **errp) static void sev_guest_class_init(ObjectClass *oc, void *data) { + SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + + klass->launch_start = sev_launch_start; + object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, sev_guest_set_dh_cert_file); From patchwork Thu May 30 11:16:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680192 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2063.outbound.protection.outlook.com [40.107.94.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 104B616F830 for ; Thu, 30 May 2024 11:16:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.63 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067816; cv=fail; b=dU21gvf05w+rGG5b4ojBRJ5VyfCNuS9fn0iqIv7NXGwJlR/qfpmlvyyV5o7mnnlrGULdaPA+EjYMmpnI5xNvRNwQIGfijgg+Db97ksW+Fp6JMaPlr783WRTGO7+9bOcIhtyZ83btBZQmvj+PrGh+BQtUmmVauT1Olwv9NknXj7w= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067816; c=relaxed/simple; bh=sAIU+LJuDo89LbWWHoAxplRSCVkVx5bprLV5hRQesO4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tH1jgLyuZ9a0MRwlEKykXDCMXe3zfT5f/bhpM1tfbQ3W5WVclbpe4mPwn9ZDeuku3MZdZwcnOQrd04ggTZHiaRkdbdp11SCJptxbzQD6k9H89yztEh9F4cFivawidRuZZxmxEczAdHUH2TIaxJ+/4z52uftINJrEMgGQSGl6LrM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=u5zjV0i4; arc=fail smtp.client-ip=40.107.94.63 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="u5zjV0i4" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hz8cEvZl5qgoJSYL3doxdbqX65uDVeSdXh0FcroSW3E1Jj4cy+5bOIlPOFBGmUUe/mzZZ1SH1AeoUSAhSJWR2ctTaUX8Lf3CJ/5GlrZ5r812LcEreyvUmXc3TUJq7c5IwIc/ZVAmHUEc70yGIFpknP8Ymr8IhEYICEmendpVcwtgc6OJtTRusvNWbmDYPBGHBWprN+7EDllu8IezRs9KHitqxGA9ScoAVUO5oFFsQfA4CwhqESikMs3Z+2lchbC6Q3gm55oK3OJQ2vSHWELioEEhNLXesoGJeBk8nAEut0d8w6UTvpARCllV0IhRftpElQvlEhMVf0UEVIwVfRWPHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lK582yi5N6LQWquzavDKpZxHAPKtDQeXVB1+CawH+kM=; b=A6ykCzzD4A7yxBOBgpxMF7JWMLAjFPfTCGKfwfRg1pXBpHdXzPyOQkQLwh3/1PzR1NknPkVyNSnUX5DrlEcmZ2PmtFs+X4iZ9l8jVM60vVVa+XUmM/gel6UbwA2lG3PrXcD0yQ9hiQNJ43vYf0leHcf1nLoBA2Ee9iniYCXwmy7roYJ7F3AaaC9491Frb6aH3POB91YAXUjr/PdQXSv0UVOH3srWqHBgP2Au5YvQ6TjZ7RSsEcaHJ8fW6GTxdZ16aarq13dLpryx20Wj2H5p8h2W+if/WI2fx8mEH4y0MLbRNiBefUytVxYaF95RqmvEhOufkYf2/d05iVfLP4GWYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lK582yi5N6LQWquzavDKpZxHAPKtDQeXVB1+CawH+kM=; b=u5zjV0i4C4ckNvyfNglE+LNCJ86wvzd549E+nnVC6PjkI6pX3aObK3VZ1mDqmffkHJ+YEoALt/3vfbi5NwaKwmPEpiwKngu9hdtBTo8I9Y1g5T84fCacZwAqQ5Zt35KhYK6kMB3YzJKDTyFyexrGR88A1L2n7XURx2DXB1JxvQw= Received: from BN1PR14CA0016.namprd14.prod.outlook.com (2603:10b6:408:e3::21) by IA0PR12MB8206.namprd12.prod.outlook.com (2603:10b6:208:403::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.19; Thu, 30 May 2024 11:16:50 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::89) by BN1PR14CA0016.outlook.office365.com (2603:10b6:408:e3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30 via Frontend Transport; Thu, 30 May 2024 11:16:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:50 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:48 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:47 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 06/31] i386/sev: Move sev_launch_finish to separate class method Date: Thu, 30 May 2024 06:16:18 -0500 Message-ID: <20240530111643.1091816-7-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB03.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|IA0PR12MB8206:EE_ X-MS-Office365-Filtering-Correlation-Id: b8f213e2-572e-4c37-d6d4-08dc809a008d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|1800799015|82310400017|36860700004; X-Microsoft-Antispam-Message-Info: HLr9S2Z2xgXKxeAivEfarl2gcqTVWmXoha7MOSoYTVVZPj7n/VpQlWKCsdbmXuH90b7CmnXUreUmUKFykMWC5Vlbh50i7ivjUo52QnXZbPR3OSxgx9RHnaN5isv5wII7XJTmUknn+FeGPtatkB/xRYYGU+pdofisXKyO87SdsKRTDpQPC9CKcb8rsi8OEvEpfnjAQK2iD2USxxf4e2/YGmW9j4I/aIcDtcROi5VwshXwQuZwC6DbBZ8G4z4RA4zpO5Xsp21dHLGdGVCaXuXdq9QJVnHGjgJPil3ooKjnotzYwkqaAGMVnf0ArArB9ESkLEZkQjGiXUdLJh6qqXx/6mvCDphGWoo95hUKpsOQXC/1pea8yXMiSUGMzyKCAi2Lx4dgxd+jnv9mQtDTG6G0S7oIyCnv9qCvH+KvNRuF7tQA2gwGuCI0fM30sN9PtUCyqEhVSH/9AMxUkop5AVxTrD+ZQ68zH7eOFKEcju3InsCP0cqRyKfyKsTpmZ8OMSDSHRJ/fquKx2ngz773Vi7bLVxHYhVQ/6mbrR2P7j7VCzEZ0GsIoOWwiS5GEYKLQrD4Pby6E2kGBrxl97iHfhrUmASzAem3eWJfjUXf6UtVOIVXaHnxlMqm+bYpi+7ahZAoWMF9UL87MKIUmQHpm4WdJpC53+kj6po/p3ra3rWIzKknUdkck7y3ttJDGa8fQbvLhOq8qgWangFuGw4DJNz7HraBowZwstDiG5+VI/xt38DvqeTNgEPKH8ZmfxlLePwZdMCBXe9j9U7YacHSJ7Q3HtpBBe58oqdxNXiNoLgXgIr4feLo4Y9z9opII6kTLqu8zcjCntvv+Ngcy0qRHQcX+kX63GGD6c4J4djBIkhoIo6smE8SJQjH41NGWOl04KwOzlUx/OG5GuDTpUfbfeCP+Q9Kbs/erCRWn1Ky8ctNR1X3J1MoT3sWRAfEp1LiWeFutlHTWP7kV572xQnVusuzlRPAfwHAukpxa/JsC6dFLLj36PLngN5SiRdHq1BHJYDw8IG2HWx7Dh+fJz7WZM9TY3s2NkSnJw2GHQRfQBjtWNS6AEmuWzR43C0wVydll70vdvHJ+ahaOj3hZ06wVGS/HLLZgatH5M7cN4TP/PgD7BQEjwzi+3EEyBtpXmsIYqEw251wnP8YaJTuO52xsNCBGJpLMnsoqnwapa2plPLZME5dco3+Jm/CNIKIk5DB5an7GmV6NefrmUvXh+OS6C5V3Tc6n+2eD5IvCTARPQzwWEwWVPi6E3JkuU9tk7AsExitcZYWIgRUATqsbURlYBO14hhgWGSeKkrCrjqgBIO9dVhNkSE3BY+9zhcH4301Uz2ZPOi8U3SjhXwkSZluaYE6MUnBdq3OFOx6oralQ8l6GKQ4GpNN7SvGzFXnPIlmOgrW X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(1800799015)(82310400017)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:50.2069 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b8f213e2-572e-4c37-d6d4-08dc809a008d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8206 When sev-snp-guest objects are introduced there will be a number of differences in how the launch finish is handled compared to the existing sev-guest object. Move sev_launch_finish() to a class method to make it easier to implement SNP-specific launch update functionality later. Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 3bdb88f2ed..c141f4fed4 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -71,6 +71,7 @@ struct SevCommonStateClass { /* public */ int (*launch_start)(SevCommonState *sev_common); + void (*launch_finish)(SevCommonState *sev_common); }; /** @@ -805,12 +806,12 @@ static Notifier sev_machine_done_notify = { }; static void -sev_launch_finish(SevGuestState *sev_guest) +sev_launch_finish(SevCommonState *sev_common) { int ret, error; trace_kvm_sev_launch_finish(); - ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); if (ret) { error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", @@ -818,7 +819,7 @@ sev_launch_finish(SevGuestState *sev_guest) exit(1); } - sev_set_guest_state(SEV_COMMON(sev_guest), SEV_STATE_RUNNING); + sev_set_guest_state(sev_common, SEV_STATE_RUNNING); /* add migration blocker */ error_setg(&sev_mig_blocker, @@ -830,10 +831,11 @@ static void sev_vm_state_change(void *opaque, bool running, RunState state) { SevCommonState *sev_common = opaque; + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(opaque); if (running) { if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { - sev_launch_finish(SEV_GUEST(sev_common)); + klass->launch_finish(sev_common); } } } @@ -1461,6 +1463,7 @@ sev_guest_class_init(ObjectClass *oc, void *data) SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); klass->launch_start = sev_launch_start; + klass->launch_finish = sev_launch_finish; object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, From patchwork Thu May 30 11:16:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680190 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2078.outbound.protection.outlook.com [40.107.244.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EEE1178364 for ; Thu, 30 May 2024 11:16:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067815; cv=fail; b=IWe9DtKqlh3QvjRXyWhjJ8EW5BwSZLAArWMh1n/KM4XN2LeIs+2YbnnLUTts5VLKfG49WM3G1NdqwaB12EBsP0+cPBDY9hUaSKUuq2Hu+8MgNI98+KjWvYyRk8Bc40kTJ28B6LZhwJ2QnQhvCyJiBXhIP/FaN6z8Px5c8clmsJ8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067815; c=relaxed/simple; bh=+kF6UX4zhPVjedafJ+WrA4oUAtmndADRae1TAP5g3VU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pfezicOQgqYQxKjY2FZppe9g4mZb0ThgdRk93kSs/jQFnHXhZEMWAyB/cXe4xkngf9Yr8ceXY1mhmPYo/en0+snrGCXsEJO8Ul1Y4X15urZ+4dyT4gdEmE6CWzg10xYb0hOYYWep1x8pBHrUi3cxUzM/eLFV6m87OFc3s18t0YU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=d6OYrEav; arc=fail smtp.client-ip=40.107.244.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="d6OYrEav" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UdgRTR3NmnNG4jQF+s94+lNxg/oRLzJ7/s5kLA6LlXlTuScqOnTQ11VtN0FYLI+T02r5DHErPAmUGB8JdX5szYAPfBWWu9iOLCo20oY8Q+2eTtjCyktlUtCf152mSMXOphCbSj2qHcFyhqQVNMgXtxJNHHbii3l/+yGIphTjOtXtpB1evAES68frHRo001ZYTDG2tapm9hRBjJYQlyOamm0da3N1lF+chdO8TuKCD1jfb4q8NBVp8QTm4MVLQ3KuuENG4C/3avXZrgpKC+WidEdKPPaMNJrLNE7qbPEIS0AJGIecFTxV1ou1pBKNxh+C0llTNcM/tgRssbevBkeI8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RQxGHIropzDaQyfNLj0B1lvQTCJ7A0dbvLxcw8dK1Nc=; b=iqfNwH9v4Eii4LF2qXjovv/vbQUB0dnOpoDpWiSaHRtMmVoy69YEEUSLcdxFmAsdMh06M4Q3eh6jv6CZOHKWS8ODOEE/LImdHSgyMRpi8IPfiSbJsSeVtVgkgzT4i59P/tjIcprIyH1OcVLpkU9Q1M8J8adgre3jFxE//4CqBi3lP+dVMDqAShBWaJ7Agd7RVHIvZIRChmSS5nq/kST3njO2Ag+RIh3uAfSBwrKheoeYhUrJBmcQGYbwIOjM40Ru/7EiUN4qNve8tw0wQLX3dEh0VMuho9PnJghdaPw3GoMiVUqmMJkJu+cZeO4as2MsOOLI7x+6IuOxzZvfeKjLeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RQxGHIropzDaQyfNLj0B1lvQTCJ7A0dbvLxcw8dK1Nc=; b=d6OYrEavVeK79obKcf2cJMNi5m0S0QK56AvGwdTmmXOBHRZc/hq+w6DGu8xNXgNBzrFaOnx28B2VGmd5rArAWmMNyHmH+OMpK871GUY8ycB2ImJzGockjCKk7w39mFtWnuLRMvAeip90ldfdPXJkK1Vnm7lOsx0fD0Dk2xg7LHc= Received: from BN1PR14CA0001.namprd14.prod.outlook.com (2603:10b6:408:e3::6) by DM6PR12MB4219.namprd12.prod.outlook.com (2603:10b6:5:217::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.29; Thu, 30 May 2024 11:16:50 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::83) by BN1PR14CA0001.outlook.office365.com (2603:10b6:408:e3::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:16:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:50 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:48 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:48 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 07/31] i386/sev: Introduce 'sev-snp-guest' object Date: Thu, 30 May 2024 06:16:19 -0500 Message-ID: <20240530111643.1091816-8-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB03.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|DM6PR12MB4219:EE_ X-MS-Office365-Filtering-Correlation-Id: 62d8bbdb-4034-430d-fc97-08dc809a00b3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|82310400017|36860700004|1800799015|376005; X-Microsoft-Antispam-Message-Info: ZX8CFJlx8rJGk4AaipyT3CFUpmVPLAcbZh6btpZgTCFLBarsTXnfy1CkyYPpV96uVd/HpYFCZ1oQmfPo5614Antty4RV1xI3oXiGjmO+RmSIianRcRPZSUrvWzWwaIXeukXoLZGu4+XP0/Do4/ZgUgIWlQYuZ2CdFgi2gyuELVoTUuuFwRCMa8ki/Jy17rQZaevW4w6E+TqAR6NwvPiSYzbcluhM5ZLi9BbMEHxPnHOLN1KLbyfVwWjltCKL2/rBSeLrq4a+7jYpjAn/5pjlYgdw9dv0Oe0M3jW369oqvKwuQSMRSP3+FCpCZVE571ejdOaF+eF0285SdBhb3mBOuFEYBXYjeT7IUOyuZWKby21LQdXXE1nlal4BGCxPnVGVnKzEHOOjX7Tt60HzDq8ZzRqpAkZUTAoLiPH4vYwZUcOqUHr7KwNFbDqonuLEGtMeQKR0JnqcY8QF7LaLKQIQz58eay5SmxDTiK8oFJq0Pz+goR2/Jj95jx4I87VVf8CMjSHWjQd37jqj4eehIm4JoAAIkZlG4CkZFBpp8l7/lUKd2ZuaZB2cYIbTv9iFx6LE0GQ3dL8MvekGHmiO53f+L1oVXLoqh40DpcuD6VJ7G2MuAwjxuB2lvhzHcmSZRf2k8Jk4hLA4pw5kbHb18bZZy4ccRj78UUVGo7wB/c+NApKXAB+0ezhGcY4DEQi9KsAPNe2dMnKKOf63xXfJOFf3UNIwBMOHRu9TK8OXPPmp/lb3pAs5nrLqv5wCGBOYj9e0Mx3miU2sQYS17f1Uax2zGGLJqzoWwPT3VO+iAhbVvWIr2i6IAkN2jiAepWPLioAQAwG62zF6iW2577HdfDNY62DefCrbXgc4s3urJyz2fkVDV/W6AWn3nRBCSmq12pa1w/l0a0PY5nqR/wjdHY0gZt+bdyT9DSzXfpAUlaEMVG1ksTXPwJQq3RtrGGe9H78Ou/q9v5RpVMe09iuvCoTq6LOd+SPgwr5sdvR5K6yyahZTqyUCx1B2FAIJTtPCK2XZ8YyXEXZr1Dh0cVyFwkZXcDhhq/Yc4ilUp41inyF695ISunfYo14HpXly960vRQmsdWoFC0Evfw+WjA2S3NKNTmJVXMTTcFPD/ZITjWjJnIUau7x4zjdkvwubTLlW32iXb+eBlPFsYtstxviO1ew08Q1ERhnj4Dv65W3nApDO5Zph4SFIfI4jeAeLf2gXcIs5xQrmKqzo0OsnykQA6qiX0lCbekKHgoIu63AUf+Cu/awpsFZ35/ZV9S29HikytkZb4+JKA3V1405ieGA1OUIk4cE8hq0nw3bdt61Jzf9tOtrAoVUUnjnBeO8QS9Xf7vJhztU2VyQaiwG21nxFzUsw7h55k1Am2L7NpF5vNrjB5TRLyp1iGj3Sgaphb7PJLzjU X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400017)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:50.4569 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 62d8bbdb-4034-430d-fc97-08dc809a00b3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4219 From: Brijesh Singh SEV-SNP support relies on a different set of properties/state than the existing 'sev-guest' object. This patch introduces the 'sev-snp-guest' object, which can be used to configure an SEV-SNP guest. For example, a default-configured SEV-SNP guest with no additional information passed in for use with attestation: -object sev-snp-guest,id=sev0 or a fully-specified SEV-SNP guest where all spec-defined binary blobs are passed in as base64-encoded strings: -object sev-snp-guest,id=sev0, \ policy=0x30000, \ init-flags=0, \ id-block=YWFhYWFhYWFhYWFhYWFhCg==, \ id-auth=CxHK/OKLkXGn/KpAC7Wl1FSiisWDbGTEKz..., \ auth-key-enabled=on, \ host-data=LNkCWBRC5CcdGXirbNUV1OrsR28s..., \ guest-visible-workarounds=AA==, \ See the QAPI schema updates included in this patch for more usage details. In some cases these blobs may be up to 4096 characters, but this is generally well below the default limit for linux hosts where command-line sizes are defined by the sysconf-configurable ARG_MAX value, which defaults to 2097152 characters for Ubuntu hosts, for example. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Acked-by: Markus Armbruster (for QAPI schema) Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta --- docs/system/i386/amd-memory-encryption.rst | 70 +++++- qapi/qom.json | 57 +++++ target/i386/sev.c | 257 +++++++++++++++++++++ target/i386/sev.h | 1 + 4 files changed, 383 insertions(+), 2 deletions(-) diff --git a/docs/system/i386/amd-memory-encryption.rst b/docs/system/i386/amd-memory-encryption.rst index e9bc142bc1..5849ec8972 100644 --- a/docs/system/i386/amd-memory-encryption.rst +++ b/docs/system/i386/amd-memory-encryption.rst @@ -25,8 +25,8 @@ support for notifying a guest's operating system when certain types of VMEXITs are about to occur. This allows the guest to selectively share information with the hypervisor to satisfy the requested function. -Launching ---------- +Launching (SEV and SEV-ES) +-------------------------- Boot images (such as bios) must be encrypted before a guest can be booted. The ``MEMORY_ENCRYPT_OP`` ioctl provides commands to encrypt the images: ``LAUNCH_START``, @@ -161,6 +161,72 @@ The value of GCTX.LD is If kernel hashes are not used, or SEV-ES is disabled, use empty blobs for ``kernel_hashes_blob`` and ``vmsas_blob`` as needed. +Launching (SEV-SNP) +------------------- +Boot images (such as bios) must be encrypted before a guest can be booted. The +``MEMORY_ENCRYPT_OP`` ioctl provides commands to encrypt the images: +``SNP_LAUNCH_START``, ``SNP_LAUNCH_UPDATE``, and ``SNP_LAUNCH_FINISH``. These +three commands communicate with SEV-SNP firmware to generate a fresh memory +encryption key for the VM, encrypt the boot images for a successful launch. For +more details on the SEV-SNP firmware interfaces used by these commands please +see the SEV-SNP Firmware ABI. + +``SNP_LAUNCH_START`` is called first to create a cryptographic launch context +within the firmware. To create this context, the guest owner must provide a +guest policy and other parameters as described in the SEV-SNP firmware +specification. The launch parameters should be specified as described in the +QAPI schema for the sev-snp-guest object. + +The ``SNP_LAUNCH_START`` uses the following parameters, which can be configured +by the corresponding parameters documented in the QAPI schema for the +'sev-snp-guest' object. + ++--------+-------+----------+-------------------------------------------------+ +| key | type | default | meaning | ++---------------------------+-------------------------------------------------+ +| policy | hex | 0x30000 | a 64-bit guest policy | ++---------------------------+-------------------------------------------------+ +| guest-visible-workarounds | string| 0 | 16-byte base64 encoded string| +| | | | for guest OS visible | +| | | | workarounds. | ++---------------------------+-------------------------------------------------+ + +``SNP_LAUNCH_UPDATE`` encrypts the memory region using the cryptographic context +created via the ``SNP_LAUNCH_START`` command. If required, this command can be +called multiple times to encrypt different memory regions. The command also +calculates the measurement of the memory contents as it encrypts. + +``SNP_LAUNCH_FINISH`` finalizes the guest launch flow. Optionally, while +finalizing the launch the firmware can perform checks on the launch digest +computing through the ``SNP_LAUNCH_UPDATE``. To perform the check the user must +supply the id block, authentication blob and host data that should be included +in the attestation report. See the SEV-SNP spec for further details. + +The ``SNP_LAUNCH_FINISH`` uses the following parameters, which can be configured +by the corresponding parameters documented in the QAPI schema for the +'sev-snp-guest' object. + ++--------------------+-------+----------+-------------------------------------+ +| key | type | default | meaning | ++--------------------+-------+----------+-------------------------------------+ +| id-block | string| none | base64 encoded ID block | ++--------------------+-------+----------+-------------------------------------+ +| id-auth | string| none | base64 encoded authentication | +| | | | information | ++--------------------+-------+----------+-------------------------------------+ +| auth-key-enabled | bool | 0 | auth block contains author key | ++--------------------+-------+----------+-------------------------------------+ +| host_data | string| none | host provided data | ++--------------------+-------+----------+-------------------------------------+ + +To launch a SEV-SNP guest (additional parameters are documented in the QAPI +schema for the 'sev-snp-guest' object):: + + # ${QEMU} \ + -machine ...,confidential-guest-support=sev0 \ + -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 + + Debugging --------- diff --git a/qapi/qom.json b/qapi/qom.json index 056b38f491..d2f9b05cf4 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -928,6 +928,61 @@ '*policy': 'uint32', '*handle': 'uint32', '*legacy-vm-type': 'bool' } } +## +# @SevSnpGuestProperties: +# +# Properties for sev-snp-guest objects. Most of these are direct +# arguments for the KVM_SNP_* interfaces documented in the Linux +# kernel source under +# Documentation/arch/x86/amd-memory-encryption.rst, which are in turn +# closely coupled with the SNP_INIT/SNP_LAUNCH_* firmware commands +# documented in the SEV-SNP Firmware ABI Specification (Rev 0.9). +# +# More usage information is also available in the QEMU source tree +# under docs/amd-memory-encryption. +# +# @policy: the 'POLICY' parameter to the SNP_LAUNCH_START command, as +# defined in the SEV-SNP firmware ABI (default: 0x30000) +# +# @guest-visible-workarounds: 16-byte, base64-encoded blob to report +# hypervisor-defined workarounds, corresponding to the 'GOSVW' +# parameter of the SNP_LAUNCH_START command defined in the SEV-SNP +# firmware ABI (default: all-zero) +# +# @id-block: 96-byte, base64-encoded blob to provide the 'ID Block' +# structure for the SNP_LAUNCH_FINISH command defined in the +# SEV-SNP firmware ABI (default: all-zero) +# +# @id-auth: 4096-byte, base64-encoded blob to provide the 'ID +# Authentication Information Structure' for the SNP_LAUNCH_FINISH +# command defined in the SEV-SNP firmware ABI (default: all-zero) +# +# @auth-key-enabled: true if 'id-auth' blob contains the 'AUTHOR_KEY' +# field defined SEV-SNP firmware ABI (default: false) +# +# @host-data: 32-byte, base64-encoded, user-defined blob to provide to +# the guest, as documented for the 'HOST_DATA' parameter of the +# SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI (default: +# all-zero) +# +# @vcek-disabled: Guests are by default allowed to choose between VLEK +# (Versioned Loaded Endorsement Key) or VCEK (Versioned Chip +# Endorsement Key) when requesting attestation reports from +# firmware. Set this to true to disable the use of VCEK. +# (default: false) (since: 9.1) +# +# Since: 9.1 +## +{ 'struct': 'SevSnpGuestProperties', + 'base': 'SevCommonProperties', + 'data': { + '*policy': 'uint64', + '*guest-visible-workarounds': 'str', + '*id-block': 'str', + '*id-auth': 'str', + '*auth-key-enabled': 'bool', + '*host-data': 'str', + '*vcek-disabled': 'bool' } } ## # @ThreadContextProperties: @@ -1007,6 +1062,7 @@ { 'name': 'secret_keyring', 'if': 'CONFIG_SECRET_KEYRING' }, 'sev-guest', + 'sev-snp-guest', 'thread-context', 's390-pv-guest', 'throttle-group', @@ -1077,6 +1133,7 @@ 'secret_keyring': { 'type': 'SecretKeyringProperties', 'if': 'CONFIG_SECRET_KEYRING' }, 'sev-guest': 'SevGuestProperties', + 'sev-snp-guest': 'SevSnpGuestProperties', 'thread-context': 'ThreadContextProperties', 'throttle-group': 'ThrottleGroupProperties', 'tls-creds-anon': 'TlsCredsAnonProperties', diff --git a/target/i386/sev.c b/target/i386/sev.c index c141f4fed4..841b45f59b 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -42,6 +42,7 @@ OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) OBJECT_DECLARE_TYPE(SevGuestState, SevGuestStateClass, SEV_GUEST) +OBJECT_DECLARE_TYPE(SevSnpGuestState, SevSnpGuestStateClass, SEV_SNP_GUEST) struct SevCommonState { X86ConfidentialGuest parent_obj; @@ -100,8 +101,26 @@ struct SevGuestStateClass { SevCommonStateClass parent_class; }; +struct SevSnpGuestState { + SevCommonState parent_obj; + + /* configuration parameters */ + char *guest_visible_workarounds; + char *id_block; + char *id_auth; + char *host_data; + + struct kvm_sev_snp_launch_start kvm_start_conf; + struct kvm_sev_snp_launch_finish kvm_finish_conf; +}; + +struct SevSnpGuestStateClass { + SevCommonStateClass parent_class; +}; + #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define DEFAULT_SEV_SNP_POLICY 0x30000 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" typedef struct __attribute__((__packed__)) SevInfoBlock { @@ -1505,11 +1524,249 @@ static const TypeInfo sev_guest_info = { .class_init = sev_guest_class_init, }; +static void +sev_snp_guest_get_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static void +sev_snp_guest_set_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static char * +sev_snp_guest_get_guest_visible_workarounds(Object *obj, Error **errp) +{ + return g_strdup(SEV_SNP_GUEST(obj)->guest_visible_workarounds); +} + +static void +sev_snp_guest_set_guest_visible_workarounds(Object *obj, const char *value, + Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + g_autofree guchar *blob; + gsize len; + + g_free(sev_snp_guest->guest_visible_workarounds); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->guest_visible_workarounds = g_strdup(value); + + blob = qbase64_decode(sev_snp_guest->guest_visible_workarounds, + -1, &len, errp); + if (!blob) { + return; + } + + if (len != sizeof(start->gosvw)) { + error_setg(errp, "parameter length of %lu exceeds max of %lu", + len, sizeof(start->gosvw)); + return; + } + + memcpy(start->gosvw, blob, len); +} + +static char * +sev_snp_guest_get_id_block(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_block); +} + +static void +sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + g_free(sev_snp_guest->id_block); + g_free((guchar *)finish->id_block_uaddr); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_block = g_strdup(value); + + finish->id_block_uaddr = + (uint64_t)qbase64_decode(sev_snp_guest->id_block, -1, &len, errp); + + if (!finish->id_block_uaddr) { + return; + } + + if (len != KVM_SEV_SNP_ID_BLOCK_SIZE) { + error_setg(errp, "parameter length of %lu not equal to %u", + len, KVM_SEV_SNP_ID_BLOCK_SIZE); + return; + } + + finish->id_block_en = (len) ? 1 : 0; +} + +static char * +sev_snp_guest_get_id_auth(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_auth); +} + +static void +sev_snp_guest_set_id_auth(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + g_free(sev_snp_guest->id_auth); + g_free((guchar *)finish->id_auth_uaddr); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_auth = g_strdup(value); + + finish->id_auth_uaddr = + (uint64_t)qbase64_decode(sev_snp_guest->id_auth, -1, &len, errp); + + if (!finish->id_auth_uaddr) { + return; + } + + if (len > KVM_SEV_SNP_ID_AUTH_SIZE) { + error_setg(errp, "parameter length:ID_AUTH %lu exceeds max of %u", + len, KVM_SEV_SNP_ID_AUTH_SIZE); + return; + } +} + +static bool +sev_snp_guest_get_auth_key_en(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return !!sev_snp_guest->kvm_finish_conf.auth_key_en; +} + +static void +sev_snp_guest_set_auth_key_en(Object *obj, bool value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + sev_snp_guest->kvm_finish_conf.auth_key_en = value; +} + +static bool +sev_snp_guest_get_vcek_disabled(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return !!sev_snp_guest->kvm_finish_conf.vcek_disabled; +} + +static void +sev_snp_guest_set_vcek_disabled(Object *obj, bool value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + sev_snp_guest->kvm_finish_conf.vcek_disabled = value; +} + +static char * +sev_snp_guest_get_host_data(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->host_data); +} + +static void +sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + g_autofree guchar *blob; + gsize len; + + g_free(sev_snp_guest->host_data); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->host_data = g_strdup(value); + + blob = qbase64_decode(sev_snp_guest->host_data, -1, &len, errp); + + if (!blob) { + return; + } + + if (len != sizeof(finish->host_data)) { + error_setg(errp, "parameter length of %lu not equal to %lu", + len, sizeof(finish->host_data)); + return; + } + + memcpy(finish->host_data, blob, len); +} + +static void +sev_snp_guest_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add(oc, "policy", "uint64", + sev_snp_guest_get_policy, + sev_snp_guest_set_policy, NULL, NULL); + object_class_property_add_str(oc, "guest-visible-workarounds", + sev_snp_guest_get_guest_visible_workarounds, + sev_snp_guest_set_guest_visible_workarounds); + object_class_property_add_str(oc, "id-block", + sev_snp_guest_get_id_block, + sev_snp_guest_set_id_block); + object_class_property_add_str(oc, "id-auth", + sev_snp_guest_get_id_auth, + sev_snp_guest_set_id_auth); + object_class_property_add_bool(oc, "auth-key-enabled", + sev_snp_guest_get_auth_key_en, + sev_snp_guest_set_auth_key_en); + object_class_property_add_bool(oc, "vcek-required", + sev_snp_guest_get_vcek_disabled, + sev_snp_guest_set_vcek_disabled); + object_class_property_add_str(oc, "host-data", + sev_snp_guest_get_host_data, + sev_snp_guest_set_host_data); +} + +static void +sev_snp_guest_instance_init(Object *obj) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + /* default init/start/finish params for kvm */ + sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY; +} + +/* guest info specific to sev-snp */ +static const TypeInfo sev_snp_guest_info = { + .parent = TYPE_SEV_COMMON, + .name = TYPE_SEV_SNP_GUEST, + .instance_size = sizeof(SevSnpGuestState), + .class_init = sev_snp_guest_class_init, + .instance_init = sev_snp_guest_instance_init, +}; + static void sev_register_types(void) { type_register_static(&sev_common_info); type_register_static(&sev_guest_info); + type_register_static(&sev_snp_guest_info); } type_init(sev_register_types); diff --git a/target/i386/sev.h b/target/i386/sev.h index 668374eef3..bedc667eeb 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -22,6 +22,7 @@ #define TYPE_SEV_COMMON "sev-common" #define TYPE_SEV_GUEST "sev-guest" +#define TYPE_SEV_SNP_GUEST "sev-snp-guest" #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 From patchwork Thu May 30 11:16:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680193 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2089.outbound.protection.outlook.com [40.107.223.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34AC1176AAA for ; Thu, 30 May 2024 11:16:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.89 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067816; cv=fail; b=mA7zmB5OLCV/mNY4UvI86WAfdgdExWOlwB1jF4NezGp+pf/xp+CZGx47O0AztxSeO6xG8TxVkdeYyuAmz6ggrrkIgGWwgSZzob73ctIYUOXUPxxs9KT//X4e0imjqbqLOrcMjBEW603poKGu/Fw1FLPF9/602OVs+N6OPw/0mbs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067816; c=relaxed/simple; bh=jaB77DNutYg8OBNrRnzvNMx8tRAKdcaM5Z4f97VLB48=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hnKqH080kuM2mP1VmRNJKbnphm2upn5S4ZFMYkNrla3vnjfOMEkBM1+Ky/4QEcmvVgXnvsUvYdNYqn2FQLy3JR2yVIORKhv0dy6z4ZvwOJKvAWKxZsU575/RvpO/w3vFnujUT+z3YExSOKFWpCEkga+/L32TbG80WkGGtI7NE3A= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hRU1zE+n; arc=fail smtp.client-ip=40.107.223.89 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hRU1zE+n" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lXMcjqdTR3Xr+jfbLpKlJR7KBAHwtl8lJzJEVs94F40EjvHkaS584HNncDPIDuAfnP/YgA7NIzsUaoi/2x58W6qfjuHKGHgE0FhAbZ8JKB6SbPUfx+wyAoidGrJN3ZL0G6JZY2THQJVDhahwxztkq9wLqxLRzJ09ixDmuXEBQgrW1Nua7hkECJ0C9pLVLhMdK8gKnPEty+Gqw3AOue8Fxc1t+3QEpNTe9Hw/IpaLza0UeFkUC8nK8ahS+PZCMOXp8FCBsc5HYky2Fupl5e2lBgPHER74+uHNa0jRGYaZMT8t6OJn9Xe5oeJg5GWmptn/vyLv7DtJRvGkZr+MiaZy3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GfCXPruts55gOh3ER99dvMxSJNa8gwHv0r6YK/+ytZ0=; b=DVTz9uy86trZa+rGl+aFde84hG9piPq3HkltPB4uEGK9XnynMik2Ws03lQPJyz+hlHAb6A5fGa4K+STdEjzud/7qCJoSPgHOFdyoF0JOj3+NF69iK6XY3oW/ybRf3EEG7JZn+2Orj6Wq7/7o2jg29AHBfCAd5A1K4My8liVssxwaKOekEqiIWA2Lbb5SND0+q/vdc0aJB0q04wvJaNFtV8S9yELKTN7ESIekAuwHrx/jYoFKycRlQQv4E0Zd34n7TuZ6skQDZkzBqtFcA3uujNqszppoEgmFptEYhnjOPKBaMP29JgR+QNO7EQi2+h+5R519UL44uzhzCqj9gQEDEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GfCXPruts55gOh3ER99dvMxSJNa8gwHv0r6YK/+ytZ0=; b=hRU1zE+nkA8NbZzy9LGEQtDE5R5QXL6qvZ/x23m11C9cL0tauOL2slQRDfdsuN7IblIclTR7x+LfdyMoucZA0jfRI4GpKbQpy+6AscdNJkRRHG+cwmH9/dYOh7PrzMrboMkZIxSvqLdcGRWr63NpRVrD7M1me7//ZFCe+e84q04= Received: from BN1PR14CA0019.namprd14.prod.outlook.com (2603:10b6:408:e3::24) by PH7PR12MB8106.namprd12.prod.outlook.com (2603:10b6:510:2ba::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Thu, 30 May 2024 11:16:51 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::cd) by BN1PR14CA0019.outlook.office365.com (2603:10b6:408:e3::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22 via Frontend Transport; Thu, 30 May 2024 11:16:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:51 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:49 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:49 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:49 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 08/31] i386/sev: Add a sev_snp_enabled() helper Date: Thu, 30 May 2024 06:16:20 -0500 Message-ID: <20240530111643.1091816-9-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|PH7PR12MB8106:EE_ X-MS-Office365-Filtering-Correlation-Id: 13ce287a-40ac-4413-814b-08dc809a011a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|82310400017|36860700004|1800799015; X-Microsoft-Antispam-Message-Info: TyWxKWOUfKYvrl0qvb9coAvnyrbe8RdfYZ3YrVEtXjjikKCQ8aIStv1HzMEDe81FPaPyua0Crukboo741hPj9yp7htzGiu2Q+9fSgeQKG+OEmt1nK+PiKYZabiyXfA4Lrmx6j8gFAdKE7xom9Av44As9FQtJrEFJnVM928hfeX7HJuIeYINBLkT+AF+DQa3o73DvbqbRlmkqvhLn9TmjUIqKgewWA/zfbLXWzEuERIIjET+N12fVvLy98RSkSdehCFHRqtVklqHbe68Gy56TfsbZk2cyrDlAnxtCji+sjoSwnU2BJjBzlSCfnPXJBKw9rr/sd613t06NwXm8S7xA0JJaNivmvzfWB3/HrQgyBouEJltlNfdRLRf2p8VxI9KczeHImbf8UtwlH1y3gWGDktL0KZp+FxaG+NfxQvp9bEGtu2ajvWBr/CE2k5Gff+7xnIdynYGd5fxRx7lzVwLtd44NuU1nTl7gf1Gv2T+Ndq2/AAlJX27XweZTjR62JisfuVnB/KIUmOFrGvWidX0fAo3gPXW/+g5PJWT9Bc5ST/HE/URmSuEu6rIgHgxF98PmPsoxNehxiYo/LReCyw5Jj+BRrRd61RZC5rTkX1eBrnXqk+yXtwdZvDgdf//b2jHY0ls3QMZe4tdqA510ufedeBc25Q1p8vJzTp55/yqaxAFoneic/cjqvr2+y2/wXpwMsIe6nkkOJFxHGrQb/mw6E54gImIKk9SUEq6YV/ntT1dQ9uatKE/s5R7755UUkyJ1NAWs4kJDPaSaKDcCR+lZE9HrGU6ZWhsDO/LQsKGWhUun+zUvBZU8TyIWb5PeTki9yN4+PdNVbMzSrtc/xj2/zVy7RldocZO6bWaNBJGNtNC6jYyKP87h9NLq42C1pkJ+U2bD84Ttye4QubyVejRj/TsuX/RFO6eA8Pzp+ev2uZo11S1Svqp2J3Dvh1kIhDFxakH9njkHzqU/UOXd4t6U+Kyq70QyReN9BOAvyqdfsyKQAIIZVnWizmqXes8gf0eyb3mzc/LzK55DT3Mh2c19OUHW361V+Ajfa5knNTCYkArwhmVbUuBVTiZ8X3XnsvY6XRCm1PVlBmTBciW+dM0A9Bk/c1lfmvnBGMYmCKwk6KQ/dq5ZZjR04BQEK2J65KnX1owZ/imQdQPQRw1wYcubUQ1fLn3MaUxOuxO0D/k8oSft2hj1ptbrC8EzP62W743Rq9VGEcqKmeoksp/jTMjHhlIDGG4ZhtxJcI6uXgKOlcA+5QLUldO7MUs59uoQIyBPMYDMkezmbKVH26i51lc1FdfoN5W92DT6l9IoaCUdEtwKki6HUbyp04YxjZedFmZr+/MCQG94Xq7j7QRjtJsik2DLPFV/6gve+tD5aIpd7lKDN7j1njhvhokrGFxn2dgX X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(82310400017)(36860700004)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:51.1132 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 13ce287a-40ac-4413-814b-08dc809a011a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB8106 From: Michael Roth Add a simple helper to check if the current guest type is SNP. Also have SNP-enabled imply that SEV-ES is enabled as well, and fix up any places where the sev_es_enabled() check is expecting a pure/non-SNP guest. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 13 ++++++++++++- target/i386/sev.h | 2 ++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 841b45f59b..f4f1971202 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -333,12 +333,21 @@ sev_enabled(void) return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } +bool +sev_snp_enabled(void) +{ + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST); +} + bool sev_es_enabled(void) { ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; - return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); + return sev_snp_enabled() || + (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint32_t @@ -954,7 +963,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) "support", __func__); goto err; } + } + if (sev_es_enabled() && !sev_snp_enabled()) { if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { error_setg(errp, "%s: guest policy requires SEV-ES, but " "host SEV-ES support unavailable", diff --git a/target/i386/sev.h b/target/i386/sev.h index bedc667eeb..94295ee74f 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -45,9 +45,11 @@ typedef struct SevKernelLoaderContext { #ifdef CONFIG_SEV bool sev_enabled(void); bool sev_es_enabled(void); +bool sev_snp_enabled(void); #else #define sev_enabled() 0 #define sev_es_enabled() 0 +#define sev_snp_enabled() 0 #endif uint32_t sev_get_cbit_position(void); From patchwork Thu May 30 11:16:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680189 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2055.outbound.protection.outlook.com [40.107.94.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D5C317838E for ; Thu, 30 May 2024 11:16:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067815; cv=fail; b=Y4p0Bzq2UXDM+ECr1qY0MF7GLk6wq/w3Klh59RqvX+u+VW3yHCMBGUC8hZMQs84fKYuyAnJ8yxMpzvSpRCjEiWAH2HoEx5RDCDIbiKwhc+95SxUyBCuJwCprEFUUDof3QERePZpyFwPMbEtwAZOVmNSp0j/DO9Kmbnbo1aSfGt8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067815; c=relaxed/simple; bh=X9mT7OqKgqNWJmje2agliALLFVVFg/h+aIWTFEpM6pY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ipI+pZn6je3zPVAxR4eDOFofbBUg9CdARJ77h43nt3araABFCEJ+6zOBbEX1MXbRjvTSJhqpCz23RjJZq7OOX5ULAJ5ko7mmIGE5EC4zbITpHgJWyHDFCMCD3br8hQdPJBuxw9Zi7VHmkF9Z2xC1rVAi9/g5hkp4XnQa+LKm3Vo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=VQvIaYIn; arc=fail smtp.client-ip=40.107.94.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="VQvIaYIn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ONVUZweZY5w0Ch6pc/Q57oJz0XXxAM3SIczszZHURqFqBty/sZg8mvZC7dTucqzzN3EFuG8ri8kDA8CHfix+otR71Tt62Kf8nif672S+SOjS6w8Lu6+qkVKbvrlvFFGjWDPAVWDssE8EtkNc7wRS4W83o0qVpq+Fnm6Z6j8Hq59nY7y1vQJ6lzH4883IKXGsL+kYg8+ezlpynij3DzdHyEx+Xr83iSv4XFa1d8jtgrtQ3VCUW2HySVoKOAaVl8M3GQzOfXfg11obHXB2Jfddk5/PpdasW9GNiKoq9uA4BzXK4tv20MMU/aOVmx8Fdy9tfNeCoiZwe9VnfztofsRJEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mOWWd6dpD8Ld5HGARp+HdJAUeUGLVeeCQLe07SgrhPs=; b=RTdVwl7PsgXY3LBXLtH4bDxNdJCcEtvb74H4NrP5w+lGnpykXJoYxKAIbAFCkpaAKiFRk598LnCt9dRE3BPkplJugI/dc1i9c5+ocPuXE+HWmYy/CA32cJaT1HkHbTmOM2XrROn5hR2okSBm5vaRhGuec+J4JIUtGNyYhZHVPdXV0eswFubofGhhYs28nMHsYUoenlTiGoG2JZSpmMmzWCs19PD8CFRG64FgHtBfo+KoZdh8Bc2oNcgCJz6jf+SkEb8FtQGrSUDrch6df7zFWvmNafJAN7g8H6sD3vLMQsHh+kSoH+HmSwO8dRkA5BgjVIoDVYllzblgMqGhh8/3NQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mOWWd6dpD8Ld5HGARp+HdJAUeUGLVeeCQLe07SgrhPs=; b=VQvIaYIntTnTiiE4i4AMjwdLAfihSMqnD1A+VNRT5Zl1i581OM/Zpd1OH+W6sapvjO0AQ/sJXjwTi6QANJRnKiysIFSU46pcDS//e2wEYpgUgXyooHlkFLwJ2u8l7A2QdajyDyEm2qk9DGLHtgngiDWpWcUYa7+ZToPzC75R0hU= Received: from MN2PR15CA0029.namprd15.prod.outlook.com (2603:10b6:208:1b4::42) by LV8PR12MB9154.namprd12.prod.outlook.com (2603:10b6:408:190::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21; Thu, 30 May 2024 11:16:50 +0000 Received: from BN3PEPF0000B078.namprd04.prod.outlook.com (2603:10b6:208:1b4:cafe::32) by MN2PR15CA0029.outlook.office365.com (2603:10b6:208:1b4::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.20 via Frontend Transport; Thu, 30 May 2024 11:16:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B078.mail.protection.outlook.com (10.167.243.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:50 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:50 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:49 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 09/31] i386/sev: Add sev_kvm_init() override for SEV class Date: Thu, 30 May 2024 06:16:21 -0500 Message-ID: <20240530111643.1091816-10-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B078:EE_|LV8PR12MB9154:EE_ X-MS-Office365-Filtering-Correlation-Id: 7049c21a-8631-41e3-d364-08dc809a00c5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|36860700004|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: ToKYstlZaP5lZ80eDgTBu/Pm75KqoI0CT6Qo20L8/HKH1Whn6AjMNSHr5WsktN395Pg95Bq/Out07yE9AqYQISsjrXPWLhZnDe6WVR0cgJoEcrDYkMelMtnQFtDtdp4S+ziKgt1PUgEpgjwJJYg0eiN1+/sRlK+9XjIAcmWX8kjnEQzlP0BJvH0zrN59BSuLdNYk04kFJnHqtazP1QuSUIyEdQ55vWZP+cyPAlc/Szt3+R/Y/xFqB0CCeYLkczGhqCN27Bu2A8/g6BorI8XALhrFG2N+49FiFiVhXwv4DxvO4LiULlcH5G6uPSxuzgFXxdSo1aB6UkoOG7W5dh8Hu9qs+kTpgbq4eRc8adU7E1MTUIF7NMEgCXKWCRDJJwEk+Wcr3s7XMmmiM5otayOnERijAM5YrE3BBFY3O32RMxMaBkeoquoosxX5+XGMlz4fP2CdbyLM0v5NRFStNxE1ut3WVlFwNa4ReC4N0B0+aEDkGYh6gVcXWimLagn01S93MaDkO9+bb8RikHlx/jlLvJ7ofxYTU6bEd1df5j/WAK7UgIv33Kqi7U7TXqzNpW3/+NxbbnJYItTvCP/Ub2buHJCXC5O9x2aRqAEL0ioY3NCzUyzXw7Xm23YHFfK6ZDAeJRf0y1ssYmaVXM2OHR39lUvOoTtlA8UlAkNBnr+iR4mV4PorObILo5h6rLUxC/lO78M7bvN4DvvD0zDJIPYkAzOHuEV8F2GKehiTopPa2LVfo4Gn0JA8uaalenAA1Z0qpvWn5rbgJ7VgTote9T1Ootx7ih/DZfVAouVBERYrC6QP/N7llvBb8m+48JhNxsRVUilna7XOhWiJLHYxefZ/wlQ4Ujs2sBdd77EOvF4kRtW1O/MeErXOtAzzI920IdchbTwQqdAI/iJtxcVQvuQWoaVnI/L05ejKnIK6KqXPUXWsA5SQsmTYhvyZFua197jm5HOqRTYnCabzqgBFnAk8D0iNksRiEYFoY3BweDB0hkvGxmvSm0FTBARo+bUVapHuNlIKmblTPEnWGw3xDGMfPa8RudZH7cNtcswN/7uwrvL/wK2MieX0dfeRoQdmPPSyDVlgn7VzmYDs/2QuqKGronUakMEAw4TVrP2nY5ag7XEqMOPRYpI8pB1k/Mu0H79nAG8O6CYya13RLwIb2tBBq8KzQx9lwdxCILIbY7jahJLtxywjVh06DfTSwOdpWI52FrWEDrjP7WfvF/MCI8h0W34f7qcCby7ipnm6cQ9GsNuWo8c+ua4eA8QwqSq25xyc7uH1fQ6zTMkagpvSMCL+0QScVRDOdYk7BEzus3h07MYu+YqBLFDxPlu626wbomB2JG5fi2N2K//OJCMqyV7s4gFoN8sz5hngsEQ7VUTQLsqGB1H78xi4SM4tekgzZ7Ss X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:50.5582 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7049c21a-8631-41e3-d364-08dc809a00c5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B078.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9154 Some aspects of the init routine SEV are specific to SEV and not applicable for SNP guests, so move the SEV-specific bits into separate class method and retain only the common functionality. Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 72 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 51 insertions(+), 21 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index f4f1971202..2a9a77a2d9 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -73,6 +73,7 @@ struct SevCommonStateClass { /* public */ int (*launch_start)(SevCommonState *sev_common); void (*launch_finish)(SevCommonState *sev_common); + int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp); }; /** @@ -890,7 +891,7 @@ out: return sev_common->kvm_type; } -static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) +static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; @@ -900,12 +901,6 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) struct sev_user_data_status status = {}; SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); - ret = ram_block_discard_disable(true); - if (ret) { - error_report("%s: cannot disable RAM discard", __func__); - return -1; - } - sev_common->state = SEV_STATE_UNINIT; host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); @@ -919,7 +914,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (host_cbitpos != sev_common->cbitpos) { error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", __func__, host_cbitpos, sev_common->cbitpos); - goto err; + return -1; } /* @@ -932,7 +927,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: reduced_phys_bits check failed," " it should be in the range of 1 to 63, requested '%d'", __func__, sev_common->reduced_phys_bits); - goto err; + return -1; } devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); @@ -941,7 +936,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: Failed to open %s '%s'", __func__, devname, strerror(errno)); g_free(devname); - goto err; + return -1; } g_free(devname); @@ -951,7 +946,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: failed to get platform status ret=%d " "fw_error='%d: %s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); - goto err; + return -1; } sev_common->build_id = status.build; sev_common->api_major = status.api_major; @@ -961,7 +956,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (!kvm_kernel_irqchip_allowed()) { error_setg(errp, "%s: SEV-ES guests require in-kernel irqchip" "support", __func__); - goto err; + return -1; } } @@ -970,7 +965,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: guest policy requires SEV-ES, but " "host SEV-ES support unavailable", __func__); - goto err; + return -1; } } @@ -988,25 +983,59 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (ret) { error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); - goto err; + return -1; } ret = klass->launch_start(sev_common); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); - goto err; + return -1; + } + + if (klass->kvm_init && klass->kvm_init(cgs, errp)) { + return -1; } - ram_block_notifier_add(&sev_ram_notifier); - qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; return 0; -err: - ram_block_discard_disable(false); - return -1; +} + +static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) +{ + int ret; + + /* + * SEV/SEV-ES rely on pinned memory to back guest RAM so discarding + * isn't actually possible. With SNP, only guest_memfd pages are used + * for private guest memory, so discarding of shared memory is still + * possible.. + */ + ret = ram_block_discard_disable(true); + if (ret) { + error_setg(errp, "%s: cannot disable RAM discard", __func__); + return -1; + } + + /* + * SEV uses these notifiers to register/pin pages prior to guest use, + * but SNP relies on guest_memfd for private pages, which has it's + * own internal mechanisms for registering/pinning private memory. + */ + ram_block_notifier_add(&sev_ram_notifier); + + /* + * The machine done notify event is used for SEV guests to get the + * measurement of the encrypted images. When SEV-SNP is enabled, the + * measurement is part of the guest attestation process where it can + * be collected without any reliance on the VMM. So skip registering + * the notifier for SNP in favor of using guest attestation instead. + */ + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); + + return 0; } int @@ -1405,7 +1434,7 @@ sev_common_class_init(ObjectClass *oc, void *data) ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); - klass->kvm_init = sev_kvm_init; + klass->kvm_init = sev_common_kvm_init; x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "sev-device", @@ -1494,6 +1523,7 @@ sev_guest_class_init(ObjectClass *oc, void *data) klass->launch_start = sev_launch_start; klass->launch_finish = sev_launch_finish; + klass->kvm_init = sev_kvm_init; object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, From patchwork Thu May 30 11:16:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680191 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2079.outbound.protection.outlook.com [40.107.220.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35F5D17995B for ; Thu, 30 May 2024 11:16:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067815; cv=fail; b=m/Apb88I8R4/PRcLU5rM0fLQEFK6YKS11Fcn70MtRXewLZVaRaKrRz6x27y85439RRSsZO9yffOuia6+gfVO3iHkCHn3R1HnrXJF6f1/ufdmcJXYkl2qD6AeJMRzO3k9Fv5D5MXoeQsAUkodZmLTyFdWckI9MiXUsJ1nyIINzcE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067815; c=relaxed/simple; bh=hNDVXJ3GxTp2Tb0uaTF+W6xoB3fjltQ1xxyHu9eAWtg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=G3GxiVDhI2PckJcDPHI2LJQDuOTw4Ar20e0UknczkZobtLPoemSH6aHkn/1yHN8PdAE3kfGv+a7VBsvnhUao5Ip+8cMIr/tu36VyETPPOIkoQ5FxwQwriJPuPnnv+z/TjzAnuDHwdX7Jzsp/DVjvOPKmGK5152djK3AgcW2U25Y= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=dg8k5c5p; arc=fail smtp.client-ip=40.107.220.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="dg8k5c5p" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PnI3RY/7vkROxHND0obO27yBl58Tj4AcEB07H++B+X+oNS0LQaNiqvh4/pUGjcb+PYi0aia5CY32/NJMzuHPTccNJAhEJyYxr4in2iNV4MxSznaXJMrlv0EW5klhDiiUlDxHqkPSTVrGq7PL4DW0q4rqbjYEcAwWJtVYPvpuu1QGPM4VkcXRma7xMUYa6gCdn6ZDhRL9BdF5iH58Ps+IBgW5YBL1T6WW74QM8PdcTuAj4lW/yhoDZ0EGtaS8TWpLRvD1QvEHodgQ3cZQgFRQVZsU/KUXznxU9/5jipUv+AAy3do5p5XA9l7DhSerQOrODAPMVkfpWr4TeiIAPd3oCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BJ6SNAB/eiJuKzZ1KSTGlcuvPgGATe/M/aAx9u1UViQ=; b=lVyQT7mI87DvLfKVMJjv8fZt6HDyUnIdZSqfa+kXgN3FipUVsT9VkuvtIZmPrdUukUNC3h3p/qEJpBw90D8+p128L8fcPd/f8hD0R+2LtdLP0cw1WgpBZDxXZbfXqLH48b23iprT5DbRb0dvvTLbXvOa1TvbyIdDNXuknIY8HwmDNMu4bonQJaSYIUAD4MzM0NHh4b1IGsBvwTIviAjCHXoM3ByrWWLsoX9sLOvArOuafwBWWnt+/29ZFV2ETJVn0NIRDmYgLD/U5OXFKNDcbvkdDDUpuvML6fDr7HCdkHFq2cuL0TBtZJSne7AbhSu324J5TFtjP1BbkzoL6AmkAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BJ6SNAB/eiJuKzZ1KSTGlcuvPgGATe/M/aAx9u1UViQ=; b=dg8k5c5pjkLNZNI+lts3UtPRZpjAKhfMHBWorRuBsMC/+xy/BG72SxRIV83ohPufMlkR1Ou0d0M42Sc2HMppXEMwovcWfNDLvbCVXlO101sUMGxDjgZikwIbDSelZ3lApj6ZycrMLZIre35m0ZSdexNwSQqkNdrlenIu6h0K4YI= Received: from BN1PR14CA0026.namprd14.prod.outlook.com (2603:10b6:408:e3::31) by IA1PR12MB7493.namprd12.prod.outlook.com (2603:10b6:208:41b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21; Thu, 30 May 2024 11:16:51 +0000 Received: from BN3PEPF0000B073.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::d2) by BN1PR14CA0026.outlook.office365.com (2603:10b6:408:e3::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:16:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B073.mail.protection.outlook.com (10.167.243.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:51 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:51 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:50 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:50 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 10/31] i386/sev: Add snp_kvm_init() override for SNP class Date: Thu, 30 May 2024 06:16:22 -0500 Message-ID: <20240530111643.1091816-11-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B073:EE_|IA1PR12MB7493:EE_ X-MS-Office365-Filtering-Correlation-Id: 426e4472-446d-49aa-5223-08dc809a0148 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|36860700004|82310400017|376005; X-Microsoft-Antispam-Message-Info: zRvVRdKhKf7Lsvk7azx2AfQ9B8veGJnjLQLesAViWCtxZ/V+1NtQ8sb1jc1MlsZ01gNtpjq8SEHRLhcnYMzzEEsE6lNNXAguSoqXKMMOuu6r2dMF6x04RYVG4GvepaxiE2kizKaNljUijv4aMO0tGdjfA+5wZzqsn2Hy5gvl8/ZDMGJo0NuTGLQsdrk+Hvj3PUbXsKfOXz3OaiaXHaTsGReVg9A3OtOBsCKdynY9O/YWTRpw2sc1kiZwF9ZZjYNKvNt+0vtgOBcamuK3RMyQcFu1MbHAn5DPCebZWO6JcsWLzt2pvSqrimSZEUIwrgJA1wOc5A+PQJcONk8Ab6UbyYH1gKwPDg79F3/sjGVEyrSlE/OlAtYzrQKM89t6H8mIqFakMFSIPZMH/kEzXz4Vp2dydy2QLynhBTXpJbzm7l3L615FdWjcJ9Oq44Z4jYB8EhZeBZemLPI0OwawoT0LZmmMsr0w+Sik6Kk8GTWyzwcidOgmFu2ZNdi8duls0eN97jGHW1zVs/xojiCqF8yFD5C8Ssk5Bsh4UwZKxSzh+Riph0vCGXpV+EzJkmrswDQ/iphFsMxo2k7TxVWT1ZTfkPmLNE0kHAUca8h93bZU5GOh9CEsxC0BJKWR3iZiRPIvEiTIwe4XtEDJ8ufmfgnz7BeTRd6Xw1ld3kjjkWJoukohXp0epUAS2K5Imq70XW6tXpFxrWzQn6x7/19+Yr3qbu4VcYjBC8WQdrvZMBFkq9E47qYNRkPzCVkKzf//AlAkbk6+1XwjxwFZuk8j3sdyo3dcrAEIYFqBNb18LuiETLulvIYeHP2OkfWENiRHSpJHrBQemS5IcXawYqC4CHhxJ4O2NolmCcjKQy3wPa14ZwfYJSJjVjI7U9tVe6QZ5Lnfabxg07/rCftkdeTgSAk54Q52VZpgUPJrheaa5HPajxARa8MGa7HWaVRLhjLk4OqTggpejHQ5OMstdD2v3TkBhyk/h68hUK6pa52BEN3Xr8Bw57LMX2b3TAmznYHfRcEubc3sQgOD+sYGQlD07cBDpZOfu2T212vXq6NG6PWCBRcbgSsWWQfaU6oTx1wBhmFiqZTxEDFqC7pOhX1pnm8jZyuT7u0W5PIagkO6+YAjLHbw7KJJ9xGbPLiotWMP9GW6Z9+uhIyIw7fBfGFfGU1mJymhCV3qZ2dD6XImd6pumiSHTo6bVKh4W1QoNW52vToPrpr1v6paGko+Kj0QMqO0WEM7CfFRJn8hThS9Xr7cX0+0qWVzW2OS6rq+LWoMOOZcMTY9HVpFojWz6uCrUCJZSrAMT8R7onPHxwbRsCU4rVBOk4zJ7sbV88HTCxn7LmBfbapRvLujP9ZTP9EHlIrHq3RWXJ6OUp9R0b8D7f8GKAwri2HbYIfYPrZPWmHOC5aP X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(36860700004)(82310400017)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:51.4134 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 426e4472-446d-49aa-5223-08dc809a0148 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B073.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7493 SNP does not support SMM and requires guest_memfd for private guest memory, so add SNP specific kvm_init() functionality in snp_kvm_init() class method. Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 2a9a77a2d9..56c1cce8e7 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -893,12 +893,12 @@ out: static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { - SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; int ret, fw_error, cmd; uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status = {}; + SevCommonState *sev_common = SEV_COMMON(cgs); SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); sev_common->state = SEV_STATE_UNINIT; @@ -1038,6 +1038,23 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return 0; } +static int sev_snp_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) +{ + MachineState *ms = MACHINE(qdev_get_machine()); + X86MachineState *x86ms = X86_MACHINE(ms); + + if (x86ms->smm == ON_OFF_AUTO_AUTO) { + x86ms->smm = ON_OFF_AUTO_OFF; + } else if (x86ms->smm == ON_OFF_AUTO_ON) { + error_setg(errp, "SEV-SNP does not support SMM."); + ram_block_discard_disable(false); + return -1; + } + ms->require_guest_memfd = true; + + return 0; +} + int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { @@ -1761,6 +1778,10 @@ sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) static void sev_snp_guest_class_init(ObjectClass *oc, void *data) { + SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + + klass->kvm_init = sev_snp_kvm_init; + object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, sev_snp_guest_set_policy, NULL, NULL); From patchwork Thu May 30 11:16:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680194 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2061.outbound.protection.outlook.com [40.107.220.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB4CD17D352 for ; Thu, 30 May 2024 11:16:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.61 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067817; cv=fail; b=ImM6SA/PZ2gpjTbING8mOD1PmEpu4B8sy3ibiEt2pxssB3qBu4BW40aBwjQPkuhDXLCzFE/RTQV4j8mCEE6kZQzhvOV0aQl3tQ/NtHzanLP1E2dLb9f4LEFFHjV0Tu+p2xTHfqWUIIns6csfmDdUi0tCWDxtY/IWUZstUwXdukM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067817; c=relaxed/simple; bh=c1AsHSIIktY1He0MY9d0iEsisJPhm9awDodNLQJ8VWk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OuZ1wngv4bFEFwEnlsnyAJYKWxPoIiy42j6SobBivgnfUXQuJIPI3h74CDymLGJyBENjqN1tFfFLpjeZSJPblyfHkuE48bP5BEt7u0tzvhFbgEzEK070otpt26DTj8YtGIEgMUhEqFE/0M5N0QYiCPMCc7usqc77qbmlA27rPzs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=eSCo7WVY; arc=fail smtp.client-ip=40.107.220.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="eSCo7WVY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SioOTpnvwdHphJ1sp0uHuuWbfDb/sXyY48L6m84zyGTt85e4A5ag/khSexaoOuqPuZoGutK55SuzYPwPO7in8cihcZsPAmrBAaPDbJ7xgGvyTYKxsBHy5ubcXa2tNbXqO6dN99DWOln55nf/8Zo/6yRC75tiRpprjUxKZekS2o9Nl+ces4CrAVEDJl+fHRoEZt55Di3ksCuRgZwCmgmpdkjk4zlmNciqsuBw3F8g6jpNxMM2fIPq/rKXf/A7l8ViOSsYnM1iSbZNTn1ES82tSGjeDlr/b1oUKbScz/yQWKxz7x1QK7WquCM4bfNJWFndIYsTggNNosSeZ3YOeoiM8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0MUj7HUGNMWagF8RJh+gApWGW5TbAFgo1Owe6jlLlh8=; b=J/d4+85NR3EYquQGaLQ9KCJBYpRB76xT0GMqYDpOqRHGeLvuAvkbJwn4fh2n4L7HSSuwrMj0QsRPW+SD3D4L9MvckYQ+osr+pIm/FANd0PH5fS/00+zxL9G4erxbTJl/GdT3U1kqLzV5XNeMweNLp+UcTkBmeYdlD8dd2AFNv25y9JEooMYUGrfpdR0vlEx2Tly0o3ncpZFUXhz9APoe3hxqG2y5CUMOqO/+aiNuaj8lCU/Wt4tSLmjFLuIeEctWXm71nxbL66/x4b2+/TNLqVAqVz2Nm/ZcLqAwfhUOK2us/J1ws3LTp91xUBdwuztiaUgK8Uf0ToHsDHtsFr0ROg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0MUj7HUGNMWagF8RJh+gApWGW5TbAFgo1Owe6jlLlh8=; b=eSCo7WVYKyuIZ3R7KjHsLlC8PVii4XIVEfwUryrZ2HGgT328qsc8f9uNPbMwMvJKOWoCpn/cmfY/+4uH1ZvrIhNtpOUwujjo1CSy/DwUT7ytv4HGFqiTslveJysWpCDcX3vdWt6EM32Rg3Ul8XImOje0OYVPKqEACawp3SQ+MMk= Received: from BN1PR14CA0016.namprd14.prod.outlook.com (2603:10b6:408:e3::21) by MW3PR12MB4476.namprd12.prod.outlook.com (2603:10b6:303:2d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30; Thu, 30 May 2024 11:16:53 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::28) by BN1PR14CA0016.outlook.office365.com (2603:10b6:408:e3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30 via Frontend Transport; Thu, 30 May 2024 11:16:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:53 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:51 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:51 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:51 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 11/31] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled Date: Thu, 30 May 2024 06:16:23 -0500 Message-ID: <20240530111643.1091816-12-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|MW3PR12MB4476:EE_ X-MS-Office365-Filtering-Correlation-Id: fa116370-f440-4c39-5fc0-08dc809a023d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|376005|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: ZPh7fvzv+MlEoPZ+Y1Op4PGot8xx3x/IJMq/VlpyVOsKwMAEtpBM/ENFcA1rQpznHNrKkvQrAhiTqKfk7L9nYE8a2+wtnlqieUW5zK0r53r17taQxGkgVVPSMqcXd08UaZYZMV0hDIDHYAlupZ2/I5MAgZ9UQPOguom0w2AfijA6M8uhlTNWcvZBuBBEfvlpZrI9R8nSmA70haCofjKcnD97RAsb6w0snIREoIF3EhEb83U2Jnmmp+mW2oK3lIVfNkB2BFk0IotIgx6SdweDvulsV4s5x9lYjHQypyBqtPYvDTXPEdnyKgFCg+yjPCTIJW8v8DzuxUgO8pG/E1UOD1/3Ov/8X2OenfJ+ZbCatquThROw4EsCRcC/00fAt3fHUKlLPquQAW+vsuu4L8ZJwDx355rUxTYyGANjUBCTMlhpKhI+ECd4oAoZRPsdX9PTRZXeHTUS/ZHmwlx7Tt1CkdYcTUvdqdcjJK2Y328y4BDm0yysRBNWFC5jAovhp+3q47QhRj4goWixa6VEdV1J+X4yEKG0srZzsk3GOuWaXObc4nsSNsGodqc0Qx0VnSzYQw56diq0481DZOw6cvg+BqhsH0pn2hSGvbUhlcNxwmOW9lxeUNXa/yWIAMk+vrWm1/jocAmiumOmXXOGXOahRGUbnHe5gEJB6bboLwDm3hF4JEvHkEnRFv/BdUUZ1QsuXs7b7IpNz0El4Cdbxv3mr7q1Pd+c/3a4hTf3OlXevGubXGWTGKFQlihdmIxsAmpsjMxKXgfXrV8AAGz4LXRD+qKvODoRjzwCRj2W/Ps9f8CFB+XTcPcmhU6RQryzOyZ4cS3BodHyJQHlSsAuEJh0KtOiuNviOYgLcAxZASbDy8pI4AdxCTg7Q6np1G+rJOidlCAY7Rz21OI8W7YwPFmRCHCTx3TVskzE77Qacgo6EyEC4QeDkcsfAKhrjrzsVTIdECMh+RCut/rlsgBterO6H0po2ov9iXWsEsTVu4ALygzPQc/ObW0WJsE9VpQ6ASkuYx7lUlB5g7ocOkdu8nuGlFkz0VrXOfmuYYo8e07SVlHxX0lbgMotjVK0LuENcGSj4SGMdd3GYn8Gpndm3tUfsyP0W3KTUC2jE/l1IsvrLp9TCFHSUXR1MrwDHBcKuGYxXinGgQCr4FDkRjh2P38ZFwlMpGnqwBx+aBz6CGyz9bCqVstR9mEjwhl7xOQ8yzTb6E7P2wBVvXzkVSkR5MiMgV9pBKcMkhgFtar7TIkJGNwyraNs/pbEvKDmHiJjRMi25PKREtrr3eSIGKJoGKewMK6ILL0Ak+abk0BbXy33giKrBLE8ZWcUxdpedAOrYoevNXPJ6t3AkYRsMWLyvsOsoTYvtwRa5M9QJBQrmVzliuJro2jUWJNQk1ILVGGL77Zm X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:53.0350 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fa116370-f440-4c39-5fc0-08dc809a023d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR12MB4476 From: Michael Roth SNP guests will rely on this bit to determine certain feature support. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/cpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index bc2dceb647..914bef442c 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6979,6 +6979,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, if (sev_enabled()) { *eax = 0x2; *eax |= sev_es_enabled() ? 0x8 : 0; + *eax |= sev_snp_enabled() ? 0x10 : 0; *ebx = sev_get_cbit_position() & 0x3f; /* EBX[5:0] */ *ebx |= (sev_get_reduced_phys_bits() & 0x3f) << 6; /* EBX[11:6] */ } From patchwork Thu May 30 11:16:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680195 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2045.outbound.protection.outlook.com [40.107.220.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5877E17D360 for ; Thu, 30 May 2024 11:16:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.45 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067817; cv=fail; b=rZgJoJ4in1ZhWY2U2STz5pgZd9/ktP3lmRWOFnXZAVdQsPiiweN3cI4VbpJNFWZRU81BcFhFsH/nWmuGyyFIfmKGm5fZ4/UbN3qG/OWkVkzUBoqeIt3FXTIdONq0emoRMIzhIhSoLDOpUubRcxDYKaY4N1th/hGSlGyE8bYMflg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067817; c=relaxed/simple; bh=1csCMpSizQC8cnN6JmwQsVuT4QpuHdTaL/BLCdXC35g=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=T0nhP4aEOpfiYSK2pc+5qiUwjNbSYUUAV3CmaxOOuI1MR0K5q5KJmqcdaiRlu/Q/+wgfXSjyfMFCpKMwWkbHVAlnagUevBk7PVXDahPwMBLdlQHm+YXIoVERoDafRznArwYHjwAVlch7RnnOOppZfbigEmRFHcplrzxastQYOmU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=LHM4H884; arc=fail smtp.client-ip=40.107.220.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="LHM4H884" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=htMEP7GVG1NHX069QoTwyXA79Oaj64/Sjghw7buP0i5Xa7GjdX6tTcqb+y+VEmHsWXWUseEqe9YkpbDQVSV8aHpT1P5bALrPcJIM+rssRqIhqTn9xzL6jAqx8e7wAKBEtgChe0hvVV8FxZOlUC9asBOD94YVOy5kB9tSzUsL5TO5xZW48R39bQlL6yeYQ+Tb4rK2s2i4yatHOsX34mC6Bl4eT4ibQgd2veJ7hvnpkgA/zjbUtOaNfZ9zAb9qXlOYsInE3lsDE8Dh130qlUzy1i40uRxp55lgPwOPJ9UZkhEZqgwLah6WMKmzHdFlPKKIoOm15Zm8QI/iGq/WICG9EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R8S2vaPBh5th5l3Et1gtUJG79iJKaMlNF4hxcHHq+8o=; b=ibZUFv2ibvDi9F9YtEVjN6vORbCEWlFxg9De8nq8IaV/g2OGsLXG2v5kbfy6Qcfx70KwyzwwoZIZ8ksyym1Sr6G95HPw731qrHg0lIB5ALb9bta5pPJ0xB+TFf5FSs3twjgnOlGH0L1Aw4gP3v2/7G/ECG0W37avPFXUIv+VwoUJ1+ga2VL4DCtL3tRasZuhRMiSCIzsm1DM1WTrG4ospuKD6LbH0+62oa4c+eqYnTplUZBUrDqeWYOK1/G7py9gVj0yLKNoqUkp2ak43xXwFTkBjqEO1O1XwxFKzjBGQD4JVrDyoyo8g/aYKBwPjQTIsSZXZTmexj9i+oc1wK8zDQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R8S2vaPBh5th5l3Et1gtUJG79iJKaMlNF4hxcHHq+8o=; b=LHM4H884Ryr+37Nm3yp1PEsU2dMW4RMiQzOb/2N45KEDxd3XuLm+MeyvJN2HmtRcUfUDvo3gT9P0SaV/ffiLv252fnh0N9l1Fc3iDwANwqQ5QyQ0RjgeU6sSYyMDaRwv6FF6q7U3QYcPGb2xZR/yRaR3hywgP0RMEG94bMsLhkk= Received: from BL1PR13CA0098.namprd13.prod.outlook.com (2603:10b6:208:2b9::13) by DM4PR12MB7501.namprd12.prod.outlook.com (2603:10b6:8:113::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22; Thu, 30 May 2024 11:16:52 +0000 Received: from BN3PEPF0000B072.namprd04.prod.outlook.com (2603:10b6:208:2b9:cafe::58) by BL1PR13CA0098.outlook.office365.com (2603:10b6:208:2b9::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22 via Frontend Transport; Thu, 30 May 2024 11:16:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B072.mail.protection.outlook.com (10.167.243.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:52 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:52 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:52 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:51 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 12/31] i386/sev: Don't return launch measurements for SEV-SNP guests Date: Thu, 30 May 2024 06:16:24 -0500 Message-ID: <20240530111643.1091816-13-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B072:EE_|DM4PR12MB7501:EE_ X-MS-Office365-Filtering-Correlation-Id: 5047e8d4-ba08-4444-3f6b-08dc809a0209 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|376005|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: rFrZXlhhUFMoR9zEcfqrNzdfPw8tu34mlzWbyklJRag8PwUTS4gqViOzmzBqY1ezlSiy1TJwwVs/mAnC9F+u2Bdc+2okAjPzMaHYMNrH5rpgTJlPXHUtvIllr5sJzdW29a2az1sn7Vn4GU+nkvygs+a6fFk1YQI3UPoEhalSKOrd0dw4l97PfeFt3VFX/VYayut6+OBHJRu3eGGagLPkD0EEicMG5G7fORWVTh2MqvsYtjcK2x5SW3gDAq2ikjqI89dYMb8J66CnyHFB3OYh6cOHUf3hrdMPd/G67iXqhtOelDj8CxJGLv0InTtlhkcCYCPMo7PxGLYtLjEqs3CAqnmP18wY/Xhw8sptQwd12q6r1+md8ZFS7C3Ukuah5R9XdRGH5vOMCaMZV5ukD/jgQfxr3gm/R36djQnz2QbSmdNUGqhRu+bFkvZ4rSqzCvwxCbCbuxrUBlYNokMXhKwm/hFBpi8zA4cipPvToutuHXR0K1Pp3kWanEVjJpo8zY4kfx2ckIflWmmYPhqxXv3I75g5VfBZKjWUCvt+Itke/4SROOLZqBsG7PM4NhWlubDDUdW0JcQIF4vDf0jdUZB1f0LAlZ3Y9Wbjj7uYdXHhliFBApMdZ+gj207Oxw/KzhtD276ePUf3sYWGpWnov9/SGcILajzaCUUb8U0Y1/GowMjIXm8pAKmtKMsFB4KMKSR1zo1LyYHJKcxUDo7Zv93Aoyebz/dyanaGtEDic94xaLdB8ZCSVP8oIlwIVmPs4lu9y3P/C4zvpwQg4Zljf2/8EL45MB3eWxo5YndRSMG+zTVmRIY/Oqv2HNt5YQq1BD1bPphNV/D8AZ3v+NGeW3eCh5RuowVcpeIKUVZKtbR1Fkt75HK9icNJqgSFApAoV6isGmrr1eBMM7J/p+3K95n5K3KYIxiMd/fvUF4gUQe0rNToiA0rg8h3BVjUXL4AhlE19fpZuQFH4XJCAupF3G/NyAxQM+8PD68MS29qwhwSiMe3XWdA+hvzQA3KXOs6deg8Q71wCDOhpvw6uqlQa2UUltkVUdKNgpdtWCW94TmnChbBb2nZ+Y+1b5AmMxpqcm8I9NecEhvN7DqC6fpFka9EVmIW2dJzpvvzSZHHpcwOO6IldL3+2IBDLoRCUmDfGzrkk2riI6zNMXevOlWyre7Lnhtv2D/iemAQ68Rl8gdK2LxZ+Oq02gGPVZRnTiezNS5WqooMnu/eQ4SmZUEgykJyIl+N/vtGm2Dk3+jp1ts/ZqA1WuEYmwu/VtXjRnfpsoYm81JPzn0S4V2Gt2laWFHYKMoM6FdNBSWy0hef7DH/97P74o4Xa0/qK0i33djAU91S36O1g6MhAX982B8hYZgT8smhOPos2iqA9t4ZrNuKCcCV2bT4Jp/E95ZUbvqhzSwI X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:52.6934 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5047e8d4-ba08-4444-3f6b-08dc809a0209 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B072.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7501 From: Michael Roth For SEV-SNP guests, launch measurement is queried from within the guest during attestation, so don't attempt to return it as part of query-sev-launch-measure. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 56c1cce8e7..458ff5040d 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -803,7 +803,9 @@ sev_launch_get_measure(Notifier *notifier, void *unused) static char *sev_get_launch_measurement(void) { - SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); if (sev_guest && SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { From patchwork Thu May 30 11:16:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680196 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2056.outbound.protection.outlook.com [40.107.223.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E598171658 for ; Thu, 30 May 2024 11:16:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067817; cv=fail; b=L4NK9dv6q8hc3ak/a4nF1zU1VsRo47gjZ9cwffh4Vhq+++0NIpUi/uz/axSBaOySEQgFZz9H8NSzePLK8HMBBO8zh2dq5tXKd1hi4w8zt3f+kbm4y/qhvPq7CkDeZhXVCmb/nxdD8wzen+42iZxE3G4IRPcaBWrfq62dE1M9hVE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067817; c=relaxed/simple; bh=5aZt+CHlBJLu84arZWJL/fAUg+05ZGyWQPlwCsGfgq4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lYnlMARny+rZcoezWHRoSgvybZyb7MMujN7B4hfOoMBDZsViM0R677B+ZnxnqrXwOv9lAGiy1rXGOE5/AW0Xa3EE5iJQa8bCLnBaUWOVLQ/t8BaGK703UxqFEvox3j0L9mlrDOxXulo+94mcBYWvj7/sWhFYl0u+5l4DcFI/YcY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=V/zkpIDV; arc=fail smtp.client-ip=40.107.223.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="V/zkpIDV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fmOdtJt2gRyCeg2vfp4TTZB4sgev4CkAzFJx63V3IWjVvgDHRvkIdp0oNPZxPA1/eGO03w7BGKZY463V0VUvJdlCHJOnrpoi+R8jwMroyUngq7OtvOE87IQc4TFfCrK6XEnNeEZKP8Cekvo9xEkZFykXHMBlUIyt/EUwrDQilmH0gtVHhDI81T+OAuVTa5f5zT3NbbijUtg56MHOcWM5A2yviI6LV5Ml+p2VQ+9j2SnMaREvjDTyo1mR4bNgenAJZuP2Sby4hmxsEroWQEvgsFShtExtNwLwTXRJVkDVY161VtYcdFkUP3sTTduHxevhOcrA37Y5k4jxrkfA1plLzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jPt2T6cryWo9KjhitSay5ciELP8aw3+zeHDLWWGJf2A=; b=dyxfglWpHJPzHg50hHES/aL8UdTwMW5Udcz6hlGHi/VbRVnayYn7yIrf7a0joE1TvQIcV5Pr3/y4ah6lAJaK/Y9pxyrrlYl7UVkboS+/0kTeN9qn+mR4wBBrPM19PSn/ozJ/gNRPDP3jNRtDr7zmAgoysRRoquOzECV44E94Yw85xA9AnGdjCRimh5t0Hc+J5WST07mg90joalW4AY0EG2NZmZLytgI6Pnfcumi8Qor+8NDsn7TpIbSRmb1Q1pABvoeIZsdLt09zdieOgud+ZeTEvOFdQmJWf86FIWN4bFYzpMgtPwLqEMEm2V1suQDLv0hUimwLmLxM6NK4sScNfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jPt2T6cryWo9KjhitSay5ciELP8aw3+zeHDLWWGJf2A=; b=V/zkpIDVw0/MgSn5Z6d8H5L1J50UElIqECdrhQ6Ch5DQpJrlDBJ4FXKNRrjY4AINKu40TKwliqx+0vaUcKm2C7292laXT+SPLPjxq9FImmaIcDmkSsLhWcBC7VQypWQh1RE84I9GEpI79of1csjEpPJ7wn0SJR+BxFbkQ7jffWQ= Received: from BL1PR13CA0112.namprd13.prod.outlook.com (2603:10b6:208:2b9::27) by SJ2PR12MB8009.namprd12.prod.outlook.com (2603:10b6:a03:4c7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.33; Thu, 30 May 2024 11:16:53 +0000 Received: from BN3PEPF0000B072.namprd04.prod.outlook.com (2603:10b6:208:2b9:cafe::ac) by BL1PR13CA0112.outlook.office365.com (2603:10b6:208:2b9::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.20 via Frontend Transport; Thu, 30 May 2024 11:16:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B072.mail.protection.outlook.com (10.167.243.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:53 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:52 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:52 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 13/31] i386/sev: Add a class method to determine KVM VM type for SNP guests Date: Thu, 30 May 2024 06:16:25 -0500 Message-ID: <20240530111643.1091816-14-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B072:EE_|SJ2PR12MB8009:EE_ X-MS-Office365-Filtering-Correlation-Id: f4bf1467-3181-4306-1595-08dc809a0240 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|36860700004|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: LP/HBjsh9aYyauFMNmFy4uLVEgmc3/S/imfQxSCt7xCQ1wxBU6SRQMfOj7lcisXhMMO6ppmvq6FxbYYJ5Vv+j68Xyu1npu9SrDOJPNJhDPOuHK6zd0e5GfZZpZPPcj4rp0wZ16Lb+0HKadk9ihpRTn0nWr0KNC1fGV+EuKLZ17MEJhEoWxStgqs6GPPZj/kpGDefwE4c5t+Y6RuKQpcx20zuj5HvrmUPe53emnJ2FkwMi6a07eQvNtxvNPwxtXdXNNGBRDhxR90vwezDmVTHGbhgorjVJNBYeKPV2HvXrV4UTVrmmDX1w7c/cLcuip0oDzcQl5VBpbHyQgTLwpf03E9cuHgFlIm1y1IzmztcutnH9hX+Y0Uf2fKm1LlVEGj/7LnPRJSOW6UdqNVNsyF3aDHqOGxdQRKGoXh7KvFEB2tS74/ob6+gIP+82HTndUXARyZt7+Y0D2haNYR9CLpTS726ADoh02QuJtD1y+lQZtB8gt2aQfBcdkjBYfzMC9MCFhP7CczYvUUaTdSa4h6CZgdEAC15nVHW+bndkKkkBhpySwOQXre2hMRwB9ySEWV/dQB4GDFlJNxN+A0S9bAD/NuT48lM6H2mvEVRAf8BWzpoLGc9Ebuup+x37EvLF5WwhIPNCndyiq75kd57fDpI6ZSbLMxIZw+AQJNR43KZPcaS5M40WvNrOoCXuQbqFOfB2ZK95ZQcfhbxbn5R1aa4xDdeeR1B/WY+9gEwwfcTdIFArMxyChtqv5tTYQ9265o9rw+1wX32PO4FysNNkz0Wy7Q8oJx0WW04qeDPwciVu2Tcfp32P+f84j+OUZM19BCUrMp7eTF1V4IpfoqfCyUSHq0hMYHElZyDeQc0bL4wo8d1FWTwUUsgiGjvnx/DQeV9PNT1XJFZW1e7ZBOZgyiMzfodQB2T1qSoJEd/9QED9MXL0p5pn4IT8TRTSVnceHblQ5ODIxwzGlt3doQPhsAPPP63lrrwVKK7aB0rMAeT0SddiL9sLYB0zulaZuQX+dBd9sgncJ+eBDaTN2oyE9M/j0NYnFRDAu9z8k+oYEdyBjzWWkuSQ0YhNxdIFI2jysxtSOiZzJ3ssy/rd8TC6For/qujV9L2lKsMy5K2oAQLf2lOIULroUjEXWwwSYCHNjB+sgqwwgjiItAzsGQPe9IR/HQE5es7kbauvpL3UsvFHS17KEDvtmkdp0xGJ5Dd1TtwvTWLMcG9ueYXMAC4dToTqMQCap2jwTIjTpFWnV5tNqfmtycMJ9zGb74fZAp+QClbU39nvfBS2cbHz+8r1IcekhwyKYfP8j49MnM0M1+fL81dyfSYOWTjTiUxjU3M8ynPNv8yVhYY4WTwf1SsHTD13Mii0sZTpHR8AVEHui5CPno= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:53.0372 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f4bf1467-3181-4306-1595-08dc809a0240 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B072.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8009 SEV guests can use either KVM_X86_DEFAULT_VM, KVM_X86_SEV_VM, or KVM_X86_SEV_ES_VM depending on the configuration and what the host kernel supports. SNP guests on the other hand can only ever use KVM_X86_SNP_VM, so split determination of VM type out into a separate class method that can be set accordingly for sev-guest vs. sev-snp-guest objects and add handling for SNP. Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 458ff5040d..8ca486f5d2 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -100,6 +100,9 @@ struct SevGuestState { struct SevGuestStateClass { SevCommonStateClass parent_class; + + /* public */ + int (*kvm_type)(X86ConfidentialGuest *cg); }; struct SevSnpGuestState { @@ -117,6 +120,9 @@ struct SevSnpGuestState { struct SevSnpGuestStateClass { SevCommonStateClass parent_class; + + /* public */ + int (*kvm_type)(X86ConfidentialGuest *cg); }; #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ @@ -893,6 +899,11 @@ out: return sev_common->kvm_type; } +static int sev_snp_kvm_type(X86ConfidentialGuest *cg) +{ + return KVM_X86_SNP_VM; +} + static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { char *devname; @@ -902,6 +913,8 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) struct sev_user_data_status status = {}; SevCommonState *sev_common = SEV_COMMON(cgs); SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); + X86ConfidentialGuestClass *x86_klass = + X86_CONFIDENTIAL_GUEST_GET_CLASS(cgs); sev_common->state = SEV_STATE_UNINIT; @@ -972,7 +985,7 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { + if (x86_klass->kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); @@ -1451,10 +1464,8 @@ static void sev_common_class_init(ObjectClass *oc, void *data) { ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); - X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->kvm_init = sev_common_kvm_init; - x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "sev-device", sev_common_get_sev_device, @@ -1539,10 +1550,12 @@ static void sev_guest_class_init(ObjectClass *oc, void *data) { SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->launch_start = sev_launch_start; klass->launch_finish = sev_launch_finish; klass->kvm_init = sev_kvm_init; + x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, @@ -1781,8 +1794,10 @@ static void sev_snp_guest_class_init(ObjectClass *oc, void *data) { SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->kvm_init = sev_snp_kvm_init; + x86_klass->kvm_type = sev_snp_kvm_type; object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, From patchwork Thu May 30 11:16:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680199 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2053.outbound.protection.outlook.com [40.107.94.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC74F17D352 for ; Thu, 30 May 2024 11:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067820; cv=fail; b=giFFejccGhgrPb8PfueMV30fowKu0tzvDH7kg2Rex8vdjKNLYtDwmOOp5tZb3k8Rf0rBKnj9k04c3wMulVZM//VFYxAOvbVLvchdYlqHmZmoMvFhwccWLmQXlSt2OV7fM5+E+35+Oq7mRu3xB4tM55SR4Gk+da19xMUByyAYtBo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067820; c=relaxed/simple; bh=ojqv6/oXEnyhA2IUP0tV0HMwD9JwQksvBmmv1dNLvIk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SiKClxWYLasSjlFCHD5P9sqmi5wD/yVoMcJSWA+/WXsimgCQfEj/6G8UZ00Xpe/LAE8xbU6frbhK/HqDk3xa9yIvzolVM6+xaypnIJ0zH1tfFLOOiPaWNqIigH2xd1iEhzrPwPmujjqtd0NZLOLaL0k3/HQffsVMKGFXKz3qwHw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=2bnEgYDF; arc=fail smtp.client-ip=40.107.94.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="2bnEgYDF" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m6q2GJnwhzU9+iE9504rzXfazGKW71gvVTu91bw4C6WE6P1+S0JAOrn8AB9ugjmUwwpXxaQA8m/0t3EpPNepe0VDXn64UnYj8JlbuBq8M3AO/Ut9oMV5Hz9cRu8xqPpt0xH0XY+p769Xi9NY50jAmH3kcILAi0hKfdGYgO7DeNwoERQ0GBrUXclEyC83qlDC6LdbzAO9SDMR8atnV/YE6WZH2e9vAqAzQv8dEo70mPXqKBUuwTCry9Z0IWolwwmVIEpMRzpcoZakMOUvsK6TuOqYwatwQzkMINAd62uKwVEf9hi54srgx+eI3QdM3/jn4any9aeCEdSsdfL3A9kFNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4N2QE8nZbmvRULIPkR4fibQE16sS5tOuiopYo9eqHo=; b=F85KuEOqfS180uX7+E5E7uk+SxUcgxMGJihzFiEztOUJ0ccfGrUT2Wc+4i9v5pcg8Sxw0Bpg10Ce0C0ovM4L95+ysHupqNgN2kyxVpigJg7zW99uDZGlyrXmgL8KKy9ewqEg7W99SreCiRO0RRVaVQDFG4nlSgKja47qvkLExP1PZSPkuTXCfmCdtMdqhgWzIsdEwrzlHkPfeEGOBVDPO2BpLKC5YV/g476yglJZX/3Yb/5ST/sJZtU8dhHF/0Sb2OA58HrXUOLTorgCjX4fU1lB86mqBENyyjwalPs1uvjKDcBQHKV+XSmHoTcpt61yP3D99dujxEgtQ9abWAcdeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4N2QE8nZbmvRULIPkR4fibQE16sS5tOuiopYo9eqHo=; b=2bnEgYDFfTt8NYicbr9GGHHEdgCccv71pnCMnLT2r/AucMYyOpUWbIZpG0haKoLMN/mVmannldBYPiMnhH6hkhiVrjSOZB61lagMp+R7s6Bes+MWpwleWc/RqPwwO6RQQgdEjAM7fkdHqOsZYLuPzjvZkMhmzMQ/LjiqVWJu7nQ= Received: from BN1PR14CA0021.namprd14.prod.outlook.com (2603:10b6:408:e3::26) by SJ1PR12MB6051.namprd12.prod.outlook.com (2603:10b6:a03:48a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22; Thu, 30 May 2024 11:16:54 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::ef) by BN1PR14CA0021.outlook.office365.com (2603:10b6:408:e3::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.20 via Frontend Transport; Thu, 30 May 2024 11:16:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:54 +0000 Received: from SATLEXMB05.amd.com (10.181.40.146) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:53 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB05.amd.com (10.181.40.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:53 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:52 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 14/31] i386/sev: Update query-sev QAPI format to handle SEV-SNP Date: Thu, 30 May 2024 06:16:26 -0500 Message-ID: <20240530111643.1091816-15-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB05.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|SJ1PR12MB6051:EE_ X-MS-Office365-Filtering-Correlation-Id: 8e57bc75-3b5a-467b-1d08-08dc809a02dd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|36860700004|82310400017|1800799015; X-Microsoft-Antispam-Message-Info: CnVdhMeEzTFTxQh63AGoFkV+ajxQaxYTUcumdx8Oic3ml9rrYFHeYU3x2UGU1iZAPjwdA4dzGM3Zyopk2kOAWC8sgIbYKZINCnJK+GfZ0I75E82A/mF9h2IRzgu2Jfy3mQjCbVwdqYaSt79RwwPH9F9U9XV0cd+rL1p67sRITCdM5KnJStWUZm+oo2Dh0sCjLqxWCLGKcS0fjIDAvbZR31iHDX/8bdYFxfwfbWItoWX2+732WJ8/JAodqxcpNri5ApCeCoSk1v54j0h6bqjG6zwqFCA5Uk5TGDbmTndpjZPfYF0UbulfhS0KJ3pGnf4yHlS/kA9TH9QtU/rglXIzx7FdlgxxfVkcj711QHg5tPBZzWWvxqzq+l5Gj1kj4EmfqAwGbXJTHQDE92zWMLmk/EPW6HwH3gbrnI3IKGH40W7YCtaq/aGRUieXK+TE5cN+tSwZUVoeQUPPc7+UZGwHBTcSSXM5/4GZ6M4hCq2QgvjIt1mTIhbx6RWI/unPbYnS8iG0rkSc2k68x7ah2tyxdBRlJ/4qRICwtKolXgpLzmF9o7T++V+zymVPy4/ayQgEykx7/F+E3UIeNCNVa/5vtVVNE5hkRJUiWm09KkwGHhYz3l2GwJNbuTC3LAX61/RvrlgxaRI4kt4/+Vixx1D2RsbgEYZ1rRlHcKE2PLMn7Yl3oyUWG9X6EBSfbbDalJ+DQdN4mMpK21c6App+4m2Q/lpxwOeV/ri6PQ1MU+Vac1g6SG2+c0CuFTmVjhZOvq00/kW5YiCir1uJNaNAjd5a5QcFD67K49kqc0kKtqrgsS6Fdjwv1tu1cpQ/HDGLdJ5KJ3+6gjCsBmrsDqvaRXPdRfQJCl6Qj/VdYWXyDCa3W3mWBRL9Lb8YIdcp1JsJ5StNCs80FNRPEtXGLU0GnIruHJKgRgAro01By8yMwG4tVgAO9Xck0jRB3XOrajNZCJgXZVxhJXPU/DN7q7nxcPIgJL1zNPvkdttOrtjzglAWaEsI8vaQrjtIxlRaAfvnxU0x5dcWV0aI6+owvzjj1NwKfgaa7CuLlf5wq1a+EiF8aRpD0ZavBnfsCLnA/KpWEK6QhR60HCv2BQER9Ewx2SbpyQHe4vyVS7vDEJymZ7MZJMhmy2reZ1ji/08BJbbUZteHoKqsMf+BdGnPhNygCzM4fl0NCdtcZGT+Afy5/gIEP4YROI1K1yVQuG71adkZujy1VmBqtW+66tCjEFfJP7YQtR6QGmTA5CmIDv40HvBBb5PjfODoEdrhXaQdzT75MPYdpFi4FqfbHb4dE3bLRjxWiwArlSaFmlL8myRXKyXb54wciKuGLTiGaUCmHQ5FmxU/ebVLIRi1+26jRsMc1GbfwTxfTnPDQux/bHMbfnUcPXZkdCAGEqPovCoW8x4Yg6Sr X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(82310400017)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:54.0663 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8e57bc75-3b5a-467b-1d08-08dc809a02dd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6051 From: Michael Roth Most of the current 'query-sev' command is relevant to both legacy SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions: - 'policy' is a 64-bit field for SEV-SNP, not 32-bit, and the meaning of the bit positions has changed - 'handle' is not relevant to SEV-SNP To address this, this patch adds a new 'sev-type' field that can be used as a discriminator to select between SEV and SEV-SNP-specific fields/formats without breaking compatibility for existing management tools (so long as management tools that add support for launching SEV-SNP guest update their handling of query-sev appropriately). The corresponding HMP command has also been fixed up similarly. Signed-off-by: Michael Roth Co-developed-by:Pankaj Gupta Signed-off-by: Pankaj Gupta --- qapi/misc-target.json | 72 ++++++++++++++++++++++++++++++++++--------- target/i386/sev.c | 55 +++++++++++++++++++++------------ target/i386/sev.h | 3 ++ 3 files changed, 96 insertions(+), 34 deletions(-) diff --git a/qapi/misc-target.json b/qapi/misc-target.json index 4e0a6492a9..2d7d4d89bd 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -47,6 +47,50 @@ 'send-update', 'receive-update' ], 'if': 'TARGET_I386' } +## +# @SevGuestType: +# +# An enumeration indicating the type of SEV guest being run. +# +# @sev: The guest is a legacy SEV or SEV-ES guest. +# +# @sev-snp: The guest is an SEV-SNP guest. +# +# Since: 6.2 +## +{ 'enum': 'SevGuestType', + 'data': [ 'sev', 'sev-snp' ], + 'if': 'TARGET_I386' } + +## +# @SevGuestInfo: +# +# Information specific to legacy SEV/SEV-ES guests. +# +# @policy: SEV policy value +# +# @handle: SEV firmware handle +# +# Since: 2.12 +## +{ 'struct': 'SevGuestInfo', + 'data': { 'policy': 'uint32', + 'handle': 'uint32' }, + 'if': 'TARGET_I386' } + +## +# @SevSnpGuestInfo: +# +# Information specific to SEV-SNP guests. +# +# @snp-policy: SEV-SNP policy value +# +# Since: 9.1 +## +{ 'struct': 'SevSnpGuestInfo', + 'data': { 'snp-policy': 'uint64' }, + 'if': 'TARGET_I386' } + ## # @SevInfo: # @@ -60,25 +104,25 @@ # # @build-id: SEV FW build id # -# @policy: SEV policy value -# # @state: SEV guest state # -# @handle: SEV firmware handle +# @sev-type: Type of SEV guest being run # # Since: 2.12 ## -{ 'struct': 'SevInfo', - 'data': { 'enabled': 'bool', - 'api-major': 'uint8', - 'api-minor' : 'uint8', - 'build-id' : 'uint8', - 'policy' : 'uint32', - 'state' : 'SevState', - 'handle' : 'uint32' - }, - 'if': 'TARGET_I386' -} +{ 'union': 'SevInfo', + 'base': { 'enabled': 'bool', + 'api-major': 'uint8', + 'api-minor' : 'uint8', + 'build-id' : 'uint8', + 'state' : 'SevState', + 'sev-type' : 'SevGuestType' }, + 'discriminator': 'sev-type', + 'data': { + 'sev': 'SevGuestInfo', + 'sev-snp': 'SevSnpGuestInfo' }, + 'if': 'TARGET_I386' } + ## # @query-sev: diff --git a/target/i386/sev.c b/target/i386/sev.c index 8ca486f5d2..101661bf71 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -377,25 +377,27 @@ static SevInfo *sev_get_info(void) { SevInfo *info; SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - SevGuestState *sev_guest = - (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), - TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - if (sev_guest) { - info->handle = sev_guest->handle; - } info->api_major = sev_common->api_major; info->api_minor = sev_common->api_minor; info->build_id = sev_common->build_id; info->state = sev_common->state; - /* we only report the lower 32-bits of policy for SNP, ok for now... */ - info->policy = - (uint32_t)object_property_get_uint(OBJECT(sev_common), - "policy", NULL); + + if (sev_snp_enabled()) { + info->sev_type = SEV_GUEST_TYPE_SEV_SNP; + info->u.sev_snp.snp_policy = + object_property_get_uint(OBJECT(sev_common), "policy", NULL); + } else { + info->sev_type = SEV_GUEST_TYPE_SEV; + info->u.sev.handle = SEV_GUEST(sev_common)->handle; + info->u.sev.policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); + } } return info; @@ -418,20 +420,33 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict) { SevInfo *info = sev_get_info(); - if (info && info->enabled) { - monitor_printf(mon, "handle: %d\n", info->handle); - monitor_printf(mon, "state: %s\n", SevState_str(info->state)); - monitor_printf(mon, "build: %d\n", info->build_id); - monitor_printf(mon, "api version: %d.%d\n", - info->api_major, info->api_minor); + if (!info || !info->enabled) { + monitor_printf(mon, "SEV is not enabled\n"); + goto out; + } + + monitor_printf(mon, "SEV type: %s\n", SevGuestType_str(info->sev_type)); + monitor_printf(mon, "state: %s\n", SevState_str(info->state)); + monitor_printf(mon, "build: %d\n", info->build_id); + monitor_printf(mon, "api version: %d.%d\n", info->api_major, + info->api_minor); + + if (sev_snp_enabled()) { monitor_printf(mon, "debug: %s\n", - info->policy & SEV_POLICY_NODBG ? "off" : "on"); - monitor_printf(mon, "key-sharing: %s\n", - info->policy & SEV_POLICY_NOKS ? "off" : "on"); + info->u.sev_snp.snp_policy & SEV_SNP_POLICY_DBG ? "on" + : "off"); + monitor_printf(mon, "SMT allowed: %s\n", + info->u.sev_snp.snp_policy & SEV_SNP_POLICY_SMT ? "on" + : "off"); } else { - monitor_printf(mon, "SEV is not enabled\n"); + monitor_printf(mon, "handle: %d\n", info->u.sev.handle); + monitor_printf(mon, "debug: %s\n", + info->u.sev.policy & SEV_POLICY_NODBG ? "off" : "on"); + monitor_printf(mon, "key-sharing: %s\n", + info->u.sev.policy & SEV_POLICY_NOKS ? "off" : "on"); } +out: qapi_free_SevInfo(info); } diff --git a/target/i386/sev.h b/target/i386/sev.h index 94295ee74f..5dc4767b1e 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -31,6 +31,9 @@ #define SEV_POLICY_DOMAIN 0x10 #define SEV_POLICY_SEV 0x20 +#define SEV_SNP_POLICY_SMT 0x10000 +#define SEV_SNP_POLICY_DBG 0x80000 + typedef struct SevKernelLoaderContext { char *setup_data; size_t setup_size; From patchwork Thu May 30 11:16:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680197 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2047.outbound.protection.outlook.com [40.107.220.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 577E417E461 for ; Thu, 30 May 2024 11:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067819; cv=fail; b=nSZNXEIqXdfg7W6Y8MGBNaAFjOHGU6TmFoCKOIG/fkWpvlDrvq56m65O3bSXv7SVM/x222bFf6OfVJvm2gQBaYccZ2pQo6NiUYK/vC1PKrQjleIJt/wcZwu4FKaJ42gWX5B3TjDGiIHcwrdyN4BGENlaHGSxmBToTp6kDh/oWiM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067819; c=relaxed/simple; bh=QZ3oGtSSBxVMCimnAgXX/cm7hTlSXdoqfxJu0NzuLmA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rYNeRZPf1IbtAZEu3g09ECjNLJdvY45QMBIM4IVwQohhY+XKtd6sLZ9rNuGGq9OVZLD5CYQ17USko0OfD7IWrvLUo0eDuOjXuLIJz2BqjEnkbVdwM6yC0nyQDQ23rNyjEJ8buzkCl1te0ddoWAdeq+SArPBjTJknw05QxkHVO+w= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=RrS8FJ8y; arc=fail smtp.client-ip=40.107.220.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="RrS8FJ8y" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iw2MEcyd4tkzi/uE6wZdTAVpEV3MWG+1q+DGZqqgc2aQqSFUzkiqn/mYGwmJ1aGemg/pLb1U67Xrj3V3VAgH9NYdnHBrVHH/bwcJsFLBNrxeZXPx1psesOMOyS3VVQwF4fX4tJ1V8R6kmMkgfS2lnAAXc7HSXtOShkBNF6Bn9h/GyGEf8DFl4pKNiLI7uHeMjZRDjL7K4d7Zj1ro2m7MLJKdEu8iFr234Zl8Th6ZUhJ52InuhnzpJU1gngQshxROtUybpHb+HLB6UqPR/HrhkrCSlVbiFFZvFUtSj6OQfAFN0LKPp6Ho19bAjj+Mc9HUGPVddlCHg2EEk2Re/Nfs7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PXMi2HZ51EUuGAKWb49pPkYT3Iu7vj1cYr6e8/3li3U=; b=AJJYOf/WxYUlbVzBbotN/474DRP5P1MryNC3oT2O9NhYt9oywqhlSdjr5S4gFiLF8bzHJMsa3gZpl8GLJqFLpo1PeF6RID/XzpuS4ahJGq/1g9D170AQgMOqEcMo3SM4wp3kzz5pePF2subZ351vHXW1RLrPiChWM0eHlbsokEyOVtvxjhfDUrq/RcXUfGDcMp2qjYnLRX2XU+GyyVVTpT9SxME65qaLZ92EkS2LbMj+Iqs/CZc0BrX/62E5fddeJDbUcQ4LD58tylmakhtEyve7a4JKPY+zIr/y0vwFPWYY65D79M5Q+vq0OuISWx2Bb+u+GiMjQm/bdPo9sgy73w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PXMi2HZ51EUuGAKWb49pPkYT3Iu7vj1cYr6e8/3li3U=; b=RrS8FJ8yqJJ1CaAcgHWZA+wQbGLt1CYlHD3FpcRsOH7gMzqFPjx2yXTUNhAggfigUCHIW2coIr6wH/6HtMXvq4k0k4cLwPY/Lo0gD5CUgaKKPEroRpG4UM5JL5TpUG7TNgQN+YLeItIPUGEffZ9jUtEj/AgmgQS4TXlU5GLuKss= Received: from BN1PR14CA0008.namprd14.prod.outlook.com (2603:10b6:408:e3::13) by PH0PR12MB7959.namprd12.prod.outlook.com (2603:10b6:510:282::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21; Thu, 30 May 2024 11:16:55 +0000 Received: from BN3PEPF0000B073.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::c7) by BN1PR14CA0008.outlook.office365.com (2603:10b6:408:e3::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:16:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B073.mail.protection.outlook.com (10.167.243.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:54 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:53 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:53 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 15/31] i386/sev: Add the SNP launch start context Date: Thu, 30 May 2024 06:16:27 -0500 Message-ID: <20240530111643.1091816-16-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B073:EE_|PH0PR12MB7959:EE_ X-MS-Office365-Filtering-Correlation-Id: 354c525c-14b9-4ec8-39fb-08dc809a0338 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|82310400017|1800799015|376005; X-Microsoft-Antispam-Message-Info: VgxN8dArDmAVuy8rBb+Y43XcPUdDXzm29SOGpWx4NYB7vPusxi+LjZ6AtORP+bo9oWkpHWsv8yyUkSDy2I3dtPxwcKgh0ZuAN/g6SJ1d/0UXMYQgpBTFpOLY6OBROuKKOedG5snsglOxFRrtFE1zevWeIDnSR1xc3Vp9qeXM3tTf3OiYbS2staiM0fn58sRfUG+4al2OCcKB2PS6wyPM1YodMDrjevZdj5V9dF+fe0bcGmujRUUwtQF0KMOey5q53s8yV0u75DxD7XSAxD1A9YIN4XKbyFM7pmkM9AuIXJbuFRP4hhDoWw4KlJMQQU60ux9MkL5yunhiaDcVSgR0hlMEoceHCJB2gRTIbuJb13/WNNrM2UD4MilMhV3n2NmRp7DND20BZ1Ob+1bxYPLBTLQYuuCrjeKOcU0REBmO03WUK5wlaizj3dCPgFmDWjGUsnRJro6lqqPWSNmnrAkb6IGFNEpmNYaRNRQ3HPiBLm5X9Y2NQrir/TtOTh0Ww8kWds8K4bfW4HkcMlPIO4wpKe5eewfa/npMkCr6p0z/dR5jAkpN4PKfodbGG4azSZs/Fd7pJzxLeuxAeD1i3ANLnUIhC2AGoX3Z3FJG2KC6fDobdeUGFAfhn+9m/1k55Ghx8Q7iBa47CXMnlRr5azdxk0yvebIep8ZBuE24P7BJuAYHVFksb0qsjNKyL9xVqTm9zfY4d8ur2kT0a6oNCXjfJbxMBOayijVwGlhJdbfqwcliIMLXT+IS/tU9Zw0d0ioVU4wYqjbZ/DMmucaCmOwgpQIMJdo4kRKGBK39jmA+lbqK17BBATd5iW3gdwu9nGLLwRnAaEPMXDRNk/CcxFcNqnIN3H3tJu8MfvGpmCggcoztUGhIfCE+nfilyujV0joMjucpkqlajfj4yu6E1PYBmNi6qASvxHOVJvFhnQxnSuadCnKwteoEH8EqX2BYyMbOxKGiLcgXhCh9s1lUzgd8ZYNOVG2UBMt3DoujfQPdSMcLCq2tQFc+OSaTTmPuxtGTY44yXStniIhqdpFqtqe618oXay/f15w/y1UudoBnKUsq0ZSrQJgFl/3/UfCpZzt6gmp7KffMM7EGJ0n+bOIn7mdQiByT9TGzQoCZvE/1Jkm53R+v2iBwV1RloXoN4g6/KWieqRM2iOuSHI+LxPvfH1coqFBV97IUFms3HWDSz7hrPPjIMlZfyDUAjpwkjWNrpfg/EiDOlhqYmc51Cmh0eQNLyHgn7wV7fMOYIt+T7SuczovhfkDa9SZ9rS+Lw3rE5b/1AFbZ+x0KTtd7XEWr1pRlw1GPtTawu7DGN9TVXAwLveoSknuiZYMRhIvWqHgOuc03U03uNQuf3UEecqFLwy4EmlAF0Rogebgmr3X8ulQFGXEkiK1OP3iMuFZqHkQp X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(82310400017)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:54.6634 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 354c525c-14b9-4ec8-39fb-08dc809a0338 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B073.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7959 From: Brijesh Singh The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 39 +++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 2 files changed, 40 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 101661bf71..acbb22ff15 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -39,6 +39,7 @@ #include "confidential-guest.h" #include "hw/i386/pc.h" #include "exec/address-spaces.h" +#include "qemu/queue.h" OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) OBJECT_DECLARE_TYPE(SevGuestState, SevGuestStateClass, SEV_GUEST) @@ -129,6 +130,16 @@ struct SevSnpGuestStateClass { #define DEFAULT_SEV_DEVICE "/dev/sev" #define DEFAULT_SEV_SNP_POLICY 0x30000 +typedef struct SevLaunchUpdateData { + QTAILQ_ENTRY(SevLaunchUpdateData) next; + hwaddr gpa; + void *hva; + uint64_t len; + int type; +} SevLaunchUpdateData; + +static QTAILQ_HEAD(, SevLaunchUpdateData) launch_update; + #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" typedef struct __attribute__((__packed__)) SevInfoBlock { /* SEV-ES Reset Vector Address */ @@ -688,6 +699,31 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) return 0; } +static int +sev_snp_launch_start(SevCommonState *sev_common) +{ + int fw_error, rc; + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + + trace_kvm_sev_snp_launch_start(start->policy, + sev_snp_guest->guest_visible_workarounds); + + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, + start, &fw_error); + if (rc < 0) { + error_report("%s: SNP_LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, rc, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + QTAILQ_INIT(&launch_update); + + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + + return 0; +} + static int sev_launch_start(SevCommonState *sev_common) { @@ -1017,6 +1053,7 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } ret = klass->launch_start(sev_common); + if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); return -1; @@ -1811,9 +1848,11 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); + klass->launch_start = sev_snp_launch_start; klass->kvm_init = sev_snp_kvm_init; x86_klass->kvm_type = sev_snp_kvm_type; + object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, sev_snp_guest_set_policy, NULL, NULL); diff --git a/target/i386/trace-events b/target/i386/trace-events index 2cd8726eeb..cb26d8a925 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -11,3 +11,4 @@ kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" +kvm_sev_snp_launch_start(uint64_t policy, char *gosvw) "policy 0x%" PRIx64 " gosvw %s" From patchwork Thu May 30 11:16:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680200 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2067.outbound.protection.outlook.com [40.107.100.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B5F0171658 for ; Thu, 30 May 2024 11:16:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067821; cv=fail; b=FI1TIIPlJRQIJsSZ9w7ES69cjUROT3P8fUtwyR+ugzlMFlaE4dReFX4ROcuIT82fExcH9R46kxw7Yc6ZGRumcIvV9TGga9CWh794RmqUcGaXkT4QwYK11BFpak3vurrIYGdjY58jIz9ekGVRv3yWSrPKjLkcFAwFrnPa9X1oYTw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067821; c=relaxed/simple; bh=dpq+TwBnW4IIq7FO1pWay2QZ6wn4KygmK/bEtYBg0ig=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Qczb16+nEqNDPomQxEgRJ7A4lZ7ZsWAiT+cel2YvC+7mat7z9yJoEyoBK5oM/K8bhgT50uDScc1s6/5hm0iBjgcgMoL51E84ZuEj8GpAEJiPdhCli0HIER0zgIUi8fEGGp9SSc+Hg7svxOFvKLpPqWr+ifa+DBdIYI3o0ceUFkc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=fYgcOTZL; arc=fail smtp.client-ip=40.107.100.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="fYgcOTZL" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KcdMnXzXIjAZesvdFrRMKkS+TZVvuKENtl9fLH/Hib6LW9C9lw2CI30a/9UXF4w8izfds0T/8M1L5JrYr1gbHCN96KRsmdLezJMh0ARvB0PDvfHJ1W+EcaXLrYif8W1M3QW9GqoIAExCsN0Nl1/Emlgh61k713GP5hz+ZwEh//t4kanG2winrO11bZ4pLeLs17FZX7AYWsc/8Z9P5p4KtfQV59X8YlcCt3hYQf6L0eVJ6UVafFjwxyF/kDBXzCuttUkl5Ax3cSwqCELazg653nrYDz43za84Gdym+xPeTVeDM4HwA4VZ6u6oUYKTlfXgJcuEbB0NTtrbf3RmmM6J4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Re6EjQml751ainpbvIc5WAIKEvI0hSYAOcHg7ly2tl8=; b=TV22voQjU3GGQnrfTWYN1Sp+ET5yqxNTZ0Jvb7MCFBHqqeJ1O8+G5hvCPCL3GBojCZrBu+S6wW3G3d3VucNqN/eNNkMVD2oKKER+Ul6MHvMIKysxXm/u6T6jJ0cR22dF3EmVWYfn1yr8quJk+ZohZAY1TaoKL7gr6wuALh+GEvkL6hCOVN920ktPr6qRqMd72BFdueh0TnoOJEIxJ024G7i5+02btFPLBXx7nZeoHKlD9z4TROEK4TJh8Q0+WkBgFDVKdc33v9HxiszKhOH5Zp6N5Z9oZDSj14T8hAWQhIIVuwpMRqy5iBdOcnk+2pERGw7vvFHRUIubFLRno2w6Hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Re6EjQml751ainpbvIc5WAIKEvI0hSYAOcHg7ly2tl8=; b=fYgcOTZLbdK39WKd6VWszUy6ernHVZ7GRnqamxr3qhjbXUTlAT3U0hWC2sCVb2dF+azr1xlG/5QCb5frXjmBGH9X9uejP00OMs+UF/3HQMU8lMUBNBHDwlDORnJhC5HILJr/wYsmcZDBN017iz3n80yNqZe0hTZyGqn049ICVKA= Received: from BN1PR14CA0006.namprd14.prod.outlook.com (2603:10b6:408:e3::11) by LV3PR12MB9402.namprd12.prod.outlook.com (2603:10b6:408:213::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22; Thu, 30 May 2024 11:16:55 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::7c) by BN1PR14CA0006.outlook.office365.com (2603:10b6:408:e3::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:16:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:55 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:54 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:54 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:54 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 16/31] i386/sev: Add handling to encrypt/finalize guest launch data Date: Thu, 30 May 2024 06:16:28 -0500 Message-ID: <20240530111643.1091816-17-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|LV3PR12MB9402:EE_ X-MS-Office365-Filtering-Correlation-Id: 3afb176f-8d72-45c3-7812-08dc809a037a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|376005|36860700004|82310400017; X-Microsoft-Antispam-Message-Info: FixcmsDcIRFPK1YU93NeCZhG+xmpdxnReZixoZ1Ne9Ba4LTxoPEAdlwki6g0qT9JtYJA91sBntXwCHTB03q2ifCYivC6lJX2+1nH3pVabmabtQdvx7BkOrkCcl95b/ekOCadyNYzZElhMoGx5LvvhXfF7esAoS3fY8Fu9T6vhqp0q0CYwa+toKPPaljwIisiw2jHYb1pYpqlcndLqxcVYmhqZEt+rucPA6DEZlS6r1skER994EZB/3rLALK4psD5GX2ynBPS5tW+nVgDk00XSrLvc3DI+v4RbgK7aerLoGdkNVu2c4ECOYtbJAL6qn303NNa2z1rA2RhtDm7wlVTB4RYt/zvTudbJ6oao7Ps1lF5BZTDffC/9QH+UycLQsa6vkFpNt8QuU6HAxUuyiKzh6yMTgrT+RRSVWXKqoahNKWHAAD25ymuLRW1IQdXkkcmi+O8kG77sobhSFhFYZ0zCB4LQsXa9k5DhhlVRtWphJnTMZojZFqrg0YAhK9QjTuzE67Qm9Af86MsKmrgE28bqNpdbDwLQgN7/DjX5NJfh+BLzJUqc5iiY0GGNbJV9aIDmxCG/4+gP2yLZdAGbSTh7iiAuUE+rTNARrv80qfCaZdd5KSa+mgPSqLgnES+Q3KyKNF9G327vuGHLssvGC7739+ETfz+QrQS8F3znm5fUW8r8GcmVUAB15+BCtFDeIHLnjgOvVhxlferEtSATO0vW6wux0QRppna7tQDNq5UsqYbG2LxiPP/CeFaUeeYKjfkSj0WmfOehbfXC+pT2BKf7KAZHwIk4WwXfJNjF1cIn0yyaLcusBh352acOYGk0y0FaWgEY06ppM4iIcG9+4ka6+5mhH3qmwtTSjEoTZaPWXxENFUzu4JEgLbiYrP8awCnYXkrDp64u9odS+GZVi37y+8R0uLmsbRwCztTokzAb56XKea87CBeCuTuPv30Grd7Qo27854hFugmneLf4Sd/NRi3RboLcbtOkinzi1wxWbcF/Tx5Rtr9GCAMzFhjEMrAZg0sj3aYD/iK2YVZzuHyeNyz4QgXdUzBhDQifQt9PDHF8iLKfXI63TqJ8+JlZHxpA83C/m+cFIl/fTQ+mupJ7wAYzHVPTdTdO5x/KZXjRhUzQooWhkmTvmrlFxLY/ew4+KKmdvomgKiEjFfyobRkHZM4jBTPVZjcewt2DjRqnQEX+jm/57n+XYDIhW97sVsJrkyG59mycF4uYfIPUFMooBD25rs9og10UgfstyzSToVT/4meSiQO7IzaRmGoOJ1SNgXIrpRNifrVTxewTDq8D/9EljViRXkl5/TrPNXrvbRxGnQnb3clayS7RshkPQMDRMb0C2YCSC1X9phg8n174eQlbWityK666R/0AxBjHz8= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(36860700004)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:55.0975 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3afb176f-8d72-45c3-7812-08dc809a037a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9402 From: Brijesh Singh Process any queued up launch data and encrypt/measure it into the SNP guest instance prior to initial guest launch. This also updates the KVM_SEV_SNP_LAUNCH_UPDATE call to handle partial update responses. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 112 ++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 2 + 2 files changed, 113 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index acbb22ff15..cd47c195cd 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -770,6 +770,76 @@ out: return ret; } +static const char * +snp_page_type_to_str(int type) +{ + switch (type) { + case KVM_SEV_SNP_PAGE_TYPE_NORMAL: return "Normal"; + case KVM_SEV_SNP_PAGE_TYPE_ZERO: return "Zero"; + case KVM_SEV_SNP_PAGE_TYPE_UNMEASURED: return "Unmeasured"; + case KVM_SEV_SNP_PAGE_TYPE_SECRETS: return "Secrets"; + case KVM_SEV_SNP_PAGE_TYPE_CPUID: return "Cpuid"; + default: return "unknown"; + } +} + +static int +sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, + SevLaunchUpdateData *data) +{ + int ret, fw_error; + struct kvm_sev_snp_launch_update update = {0}; + + if (!data->hva || !data->len) { + error_report("SNP_LAUNCH_UPDATE called with invalid address" + "/ length: %p / %lx", + data->hva, data->len); + return 1; + } + + update.uaddr = (__u64)(unsigned long)data->hva; + update.gfn_start = data->gpa >> TARGET_PAGE_BITS; + update.len = data->len; + update.type = data->type; + + /* + * KVM_SEV_SNP_LAUNCH_UPDATE requires that GPA ranges have the private + * memory attribute set in advance. + */ + ret = kvm_set_memory_attributes_private(data->gpa, data->len); + if (ret) { + error_report("SEV-SNP: failed to configure initial" + "private guest memory"); + goto out; + } + + while (update.len || ret == -EAGAIN) { + trace_kvm_sev_snp_launch_update(update.uaddr, update.gfn_start << + TARGET_PAGE_BITS, update.len, + snp_page_type_to_str(update.type)); + + ret = sev_ioctl(SEV_COMMON(sev_snp_guest)->sev_fd, + KVM_SEV_SNP_LAUNCH_UPDATE, + &update, &fw_error); + if (ret && ret != -EAGAIN) { + error_report("SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + ret, fw_error, fw_error_to_str(fw_error)); + break; + } + } + +out: + if (!ret && update.gfn_start << TARGET_PAGE_BITS != data->gpa + data->len) { + error_report("SEV-SNP: expected update of GPA range %lx-%lx," + "got GPA range %lx-%llx", + data->gpa, data->gpa + data->len, data->gpa, + update.gfn_start << TARGET_PAGE_BITS); + ret = -EIO; + } + + return ret; +} + static int sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { @@ -915,6 +985,46 @@ sev_launch_finish(SevCommonState *sev_common) migrate_add_blocker(&sev_mig_blocker, &error_fatal); } +static void +sev_snp_launch_finish(SevCommonState *sev_common) +{ + int ret, error; + Error *local_err = NULL; + SevLaunchUpdateData *data; + SevSnpGuestState *sev_snp = SEV_SNP_GUEST(sev_common); + struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; + + QTAILQ_FOREACH(data, &launch_update, next) { + ret = sev_snp_launch_update(sev_snp, data); + if (ret) { + exit(1); + } + } + + trace_kvm_sev_snp_launch_finish(sev_snp->id_block, sev_snp->id_auth, + sev_snp->host_data); + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_FINISH, + finish, &error); + if (ret) { + error_report("SNP_LAUNCH_FINISH ret=%d fw_error=%d '%s'", + ret, error, fw_error_to_str(error)); + exit(1); + } + + sev_set_guest_state(sev_common, SEV_STATE_RUNNING); + + /* add migration blocker */ + error_setg(&sev_mig_blocker, + "SEV-SNP: Migration is not implemented"); + ret = migrate_add_blocker(&sev_mig_blocker, &local_err); + if (local_err) { + error_report_err(local_err); + error_free(sev_mig_blocker); + exit(1); + } +} + + static void sev_vm_state_change(void *opaque, bool running, RunState state) { @@ -1849,10 +1959,10 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->launch_start = sev_snp_launch_start; + klass->launch_finish = sev_snp_launch_finish; klass->kvm_init = sev_snp_kvm_init; x86_klass->kvm_type = sev_snp_kvm_type; - object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, sev_snp_guest_set_policy, NULL, NULL); diff --git a/target/i386/trace-events b/target/i386/trace-events index cb26d8a925..06b44ead2e 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,5 @@ kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" kvm_sev_snp_launch_start(uint64_t policy, char *gosvw) "policy 0x%" PRIx64 " gosvw %s" +kvm_sev_snp_launch_update(uint64_t src, uint64_t gpa, uint64_t len, const char *type) "src 0x%" PRIx64 " gpa 0x%" PRIx64 " len 0x%" PRIx64 " (%s page)" +kvm_sev_snp_launch_finish(char *id_block, char *id_auth, char *host_data) "id_block %s id_auth %s host_data %s" From patchwork Thu May 30 11:16:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680198 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2089.outbound.protection.outlook.com [40.107.237.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE4BC17E46C for ; Thu, 30 May 2024 11:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.89 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067820; cv=fail; b=rtYtO6FZKetKtEvhUy8osiXctZw4OO0yMAHWrCMzbsdLRmvKLD7ac7F4+MHCCx6LWsl6OsLVCn5NdeuCOUeV5C2AbRa61VqbinOIz54n5BVKVdPzwICb6Z0LOXZoPXdTGVDQ5c3gea6LJq7Cd9qLdzU6Fhv/3s511muj9kIFEPU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067820; c=relaxed/simple; bh=Giu0+ad6EmkvSzyYCzOXEkWyy/IBYUmy8NCdAGBoWrA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IsOs/IQSpOGGz0CMvwq68k51EkmoFYrzf5DTHEQM80ycjhvU51yFzjiAJ1L7Z5gUzOpX5+4+QpgBvggZNecDUG4vK6W2B0qkkTTkXRQE0vcilF9gsjwb28R+wo/8UZ8a35+1mFo33d9NmX/xBtKKhM2RXSqC+6X9hknGqaM+3h8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ecg5kFXk; arc=fail smtp.client-ip=40.107.237.89 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ecg5kFXk" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fSzBCIsil9SHOHRU93RJmulD0zkSk2HgBz7j3mcWevowwczEMpZ/+kemd0B3iQCgrALPEDUnI3leS+CG8mInGTEuSJ6r18cPfOAsWn1Axi++Oeh0VYJ+BpJD3zAXUi94+GpXcj+fxCG/aXaLNNxTOOBFAifcEQIDwyfPQZwWJ8FgdxBJcBT660S6aboFwY6bSO7VuL95VbzdEju43SPfJHf+MbJ9nEfwsBcccyUyywxblG5O9iWAK/ugcMhmdbulovJvRwGB4qCeDUsgk7jiWsUAYF8SPRJ9hI8Uj10zlqF4X5MziCRyHr0ZmHXLQU6beWk23L1x+GR9vCVkXgEToQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+AsKJ/rgkkCDkjUvL6JMGrlId+MVOcgn7iEWTgFrJeo=; b=YTXRWw51uW2tUD4G1+lgornRfaEbzS+YLSC4djn0X5x4oxs/7Za45JaLaoaAUxht9rLFuAFpXFTxmviVehz271OIDf4NmrdDXr8aaeE2UUY2oEughwHLaTH+PbD9FsujjU91D2nEg7pNawsP6XF8Z9YiwZbLafMb9/Zj4v6nlxUYrtwAzeNEyEnQi1Q7TN/m4TuZnqSEqudQUegqArVFQJ+GY+HUJcel8Dz+bC6xjl41StuNyGWNfrvzi8WwL+XaxFPfoCw7sOJ39NwIzNfqtrQnPz4W9Xxj+ktWdMOD+fN3IgtCqbgClVFiEYv9+qiTHhN8L4akD9/fbmX9egjzDQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+AsKJ/rgkkCDkjUvL6JMGrlId+MVOcgn7iEWTgFrJeo=; b=ecg5kFXktMShrHUJxoapTgNyFjG/CrjXp5kQVzw2DUat+Eq2Hc2jP9OJOPMnZ0Fd2byRcyVDwBJBZlLn04xpPxg2GwuqrblkKX2HupB2jhv2z36VolCYvTOeTSRCgH8/gTQFI51HQzcBmuBS6tUhrbc0apHqIk7K3OdytJ5S2Ic= Received: from BN1PR14CA0007.namprd14.prod.outlook.com (2603:10b6:408:e3::12) by IA1PR12MB6138.namprd12.prod.outlook.com (2603:10b6:208:3ea::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.29; Thu, 30 May 2024 11:16:55 +0000 Received: from BN3PEPF0000B073.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::94) by BN1PR14CA0007.outlook.office365.com (2603:10b6:408:e3::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21 via Frontend Transport; Thu, 30 May 2024 11:16:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B073.mail.protection.outlook.com (10.167.243.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:55 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:55 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:55 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:54 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 17/31] i386/sev: Set CPU state to protected once SNP guest payload is finalized Date: Thu, 30 May 2024 06:16:29 -0500 Message-ID: <20240530111643.1091816-18-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B073:EE_|IA1PR12MB6138:EE_ X-MS-Office365-Filtering-Correlation-Id: 6d4fcfdd-5688-4ebe-1e4c-08dc809a03df X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|82310400017|376005|36860700004; X-Microsoft-Antispam-Message-Info: DxorTXMApDvWirNZOeVL2LgXvZCO9EWNaMqu1PLJP3iCeug+lFTide30Tb+olPAJBjz6wTxepBBWfwY0pbn67qEIcx9/6dax9yjNIPtMnV5Ne3hPqZYs61c7xVla2Ug1AJAvMC4XlvUkLTcZYhRfNxf3inO5d6u6QxYuGvbtxUf2koeflu6zASoGLZeW1kIhJXtWKMpITYwFZs6stI6UgtlSGkotG83m0KcwQeUtuCXzi9daH15wGm/urAIfJZeLjfaQRf6Msf+12bL6JjkCP0YvMgFJ0C3YMd0IjhRO2EMELWgH/mDpWxUxFzZFKgr4q23lXyPO7zQUrEIIt/O3jlKCk8fAHzaSNojxFCbnwKO1dctTaDSxv44SS2KtOxoe1mr0uzerMzGXIwGRpkGYdAI20BQrrvIA4MJD14wP6CrK3G5fZ6s2MVUAbk8W3MdhPODadAz35bWRcPzV65BzgVWWJMl1u5eApvrjojhEYwxmLPVK340vUiJbtFh9lvaO1O5GXfEBTidnsWjjvn1hwH+WOOKJGE/KI4uA2RPv/OYIDplzBTIgD2skRRxmOjpSf37ZnLOvD8VouNDjbLzwq4+rDczg5vtCIkrJ6AcD9XLFl93Yp7jb5Qkedg9tdr+cDRCnrhD+qGObq8DfnzdXMw5/po556NgCIqZUiVktiMQfpyMj9cF16tVXhpOQyZOYZhyKPsj/di3SccTAfrL3Z3iKWVbptUhH2X2G1H803phqRIIZvOkHji7bgZwk+09EPWYKhQcLxGmgsQSjrwEEEQj9vEes7ZlFf+rXFHpyzISEEDhFKuE1XJutyWbxIGo0Fb1ISah9mhnW95K3bMo8qQ7wfO8e9Oz4MuAE3brpYxXyOIhd4vV+p1JcvxIV1LuyAiQ29HyWSqWkfOVCAaQlGIXNuqk7UBieGtJcVM1fHc8pP7Y2OURPpLLrCWNfTKJiLf8UI7OdEoXJR15aruYrzdSPw1cjqTDoZvpqv1SKy9NIPTV+YZU0z4O4BV7MHh2Jgn5ws1mwDLAXNKq6qaBdmgtJ0WHaTwUTu3iW6SwzlcFURHcqg1UHCDrXzT1cG97wBFujwyvivi9LK6DikQa/oNVUXlwG4fDnYlEfbLtweMTFuX5hOiwUkamcblcO3BMmKJewS0eqWdmmgXzZJCx4L+O93tGfHBg7Lh6+0Hl6AbFNVBmVGqJEYoiSZYysKdX4tze+rVeHWfQ8qj7s9cKFHVQ+0igf/rbHV4yhirxOafoQfvm+PbwxQXK1t3azQmyNBLc3r10R0YE8NQvbSeWYeiTuyGCRSHxTKy56eL/p/LUKq1By48RPWglP/VqPZdL2v2s8UVDqnCrnfxZ2TaaZTAiL+4x0Z/f6GmRfYL16OMjvS0qaj70lBP1AMTC/P5eI X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400017)(376005)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:55.7571 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6d4fcfdd-5688-4ebe-1e4c-08dc809a03df X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B073.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6138 From: Michael Roth Once KVM_SNP_LAUNCH_FINISH is called the vCPU state is copied into the vCPU's VMSA page and measured/encrypted. Any attempt to read/write CPU state afterward will only be acting on the initial data and so are effectively no-ops. Set the vCPU state to protected at this point so that QEMU don't continue trying to re-sync vCPU data during guest runtime. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index cd47c195cd..2ca9a86bf3 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1011,6 +1011,7 @@ sev_snp_launch_finish(SevCommonState *sev_common) exit(1); } + kvm_mark_guest_state_protected(); sev_set_guest_state(sev_common, SEV_STATE_RUNNING); /* add migration blocker */ From patchwork Thu May 30 11:16:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680204 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2049.outbound.protection.outlook.com [40.107.93.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C78F17FAC7 for ; Thu, 30 May 2024 11:17:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067824; cv=fail; b=TQ+rTfBIc6XSyfTwFOnNBVbRZ1cFJJnNb0BPKU0RNBxtXpaYGhqPIrFVvoMBx/pfsqGrxMCpbnXyGQ51kmbhr4znmHoiIXJBsnFMK/ysQ0drI5o3BSy+uESahq+TEOnFnWnTXE3aq8t+EQJCdGmLA6DjM8b3wOSOobdk7eSR+e4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067824; c=relaxed/simple; bh=vLXXfpKgUOuJsDYlYvUMLPrKNLn7gMPFAmnT0X97dp0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=n39+F3GcAIoc+feF9LuD960b75FxNUWQQCWzqPOMT8b0c4/0ClBnyFcgFtwqA+vlf3hPxuGL+WPgR9LzspiCA9Xrw3ojYdVu9dNM2uGgPdlI4n6KhhM5hZB/eKJhMRaA1nKfTSx61jqFutcFbkcFCnFrgSsorLPIN7ArVJXEQNY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=4jhal/t5; arc=fail smtp.client-ip=40.107.93.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="4jhal/t5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YaurlcbBov9RxFIUpyEeg7DR/U12pmvUNP1sl91sMw3SHv3SkJu1lgE+jlX6uN0E4aXLkZ4Nr3NkL7sgALJuLy+FZdDWT2GpRDNKhS81vor5F9uPJe8eaNyLAY6UB7PO7lnDan6YYKFfgKj8lpZatb+lKVf/CsHaSFac0EByGf/ON97C62PgjW6yJ89F/L0QVMalmHQSeKszPAO6Rpkj/i61AG5U/H8ltF6O99zL5jWE2dg2xdiYBDpj0hHpmh+wgS6GiKeQEfRcX30D1Isi0KqUR6y+zClCb4Sgk/6B+r7jG0Xj7z44dWaFlLKomAzwH1nNf5LgN2nfZp6jK7Eq2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gTmz5Y+I5Y3Cfre/deyExTeyRcr++l+yG61WncPA2zo=; b=BpBQJYqRolZex2xEic4+n8tc23TVknHMmXaDP4jl2tzucG8uTaAkTTi/NJXlemsJ/kembNuHdgeYHjsghdirKwnxeRRnon00bvwloVl9fOjkZTvixWhAKW0S5HScHuZ+/f69rMLwOIKnHtm2NmAkLFa71DTAyYgfEtx8EWSgcY8NNdL8F2zaT1P6fwNl3h5UOdjYezPYNHhZYBl8LG9L5a+4uYHStLf2JjYvulWjsTWZPZA9DHg3UA62HQw+W9+BcrXQ93RAcoIFQ+RhvvEMCCQbtesDlHJfTp7UUKXuZDXeU5xulrmLKYHoTMQcwYL3UsoJIX/DfvJ6nrE79xh3bQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gTmz5Y+I5Y3Cfre/deyExTeyRcr++l+yG61WncPA2zo=; b=4jhal/t5SRgQLeSVtPYnGaH6GTxgAj1ZZF27mAw/3xF32lFYhqhQ3EazlrLjRxHux2gwqBUnIdjSrt+JRLrJ1wjUrUvEqL3b7bzj/4bXProQvupla6YTAzOERJiBX+WYo1CEJzl1uh6+eQm4xHqod5S/uDHldul+TKINTCiUdZ4= Received: from BN1PR14CA0016.namprd14.prod.outlook.com (2603:10b6:408:e3::21) by SN7PR12MB7201.namprd12.prod.outlook.com (2603:10b6:806:2a8::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.35; Thu, 30 May 2024 11:16:56 +0000 Received: from BN2PEPF00004FBC.namprd04.prod.outlook.com (2603:10b6:408:e3:cafe::d6) by BN1PR14CA0016.outlook.office365.com (2603:10b6:408:e3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30 via Frontend Transport; Thu, 30 May 2024 11:16:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBC.mail.protection.outlook.com (10.167.243.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:56 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:56 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:55 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:55 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 18/31] hw/i386/sev: Add function to get SEV metadata from OVMF header Date: Thu, 30 May 2024 06:16:30 -0500 Message-ID: <20240530111643.1091816-19-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBC:EE_|SN7PR12MB7201:EE_ X-MS-Office365-Filtering-Correlation-Id: 58954654-5eaf-4d24-bd20-08dc809a0442 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|376005|82310400017|36860700004; X-Microsoft-Antispam-Message-Info: 8p8Om6+h39y+KRV1DrXHJqpARG1avIjTNq57hHN5Qnm0IpMAx1y97hjhIpOTG7+eRMeCAiYU7RmlYRW7tw9LBPHbGweg5KVt6fUwjEXWzuMDY1m6ygR6DsGL4RNWfzgZEKBgW09BxSyk8LK8JzB85z67WKbNC50okuezfjH7HTx8vY+rsNxCy4D/cWirM/0dHxGp9hEkTRM6B3lBCJaVYWByquSkm52qk3B+N6VUJjK5Bsv18d6Hw2m2Iu13Zzr8nqVDz2yv36th3fNNSTGHJAeOK9U4i1KNK9lD8cuMBl16LmtgGS2z7UzLHU3yNfK+Je5qSm5DO9slqJEjocbRUpePgj+vXaxX9Lhli54bZdsCUeNwS61uxu3yrj4FQc5DIyf2VwdgyX8G+TBKvoUHJrEM4boslsbMIoe1O4SlRahoAl7uvm7qfeYeljrzhI3tkeyuhG+Rbn9X9l4/UKXugUPti47Lfs9+yoOa3SpYT6NIaccDviBP7uoxZoFehosfJlsgUlNDuDn9/tHRXCBlOKCc8gw3+H5ABt7ZAVr9zQCG64mZQZof5STX2STCuVVxbfphi1yA6aflMNxOrVH3KQk2dHwyWWJoqMmDcfTEK9bF2U9Vs7bkhGcffhh5euEQHRbAShYR1BysZ1q9ImqXHFxxe+fejn+lEP/Qi1KNujVO46JwmgdBHctGhR1vNPK08Z3Fj0VzjAUbWPX0KDpdb4Yy/6Mj/SvclswpCoyJKab2YOn8u+BPHWcIr9eysDO/M2ExnzRL3oTDJ6bSBYmSe/98RIqvKqZUrBAXYS3XQKIxymft9ZKzGcNWG5SRXUp4fNInbjajJH/+i0wy58LTUx76ttBCjKkzGkoWgaNyusmkePGEvIrOR5CVAIdPygYFgP4L/T86WpiB7hSbzJScFwEWJF4LuJkxmqVk6SeuhwERqxB+V7qlQQFtTzR/pdw7xEzJasLFykvQCEa9TDblW6sMQlupM/nhwtbCyRskWJlEL84ieXS8nN5OY9wJxrSApbIUot9JnCGm9NOYUGshOxY3Z+b65CtvRJwfSiKdJlq7nKL0G4mWKIMTOQIBoYmY2bC+vvSZ6trolKrh9j/Gc64+fDRyhn1Ir0598XVZbs3/raH4Uvvnsqv4UTMqBC7YFHqsQLqhIdAL4o0t1h1PRBRGYyew4PAM87gL33G23ii8EHKUyUle5THkO3sHpDh1nEXo+wTW+tCrKgBktxQFt1CKkswTz6ot7FRZB6rszqQW64sYU+AJT8hgYochXbKuz0GS6DivCNXlhUclzOiYURYUu5K3PNp8Fw0C5LhH3wxWtWknShefykEIqvWk2BmsRrW+0MdXJ6BLv/fdQOhswnx7kQGR0D8mxROENEDVUNE= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(82310400017)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:56.4100 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 58954654-5eaf-4d24-bd20-08dc809a0442 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7201 From: Brijesh Singh A recent version of OVMF expanded the reset vector GUID list to add SEV-specific metadata GUID. The SEV metadata describes the reserved memory regions such as the secrets and CPUID page used during the SEV-SNP guest launch. The pc_system_get_ovmf_sev_metadata_ptr() is used to retieve the SEV metadata pointer from the OVMF GUID list. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- hw/i386/pc_sysfw.c | 4 ++++ include/hw/i386/pc.h | 26 ++++++++++++++++++++++++++ target/i386/sev.c | 31 +++++++++++++++++++++++++++++++ target/i386/sev.h | 2 ++ 4 files changed, 63 insertions(+) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index ac88ad4eb9..048d0919c1 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -260,6 +260,10 @@ void x86_firmware_configure(void *ptr, int size) pc_system_parse_ovmf_flash(ptr, size); if (sev_enabled()) { + + /* Copy the SEV metadata table (if exist) */ + pc_system_parse_sev_metadata(ptr, size); + ret = sev_es_save_reset_vector(ptr, size); if (ret) { error_report("failed to locate and/or save reset vector"); diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index ad9c3d9ba8..c653b8eeb2 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -164,6 +164,32 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int level); #define PCI_HOST_ABOVE_4G_MEM_SIZE "above-4g-mem-size" #define PCI_HOST_PROP_SMM_RANGES "smm-ranges" +typedef enum { + SEV_DESC_TYPE_UNDEF, + /* The section contains the region that must be validated by the VMM. */ + SEV_DESC_TYPE_SNP_SEC_MEM, + /* The section contains the SNP secrets page */ + SEV_DESC_TYPE_SNP_SECRETS, + /* The section contains address that can be used as a CPUID page */ + SEV_DESC_TYPE_CPUID, + +} ovmf_sev_metadata_desc_type; + +typedef struct __attribute__((__packed__)) OvmfSevMetadataDesc { + uint32_t base; + uint32_t len; + ovmf_sev_metadata_desc_type type; +} OvmfSevMetadataDesc; + +typedef struct __attribute__((__packed__)) OvmfSevMetadata { + uint8_t signature[4]; + uint32_t len; + uint32_t version; + uint32_t num_desc; + OvmfSevMetadataDesc descs[]; +} OvmfSevMetadata; + +OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void); void pc_pci_as_mapping_init(MemoryRegion *system_memory, MemoryRegion *pci_address_space); diff --git a/target/i386/sev.c b/target/i386/sev.c index 2ca9a86bf3..d9d1d97f0c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -611,6 +611,37 @@ SevCapability *qmp_query_sev_capabilities(Error **errp) return sev_get_capabilities(errp); } +static OvmfSevMetadata *ovmf_sev_metadata_table; + +#define OVMF_SEV_META_DATA_GUID "dc886566-984a-4798-A75e-5585a7bf67cc" +typedef struct __attribute__((__packed__)) OvmfSevMetadataOffset { + uint32_t offset; +} OvmfSevMetadataOffset; + +OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void) +{ + return ovmf_sev_metadata_table; +} + +void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size) +{ + OvmfSevMetadata *metadata; + OvmfSevMetadataOffset *data; + + if (!pc_system_ovmf_table_find(OVMF_SEV_META_DATA_GUID, (uint8_t **)&data, + NULL)) { + return; + } + + metadata = (OvmfSevMetadata *)(flash_ptr + flash_size - data->offset); + if (memcmp(metadata->signature, "ASEV", 4) != 0) { + return; + } + + ovmf_sev_metadata_table = g_malloc(metadata->len); + memcpy(ovmf_sev_metadata_table, metadata, metadata->len); +} + static SevAttestationReport *sev_get_attestation_report(const char *mnonce, Error **errp) { diff --git a/target/i386/sev.h b/target/i386/sev.h index 5dc4767b1e..cc12824dd6 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -66,4 +66,6 @@ int sev_inject_launch_secret(const char *hdr, const char *secret, int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); void sev_es_set_reset_vector(CPUState *cpu); +void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size); + #endif From patchwork Thu May 30 11:16:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680203 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2056.outbound.protection.outlook.com [40.107.236.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CB4E17FAC2 for ; Thu, 30 May 2024 11:17:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067823; cv=fail; b=jnFwz0URaRkggt2YQgHq8mF0Jzd5WIHyfQMl9UYKfreoeNpHoN6edRbPCDpmsJ+84Ineu+pEwOJV6szccAaWp4lHu5bC120/JFbRz4N1ZTn6N8hYTwsoxyC8ggPqde9Uts63wlv6n7v6QTlqKH/t6v0oiUnkPYvVeEhUihoXSTA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067823; c=relaxed/simple; bh=0FJj5k82qCTHFWCHpCHu2dEVuQ0zjvp5fr+ASN0QT5E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tvmUEG/wpmON0A/h+E72A6Mrd4U01QnuhAV3sWGXd24Q62IV6YXa67BrUTVfUDfRkDgFfe+7Xl99UyZbkQ2mIOwPwMq+8yXgYOBxmT37aSiu2XLPTq3YyDH4HxBbKy90RmZVwLd2r4WDHwPX2EDDQtz4bWw9SJbjouF2OxBK5d4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=DutMLkzM; arc=fail smtp.client-ip=40.107.236.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="DutMLkzM" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZQnYN7ZvzyI6TqlGBSniwd1QGFqELh2J+lrIgHiTNXZYpF6gOwTHUK2Qvey/VkTiF76aPF9AiYpCajxXI3LRxOvfZjPgszDhQodSKECLz2wzInjEscdXuAkY3EXswW1e/y1l5WipUMCK/zRrEM57qgzF+lWeEX1wg0BNHYydJafohdbcvMMleqrZCdPIxei9rJxqLWbC01SnCxDdnbHzrG1rbQ12R2QzfjAfV28ZupKFLU7teTNoKVThc1mgPqhf536G11WHELkF38XWRsw/+KIXqa+L5Bz8PGgNtimFinjTCPNyaMkzVhguEdOQjFyl8OLJ8XVSJBXH5Pbg4qDHEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t8k002xUHSucSBrrK2ENNznXzTQLG5q5MC+/4YN/Sno=; b=h9ph1aMmLU2SXPyEf/vFl/loeahyDOKIAvR5QeQsToJZO8WD9spBz4RJJ3BF3SwkEVbefsCIsr9eXwU4u48Bku4aP5Qm/90roBhXSGzXT9Q797w5Us+Xta3fVGfpUxFyqa/LOETe1/HxSTVQHFtDNrFdNzB+L1mbP1sziQ69j7iklxwqhs31OoZRPLG9pvjo3iJ2UbN6aQnOfktyVD++JwgjQue/Ukf4GZtTMqSoXdJCANnwYufGn8vz7S7psSqjiANAwggsyL7+98DoE4E89j32XSdBOMmWQtXxJdJVWnPc8PGs/a6I9FfXsH7iWW8qFQjui3szVsj6jRrNhtAoDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t8k002xUHSucSBrrK2ENNznXzTQLG5q5MC+/4YN/Sno=; b=DutMLkzM3Y7NulVNVOmkmvVPDXXg2TpuBlqe4DK3I6Fe2dsOM55GrbQP/5ISaHrlzf+tUTRX+ns95YZWGUTwOl/ErvqozW156w++jgoriby4fn4CXTm+UPWoSmPUrM4EgwXoPgx3izh6rutGvWMEBd+Zge89+WfGXAgIBcihnKg= Received: from BN9PR03CA0680.namprd03.prod.outlook.com (2603:10b6:408:10e::25) by SJ1PR12MB6364.namprd12.prod.outlook.com (2603:10b6:a03:452::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.31; Thu, 30 May 2024 11:16:57 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::b6) by BN9PR03CA0680.outlook.office365.com (2603:10b6:408:10e::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30 via Frontend Transport; Thu, 30 May 2024 11:16:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:56 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:56 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:56 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:55 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 19/31] i386/sev: Add support for populating OVMF metadata pages Date: Thu, 30 May 2024 06:16:31 -0500 Message-ID: <20240530111643.1091816-20-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|SJ1PR12MB6364:EE_ X-MS-Office365-Filtering-Correlation-Id: 2bc05110-137c-4097-58cd-08dc809a049c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|82310400017|1800799015|36860700004; X-Microsoft-Antispam-Message-Info: gmRoaL0VZ6JFZkxq/kxOYFfMs+kNqwjbaq6V49L8jeyvu+/uxlpGxLKJfsA/ZxS2lGSm9iYVXtBu6+qZnBQwkSzrkzr+CpBZbUrYcQ729klgh8YQ4n4oPlvJYFzSeM67ofeYopygKTJs1I7LgOWxSgNueMXdQppG8cvHcgRE5UtLJ1M995e+h9DPFcBJz7T1V3jscUpfcmQqkzEkdfBNpS4+0RtnZBWpjZg5Z6wK7AoOTT3jMeo4TyVS+HaP9CpK7FwmN9WX0vdmRA9mKfMbQH6PgWcCXe+tqt+RZ8scbneyhc4SlEl18umV7Ld7pwwT7TwEUU02s+Evp+ym3v5+bgrmTkj2lNEpYKiwQCOQt+as07Te9CmMMKaIe2Pb+xOT3X0C3J9vx9V2pzScRrGzG8PzKwi168FPhL5KJNNwZ0eNnxmGGxg/EQecjV61s5RnsSsbXHlHAToceC4PNr3WWm25zCGBAjKo4iFHQT/Dy/4cIzA1xaJ0uIn0KICoNYUeZv1OBZvj7DYzHra7G59dff8twensz3VQhiMghOT8GHR8+BwodjeQIWIISa4y72dbsCRjE0bWuOSDICPVeZwcPf297QQFraV+3XH1DIA0gVZ8N85ZAo/fduO1p/504YCMR4SxZm/N4OlG/hlM4VTWcty4pEpEM6pG9+DCpcaATkjp3bFzmcV58677PhAJKysCetMfkQ3tzHR9T7I7WbX0+uAiiMAHIFe1QXiRDzrwKAy5YscOxHC4IV66wUUHRW8K6Igj9Di/cjIGN/XpAn9ZB9jQo8/foDHarzBnFkwO4NfQCEmINIRh/YIBKmt3RpxUJ1Eor4tHhDX/Gb5JUFffzvGGG38ed7tfzafWQECb/LImigE8/ukioWFdmTLB9pHNKSZ6RDqGQ0mkSkZ3CsUcs4Ir6eX6uwVjJzgodcWQQ3WeuBwq/cH+ldxSNIdqulVukHysdT4vrel8N+4K2E96M2JUKviiAXmR1yXq/Y3EQJtNxP2HOI64pQyA/m+vZ0I32ZkgL/BuZwOIZ9XGwMvNggqcGJM148S3nQLhXNMmu2JouOftd7Iah6LrqxsjbZIHO1Cwz2VJ0Oq/pGE+jHqIEgNBjSLJ/mxDtHEnw/6qaA0tc11ugEANLaRivlDO0IsHxWeb7azDLsz6JmH0U4HAfqyWpeBcxJYBBn3imCc9giwGXHSc/9InA5xYPxrOipz+THFQghPidYZNiAVCBinhvAkIxJsirZUtsPE2CJW1SO1FQ0X91L7NAWj9dxEIZJaY5LCzbV8s3C5XxkdLzM/5qpppJkaUEFPQ3W4ku8QAn/bSXZM6674zVSQDxnMK1oSuAdSYQHIEt03p9WazoNM5emZaN/pFbgLIQDaMdg3rWdHtyTncfoSYk154aNnvUCdM X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(82310400017)(1800799015)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:56.9973 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2bc05110-137c-4097-58cd-08dc809a049c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6364 From: Brijesh Singh OVMF reserves various pages so they can be pre-initialized/validated prior to launching the guest. Add support for populating these pages with the expected content. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index d9d1d97f0c..504f641038 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1016,15 +1016,89 @@ sev_launch_finish(SevCommonState *sev_common) migrate_add_blocker(&sev_mig_blocker, &error_fatal); } +static int +snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) +{ + SevLaunchUpdateData *data; + + data = g_new0(SevLaunchUpdateData, 1); + data->gpa = gpa; + data->hva = hva; + data->len = len; + data->type = type; + + QTAILQ_INSERT_TAIL(&launch_update, data, next); + + return 0; +} + +static int +snp_metadata_desc_to_page_type(int desc_type) +{ + switch (desc_type) { + /* Add the umeasured prevalidated pages as a zero page */ + case SEV_DESC_TYPE_SNP_SEC_MEM: return KVM_SEV_SNP_PAGE_TYPE_ZERO; + case SEV_DESC_TYPE_SNP_SECRETS: return KVM_SEV_SNP_PAGE_TYPE_SECRETS; + case SEV_DESC_TYPE_CPUID: return KVM_SEV_SNP_PAGE_TYPE_CPUID; + default: + return KVM_SEV_SNP_PAGE_TYPE_ZERO; + } +} + +static void +snp_populate_metadata_pages(SevSnpGuestState *sev_snp, + OvmfSevMetadata *metadata) +{ + OvmfSevMetadataDesc *desc; + int type, ret, i; + void *hva; + MemoryRegion *mr = NULL; + + for (i = 0; i < metadata->num_desc; i++) { + desc = &metadata->descs[i]; + + type = snp_metadata_desc_to_page_type(desc->type); + + hva = gpa2hva(&mr, desc->base, desc->len, NULL); + if (!hva) { + error_report("%s: Failed to get HVA for GPA 0x%x sz 0x%x", + __func__, desc->base, desc->len); + exit(1); + } + + ret = snp_launch_update_data(desc->base, hva, desc->len, type); + if (ret) { + error_report("%s: Failed to add metadata page gpa 0x%x+%x type %d", + __func__, desc->base, desc->len, desc->type); + exit(1); + } + } +} + static void sev_snp_launch_finish(SevCommonState *sev_common) { int ret, error; Error *local_err = NULL; + OvmfSevMetadata *metadata; SevLaunchUpdateData *data; SevSnpGuestState *sev_snp = SEV_SNP_GUEST(sev_common); struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; + /* + * To boot the SNP guest, the hypervisor is required to populate the CPUID + * and Secrets page before finalizing the launch flow. The location of + * the secrets and CPUID page is available through the OVMF metadata GUID. + */ + metadata = pc_system_get_ovmf_sev_metadata_ptr(); + if (metadata == NULL) { + error_report("%s: Failed to locate SEV metadata header", __func__); + exit(1); + } + + /* Populate all the metadata pages */ + snp_populate_metadata_pages(sev_snp, metadata); + QTAILQ_FOREACH(data, &launch_update, next) { ret = sev_snp_launch_update(sev_snp, data); if (ret) { From patchwork Thu May 30 11:16:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680201 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2073.outbound.protection.outlook.com [40.107.94.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 326F517E477 for ; Thu, 30 May 2024 11:17:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067821; cv=fail; b=NgUaL+Zg1HYJ+t3u++Aa2Qe+Y/piGkwOfd+/VTmkNAelPM/Zm4p+4x88rV4VTt5CaQF57n/BUuqxmzijkHyCN0sqzSp3D+BrKXz6gX7EjDyLO1ahwwcLv+dT6ADlWRLYnqNP3lCvbY4Ze/uvC5XXxXDf/rgdRBald00lbL7lROc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067821; c=relaxed/simple; bh=6tqyp+tB0MOr7suZjIe9E35EltkKY7ejWIkMjUyPMes=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UhEjQSWtSr3l7bwm4N9J8g66WHcLoqQPfrjjZtUEQJYrOn+vsLFkT9iApn3WdNuvpbHgUvfCEGQKGk8tFqQ3r1DPJ6ZlYjAfOrwkR4hT8yLssx18qbOE2w2JTbxtvrm3QOeMZDCMH4YHfpT71MzxzoacXTb2nPh4pfkpH/EcSFM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=35WQAj4V; arc=fail smtp.client-ip=40.107.94.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="35WQAj4V" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=REgLEV0MHbtQiKU8alIeZ1Bibkxt8h+DowJbbC+/Ur4y+YxEZ4lQHf3JOv/d6vCBkGnzLgUrvQdZq+D1pqK8yhZPd8DyZBXq82KXve34w51XvbOoDozDizNwf6sTuGRT+PWEyDUtX1vwd8BRBYYAHdZhfMbWiOLa7AGvMM7wLFFf4dJ1DsXdoW4S/GCeGrqdoGyj67ci1TxwODcVcngj9Cgl/PfwZn75TTDEk8r3RaBz4txIba84O3yShBanoFALAOmUkSpHKbZeELvdV/zmvkSVFbfRBn/89WRr5Yd/owdFMpbAn3gpstyfqorQmFTnUIBXwyOcAH6lG0tASYd1rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=myz/OvrCeXJ+Ohz2p34NR0s0hNu/t1UoCES5N6izqV4=; b=S7A7y8UmsGGKSNtqPweWGO6TQagxCm/m9Hw683JMTWfhwHInfIxFP+ZzPoENO1OyD4Jxv1nEWbVPpps859cFmKL5pkczmS/cMBanUysPb7Yi0l+6zsWi3vK4Ul5xT9HpWkIIEENLFS8b/nYaw9vMwdYqm/pl/3MMOCE4lsTXbtS/4tnmATdd4iRTyplcIOfR1Wtxo+XoOjhjsqS76C40036OcaAZQ2QApig3Rl8N/49J1TxcNzJXklf/F2yxTdw3LgwUj2aCFhxXLnF/yv6hFfSs3GI8gC/7BLzxG9nbZ43WTMpgWL/9Wzv+kFvfVTuXyDv7nmyfwrzY22xzDhK7hA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=myz/OvrCeXJ+Ohz2p34NR0s0hNu/t1UoCES5N6izqV4=; b=35WQAj4VtZrvY7flbQDixetU4rYfJ+M3YBkOhJJb4hvoqo+0EObS6UUsXkh+oVcyfj0G96jdUW00hocRziGCI5FZsZfU4A+OlsCqtrCo9NCnBwK2CGjuPZjwm6RPyP7rB0wbcyN2FDmMWb/gqCY/60MveJi9GChdcmP85AufpmE= Received: from BN9PR03CA0763.namprd03.prod.outlook.com (2603:10b6:408:13a::18) by SN7PR12MB6982.namprd12.prod.outlook.com (2603:10b6:806:262::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Thu, 30 May 2024 11:16:58 +0000 Received: from BN2PEPF00004FBF.namprd04.prod.outlook.com (2603:10b6:408:13a:cafe::15) by BN9PR03CA0763.outlook.office365.com (2603:10b6:408:13a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:16:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBF.mail.protection.outlook.com (10.167.243.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:57 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:57 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:56 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:56 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation Date: Thu, 30 May 2024 06:16:32 -0500 Message-ID: <20240530111643.1091816-21-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBF:EE_|SN7PR12MB6982:EE_ X-MS-Office365-Filtering-Correlation-Id: 05576c1d-3b98-421f-10c4-08dc809a04f8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|82310400017|1800799015|36860700004|376005; X-Microsoft-Antispam-Message-Info: XJmNklQ27txhHDYsrTOdfi/nLHYpKGjiO1vV7Q29j0szCEKHFWCeGksxPkx3eBqvEv8UVsfPCkDBdqRi/UzJcOIDC6Vc7f9E2n5MfXudUa8ZyedokJBNPL+Jcev/IDA1aTlxgTspfbQhCoWXbfX95P2O7avoo17ce2YJ1ZNUz/Cczn0hY6ltVw3bt0Wq+8PvW9BVjiQJJDjX5wEBaNr/EB0OWWQPLuwV7p0+fR5FHY26/Kh70DLB8j6cA7NDBsJ4YJ0rGHw9a7OgyMR8o+m950Ijf3jxZnmAdQFp8sE+1+pq896w5dqhojrMA6UWU2bvgHvJprU37FiZKHLokQ5gaOrnH7G2LzbQrRj81VTaq+zKYnzLYgcfIojLVZBRYsLfgzvoYEShjz/5h/LannueCr4xKTvGsp/pbiJscr4PPd2RPziN9eG9J8WYSy/56bDfv8YGZCw3TuFVmdHz7wZgMzubKgK813LeSQtdHGCAuNIlDZPrGDJj1EcyWMyOs0mo2w/ETncqUvHycd4ebYXo42ijd0e0x+qSoIu8a36PCISt3gWsuz2QVtenAUqzRSoI/e43muMIHcqjIxnlkN9elnHBpZw75CKLiN4W7I+Q4BkgOvF0N+V2btxkaC3WIF4XAA6LTj9ZOa5Q1ErxfT1hM1sPxitUZ5V0BB/t5JjFPO/MSdjzhCVgDMgK69IXktwXxZoj3bmRjHAn2H86E/usJ0DzkIntSvlAOynaYltMtHxSr3e/q2MVpHhYQt3uuxFFed3LNAEeC996HJTRXTE9XZnmzwBVlfouIySL0zeOgBdpQuztKvjQbIq7O3UInDM8zeNxzlCoshBnSGoYSErJFkzduNKC2zfOqR+WWNDNHxqq7dpztlvzlWj8s3OGB5yjItqY7nXoCHXYCRs4ktKtOC3W7HI0MPSqJIef263DMJ88OMFSfdNq+562Mi3XXFoilwqO8B/nVRzwD5znc2zEn0fscJrGuD0xJDjVQr3UQmfnr2OWG8Wf6zqbQUcQDnvx+01gN8+2q80rPoY1m7J2TSdeMydNSPPrFsdvaIMwzcXM0C1Re7GGdH825/oDYBv1oWgi5jbekCiBH00GhwlxXwEPmu4/nv5HUfDhR6MepPevoemnAoBDGhjnGh/f6JSn/XKlGELsMJTQWP2570MjCwHt/zaqmtYOxKwI8km35dInk/KS0HxkGOlCeRRTLnW3MGEayHMyQ7wlIXncVMWUFzAZSSAWwKQ7qgUXwh1AsQ0UJmDpwJAZPQ9TFFGTu2GSr1O2pukKnSRgUHqOF/hNkxRAj4HToOPPXK/+zyZ1KTUCONLV2Y+50pTV62O49qibaVGh6lHJYO9MdW2etjih3nHv9pI6Iij8MK57O0EC9Rv6xSk49oYbVAYYPxeqid6O X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400017)(1800799015)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:57.5984 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 05576c1d-3b98-421f-10c4-08dc809a04f8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6982 From: Michael Roth SEV-SNP firmware allows a special guest page to be populated with a table of guest CPUID values so that they can be validated through firmware before being loaded into encrypted guest memory where they can be used in place of hypervisor-provided values[1]. As part of SEV-SNP guest initialization, use this interface to validate the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest start and populate the CPUID page reserved by OVMF with the resulting encrypted data. [1] SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6 Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 164 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 162 insertions(+), 2 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 504f641038..4388ffe867 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -214,6 +214,36 @@ static const char *const sev_fw_errlist[] = { #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) +/* doesn't expose this, so re-use the max from kvm.c */ +#define KVM_MAX_CPUID_ENTRIES 100 + +typedef struct KvmCpuidInfo { + struct kvm_cpuid2 cpuid; + struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES]; +} KvmCpuidInfo; + +#define SNP_CPUID_FUNCTION_MAXCOUNT 64 +#define SNP_CPUID_FUNCTION_UNKNOWN 0xFFFFFFFF + +typedef struct { + uint32_t eax_in; + uint32_t ecx_in; + uint64_t xcr0_in; + uint64_t xss_in; + uint32_t eax; + uint32_t ebx; + uint32_t ecx; + uint32_t edx; + uint64_t reserved; +} __attribute__((packed)) SnpCpuidFunc; + +typedef struct { + uint32_t count; + uint32_t reserved1; + uint64_t reserved2; + SnpCpuidFunc entries[SNP_CPUID_FUNCTION_MAXCOUNT]; +} __attribute__((packed)) SnpCpuidInfo; + static int sev_ioctl(int fd, int cmd, void *data, int *error) { @@ -801,6 +831,35 @@ out: return ret; } +static void +sev_snp_cpuid_report_mismatches(SnpCpuidInfo *old, + SnpCpuidInfo *new) +{ + size_t i; + + if (old->count != new->count) { + error_report("SEV-SNP: CPUID validation failed due to count mismatch," + "provided: %d, expected: %d", old->count, new->count); + return; + } + + for (i = 0; i < old->count; i++) { + SnpCpuidFunc *old_func, *new_func; + + old_func = &old->entries[i]; + new_func = &new->entries[i]; + + if (memcmp(old_func, new_func, sizeof(SnpCpuidFunc))) { + error_report("SEV-SNP: CPUID validation failed for function 0x%x, index: 0x%x" + "provided: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x" + "expected: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x", + old_func->eax_in, old_func->ecx_in, + old_func->eax, old_func->ebx, old_func->ecx, old_func->edx, + new_func->eax, new_func->ebx, new_func->ecx, new_func->edx); + } + } +} + static const char * snp_page_type_to_str(int type) { @@ -819,6 +878,7 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, SevLaunchUpdateData *data) { int ret, fw_error; + SnpCpuidInfo snp_cpuid_info; struct kvm_sev_snp_launch_update update = {0}; if (!data->hva || !data->len) { @@ -828,6 +888,11 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, return 1; } + if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + /* Save a copy for comparison in case the LAUNCH_UPDATE fails */ + memcpy(&snp_cpuid_info, data->hva, sizeof(snp_cpuid_info)); + } + update.uaddr = (__u64)(unsigned long)data->hva; update.gfn_start = data->gpa >> TARGET_PAGE_BITS; update.len = data->len; @@ -855,6 +920,11 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, if (ret && ret != -EAGAIN) { error_report("SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", ret, fw_error, fw_error_to_str(fw_error)); + + if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + sev_snp_cpuid_report_mismatches(&snp_cpuid_info, data->hva); + error_report("SEV-SNP: failed update CPUID page"); + } break; } } @@ -1017,7 +1087,8 @@ sev_launch_finish(SevCommonState *sev_common) } static int -snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) +snp_launch_update_data(uint64_t gpa, void *hva, + uint32_t len, int type) { SevLaunchUpdateData *data; @@ -1032,6 +1103,90 @@ snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) return 0; } +static int +sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info, + const KvmCpuidInfo *kvm_cpuid_info) +{ + size_t i; + + if (kvm_cpuid_info->cpuid.nent > SNP_CPUID_FUNCTION_MAXCOUNT) { + error_report("SEV-SNP: CPUID entry count (%d) exceeds max (%d)", + kvm_cpuid_info->cpuid.nent, SNP_CPUID_FUNCTION_MAXCOUNT); + return -1; + } + + memset(snp_cpuid_info, 0, sizeof(*snp_cpuid_info)); + + for (i = 0; i < kvm_cpuid_info->cpuid.nent; i++) { + const struct kvm_cpuid_entry2 *kvm_cpuid_entry; + SnpCpuidFunc *snp_cpuid_entry; + + kvm_cpuid_entry = &kvm_cpuid_info->entries[i]; + snp_cpuid_entry = &snp_cpuid_info->entries[i]; + + snp_cpuid_entry->eax_in = kvm_cpuid_entry->function; + if (kvm_cpuid_entry->flags == KVM_CPUID_FLAG_SIGNIFCANT_INDEX) { + snp_cpuid_entry->ecx_in = kvm_cpuid_entry->index; + } + snp_cpuid_entry->eax = kvm_cpuid_entry->eax; + snp_cpuid_entry->ebx = kvm_cpuid_entry->ebx; + snp_cpuid_entry->ecx = kvm_cpuid_entry->ecx; + snp_cpuid_entry->edx = kvm_cpuid_entry->edx; + + /* + * Guest kernels will calculate EBX themselves using the 0xD + * subfunctions corresponding to the individual XSAVE areas, so only + * encode the base XSAVE size in the initial leaves, corresponding + * to the initial XCR0=1 state. + */ + if (snp_cpuid_entry->eax_in == 0xD && + (snp_cpuid_entry->ecx_in == 0x0 || snp_cpuid_entry->ecx_in == 0x1)) { + snp_cpuid_entry->ebx = 0x240; + snp_cpuid_entry->xcr0_in = 1; + snp_cpuid_entry->xss_in = 0; + } + } + + snp_cpuid_info->count = i; + + return 0; +} + +static int +snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, uint32_t cpuid_len) +{ + KvmCpuidInfo kvm_cpuid_info = {0}; + SnpCpuidInfo snp_cpuid_info; + CPUState *cs = first_cpu; + int ret; + uint32_t i = 0; + + assert(sizeof(snp_cpuid_info) <= cpuid_len); + + /* get the cpuid list from KVM */ + do { + kvm_cpuid_info.cpuid.nent = ++i; + ret = kvm_vcpu_ioctl(cs, KVM_GET_CPUID2, &kvm_cpuid_info); + } while (ret == -E2BIG); + + if (ret) { + error_report("SEV-SNP: unable to query CPUID values for CPU: '%s'", + strerror(-ret)); + return 1; + } + + ret = sev_snp_cpuid_info_fill(&snp_cpuid_info, &kvm_cpuid_info); + if (ret) { + error_report("SEV-SNP: failed to generate CPUID table information"); + return 1; + } + + memcpy(hva, &snp_cpuid_info, sizeof(snp_cpuid_info)); + + return snp_launch_update_data(cpuid_addr, hva, cpuid_len, + KVM_SEV_SNP_PAGE_TYPE_CPUID); +} + static int snp_metadata_desc_to_page_type(int desc_type) { @@ -1066,7 +1221,12 @@ snp_populate_metadata_pages(SevSnpGuestState *sev_snp, exit(1); } - ret = snp_launch_update_data(desc->base, hva, desc->len, type); + if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + ret = snp_launch_update_cpuid(desc->base, hva, desc->len); + } else { + ret = snp_launch_update_data(desc->base, hva, desc->len, type); + } + if (ret) { error_report("%s: Failed to add metadata page gpa 0x%x+%x type %d", __func__, desc->base, desc->len, desc->type); From patchwork Thu May 30 11:16:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680210 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2043.outbound.protection.outlook.com [40.107.236.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F08D6F2F7 for ; Thu, 30 May 2024 11:17:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067831; cv=fail; b=aJYUxrJf/NE7qiFfxMvkcIi2mPpPB3HZyszV2070jDluHSP5kciYxpHNBo9N40bd9TPyiW/pvPPPUbF8FfYdhv8ePAw0pBCWrZS3TY+xHZmwbZEyReMSl/KCsxBU3oluc9hDAwgN3Fxye3B5LSWtWLPkVEc8+N0FbjC/xXnapS8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067831; c=relaxed/simple; bh=3euVNwsIFSvZDx1XXKRt12QdXmwZ94Q8sJLNhbn3EX0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=r5BjCVDnIU2o8jFFU/6J9PkDj9bKZwyVpji9Mjlw7Xf3j7R3ls72ZxCaLxCOwkIZ3B+S+Aa8bQnDz62Jrpm399Rq+rvXvLMplZmpBj150rkgCey4sTvXspH6P4GpjqnVbmdFhiYUTMyx5U+h0TC2fYGf65+JLKzMel0fvTbZcGM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=zcbeVi3k; arc=fail smtp.client-ip=40.107.236.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="zcbeVi3k" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cL69pESnpYLjxXNxBHCbsRWq3DFf8ywaKzOnX/U7uFzH3Z4/Ir/vGOJcMsluIz+DaiqeL7aliJOUzcfwka24EVHUyzh0I1NUlgKvm+zDqukf9v/IwZq892Olr0twNrbA1SlWBPsN+9KQzN7VEDo2oLwBE3Gn+kZsoTOL2HE6OPu9AyEYxMCzAvwMhF04B3/xZrbto6Iq+zVhIcGp8WWlRxg5pNRd2oLdNhUTkUaqE/GinHMRugf+a8cLAd8dktP+t+uTasdxqoTPHgnm6427BupWyOqt2x+j5njPpUhO9APLJSmQ2m5uqtRkix/JPE+Zk/bVa6eHmpoSwDJtqNLhhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=68tnYI6ipZ8mBahj5St8AOyJU76kc67TAbkPM3BQUuQ=; b=UatOY1ZcFnvywQ0JeQ2kH7+bW6seFkLCtrB/tm2o9VHCtmXtkkpbaWjfJ0YNXFINdk/3UIVjwb/pFxWa+VQD6fc1GdJyI+zP7E2fEe5GXYJU0UpdNDeb8nMnWRxU8Yh5SdpaY9I+ZNYY55931Acm9Mh3+Nrca9J7DbEEBiuIDl2v3Cjgm9A1CMhiBG7/aQv0+a2fmf2StpXIjKf23g8DM8TJuVmWXgC2fMbYF+tzN9ZF7PliPrMf6burNRsvwnG5vLi386+X+GfWjBU7XGg9pgYF2hnVHf3VH9PH7K/FlsItzq/WFpzUrtJG2ausr9Rj0sgUPTGYrfpKFTLibl/oEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=68tnYI6ipZ8mBahj5St8AOyJU76kc67TAbkPM3BQUuQ=; b=zcbeVi3kwznfCoNR9EwsrhijPkyKMl31yhixfRgEgeEe7qCzNY7XGHFejg5qTE1aALcnMmDDYZvxzf2JCJ9z6Yvrq2L2Lw2TW0HfOJGeVmLXSz17YBJrSUSfLTEvVl8llUAGunaq59C0H5s8bEd521PrgOvxzPRaMoqbG+eB9TA= Received: from BN9PR03CA0670.namprd03.prod.outlook.com (2603:10b6:408:10e::15) by SN7PR12MB7856.namprd12.prod.outlook.com (2603:10b6:806:340::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.20; Thu, 30 May 2024 11:16:58 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::18) by BN9PR03CA0670.outlook.office365.com (2603:10b6:408:10e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.19 via Frontend Transport; Thu, 30 May 2024 11:16:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:58 +0000 Received: from SATLEXMB06.amd.com (10.181.40.147) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:57 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB06.amd.com (10.181.40.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:57 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:57 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 21/31] i386/sev: Extract build_kernel_loader_hashes Date: Thu, 30 May 2024 06:16:33 -0500 Message-ID: <20240530111643.1091816-22-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|SN7PR12MB7856:EE_ X-MS-Office365-Filtering-Correlation-Id: 1db6d0fa-2c05-461b-5036-08dc809a0556 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|82310400017|376005|36860700004; X-Microsoft-Antispam-Message-Info: o1/wygQbTLs6vnev5n5jBA9Lnn9Rl4F7Bj9fjG/67aTfXbgFN6pUXzIWlh6snrRfM8KSDpdMCGz13nmIjF3fdwp4yCuaReI4cMled9D995UERI0etwgP3XXJW7NcmLMQ9280j9zslqFsHXnc2opNPnF6YzVgUIIpwK0OC8biku+Iw2WnDgsGkLDrJe+qV0GpVfTh3028vIGnRQDDwMtTvu6+DwKfK8YCB1HBIk2e/p76bhnHYTmNaKbw5HVd3J/SMP2AsUeZkmYpfASiC1THNrsNdddh/ggueiQ+C3HEIsRFDhKZDjpW7XtHqAbHuN6g506Vt4d+KI9SZf6sBB5s+x09dqEj9gYU2U23vvmc6uzvaI4B5ywm1uFYbnYL7Z1vPb3Rngd+FN8Nj+cCWwDoFTUhZNFpAl/sRhhSugF0pkY7YqrzY75bpsVjOsGgyp9rUTH+hGct2HzenmcJWxPFb7L7yfD665vQqaCYzArxd9T9qk8XrHuy36cw0oM+qL9OjIdYpCNh5Jth2HMAyxCmf8G+RYv98H9OWAq7kgwQHXWH6vIYi901JFdSxIfFppK2qna1Ht8XWTAnMZ53GcLxe90CcGEykcaG9c+Bih3rb5cllrg7qz79qDoYbpJanoq9XjXk0iJ5w0lEWYPOdYkLHFkIIZ2uTSYpBaZSeDQy91FdgBm30otc4i1ZQRJEeBzZnzcSWTSPqb46hIWc/b1yxw3M/7edLe+iiyS9BqAYbgI3bUi4RLg2HL2jIcEuwwdnZisQyhRn84IcdlLAPdwyBKn83G4vJZlLkmMceH/Ib1+LE5cahJ6BIyxhmoBzoNJp9LwXIDQeK9ww3rbUth8pUADsnTOY45IDhV62I4gePkgrDMldUfGCOZ28gL5tnxDY+fgIStcl+3WgeWLEMLDPSdBJD3fjQYJ51Ow7kvU82hMSB9Wa7KKzGTQa0r6exYJZUfwpGBaB32iBXDOuhmp3s5E6WfPNLcfhzOOSLEdw+ReZB0jiG4+Xpj8UJW+DdTM4nMycMp5v/AbqDEJea1n6KdaF56KwuFliM86eLWaYg3AHkvpgc1mNAFcmGQbJlomVS0kG/f37HpoGG7grR0a9sRnDJCI/1bnHifVejlYtYsEvTWvmmdGKzakEDT0vAbv7hfBCGooubf/dukIzLBYNzjMF2vzYFhu7aNTJ+JXLW3imOIMO2jDgkciz/kDxYlqmRvih81VhwZjkKY91crMfKKHjwUthd12mSudimk+T7cBM5+AH2uG3MC3LTTyGjuEBKebbRGXbK1LK7Jzm0V/2PKuqQFBz7Agoo5VIKVCK2pWVEiOrhyYKLts7vQK6OWrzWxtMibJtzMlzVnBe8fSP5z5p9rjHmUTNZUP/YG4eQkZIMH3URuX+7B33nFb4e2ri X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400017)(376005)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:58.2160 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1db6d0fa-2c05-461b-5036-08dc809a0556 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7856 From: Dov Murik Extract the building of the kernel hashes table out from sev_add_kernel_loader_hashes() to allow building it in other memory areas (for SNP support). No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 101 ++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 43 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4388ffe867..831745c02a 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1751,45 +1751,16 @@ static const QemuUUID sev_cmdline_entry_guid = { 0x4d, 0x36, 0xab, 0x2a) }; -/* - * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page - * which is included in SEV's initial memory measurement. - */ -bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +static bool build_kernel_loader_hashes(PaddedSevHashTable *padded_ht, + SevKernelLoaderContext *ctx, + Error **errp) { - uint8_t *data; - SevHashTableDescriptor *area; SevHashTable *ht; - PaddedSevHashTable *padded_ht; uint8_t cmdline_hash[HASH_SIZE]; uint8_t initrd_hash[HASH_SIZE]; uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len = HASH_SIZE; - hwaddr mapped_len = sizeof(*padded_ht); - MemTxAttrs attrs = { 0 }; - bool ret = true; - SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - - /* - * Only add the kernel hashes if the sev-guest configuration explicitly - * stated kernel-hashes=on. - */ - if (!sev_common->kernel_hashes) { - return false; - } - - if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { - error_setg(errp, "SEV: kernel specified but guest firmware " - "has no hashes table GUID"); - return false; - } - area = (SevHashTableDescriptor *)data; - if (!area->base || area->size < sizeof(PaddedSevHashTable)) { - error_setg(errp, "SEV: guest firmware hashes table area is invalid " - "(base=0x%x size=0x%x)", area->base, area->size); - return false; - } /* * Calculate hash of kernel command-line with the terminating null byte. If @@ -1826,16 +1797,6 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) } assert(hash_len == HASH_SIZE); - /* - * Populate the hashes table in the guest's memory at the OVMF-designated - * area for the SEV hashes table - */ - padded_ht = address_space_map(&address_space_memory, area->base, - &mapped_len, true, attrs); - if (!padded_ht || mapped_len != sizeof(*padded_ht)) { - error_setg(errp, "SEV: cannot map hashes table guest memory area"); - return false; - } ht = &padded_ht->ht; ht->guid = sev_hash_table_header_guid; @@ -1856,7 +1817,61 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) /* zero the excess data so the measurement can be reliably calculated */ memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); - if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) { + return true; +} + +/* + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page + * which is included in SEV's initial memory measurement. + */ +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +{ + uint8_t *data; + SevHashTableDescriptor *area; + PaddedSevHashTable *padded_ht; + hwaddr mapped_len = sizeof(*padded_ht); + MemTxAttrs attrs = { 0 }; + bool ret = true; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + /* + * Only add the kernel hashes if the sev-guest configuration explicitly + * stated kernel-hashes=on. + */ + if (!sev_common->kernel_hashes) { + return false; + } + + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { + error_setg(errp, "SEV: kernel specified but guest firmware " + "has no hashes table GUID"); + return false; + } + + area = (SevHashTableDescriptor *)data; + if (!area->base || area->size < sizeof(PaddedSevHashTable)) { + error_setg(errp, "SEV: guest firmware hashes table area is invalid " + "(base=0x%x size=0x%x)", area->base, area->size); + return false; + } + + /* + * Populate the hashes table in the guest's memory at the OVMF-designated + * area for the SEV hashes table + */ + padded_ht = address_space_map(&address_space_memory, area->base, + &mapped_len, true, attrs); + if (!padded_ht || mapped_len != sizeof(*padded_ht)) { + error_setg(errp, "SEV: cannot map hashes table guest memory area"); + return false; + } + + if (build_kernel_loader_hashes(padded_ht, ctx, errp)) { + if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), + errp) < 0) { + ret = false; + } + } else { ret = false; } From patchwork Thu May 30 11:16:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680205 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2062.outbound.protection.outlook.com [40.107.101.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8618174ED7 for ; Thu, 30 May 2024 11:17:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067824; cv=fail; b=In7r9bVyEyMf0Sus/3hE7ONrZb//eOXYzWIH3haCXOOeK6W8GggxAJrSVzQ2K9v/SJaGVOn7dJ7vrTPaFXmExzYdUFZ1KVJTDGnVjQuaV2H8wmCkl3MiEsKgW6O5iW1xXn8R4T8sHycLJlvCWokNiM07ytp6moVe+Kyb31Mtmhk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067824; c=relaxed/simple; bh=FVJKOIBu77Gl7kDxyBMCUKM0ZXFXTifH3XewloDo8Bg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WAwCDzQbnZoe0bCgWioeXxY3fKI0n8cZ8R92TPICWsXzfUBqh6MZlV8x27PQm9idF9bvW/9XGxZpN/2Fm9RFjAjHZOw6NTux1LQw0pMks1pfPTSx57SOAbSo+WRjLbKZDVAcowRYTh2ArJs8tK2Q1NwQfKom3exKAuyKB8pQnt0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=pHwJIGPE; arc=fail smtp.client-ip=40.107.101.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="pHwJIGPE" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=deFVHARsoKXEhhQNrIJI9WpLmI0Cth79mP7DOokyEH+9cr5ILm9BFW8XQTuE5C/zb2ZwZB7b8MP3TgyAzZjjBwAWiDR6lRseHoDdYwgzh088v6miEvJxB0065RxeHMig5Hpe4F0m1jsU4YvtdEiKkK1awtcDCUNZ0Z7ih6NMBuzW+1e0N50eAGbFojcckGQoActD57ZXwJ0m6Z6XkcsDo9M8E2pHimtlmfFSyiQqH8xc1YdecAtdYCdmNiu3S2C6+ukSVRy2N5SJADaMx+8ZmYTQDv/RxDvIfdun8KHREtztuIz0mkXyhIKqn7wjZ/2Ag8n7t3lGfIEeJLobSu0qaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hio30L+gaL8Hs9rnhopAJkQw3InmhiLjJwr19Q0Ln50=; b=VwZGRI3h+BRUrb9nZDQ/WtaGZ+i+892NqUU38AO1L3gCXkStYxo3GT+cgV4DHxRqW0zQQlsjQIUiNkpENIDosVIGa0GczieIkkKG1ogy8V0S3K/bMijSxSwb52khpEMD8Y1Cf1YKo+fTLMvXSgHjEJQjIA5Bb4uBetccl55P1hu1KaK4aAmLg37wrevfub451phHiD/Fjt+1FmbO7x3HIFC8YMwMzGHNPnXlUSz9jzzPX6s++yfubHCSsYdvyrtg3pEOjudFi5ctJSZC29Of7Yi1tQOziqh4F1m5lShOAGTIVypm9n+OOMyRtuw39fHHdUNX1S17AL3wFbbNj3Qwgw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hio30L+gaL8Hs9rnhopAJkQw3InmhiLjJwr19Q0Ln50=; b=pHwJIGPES+ADjKDYARdXh1PueLHBO/sWNXwrBNr4/6/sNQFjZW+sSL/PZJOsBZGZdC2MoLYGIlm/X0zFDsASsVu2xyjM+06dEKJHMQ3pExfpCUrSYVCGoO2CjBjQoYSwrFkM7RHojFkbHTqJbpMGGMLIqlcOBeoBQryGuY0SORA= Received: from BN9PR03CA0669.namprd03.prod.outlook.com (2603:10b6:408:10e::14) by IA1PR12MB8312.namprd12.prod.outlook.com (2603:10b6:208:3fc::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Thu, 30 May 2024 11:16:59 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::6b) by BN9PR03CA0669.outlook.office365.com (2603:10b6:408:10e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:16:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:58 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:58 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:57 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 22/31] i386/sev: Reorder struct declarations Date: Thu, 30 May 2024 06:16:34 -0500 Message-ID: <20240530111643.1091816-23-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|IA1PR12MB8312:EE_ X-MS-Office365-Filtering-Correlation-Id: 72db8b64-d36e-4502-376e-08dc809a05bf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|82310400017|1800799015|36860700004; X-Microsoft-Antispam-Message-Info: XNwZXRlNVGu1j6d4y/5nrfUqas5mxUNT3B/dwbG5/3/DY4XRBKWxMkzgu7rFHwYMVk8PtPTJpBzbvBMBrrX0D2z50wZP44EJm8O+mrwwkrJY60CjWnBsGx5VkM8Pn1igQD05m2AuAZ1qQvMA//3XFohA9jfYezDUdgBeXYQSb9Hwp8Uruz+n8qRG/UknTQsmQqqLm4S3yA92fMopwEBy+Q+J4zWIH1bjzsLmVo7/RmpCLefqiyTsYX+zdfef9MUBa5OCYLCmBlJBXYgZnWE0q56dFyOCX6bcAk/09YOBjy/ZlefPLzk7USsHoBvtkepwpPTBjOUH3H1v6/AP+q0Dnc9h+TC2W/DykEJ7hGPZ5AWfbAD7O+5TvAHkA6IDWw9mQY34dM6PdDc3wTWoJQCNnq3WRgSOLM/alLAmds5zBwHMdx3R+7jbK50wm6upa90WVRg9zj2ohUlrrdooVqi+5iFmSSLA5gREgroYxyPD+7SxVlYtl9wS8jXhOb2RKWweWJYLCdV+wlCjPuu9xxYWprY/z8RzQ9d/eTZom3tTnQGtgBvhvDfrGyFosamT6+ywG7zOgonFwUoaj/3sG+dEq9vbCMeR5mIhEAo8QEy4LUboSIkJggeolCYT0KU+TUvjOSk1RPT1yV7WRYOdpR1XA0Z1eQCviq0OKpoifa1hFBgw+E0shKgAdiPDfRHIOX5VaOncSdct8mzSEk8JLgYJKvNYQeBFM+X09gBj3V4UtTWTJbWqX8hWkW5P9RDasTQ/plfJMZU3cTiAfXh8B2eikcGA6bjqsDCMtnYSOZq/PCpojQR3A0fPIjujxV+TA02CFD/0+UvPlQRQWhlzqQgkUv2IUnV84lLs/mwppqOmRUHHJepuhCn4V/J2pIW/qPEbtessapZFcFSqjYWNBwH5/7rQFxlUyTYh+zUTn9BGdpltPQgBTA3WuRmk3SnrXXlb3uAoXBvdI3DzgB5iiRJRb6vXFm03+aAW6byMTrYZMwCBJ7sjWxzt5FZiJrg7HVLXgV6ERGnJBDObYWD+NJSoalqqIB1JoWIzJ4ZgoA/RM+AuWs9dkI3p9wFiuqTCXEB8+FaWhySpLbnB+iJp37VYMwu9fNnN9uX/JD4oHFfyq7B/+wpJFCK514WcktGCjiW1khfgopbXvSgo8wcaOfp5HDVj9hJOukcLQ8Vo8F/DsM15Ew2In35Z/UjNJeEN8OsKw/j/7RYpFGNy1ozydpMq/ecxFdEsksQ+mtmx5nWR6XOrYVtmibZ35okcqGjBRoixGL1Tb6RgxGTgRvPlgzWRJu2aFY6iwfpqp+oNVJU0EKIckSRkezEDCGhKVSIJUWwvWbjiKrT3gWVBnbpnKinaefRbZvrjY2e/hiuYS1DiFLjPrXAY2f6+P2kWVUvNdmzw X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(82310400017)(1800799015)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:58.9035 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 72db8b64-d36e-4502-376e-08dc809a05bf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8312 From: Dov Murik Move the declaration of PaddedSevHashTable before SevSnpGuest so we can add a new such field to the latter. No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 56 +++++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 831745c02a..1b29fdbc9a 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -45,6 +45,34 @@ OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) OBJECT_DECLARE_TYPE(SevGuestState, SevGuestStateClass, SEV_GUEST) OBJECT_DECLARE_TYPE(SevSnpGuestState, SevSnpGuestStateClass, SEV_SNP_GUEST) +/* hard code sha256 digest size */ +#define HASH_SIZE 32 + +typedef struct QEMU_PACKED SevHashTableEntry { + QemuUUID guid; + uint16_t len; + uint8_t hash[HASH_SIZE]; +} SevHashTableEntry; + +typedef struct QEMU_PACKED SevHashTable { + QemuUUID guid; + uint16_t len; + SevHashTableEntry cmdline; + SevHashTableEntry initrd; + SevHashTableEntry kernel; +} SevHashTable; + +/* + * Data encrypted by sev_encrypt_flash() must be padded to a multiple of + * 16 bytes. + */ +typedef struct QEMU_PACKED PaddedSevHashTable { + SevHashTable ht; + uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; +} PaddedSevHashTable; + +QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); + struct SevCommonState { X86ConfidentialGuest parent_obj; @@ -154,34 +182,6 @@ typedef struct QEMU_PACKED SevHashTableDescriptor { uint32_t size; } SevHashTableDescriptor; -/* hard code sha256 digest size */ -#define HASH_SIZE 32 - -typedef struct QEMU_PACKED SevHashTableEntry { - QemuUUID guid; - uint16_t len; - uint8_t hash[HASH_SIZE]; -} SevHashTableEntry; - -typedef struct QEMU_PACKED SevHashTable { - QemuUUID guid; - uint16_t len; - SevHashTableEntry cmdline; - SevHashTableEntry initrd; - SevHashTableEntry kernel; -} SevHashTable; - -/* - * Data encrypted by sev_encrypt_flash() must be padded to a multiple of - * 16 bytes. - */ -typedef struct QEMU_PACKED PaddedSevHashTable { - SevHashTable ht; - uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; -} PaddedSevHashTable; - -QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); - static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { From patchwork Thu May 30 11:16:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680202 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2068.outbound.protection.outlook.com [40.107.223.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDD8717FAB9 for ; Thu, 30 May 2024 11:17:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.68 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067823; cv=fail; b=YhJR9weCJEz37WTkVxvJZG0rzxTUxqUlyCWWmv/dcfHtpo2uKrUje5zswnItKAvm/t8RW26y+y87S+8F/n0JhevJX/4LYRekLl+2Z8a8xzWHFabiMtH8ox4iFf6oElmTyI3TJ4CjIR/LpaFGaS59atXBxYW/qOgx2yY75uq7oBY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067823; c=relaxed/simple; bh=B6S0YiSoGojLLq3cC2TXcXnpku63rweiz7gw15iP0IY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=erOAMjsyfIRxGz6cqpVowk2F/BRgG2syLgSiA/0iubcUXCk8Vqs+ZrL1e/adhrx71iXUc/0qA5YXos+r5jD8AKDw8stBti0cBc3HQWtiggKLzBi5avSBuzEMVnWPISBIhQQMGiHZN+GFetNR52xlFwXKNek8UG+D/r444JyIe7U= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=qQoL/7dU; arc=fail smtp.client-ip=40.107.223.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="qQoL/7dU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hsWZoc6cBCyjLdah1pWxpm/Us3/CdjmzuoDR/clgHCTpmb5X2mR/0fA6n+hJFtzRcniML6puSTXAYz2JUipwqwsmqniDmIiOheDSLAqkvLKEub8g7s+o79Vob7KFIoyix8gL6NeAIMdOvvixuggiBaTYj1E6u1J1dbauch5rdCO4XfyWp8BNpnNPGbG7i9vuYxNjtxyFsSEu/9cshxJO5Iu4yymn/xailYr6lXtYWi08HUM2MJp/IUvNeSvjUmv8xTAGRtXkn3gNmoM0HEjBk7C61yG8z8HNq/h+suP+gXpWezDHbj2jjMjUB6nlSBz3WS/5jKZLEKNrTMpvbh7k2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CU1YEWuFgyxOJu7nKj1mL3riIRBFC2b9Xzhlg3trUy4=; b=ervtslJAI5f3FG6bsJcVr1OA7E8uJVSfOymzxmVJegHLHDAw7+Y4/jnDmLJFeJSaI4SASDvu0xSwfS8gUuVvshOxlVApkgzqH0H9+DAK4D1J3p4SaCNrkliZsLdv906/rVMOEBxWn1SGF+4KgmsrxTWLuqgzMntZsFy7KW6v3Euw6zU9ljb3gTCqqAt55VXX+y/6xE4Z49dJYvKn8cl8pH1vR+EKhm97B2GCj3hOMtDfUGUIm1hKF+vf2QZoGbtXzzA12P8gxIZMZ+2fGxVAmdF946RHykKs00XuwUULL9i2XwpIY1QFwaYm+n2DFXUIxa5QTWCZ7nUW47ZAelQIUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CU1YEWuFgyxOJu7nKj1mL3riIRBFC2b9Xzhlg3trUy4=; b=qQoL/7dUaaNNhhbTzme+fQgTstTnFYso735F7qivXuNz+5B8f7gJPc4IK9J4SKW8/BbwzFiYE1K6PUtzTCpNk1hvLC8BVIzmYzK7DddDlm5jUEyqDF1XqJbVboHOZ0ulmt/81Ek2KtQ7XfhLxvZD4eZZlb4/vEhOIyEK/tNRWbA= Received: from BN9PR03CA0663.namprd03.prod.outlook.com (2603:10b6:408:10e::8) by PH0PR12MB8824.namprd12.prod.outlook.com (2603:10b6:510:26f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.17; Thu, 30 May 2024 11:16:59 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::6c) by BN9PR03CA0663.outlook.office365.com (2603:10b6:408:10e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:16:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:59 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:58 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:58 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 23/31] i386/sev: Allow measured direct kernel boot on SNP Date: Thu, 30 May 2024 06:16:35 -0500 Message-ID: <20240530111643.1091816-24-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|PH0PR12MB8824:EE_ X-MS-Office365-Filtering-Correlation-Id: b48da0e8-a88d-4324-48e6-08dc809a05f1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|376005|82310400017|1800799015; X-Microsoft-Antispam-Message-Info: VzKankzau55G4l6TlZnyUWcyvVSYyG4yIH84GuDzx1w5WaZGsHKyJF08J0rmcplRF+vln9yUnzLGRYgfOn5k+KAcNKyLvh5mDo3cH9ZAsGZ0K9DztYwbpzfl+KeVuUfEzcR8NsjKc2/MVuV44SfuUXAKrX9PToQCoiKiycYFzTGgOWZ7zvhBpZdmKn8Vg3RGbTAHumAYg1U9+CEm0hD+QaWgl/f73+OvpIj8W3my3Jj7Kf9VKYvmO3EIDFXncrF2Lvfx4rZL/Jlagcz0WR24q2d5sEk59uVtGZZRHUvvJkMv7pxs4dCU1gaFZHSu1Xdj7wUsqKI1hEVw7pElZ87JdEC3Byl38debQWDccPoMqBwxuv/RNN8udFZRzmPX5A3FI1qG3vDpJLwxvJdu8k4YDsYEpHrpal1gnp7u8WaBtKXQ/IjSPTy2jkrqpmB6v0hzxENgJgVN+g816xVdQIjpCZKZ2UU0hkH+40pTWvqa3iEwKQJSR0GS0ucCxNrHavmTcuVB/P9pOb+KZ+91t8oRDOpO83fTPVPVx5JjZnxY/Rq4Xx6Ataqwxqn6PHpwVT/ycpgPx6/FbvK4EUdvAKYikZia4e5/5TtxrugX7DMc+iMNrECKe0Y5WNlBJ9qC2NhOXvWDHUxe82GfpINF8Dtm77IhqYf+Z6ZrlFOVKYcycjMbbbv/PAIF49MU7Sv2vO78mT4d1ugM37nBA3yYv6eruyt+AXB/Q3ZBWd34K675mwoADCDYvDWcY1Rjf/8+1rJoN/QNpRPCgIbvuVWglrlXN+N8uaW8KpB8nQec82+onMV/IQxA5hVr3d/1VKPceJTUEERX4kNRmh6e0lsOxy6Nm/vG47SjwTcdp/ZD9xfaleZhmDNWsf4vKUHp/rFNnilAMbaPO0CqKf5uQ1Roe+/ItpFICvCk5ObQkZ7RxaEJdw+VBB+xcqHzFnoDAGPXxW9uZqZS23rnZVTrOl4Aup0kyvhBE4ZRf7S4zrs7+2/N0SyM4nRiacV/dCQTHdlZKuGTcVrT9qsKg5hA0lE+M70n1YwKnz9Fx/i1NcFCsH19NvLN8klqpNNOPCYTqOj7ayo/AYVmubu4JE30qhvewvuDd6AV3aZGdJZBAMfM4savBQoBnD0PTo6Q2kPhK0Syk17lGP5N4Tby5sfvLoNYEtWFh/rARl79STCbRefBOd2ScNy1/w3ULVfwIW5LN1dIpdMThGLl/BWUaIgcpKxm9BY5ttclSajiWsSxAaGDmpFHDWXTZe++fIXG0heizNq/Z39lMI/hLZkdtIh+ONh83yrUpl1iefSw0AoT7uF32nZG5bMd78+KnDtdjIZHJZAa/KIlw8vkQ5LF2W3khXvtvYMOQp3jYB4D/fmGRfjbM+fiDidXjv1Q47ukIDqnz2Xk7Q0q X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400017)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:59.2316 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b48da0e8-a88d-4324-48e6-08dc809a05f1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8824 From: Dov Murik In SNP, the hashes page designated with a specific metadata entry published in AmdSev OVMF. Therefore, if the user enabled kernel hashes (for measured direct boot), QEMU should prepare the content of hashes table, and during the processing of the metadata entry it copy the content into the designated page and encrypt it. Note that in SNP (unlike SEV and SEV-ES) the measurements is done in whole 4KB pages. Therefore QEMU zeros the whole page that includes the hashes table, and fills in the kernel hashes area in that page, and then encrypts the whole page. The rest of the page is reserved for SEV launch secrets which are not usable anyway on SNP. If the user disabled kernel hashes, QEMU pre-validates the kernel hashes page as a zero page. Signed-off-by: Dov Murik Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- include/hw/i386/pc.h | 2 ++ target/i386/sev.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index c653b8eeb2..ca7904ac2c 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -172,6 +172,8 @@ typedef enum { SEV_DESC_TYPE_SNP_SECRETS, /* The section contains address that can be used as a CPUID page */ SEV_DESC_TYPE_CPUID, + /* The section contains the region for kernel hashes for measured direct boot */ + SEV_DESC_TYPE_SNP_KERNEL_HASHES = 0x10, } ovmf_sev_metadata_desc_type; diff --git a/target/i386/sev.c b/target/i386/sev.c index 1b29fdbc9a..1a78e98751 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -145,6 +145,9 @@ struct SevSnpGuestState { struct kvm_sev_snp_launch_start kvm_start_conf; struct kvm_sev_snp_launch_finish kvm_finish_conf; + + uint32_t kernel_hashes_offset; + PaddedSevHashTable *kernel_hashes_data; }; struct SevSnpGuestStateClass { @@ -1187,6 +1190,23 @@ snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, uint32_t cpuid_len) KVM_SEV_SNP_PAGE_TYPE_CPUID); } +static int +snp_launch_update_kernel_hashes(SevSnpGuestState *sev_snp, uint32_t addr, + void *hva, uint32_t len) +{ + int type = KVM_SEV_SNP_PAGE_TYPE_ZERO; + if (sev_snp->parent_obj.kernel_hashes) { + assert(sev_snp->kernel_hashes_data); + assert((sev_snp->kernel_hashes_offset + + sizeof(*sev_snp->kernel_hashes_data)) <= len); + memset(hva, 0, len); + memcpy(hva + sev_snp->kernel_hashes_offset, sev_snp->kernel_hashes_data, + sizeof(*sev_snp->kernel_hashes_data)); + type = KVM_SEV_SNP_PAGE_TYPE_NORMAL; + } + return snp_launch_update_data(addr, hva, len, type); +} + static int snp_metadata_desc_to_page_type(int desc_type) { @@ -1223,6 +1243,9 @@ snp_populate_metadata_pages(SevSnpGuestState *sev_snp, if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { ret = snp_launch_update_cpuid(desc->base, hva, desc->len); + } else if (desc->type == SEV_DESC_TYPE_SNP_KERNEL_HASHES) { + ret = snp_launch_update_kernel_hashes(sev_snp, desc->base, hva, + desc->len); } else { ret = snp_launch_update_data(desc->base, hva, desc->len, type); } @@ -1855,6 +1878,18 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return false; } + if (sev_snp_enabled()) { + /* + * SNP: Populate the hashes table in an area that later in + * snp_launch_update_kernel_hashes() will be copied to the guest memory + * and encrypted. + */ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); + sev_snp_guest->kernel_hashes_offset = area->base & ~TARGET_PAGE_MASK; + sev_snp_guest->kernel_hashes_data = g_new0(PaddedSevHashTable, 1); + return build_kernel_loader_hashes(sev_snp_guest->kernel_hashes_data, ctx, errp); + } + /* * Populate the hashes table in the guest's memory at the OVMF-designated * area for the SEV hashes table From patchwork Thu May 30 11:16:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680207 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2058.outbound.protection.outlook.com [40.107.237.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A38C417FACF for ; Thu, 30 May 2024 11:17:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067825; cv=fail; b=JBHocD77AEdN/+wVVuLNgVdmK9wSF21Nng7mxp/kcC0zlrI0YFnUqd/1rqO9XHqm3Lw+NuKz70+PLcwc+6j8qVd15VvBTz143Hm/+sg66rKgXO40a3fAWGJOpGX4jHIKyowqJWIketBJLnnt2oOTzPMb63dEgqjkeQMtmcaBNEA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067825; c=relaxed/simple; bh=I4POQjfDroNptoyo7Mmafii0sqHzqyg3UNXhDLoCaoY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=S43aOuiwjRH4WZdB9W95zVzjxvsVslvOGnCG5NlYebZvVldZai1uhAwuP3dZrwnfnLUgHIpk+PTgXQVaeVd3Fi1b07J6q5a23HJkngigpxEe/MywzwFq5mbLRTGOBYKtmVLkV+W+dGyczbWdD/5axqFtNHuaRbnwxscyfAZ4qDg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=2ab5YwdX; arc=fail smtp.client-ip=40.107.237.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="2ab5YwdX" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gMqmcpMWjPyrmpBFp9qe6ay2tIKxFYeE47jFMgk3DeZCHFmt4t4RJo0yQ9yorP8IMVcHsUVRthYrTNlvX8mPam3PWIa3gX9bWRHflrn0MaR0S8An4vng/bnnuMnPCk98DHxNzrMNyF5pri/ehQ86Jf5BvWTdGJasUnUXjMFek7VnjTICRQLhoY62cqCo0zJy2aBKgXEIgJuu8REMt8WXgdxWhEKQYvwj3IgzZYi6oWW1h2VMMk56mJGXv6uoerz/NA8rQBlCOZKudUsdpLQc89Rz9trywOvaHljyZ75afjvLNN5t3QJ98iwR83Op07pDSroDV74iwocpMxZv1HF/Ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fep7LfKQwCDtcb1ZlkZHvJQkOvgysAN3qM7LUYrgB3k=; b=UTfH7MlzKPjJJ8MNd7k079pNk7HpUriDhJHDHAuuURjR3q5vIQytFufONnd3ZTemYKVNifuTr0ybmTAA97lJTp+UIF9X9IHgit5BrD7CPnzAygWwAKffhBN6uWi19nUdixkTQpkZ3DkCIQZmh+OcR1ovG2wCJZiM2vNB0ov8X0A2YQtoeFWVTFi6f1OjnOxuHzyS/r1EtPqDp6xYt9xIqzreEzylrC6ftz41zty0rS+K5uGihMY0Wv1ATkoiRRKKDD3YTthxYO8yXGmtwTC8XaxcP1lcSXcydlymlcbSps+I1J7daDkmGHJg53ZCW/1XAs0XhBrpl1yCrVmk8CQ/FQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fep7LfKQwCDtcb1ZlkZHvJQkOvgysAN3qM7LUYrgB3k=; b=2ab5YwdXUyMjdRoDvB0sUGyNXrlEEEMAXr3r297gtZOi2WdZX83Lnxm545YjzBOvOh8uf0+X5zddFgU3HMCh1AGODZiRBiXgpEE+N5w+IDANo0sj1hin/bFTdWNnSsLaRCCutLgrif8pnpWf3NWbeDqx6ITC3niyRAX9ctbRHuE= Received: from BN9PR03CA0668.namprd03.prod.outlook.com (2603:10b6:408:10e::13) by DM6PR12MB4220.namprd12.prod.outlook.com (2603:10b6:5:21d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.29; Thu, 30 May 2024 11:17:00 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::a) by BN9PR03CA0668.outlook.office365.com (2603:10b6:408:10e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.19 via Frontend Transport; Thu, 30 May 2024 11:16:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:16:59 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:16:59 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:59 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 24/31] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Date: Thu, 30 May 2024 06:16:36 -0500 Message-ID: <20240530111643.1091816-25-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|DM6PR12MB4220:EE_ X-MS-Office365-Filtering-Correlation-Id: 76b14d0e-cf15-4f66-f6b8-08dc809a063f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|376005|82310400017|1800799015; X-Microsoft-Antispam-Message-Info: hqMtJJksQKakdNHX/VFJaaGq2e2NKtNt4rBNPUCRrgja//eVrQLTcO2jHIm5spEwsFjd0FNTOkyImy6vOuLZjTJ9IX2E3Z5hNQa+YumYIvVHFwNu7BPww9YKI0TFJtwXPLlEx/7EmgpF938SzUPjLb98bzDi44zpQu2KcPmx7GcXoJX/8CdWDLQ4Y+DXICXZheIN7Ea+Lvr8VkgT40EF69mmhtLJ7YGb1GvYC6nBHvlLKCUzBH+6YIk0/6ko8CH+D3n+KSLJA3M34iIs9AIDp+fIEgeGiagaltNsnvrqlXPkinVYFtSUqB7zRkPLimaaWO0UK4nSNOTPhc/68J6wJMNnqba88EAOdvFXzWXyvuztsiJdRrRUQxeR5gSKFQCA8ibVpn0M8rB2/4/AVlcpo2RstxcgDhV6etpo74vgD1LSXsMFrITGJtXVRDeL2wGn8e4H6L5FgvomfwRKsdEoAG6MMLU0MMc/989JRAdmLgdKKj1qGMdr/9otIOFAC3RnWlkDv8CjbXp2R3TsBTRKSWVEfeNJHUWkbWR51ZQ/UnXBnXLqPSf21uFPxI3jMBBZ+Gft3T9PFhbCLMHfvbmqNzQeRuU8jU5IEDVsBfX3sDeR+SgD37GWCAVjJSvlCZ+NJWyuAm0T3GXdN8BrplMFi7TLKe+QGFcXQPkdyLl/3gXrwUeO5UIkXs2IVAN5qQFTH/tofgP6uuFsFYJR/goiU1OqfdiVL29+hgIJpWTs++zLWrvFTZgzPcbSjw4zSQOJgUbtShiqISaa9snvUI6JlqiTIlssqutX9Bf2w7glcnQDrY7h6gn4hdGnf+kZ+f/cXel7Ju3ZJQExxz3kTR5Z9lMVtdHybHOy1dnHST6tBnGHfrun1c8NKwjtNnOQzRNFKaP+WbN9rPztq8g9zHZuKA6hacTJtNJCD9bphGt6Sm77ERxlmuhvZLGPevCbDX+3izBJCL876JT0qAdgTceDYmx7AmmBtTX0u58qVwQBUbx3sgC5JpOQt0QGcySPqo8StU58Mr1+ch/MFVbH0iPW494w4KhPw8x3dq1zMkAvcPvgrX+Cr1M5j/Tg+BUYmAxMrk55iAbljEp+afTeQc3fcqYiwM3hyAfTFJQHFc454R26PfaZzVSfSrsfl4kiOfUip9xq3kYhwepLOksnFj2ngDwz9mAz8xfZz7n+OHI4Lh+GuxjyFvb/9HjmZTtZvZTWh4l+BYMzSZtgpRQWswK96p4zQss3cP3g6V5Aoq0VCGS1b1SveVoQNUWosiH+uTsGrWcx0V9oJPnKz9k/bx+5C4xP551moIu05m4s7U909S8GBMj/Esg/92casrPHw3ic5TYBbDjTX4k0l40QrMvBmibl7TW3P991Iht5IIljT7g= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400017)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:16:59.7473 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 76b14d0e-cf15-4f66-f6b8-08dc809a063f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4220 From: Brijesh Singh As with SEV, an SNP guest requires that the BIOS be part of the initial encrypted/measured guest payload. Extend sev_encrypt_flash() to handle the SNP case and plumb through the GPA of the BIOS location since this is needed for SNP. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- hw/i386/pc_sysfw.c | 12 +++++++----- hw/i386/x86-common.c | 2 +- include/hw/i386/x86.h | 2 +- target/i386/sev-sysemu-stub.c | 2 +- target/i386/sev.c | 15 +++++++++++---- target/i386/sev.h | 2 +- 6 files changed, 22 insertions(+), 13 deletions(-) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 048d0919c1..00464afcb4 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -148,6 +148,8 @@ static void pc_system_flash_map(PCMachineState *pcms, assert(PC_MACHINE_GET_CLASS(pcms)->pci_enabled); for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) { + hwaddr gpa; + system_flash = pcms->flash[i]; blk = pflash_cfi01_get_blk(system_flash); if (!blk) { @@ -177,11 +179,11 @@ static void pc_system_flash_map(PCMachineState *pcms, } total_size += size; + gpa = 0x100000000ULL - total_size; /* where the flash is mapped */ qdev_prop_set_uint32(DEVICE(system_flash), "num-blocks", size / FLASH_SECTOR_SIZE); sysbus_realize_and_unref(SYS_BUS_DEVICE(system_flash), &error_fatal); - sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, - 0x100000000ULL - total_size); + sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, gpa); if (i == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); @@ -196,7 +198,7 @@ static void pc_system_flash_map(PCMachineState *pcms, if (sev_enabled()) { flash_ptr = memory_region_get_ram_ptr(flash_mem); flash_size = memory_region_size(flash_mem); - x86_firmware_configure(flash_ptr, flash_size); + x86_firmware_configure(gpa, flash_ptr, flash_size); } } } @@ -249,7 +251,7 @@ void pc_system_firmware_init(PCMachineState *pcms, pc_system_flash_cleanup_unused(pcms); } -void x86_firmware_configure(void *ptr, int size) +void x86_firmware_configure(hwaddr gpa, void *ptr, int size) { int ret; @@ -270,6 +272,6 @@ void x86_firmware_configure(void *ptr, int size) exit(1); } - sev_encrypt_flash(ptr, size, &error_fatal); + sev_encrypt_flash(gpa, ptr, size, &error_fatal); } } diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index ee9046d9a8..f41cb0a6a8 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -1013,7 +1013,7 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, */ void *ptr = memory_region_get_ram_ptr(&x86ms->bios); load_image_size(filename, ptr, bios_size); - x86_firmware_configure(ptr, bios_size); + x86_firmware_configure(0x100000000ULL - bios_size, ptr, bios_size); } else { memory_region_set_readonly(&x86ms->bios, !isapc_ram_fw); ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1); diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h index b006f16b8d..d43cb3908e 100644 --- a/include/hw/i386/x86.h +++ b/include/hw/i386/x86.h @@ -154,6 +154,6 @@ void ioapic_init_gsi(GSIState *gsi_state, Object *parent); DeviceState *ioapic_init_secondary(GSIState *gsi_state); /* pc_sysfw.c */ -void x86_firmware_configure(void *ptr, int size); +void x86_firmware_configure(hwaddr gpa, void *ptr, int size); #endif diff --git a/target/i386/sev-sysemu-stub.c b/target/i386/sev-sysemu-stub.c index 96e1c15cc3..6af643e3a1 100644 --- a/target/i386/sev-sysemu-stub.c +++ b/target/i386/sev-sysemu-stub.c @@ -42,7 +42,7 @@ void qmp_sev_inject_launch_secret(const char *packet_header, const char *secret, error_setg(errp, "SEV is not available in this QEMU"); } -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { g_assert_not_reached(); } diff --git a/target/i386/sev.c b/target/i386/sev.c index 1a78e98751..c5c703bc8d 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1522,7 +1522,7 @@ static int sev_snp_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } int -sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); @@ -1532,7 +1532,14 @@ sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); + int ret; + + if (sev_snp_enabled()) { + ret = snp_launch_update_data(gpa, ptr, len, + KVM_SEV_SNP_PAGE_TYPE_NORMAL); + } else { + ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); + } if (ret < 0) { error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; @@ -1902,8 +1909,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) } if (build_kernel_loader_hashes(padded_ht, ctx, errp)) { - if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), - errp) < 0) { + if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, + sizeof(*padded_ht), errp) < 0) { ret = false; } } else { diff --git a/target/i386/sev.h b/target/i386/sev.h index cc12824dd6..858005a119 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -59,7 +59,7 @@ uint32_t sev_get_cbit_position(void); uint32_t sev_get_reduced_phys_bits(void); bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp); -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); From patchwork Thu May 30 11:16:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680206 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2082.outbound.protection.outlook.com [40.107.243.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DB5B174EDE for ; Thu, 30 May 2024 11:17:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.82 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067824; cv=fail; b=SzF3d7vaVFGiujCWsnOAp/xvlYwWNUvUeCoN3yNKQsOIDeG9lRBx0UjFvIPWFt4LaWtljlv3BbPZY/FTGPaaDUKNHX0VXamsSfjyWplHWLn9HBZQci7ZYlOR58jUC7DvU0zQBjy6Wr2S9vfV/4pGLe3xs9WEYgzBb/cHYmo5y4E= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067824; c=relaxed/simple; bh=iKdK8kvcXDUavDuvOkw3X6LjU0D4RihjeCASaG3YP1o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XAFApC52GRi9migRy6pla+pZ/POBRbQ9l1YkVRN5184RUYiKhiEB6nwWB2CrMEikQmfoczBgaSoegFBA+sd3aQlpBeT3UKJPqXtEZUIzYMKDcxyf/kIgiiQKEevxaM4iiBu/KMhBshub+hJGATU4PLBgwxKtgTQoKe0ZPGrc3bk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=gy722Ung; arc=fail smtp.client-ip=40.107.243.82 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="gy722Ung" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mDL6gDkJdFlqiIGAwIsHdYee1fB3d4WaTt+Qr7i2Cnf6j5P5jmUCh0bDrcs37unfF3CWnO7lhGfqAElGx4c8PVfgo+qkF3peku9nbHuVkiUNoP9xu0ILxVj/pv28oVAN+c8eGZ1q7NvmvW2SrF9mJNlb3cuWokoi8o+/K6dY7eUYyyLhjoQ+Z6W1xKE+B5JDUwPbS/T+3DizaVqDqY8IGU3/TQzYm9bGCAHjvq994QXpRn6z9hnO2tk4aGK1CuSrxsoRMP763EGGkGDea99k21TT0/pyxDuDd18/kSNq1mstFK7IWDS1PwAQF7EpSFpC9rrIMbMeH6fMpvspsVLK5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Xrzbnp78z95riMCqIKt+ABuF+pa0XZeiRGljoGNt/Cc=; b=f8zLYS8a+qU1e+/S1cDYeVf/Xg8o1mZC2IcejMvfvW2o7G1Im4xnonsu4uE+FyARHl00/b4Ensw7j/zytgaRMGVRLSYx7s7UIi7WerEZ97sjh/LjRCAxlHWk2CTua7wWbcxGw9eYxtRsfOKqehuL8vSuoMpVqxpmkMN7R6Yd1mH35cYe4ahyKju60UUO3nWoTU1H3mIFc3LUPSIgyFHASSMfhQY1YU+42igRCklq1P80pxZ4kWOKA+1iFJiI/+M7qDeATG53VupQjWqaZKqJSo22r2fZUTSkfSdsa+aNHfQGqAff0pjgIcNa70li2H78dNAUUvoFLKhX/9CHhT4FPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xrzbnp78z95riMCqIKt+ABuF+pa0XZeiRGljoGNt/Cc=; b=gy722UngWKvz769igOo5DWAQJdnDJl7S9RD55TJ3Zr7s82gLwfinutVrzsVjS2tuQtNw9dePnPPjGsOADSnsctoIWT8x7RL5XYQoy4nsKW7u2WPRD2syFOsR2fAWJZ3OQAM1ZM1ujjglC7Yw1xOv5YKnxDqi8kWRp0hiLK1nMAY= Received: from BN9PR03CA0689.namprd03.prod.outlook.com (2603:10b6:408:10e::34) by CY8PR12MB7684.namprd12.prod.outlook.com (2603:10b6:930:87::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.17; Thu, 30 May 2024 11:17:01 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::7c) by BN9PR03CA0689.outlook.office365.com (2603:10b6:408:10e::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21 via Frontend Transport; Thu, 30 May 2024 11:17:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:17:00 +0000 Received: from SATLEXMB05.amd.com (10.181.40.146) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:00 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB05.amd.com (10.181.40.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:00 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:16:59 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 25/31] i386/sev: Invoke launch_updata_data() for SEV class Date: Thu, 30 May 2024 06:16:37 -0500 Message-ID: <20240530111643.1091816-26-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB05.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|CY8PR12MB7684:EE_ X-MS-Office365-Filtering-Correlation-Id: 71110890-7b11-4ca2-b283-08dc809a06fe X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|82310400017|376005|36860700004; X-Microsoft-Antispam-Message-Info: BK5BiQ4Ol0eAQDPBypaX0FT3mTQ+8++ZoGIK/P8eCXxG63EEQB5IdDmksun48mok1FI1B/eGUX4ZEzlmMr0K68+3s7b6BSI+PTlp74blz7G0DxoHE3vfzNCN0seWrQohh0ED+AWX6rN3kbal6DHqLS5ux4SlDIHH3Nl/FhmxseTJskZCYSo8WsBMQhgAl4BNtJatCRnZT/k81DAUZ28USR7AbtH4lelP7l5o27bh0cQp3sUs96KKB6Wt50emRkxgFtMXG1UhoRqwps9DEePNfyzu6Ck1n3t/tPrnkHG0Ow+SGSCVqAidDFpo/v4SaqGJa5ZifE+8674rUuhCN0FQkziCtrRYAAAHnwlDfEXdKgDZoa6aFX0brjojnny8ZUrgvwgXa6px9ijPgiOzxv38TrLPgHQDy/wtfJ+k8Dz67lTQJdXJjGAEWx10nAKAye6fpvcem0ppUszFOkDC1OohpxdwFTEcgx0ze7q4vaJklH1ZcQJygEq1AkCZGdrboS+Dfz65dyO0Kta2EQ9Zod274DHguFruVf+2nCcBfJKRBCZqK6FM4mx+DVSYGv1VEB7B6TygmChRWNLrgbDiYKRdP8PJfT07vxbZtkXjoUBUVccdbDbYAaq8fCdWqeZoDgqv9QZ3w3yJluenkrt0UGyKpfCsifWUmf5chAbvfVNPFKbxV14B9/0kihVGc2aQPPQ/i6CQlP7MaejIMYyZz2GtbwE9gLmuJ/3ED7BpoaChjofdIvqzJOHfkIAk+xsm5LHNM+9/sJ4+Xn63zoMiTAn5dbqYicQDCvBtkeifKTT5LiMVevjXS0AIVtKN+MSJHg0tfb/31LOezWpHUYcakCfESCz2truawc6ZjdR7Fko/sJvnSZy7NEyrwAPVdlzbZKm+F+jW3lxYXe2avnlhbMP/nktajBQ0Qf4jKf6+3Fd7oXXH+d4tT0AnRe8qY/5IwWdy9KxNeC37/39TfWjvnzgQ4yRD6rVfxducJe4awYyHIm1Ft49MgWtOak6rUhnbAmCelIZjR5iEkyS77BnFkYcvXqRrl4LJVjtOBgUxEQ0sR8LI6hQ00lZ4kzSYncoYvlwa8E+cxLOp+puR7kLAc1WkumARNLMS8wEVa7QSfTTjD6c6jrwrYCOg+iHJn71d0FoQ/81iPyRNVc1ekzS4YHDm6AMZT9bpzH0UYs50DDEKeEyv0NFBRs+Glee/shRg5XI5pJ/tWG/Dl94XDmnmYQRqP5Yi+YYeRl+CESqSEwvQ++IRCePP9HOf2Q9Cz9mJOK5uLxaOmxURHJieLmy0X5eLZnDx2UtrPqEETrlnOZ2gnykLQcRe1kKhyt+MRm16l4ra39WVxFPTxsZYO0op7pk6h04sDt/KKp2AMoKxq9UE7S7wBBiovcjF1UoMHvsJN9QD X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400017)(376005)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:17:00.9973 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 71110890-7b11-4ca2-b283-08dc809a06fe X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7684 Add launch_update_data() in SevCommonStateClass and invoke as sev_launch_update_data() for SEV object. Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index c5c703bc8d..7a0c2ee10f 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -102,6 +102,7 @@ struct SevCommonStateClass { /* public */ int (*launch_start)(SevCommonState *sev_common); void (*launch_finish)(SevCommonState *sev_common); + int (*launch_update_data)(hwaddr gpa, uint8_t *ptr, uint64_t len); int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp); }; @@ -945,10 +946,11 @@ out: } static int -sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) +sev_launch_update_data(hwaddr gpa, uint8_t *addr, uint64_t len) { int ret, fw_error; struct kvm_sev_launch_update_data update; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); if (!addr || !len) { return 1; @@ -957,7 +959,7 @@ sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) update.uaddr = (uintptr_t)addr; update.len = len; trace_kvm_sev_launch_update_data(addr, len); - ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, &update, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", @@ -1525,6 +1527,7 @@ int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(sev_common); if (!sev_common) { return 0; @@ -1534,12 +1537,7 @@ sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { int ret; - if (sev_snp_enabled()) { - ret = snp_launch_update_data(gpa, ptr, len, - KVM_SEV_SNP_PAGE_TYPE_NORMAL); - } else { - ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); - } + ret = klass->launch_update_data(gpa, ptr, len); if (ret < 0) { error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; @@ -2039,6 +2037,7 @@ sev_guest_class_init(ObjectClass *oc, void *data) klass->launch_start = sev_launch_start; klass->launch_finish = sev_launch_finish; + klass->launch_update_data = sev_launch_update_data; klass->kvm_init = sev_kvm_init; x86_klass->kvm_type = sev_kvm_type; From patchwork Thu May 30 11:16:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680208 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2088.outbound.protection.outlook.com [40.107.93.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9EB5C1822C2 for ; Thu, 30 May 2024 11:17:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067826; cv=fail; b=VvnVDhuyKkKMcQVaCgRo281GdPg/9CEAqcL8eQK1iE5RevxTYpZfP1qRc/KuIT/QQmA/TD9uq5lXTSccYF7pnKtms6nqGUWdPpm7FWZa5LSHOgx+N+AxvJRMrSoGCoPuBvEY3yguS/sl2ivLUV7+KZ8EV4drg0s4Oo9f9Stel68= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067826; c=relaxed/simple; bh=ILtW3Z0OCyD1YgNmg84z7sHpvoCogTL4y34jhDSiPqE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Sa8mNGXlaUiDML+kZVSgn4nIbAP5HH6v3g8zndMRmJbi1XXzhwE1wZxt22UrkzAr10jgv51nC1G+nC0rZUipiGDuv2xyhwPA/esvtO2N1s4sf/n0GnH5mkuBvCKHJ+42CtLUY/C7Tk/Xshh7vVyscYlsCbfiX37eR9fMXotyWvE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=zFISbCgf; arc=fail smtp.client-ip=40.107.93.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="zFISbCgf" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XtpMXZpGIc3oplYgyC1KbZ0h4Refes5lfC5E7qNeNBJZsZ8pW7sgbu+84kUoq3Q5MvDAyF9Hmk4YYvjX+h4HOkgjYo/6QxvObywlkjT/3jhUmrVSRvzThqc3ztrp8ddZ2lDN5DCSL9856sRy3JMvPFyEBpcN+Bi6K2E3L2WnfXRxj+aal6tGEJ08tOfBfLjByXGfiSVKQhkUMcXxgBLnvTTa3K71aUbeQAUqrRUyFYh53A5YZiNro5ad3gpk8tpZSznXRIO1kTb+hPy7AcVpZ5cQrntPhqYlxsWGsdOWTpGVtb431xHWMOExz9mU+HxQebZY2IJYfz0HsEa5PrLpZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=91QkMbXQQW9VkoJrrFc6mXK72hrtmnB4NuTd0ujUGoM=; b=NIy4XkoG2wpaVETNjhNFvGn2GZs3fYdcOgNSc0wSGFLRt3asZpGib3B5jLTHBXZ06QsxrIAcm/sW948iPMWA/RGC/iiiRJuSlpAgVEWS2DWjXs5jz48njxYAcsdezcbKjKhMyRWGeDRK7fSB/ydhD2EpblXr13GCl5NSLDeK58k4/84tFDv8hdAaaJySoDkquewXD9+8/bJTL7cf1P5krL5XVMJxt976MhOEM0irif+BpaSnaaQatWR3oeUXotcz7SaEe+c22oZdiiQS8OEBYGiJqtwUucAnGv+e0+AjlYku+Du8KMZufpjbskJLcxuYqZMrxF9yq7z6u4Y9fL+0ag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=91QkMbXQQW9VkoJrrFc6mXK72hrtmnB4NuTd0ujUGoM=; b=zFISbCgf3s1wo6dCdcsiZOCP3iwKLcNe9UiMeP6Fr0IB4zTId9W5nGM0ROVmeE7bepeVaCeCCF2QG0+szki86NcaQJUkmSZrYDVT63ArxTr0LTbrJPQJlR5GcTc3nJsytiKs5IdbnN7Frq0iKp0oxZjYx+ROGigOZEGHF1voG9w= Received: from BN9PR03CA0677.namprd03.prod.outlook.com (2603:10b6:408:10e::22) by PH7PR12MB5902.namprd12.prod.outlook.com (2603:10b6:510:1d6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21; Thu, 30 May 2024 11:17:01 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::d) by BN9PR03CA0677.outlook.office365.com (2603:10b6:408:10e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.20 via Frontend Transport; Thu, 30 May 2024 11:17:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:17:01 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:00 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:17:00 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 26/31] i386/sev: Invoke launch_updata_data() for SNP class Date: Thu, 30 May 2024 06:16:38 -0500 Message-ID: <20240530111643.1091816-27-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|PH7PR12MB5902:EE_ X-MS-Office365-Filtering-Correlation-Id: 58bfb315-a9dc-4630-1208-08dc809a073f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|36860700004|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: BlWZLDa5ghDtJPzZSeew2LmctDFxgqZuGTzMJA0MG9C++kkAe7Lik+XCPJU7NaEQIAltmT0P5hrWrsQV94/7w9Fp3NH+s4vO7vip0absHxDXw+rCZsIWGG8UDX2+lCmMan6yztdHoI6FpgC8AQZkF3VapwX7aE5o3RBRijNPF4iqfPvUC8zXj5RTyjcBFuMSAX6XFZWx6JfdoHi959lvIbzD43KGi1HezMKOQM4210iwClJV598coUPHyx6m+jw2jKCHZkrgMj0iRgqPmmtf0CMtjz95r4RXmfUNt7168s9Kg3z0I44Y6qer0wccUeUxKLMQ5vExBSZe3X8QHYwRY3pjbPPFyFv0nP5rMLzzAGZYPCOIu91z8ZNm3LPl7eVozPqjy/4K8Tvb9eJUt8juDLStPSOOqnyDocH4OI4rmvvqK+ZBx/p85zBtEE7YTduv3Boh85HrPTmLcVaZIyqW21TGAo3P4K2XRQ5q55QCxccQMEgRXnZTnIgUR8fuJvjuTPN45gCZNAoD4+EnpRtFw55yv9SJcRT/iOayAHfXpkh6SSwdtuX7MRA5rl5Wg2hJ4Q4bka6zFVx2H2cXwmLFUsem12wYXRqKgUrj2uNjfojBGhFUekk9ufyufRH58k7QXqmQEB4s0qZWPqJHHGlFvya9m0E6C6zStwZ29f644oqd2cUQkLns0mkfbLXT2lr0jbcwhncYohZg7gefIsGxHKcynsjx2XsLTFAtCdgqBaRMPdWu8xdCqh9HN0YEiokME5Mjrtv5+m1Lxf4IymnvJ8FxiADw4ldq4izbA5DyK5iosEmYZ89Qdw/jP6pInM5gam8hw/mXrwPKi6GWNaAXh2RoHhQOEf4QKTgdtMhPVE5PA3l7PfK/k+HtJBLwPRczhQwCf4gDvl9ZSgvjrkc4lSTQ62cWke6yGw6mSAb8ixdgehr7YruZwH4isx5vRC2CSvBg41BKRMPJ08E8N7fSdQ0gX2m18/f+VxGeWXKVP87fn/PVk4zxxHvO1m+ah53f46QyKMFj6UIODSEQCC/TeI3f2NDV/MYYuivD2aNgNJxH+cBfFBXg5l3NqXZOMOqnFsk3/IXbk/LZboTHTmeDSBfbH1BeV+09CZ6y2djgayTyKd3rNxTse5ODypKS1pASc1oef7Gru8bGpHuE2Okqrt1m/Wc1heIjGv/uYiru1jP/n/88Ux0vF34zzRK5kewTfn+L3g10cVaXVNVdWXUytbQ2rm2RTrtn+pKd98G8HQohQLkCnZEyzp3Zx7xAty3Nxp/v5GmznJmpv406m8rELaiI1NqAoB6gsV7FoIQnkRQ561Nc3/2CP668wwDEW/flNofkbyWVYEAVqoJDHh45Q1NzhhnZPvHdqzIag1P09v68RJHU4lNscgATg3GsfSSh X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:17:01.4191 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 58bfb315-a9dc-4630-1208-08dc809a073f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5902 Invoke as sev_snp_launch_update_data() for SNP object. Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 7a0c2ee10f..7d2f67e2f3 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1108,6 +1108,14 @@ snp_launch_update_data(uint64_t gpa, void *hva, return 0; } +static int +sev_snp_launch_update_data(hwaddr gpa, uint8_t *ptr, uint64_t len) +{ + int ret = snp_launch_update_data(gpa, ptr, len, + KVM_SEV_SNP_PAGE_TYPE_NORMAL); + return ret; +} + static int sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info, const KvmCpuidInfo *kvm_cpuid_info) @@ -2282,6 +2290,7 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) klass->launch_start = sev_snp_launch_start; klass->launch_finish = sev_snp_launch_finish; + klass->launch_update_data = sev_snp_launch_update_data; klass->kvm_init = sev_snp_kvm_init; x86_klass->kvm_type = sev_snp_kvm_type; From patchwork Thu May 30 11:16:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680209 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2053.outbound.protection.outlook.com [40.107.102.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA1941822CD for ; Thu, 30 May 2024 11:17:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067826; cv=fail; b=nAMqlfYy0EUg9fHB5pXzNGSHW++lAFrNBrJj5BTc/ueIG4R1aiFoLLeFbNjfTlDTXVawGsLWVYcd/vIIQK7hlISKClQEYwPsLnWEvUw2xjDb8mcRvW3ZcHpAL81IMMX8rcn1wGKFnazbN73QTq8C83DZyCShCg+d2gLjSySv8JE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067826; c=relaxed/simple; bh=aCc4kG/GLQ467Vo3iqYG2jipQsEdf4KBy2m9NL7iqac=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=uDP6mN25/YFjOdEPr84izaRFcmCcAoHmnQpz77SBvLE+dw96Ll8YKIftVCE7JOgdwL6WQiBTa5GPqy4MVtJmSkK6Rk4EIaAZnW1uper9EZv7S7+b392wBuLHHRhQTWqvDBsAn77riAJKm0MrgBebDmWRJHp0QmGUyUBldIyuR5g= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BmpF6A2W; arc=fail smtp.client-ip=40.107.102.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BmpF6A2W" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ikt3GdTpKCAHiLx8ozTxSpnzsMz9XNQbQ+4HK2d/j3k/9w1g9hF3RK9KtTL5wXC9TabHNSmm46avRbaISWq1qNTqaXdvrXQtkB8JMWgUtg15f//aIo0wP3AlW/JOl3oeQrn1V8dzOE2CDKe1VgbnYdiVXin4VZsDCPuFkvztP15hIbygYU1NZsMIQgAEH9nTsUzbVij30Ir9ogTuVsgMgUppio1MDWLJ6yhmWIk/XgWpvL8z+1iz2PQHayW6v6HtG2cBFonM48gA6NH5SBcJ5dWd8msuyz+icG/vVD5HpqW+/NVpkL3511g5rYSRIQwuBOtI73gEhAfpm0G5fwJHCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E6lss2Hg9OxWRNKdJdzyXq7LJ3ceSxLzrC+ts+YdeIg=; b=h6e1dYB9yJ26hSZV0KdYD3YKfJ0sTlFYKv4rRqKRRUytmYqk+grtUsN9sHv3ARaugnv0nVA2PVEqxjm7sbHE1YvgTItPpeFGzLMDSIgYZeIEkZwP3xvyLqxHmbTWED+VUfp5x1ygkKDn1CCbZUV/+KeNxtd8cZVTtdCEFg5RoBk30cXfEsbPOriBxT5c/6q7xV+L1FwCg1TNMgQRiAby4GiXEAkynE1mNpvQq9Ura1U0kTl5cU2jGpQrsWzmux+sClVjl7eJmS6741lglr5Ap1eP6ccQx2q3/lKnmneXbStntvvTxsUMw5JObg5M1350ir5la34PFRW47p7GB9wcVg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E6lss2Hg9OxWRNKdJdzyXq7LJ3ceSxLzrC+ts+YdeIg=; b=BmpF6A2WbnA1Chavg1NueMcHYoYAeJ6CMxnMXlgExfuRvBH7Gp1uWBO+PiKJlmOb7cfNV4VF1JYH0iWLsklAhtQbMjheyfUuYi5Hz6ve+i8Zb/0KJyYzVZSHPvN7iMKU+GluXKaFcuS5dHqqgo33h7I0Iquiur3hBlnvcNguLlg= Received: from BN9PR03CA0761.namprd03.prod.outlook.com (2603:10b6:408:13a::16) by PH7PR12MB6934.namprd12.prod.outlook.com (2603:10b6:510:1b8::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.19; Thu, 30 May 2024 11:17:02 +0000 Received: from BN2PEPF00004FBF.namprd04.prod.outlook.com (2603:10b6:408:13a:cafe::e5) by BN9PR03CA0761.outlook.office365.com (2603:10b6:408:13a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:17:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBF.mail.protection.outlook.com (10.167.243.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:17:01 +0000 Received: from SATLEXMB05.amd.com (10.181.40.146) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:01 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB05.amd.com (10.181.40.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:01 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:17:00 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 27/31] hw/i386/sev: Use guest_memfd for legacy ROMs Date: Thu, 30 May 2024 06:16:39 -0500 Message-ID: <20240530111643.1091816-28-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB05.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBF:EE_|PH7PR12MB6934:EE_ X-MS-Office365-Filtering-Correlation-Id: b7e5f545-cf03-45b9-6b2b-08dc809a0779 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|82310400017|36860700004|376005; X-Microsoft-Antispam-Message-Info: xMzsJqpZD+6+QHzbhcTR4Lhfd7l5Xvs2UObFprFDgpH4Pjs2qBLLOgv3m0rk5bY7BKtl8+vVqBsS87oxHjw8LSjbRzFAR/1gagc5QZftN84bZeLtaN+/kpHQ067C0TQ91Px5RCrDmUoi+I8migWgF33fV7IGUOpxX855c6yWKwhJI0YrwywwctKhtyLLbMtamwU8bXtLwhsuNCbzURGyQtZOz6TpAi0zHt168CWp7hWgqTpiAt4tXgTaWvyA460zeInOw2unp9NbXtbCCy4KcjKzGRGkGEZXhmIm5GFDdp6UBfKyidWpHBS4HnoBcRr34mqR0R3vr0EPYaVzuXRpemM/n+rZmhwvgs1yk5MJRpXble2+vfxX9luAVXpvhltWhK//86XMN0U3VL/G6TfRXBfR1y5FDnl0aMM7tipMmhoKVZhdWQJndm/Mm36A0C1TZpOC0Y1StM8274EkWPyhbOggo3UKdKVPsEVOPOqdRe7n94whYcBU7nrgEzGdtDOQkmOz2JBO52Rjx8D5eZCCbGgafSFV6tiin/GtwygmgqaZ/SaX9cEFoLzT9DnoHQIlB/39qyEtk+A8qYgFzXRBU6v0EYCUS6doVFzhgjj6nDxz/0d1kxsi/jbREoj4DOVZeObw592QlQcks+VdTvXKrJUmuyhQ+hGo/f7oFz/ByU6SnbPcwGsQAgJ+K8Dm5sIwqkqpJEAhhFrkAO/8LgoQxgCWdiWGT1/6yZN6hxi0LTDx0Tkn9I1O9mohqntCdxaaVvYsBYAWFCBHrztYBTz24UViquOg+gFa2F+RwE46eMDO3Vy+Ut6TyFtE3/8rRwjPO+qk/TQjmBxzy1RfSjOgv2p8OaIW6haXPSIrvE86JflD0WqkZ3QOfti4SE05G1kUGj13pcYnFHMCYQvvt2tDT5MP7zu4tey2Ps2meSV2JwAHlwlBJMK4E+RZldYQ7TNeeWeRarFoZ8A/IyOvfcV1rmv++wnOCuJLHd0a6kcfLSmNHa3M2m8RzbkxTJk3St9ZQa1t+RG9+fWjTZW8o2rGw4ps5q/3b5YbJV9WMaKa6kXFRsC5BGunlkTMXs14mTIwC2IZvAmSvbFGd0W7wHbMawYd8P6WDGmBUX+FckwbkNLU6t7IC7UHwpabIWqWdrH8q1cWn9PVousubikagn/3KHil13HmpDRGE9goaw7eGhJjI8eLvAUv+Ih2x8pZ05fzDE28K7TD8MA3SU5BVhzMZZ6XSSELrwm/EL2XbofF1ePaf8amRshFGnrcJYBYplXSXWVFn9LKBfaJ9TOJRUtqA5xcF2yx7OOoyxDFva4iOrb3swIFepsd39OtEQgTY1vMfx9hdlMXhdpRtgO/m6ImFlCVxU6HUB3lb8mEj/5kl1EkhJp0PcN/hFQ6+EkujIHh X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400017)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:17:01.8015 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b7e5f545-cf03-45b9-6b2b-08dc809a0779 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6934 From: Michael Roth Current SNP guest kernels will attempt to access these regions with with C-bit set, so guest_memfd is needed to handle that. Otherwise, kvm_convert_memory() will fail when the guest kernel tries to access it and QEMU attempts to call KVM_SET_MEMORY_ATTRIBUTES to set these ranges to private. Whether guests should actually try to access ROM regions in this way (or need to deal with legacy ROM regions at all), is a separate issue to be addressed on kernel side, but current SNP guest kernels will exhibit this behavior and so this handling is needed to allow QEMU to continue running existing SNP guest kernels. Signed-off-by: Michael Roth [pankaj: Added sev_snp_enabled() check] Signed-off-by: Pankaj Gupta --- hw/i386/pc.c | 14 ++++++++++---- hw/i386/pc_sysfw.c | 13 ++++++++++--- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 7b638da7aa..62c25ea1e9 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -62,6 +62,7 @@ #include "hw/mem/memory-device.h" #include "e820_memory_layout.h" #include "trace.h" +#include "sev.h" #include CONFIG_DEVICES #ifdef CONFIG_XEN_EMU @@ -1022,10 +1023,15 @@ void pc_memory_init(PCMachineState *pcms, pc_system_firmware_init(pcms, rom_memory); option_rom_mr = g_malloc(sizeof(*option_rom_mr)); - memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, - &error_fatal); - if (pcmc->pci_enabled) { - memory_region_set_readonly(option_rom_mr, true); + if (sev_snp_enabled()) { + memory_region_init_ram_guest_memfd(option_rom_mr, NULL, "pc.rom", + PC_ROM_SIZE, &error_fatal); + } else { + memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, + &error_fatal); + if (pcmc->pci_enabled) { + memory_region_set_readonly(option_rom_mr, true); + } } memory_region_add_subregion_overlap(rom_memory, PC_ROM_MIN_VGA, diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 00464afcb4..def77a442d 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -51,8 +51,13 @@ static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory, /* map the last 128KB of the BIOS in ISA space */ isa_bios_size = MIN(flash_size, 128 * KiB); - memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size, - &error_fatal); + if (sev_snp_enabled()) { + memory_region_init_ram_guest_memfd(isa_bios, NULL, "isa-bios", + isa_bios_size, &error_fatal); + } else { + memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size, + &error_fatal); + } memory_region_add_subregion_overlap(rom_memory, 0x100000 - isa_bios_size, isa_bios, @@ -65,7 +70,9 @@ static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory, ((uint8_t*)flash_ptr) + (flash_size - isa_bios_size), isa_bios_size); - memory_region_set_readonly(isa_bios, true); + if (!machine_require_guest_memfd(current_machine)) { + memory_region_set_readonly(isa_bios, true); + } } static PFlashCFI01 *pc_pflash_create(PCMachineState *pcms, From patchwork Thu May 30 11:16:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680214 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2069.outbound.protection.outlook.com [40.107.93.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8F16183A61 for ; Thu, 30 May 2024 11:17:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067834; cv=fail; b=oAIIYBaqoYpVstCD9inEh4Wxa0SV3R2GV0gzoa35L5dq6DDC1cAGi/wytXibdqLlPLJ7Q0FeR5NQwdiHZFEC4dh+6a7BwpvZcBrpMxzS8BDvGL48v/0xV2x7fysbhiL59u/bVql7XGVjoHNsbnD3RIVbORfXaYVgYzKDuoJMN+4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067834; c=relaxed/simple; bh=W515XK7kSrlQmu4G4GsiAjVd6l++ieoRjR9iNtjq+qg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nkt/R/XmkFin5LPySKfCSUKT+SFQmq1M9jqX9btNUu42t7GR+gYjMBisg+MDX6UcwueWYJt3/hUPQXr0Wuo67cRwPJrBoOSx2jdEd2Gnfa6eTa8ILbTYPFPKeFXk8ATYrhdUYFXP/joGq9YXmp5RIJC+S0dwkEjmEqK8XZNP9Jw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=LcnQOpN7; arc=fail smtp.client-ip=40.107.93.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="LcnQOpN7" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QVBy77h31i9uKs3hRYSQP9w2xcSCroDL9SRh90fTzmibgv4A0peMeW5/Uc2jXFEU4x9Bk8hk2Fmz+CnD1zFQ6u/gM8Nu0eLVzaeUjD9MJIiiYGUJylF6604yrP/T1riPhtdTlC836g9rpHOjIFqlik9YWRqtDVQ0MopdFftyon+Vf4QX39p3Z1O/Tdjkr2q8T1jG2bEeQ4WhuxZjOn1nXdy/anCG3bUfA5geG/U8of2x+8JQy/duHPkGxyhJ1h9s5PnnFWHCQqq6nhV2qu+aKo0qCWpJctF3KzOxGcW9CSrfuwVGiaiUuQU3gXGqxi9wFBB5Fz5jfFm+FKrtGK6XJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gQmGneEGIQyCeB+hP5aEHRwAi8ISVe3UdrZExegunhA=; b=ZNyMw2d22qlTrKS/YhiNgTaZydESplIAWHuchGeaC3xuZlJi3O4czt48+jcFXsBMf2g+yPyg3JMbNHSdwXTNJV0DptwyH7N0gFZ4TmybRfr2c0fOQt1s7cYe14WHq7ZMd4L7yZtOoPa65X7CC3cRpPcCLHwbHJC5DYgSDY+q+tJswBymIe4PKU8ihZM86Uu/kITIbuUFXLo7s7I3w/UhIHiVFxeeqfFoR4H/c5t0WvkW+W8+IfUVRo6LNKqTUfL1dtLTPZI7lHiv/hCXf8wcm4F6j731NB9N+H8uO8JgGcMa16rKr8WzkeXTTqlyNm4xHqLoF81JSJsHIz9NwnVhrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gQmGneEGIQyCeB+hP5aEHRwAi8ISVe3UdrZExegunhA=; b=LcnQOpN7s8FCb7FeAQfJJEcX7tor0/nZcxMHZVbupN1Zp2DzGp+ogV6qRHRBMIIsWEiqzqCZIu1kcD2Vi7NW5kgp9wY1i743/Iw5bJKqX5hykVzKac31URhJv5szmIyMwSXM5IQ0SOjsRSpkp6sDXbYJes4oUWimNB9dx0XnDKA= Received: from BN9PR03CA0557.namprd03.prod.outlook.com (2603:10b6:408:138::22) by DM4PR12MB7502.namprd12.prod.outlook.com (2603:10b6:8:112::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.17; Thu, 30 May 2024 11:17:09 +0000 Received: from BN3PEPF0000B076.namprd04.prod.outlook.com (2603:10b6:408:138:cafe::9b) by BN9PR03CA0557.outlook.office365.com (2603:10b6:408:138::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:17:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B076.mail.protection.outlook.com (10.167.243.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:17:08 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:01 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:17:01 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 28/31] hw/i386: Add support for loading BIOS using guest_memfd Date: Thu, 30 May 2024 06:16:40 -0500 Message-ID: <20240530111643.1091816-29-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B076:EE_|DM4PR12MB7502:EE_ X-MS-Office365-Filtering-Correlation-Id: 59d19acf-2aca-4483-622d-08dc809a0b73 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|376005|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: sM5jLii9Ebf4bsilYj2nRpVpogIdPW1vOgnsu32635DA1Zlie1z7SN7i6U4IwOZit1cQHdm34feyaxQe+tEftE9IuzaNTC9+TzOxX1ddocFbBitsoFgRd3a8Dq1Z3rZ72faEre6LQz669UrpA9GpD4Mn2pVUEsOURnei9T+SQOngFLT2BO6qKSmxHTdr7YSmKBkknOrSoTxWVSmi8GYMP6vFzFBkD3yAosdRRx0hTEV8QvJUxDMO4XT9UY31QzyiUAyqv7hxrzns39IzRNc+FapQ2622I0weGMCKqPCxHxJVYRhJ4NlvNZUW/ehmmfLh825qNcfd5Ya+yvYDjnwahSzxEULGfmQIhbY5Ax5p17FPyrONyzzpTgwZrqAuRPINm92EcvkBSdId7KhlcHbLigZfypRwTCBSAA1LL6m7wFmPTKdRgcQgorHcBYIHA5s8A4gcQh3dQs7Kz1mIrvCCbQC9t2T53WdXLWznV0LLNP5Ouhn6RgMhDuLVxw+FcoyXNS297zka0k5HXTmqFjQm9fdbgpEVUzSjP1jsB2H0020Qn4vAlhfEw5G8bXFkpznKskI+uHSmIzvcEXWW8raDySzOU4PgPEyXjM0Rr+H4T31/8m0cKP1uuS3rqGDEppLKaz1+tl95L+WptEanEQijjFuWGYI97N7IEYrXPo2VAP2lyvuMGYzP25BsGf4yIekP8rgHx1m2B7CcAB+mmXvaSRm/f6HiiyD8Q1NmlmgFmFwGDJbzlKAx555Rfd65D4D9+W7+DLFQiOEDiGmqzxpR6t3l2w4NvOxjQCv8amLqye8LG85TQL+gt9Y5gCdHI2eUMdhxcS2hthMjvIvBwNKT8SB+hxj3PELUMVJteeAYvMKXdawkDPEZT21ZwiAMM7saJa3AIf4yT1dHDSbWGiT5r/QSDCI3iOIFgRXOawx1tiHtr1SNrAeMiqEQQJhBnT7TG/cjeVtYA7zY4OKgQZ3uJ9kJ6zVwjTIkEv1f8wlxguQYCMJut4OCxvU6eW1dLQGFH1X7EfqPO27YiII7nJWioh758uFLjGeUFqtCXGx/VBqcqTbHBEOrWyDcN+64jZ4/8yniZ/a1l2/DF5zxz5MGujDZVRLv6WrPWSq4/HBDK8CtbbS17ISI52b2JnEjPQg7zU4i9/lXGx0KRGf/KmFtJF/PAonnyY+hBJtqQqllPWhh5nBcUySslhbmg9OnAhQYyDX+jqgCXLBhoeFbJD/iP7ZkCTF7sYuXpcRBg7M9BmUSwHLiksUMKzQcMSpuPhGuhLSGAfaJzBRhBdvdBNk37wlQRJ8mBn3uioJZREuu9Tj7VhCdjRZJ0oTdxKMtVDEYXW/99D/xFJ5l4CVYM6ccmvQSpQnsroqIBYpASYpeVzQ= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:17:08.4729 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 59d19acf-2aca-4483-622d-08dc809a0b73 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B076.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7502 From: Michael Roth When guest_memfd is enabled, the BIOS is generally part of the initial encrypted guest image and will be accessed as private guest memory. Add the necessary changes to set up the associated RAM region with a guest_memfd backend to allow for this. Current support centers around using -bios to load the BIOS data. Support for loading the BIOS via pflash requires additional enablement since those interfaces rely on the use of ROM memory regions which make use of the KVM_MEM_READONLY memslot flag, which is not supported for guest_memfd-backed memslots. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- hw/i386/x86-common.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index f41cb0a6a8..059de65f36 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -999,10 +999,18 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, } if (bios_size <= 0 || (bios_size % 65536) != 0) { - goto bios_error; + if (!machine_require_guest_memfd(MACHINE(x86ms))) { + g_warning("%s: Unaligned BIOS size %d", __func__, bios_size); + goto bios_error; + } + } + if (machine_require_guest_memfd(MACHINE(x86ms))) { + memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios", + bios_size, &error_fatal); + } else { + memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", + bios_size, &error_fatal); } - memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", bios_size, - &error_fatal); if (sev_enabled()) { /* * The concept of a "reset" simply doesn't exist for @@ -1023,9 +1031,11 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, } g_free(filename); - /* map the last 128KB of the BIOS in ISA space */ - x86_isa_bios_init(&x86ms->isa_bios, rom_memory, &x86ms->bios, - !isapc_ram_fw); + if (!machine_require_guest_memfd(MACHINE(x86ms))) { + /* map the last 128KB of the BIOS in ISA space */ + x86_isa_bios_init(&x86ms->isa_bios, rom_memory, &x86ms->bios, + !isapc_ram_fw); + } /* map all the bios at the top of memory */ memory_region_add_subregion(rom_memory, From patchwork Thu May 30 11:16:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680212 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2044.outbound.protection.outlook.com [40.107.93.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FF221761B2 for ; Thu, 30 May 2024 11:17:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067834; cv=fail; b=roy1ckDC4e/feyntkusnZamCbaDeLjbnNP4PyVCGaPxWqgFZRr+Ft/MstDBB1N2+pJXnk6faODoUzQ8bBAJOFgAO7PY72+x/wEF0fAdHm7iHY6HkhrFORHd/A9I/BhmYTb4N+hL/2mfgrVroebOvV4pCdwn85Sjollxg49re4TM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067834; c=relaxed/simple; bh=Vf1Lh1l7UrceRstoRIuH9Nk1/cRheFxPZ8+nO6HrUKk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=M57JVZT/fc4reT8PUV1MpDL8s+TV6QRQz5FW3eipJJid057MceeYMs2/A2F73wctQS6ca6xuu6XjtlLTjuqYZMujc1uif7JK+92vR/eqJ9/4qVCl7QHJcfJi9PA9YWlYXztdhs0YsVCpJUR5FOkY+pgD/V9rsc7cjOC8vZNQ8W8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=4lBKtUmR; arc=fail smtp.client-ip=40.107.93.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="4lBKtUmR" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jGPHmpr5WvTu0h0+snCJsqLr9mjDHiRUTzgBnu3NeS4Yk7yIvpfDR1aS1+TXzZy7QEj2AgdJkwUtMsAyQCuqLw1Hl4xKMPYFW3ghbEkLZMcudXFwYFcOiQQqvZISlq9r2NawlBUDj8ZgZkWKiiGYerz+pDeNwtBtYg7dk14vUS4cmk0QDsU3ui9/AO9UorRDu2hko25y9f8MrfSwj6MikurASnbEN6rsJwE1ji0PGqTnVOerg1028r0bNI9B6iJNZoaQzwzaDUH2QFjoxwlZQ84uDZLBEk5s0deq8SUQISsAXtXJbakz9rHhNLqax5O3DTmSurrKX9jSywRQtVeCiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mQzio6BhWqWfeYOoY/C3vUF9KAwOA/c0yNwqi+AAPlU=; b=MdrJBzOHyWISwEOzJ6zw+ZdfqDj4sS3DIE6CT58MW1fBn8f4/l/FHOK8CmP1tiFyv+dI2vQHVAUJ+Ion4TmA9m4Lydh+nTvJdHd6emyFeWs3LYFSGXfq4YJo4OIj77lYXGuINVjiVGW0YwE/StgWvOdKcV+aDJ7OQW2oNlsoOwwwFeUCyN0MOmFok+xggtnJKV342qTjPcEQbe/VCKnXIWQWQODLZgbT4oJ8dtbmUANzwdoXqqYDX/lN8c+LQeZeupqSs4WgRnw1V7lpEJcKgpMUuOJF8q+5e1TgdZzhCBsxZPwOls1J7wkNKR2TbMy8yz3b3VT1jCjgUeH+VbMv6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mQzio6BhWqWfeYOoY/C3vUF9KAwOA/c0yNwqi+AAPlU=; b=4lBKtUmR9w21tqLIAWHkh0WppF/kQ2zq2S57kyRbhMijhpXpV8qtZ1xiCsUwGU3a8haBtOqdP9n2Xl/LF81WXHxMakLzuHFXsZ5wWVxErBo7UUYve4an3atkfbjobXYmZ9/olq7/zB4t7RSWBz8D6K6DyECfyquAq2T4OvYXyvU= Received: from BN9PR03CA0687.namprd03.prod.outlook.com (2603:10b6:408:10e::32) by SJ1PR12MB6363.namprd12.prod.outlook.com (2603:10b6:a03:453::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22; Thu, 30 May 2024 11:17:09 +0000 Received: from BN3PEPF0000B077.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::a0) by BN9PR03CA0687.outlook.office365.com (2603:10b6:408:10e::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.20 via Frontend Transport; Thu, 30 May 2024 11:17:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B077.mail.protection.outlook.com (10.167.243.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:17:08 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:02 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:17:02 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 29/31] hw/i386/sev: Allow use of pflash in conjunction with -bios Date: Thu, 30 May 2024 06:16:41 -0500 Message-ID: <20240530111643.1091816-30-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B077:EE_|SJ1PR12MB6363:EE_ X-MS-Office365-Filtering-Correlation-Id: 32f028dc-7b39-4aee-1991-08dc809a0b96 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|376005|36860700004|82310400017; X-Microsoft-Antispam-Message-Info: 7ZT+PLg2lp3P5WY0M+mu2Mb0/blL455eG42qMj6BS9osF+JJz10HSrxfwtJ42HZQYcP4huO7bm4EHpGIVxxhva2N/PGgkTRL858Y7+CXEE0pt36IEZPIAx0CusjuHZTM3/wO+sgDbkk4t/oqZYmjrkf1svS1CWc6oBsAWO1JzSYUCSGS7RgofOnewuwC+7PYwUL+xoL7qrneOCvE0o9KI+gAdE/MTJBzhvN0p+te5sSilmmwJTj9Xz4FqCHhcskxtgTfLhrN5Y3jpmt8CWQkqQ32OXmuYlBNDwATeWxQc55RvBLCS1VWfMkC1ID9jix2UUsJx1xVNQLHtO4YO1n6jrxOZr14WgG5Fj0YZb8op24OIyOwQHKJ5o6h0xtK/BiBIIPqj4L620sQp8eWoi4PiFNwhyExYH/XM9AvoDIAPH7LmGVI0n56XUk6eq/HVHQGylLmq5u8ewyzs1+/s4YMi1t+JctZ5uKZH2F4gO0kV3FZ/0MVaBXHh1DtXTs9EgE+5C4LMuykDdzHpGy0g4w/fs3PJYLbpmeZbpX7T/13ge43bvLzMzRr3HX19r3kQwfOop25fqam925Tu6ZwCHRKfSvYRi9sWnRATnT69kBwXumlN2LrdIMcgNCLJuDu0R7ACRxHufX+UUnEFDgl/CfPx45XVscYtryN9miOT1kbFBQlsssRyRsZL9tm40xL0O6PYcxLETyvbF7KIHZdp6xvmI84G7f4qvnSJgmW+k6b5vL/m07pLrz3jLSAEqRubj1Al3+RfKZ3pLlGb1LIYuHQ9ciiKoeEuEv+24PmkJ5JP3uIFqS3bsWE0f6bDeY/JUw771CX9ubaWNmEKiQnaDu0cg6GhfwPsKu0tOwnzq6niVNry2aMO1vW83ufb1SyYiADohZPSsWPmDW7I21n2TyS8ppF7CnG/HcgP2TvxnR2Mks8viEz+fXP6jzgpHXk51pJOXw+uR0N49Vs7jMvnQ1faAonn2LhhIrKPvUZO7NPkkDD2xCPV9JLt63n4zN3tUUS5Kq/jXJaKZwy+7BqS1XLbkL6zcnh3bTsO6jk3aGuQ7xRIFljigjRXi3j4EMWGubM7Flx6alntuKVErWTLvda/COJ037QGHVBZzPXtdf7i3xXFbP6GhksbWbtLM8vC+yZVY0/efEIfLb9eG7x92FBDzVk0WmNnujRcNhizDM1c7SD+8mbBuB42zHowDaibZWWuXFpDKiV5r6DercN1ExwGx/ddYEBPAoIZAtfcXhKp/OuzGLrRmGLmhmzxVkuCmGkdw6rBKxADNvYcA0/zzCey3oSeqoCydfldBPZo9cVV3RjShhUctrolJ/h5ZWCkfhRnJFENqrUG0T5aLd5Dk7hOn+KKzYh27TD4B60bMwlZ9cgdGzsNgb8MAqRZUB+dKbr X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(36860700004)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:17:08.7160 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 32f028dc-7b39-4aee-1991-08dc809a0b96 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B077.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6363 From: Michael Roth SEV-ES and SEV-SNP support OVMF images with non-volatile storage in cases where the storage area is generated as a separate image as part of the OVMF build process. Currently these are exposed with unit=0 corresponding to the actual BIOS image, and unit=1 corresponding to the storage image. However, pflash images are mapped guest memory using read-only memslots, which are not allowed in conjunction with guest_memfd-backed ranges. This makes that approach unusable for SEV-SNP, where the BIOS range will be encrypted and mapped as private guest_memfd-backed memory. For this reason, SEV-SNP will instead rely on -bios to handle loading the BIOS image. To allow for pflash to still be used for the storage image, rework the existing logic to remove assumptions that unit=0 contains the BIOS image when SEV-SNP, so that it can instead be used to handle only the storage image. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- hw/i386/pc_sysfw.c | 47 +++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index def77a442d..7f97e62b16 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -125,21 +125,10 @@ void pc_system_flash_cleanup_unused(PCMachineState *pcms) } } -/* - * Map the pcms->flash[] from 4GiB downward, and realize. - * Map them in descending order, i.e. pcms->flash[0] at the top, - * without gaps. - * Stop at the first pcms->flash[0] lacking a block backend. - * Set each flash's size from its block backend. Fatal error if the - * size isn't a non-zero multiple of 4KiB, or the total size exceeds - * pcms->max_fw_size. - * - * If pcms->flash[0] has a block backend, its memory is passed to - * pc_isa_bios_init(). Merging several flash devices for isa-bios is - * not supported. - */ -static void pc_system_flash_map(PCMachineState *pcms, - MemoryRegion *rom_memory) +static void pc_system_flash_map_partial(PCMachineState *pcms, + MemoryRegion *rom_memory, + hwaddr offset, + bool storage_only) { X86MachineState *x86ms = X86_MACHINE(pcms); PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(pcms); @@ -154,6 +143,8 @@ static void pc_system_flash_map(PCMachineState *pcms, assert(PC_MACHINE_GET_CLASS(pcms)->pci_enabled); + total_size = offset; + for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) { hwaddr gpa; @@ -192,7 +183,7 @@ static void pc_system_flash_map(PCMachineState *pcms, sysbus_realize_and_unref(SYS_BUS_DEVICE(system_flash), &error_fatal); sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, gpa); - if (i == 0) { + if (i == 0 && !storage_only) { flash_mem = pflash_cfi01_get_memory(system_flash); if (pcmc->isa_bios_alias) { x86_isa_bios_init(&x86ms->isa_bios, rom_memory, flash_mem, @@ -211,6 +202,25 @@ static void pc_system_flash_map(PCMachineState *pcms, } } +/* + * Map the pcms->flash[] from 4GiB downward, and realize. + * Map them in descending order, i.e. pcms->flash[0] at the top, + * without gaps. + * Stop at the first pcms->flash[0] lacking a block backend. + * Set each flash's size from its block backend. Fatal error if the + * size isn't a non-zero multiple of 4KiB, or the total size exceeds + * pcms->max_fw_size. + * + * If pcms->flash[0] has a block backend, its memory is passed to + * pc_isa_bios_init(). Merging several flash devices for isa-bios is + * not supported. + */ +static void pc_system_flash_map(PCMachineState *pcms, + MemoryRegion *rom_memory) +{ + pc_system_flash_map_partial(pcms, rom_memory, 0, false); +} + void pc_system_firmware_init(PCMachineState *pcms, MemoryRegion *rom_memory) { @@ -238,9 +248,12 @@ void pc_system_firmware_init(PCMachineState *pcms, } } - if (!pflash_blk[0]) { + if (!pflash_blk[0] || sev_snp_enabled()) { /* Machine property pflash0 not set, use ROM mode */ x86_bios_rom_init(X86_MACHINE(pcms), "bios.bin", rom_memory, false); + if (sev_snp_enabled()) { + pc_system_flash_map_partial(pcms, rom_memory, 3653632, true); + } } else { if (kvm_enabled() && !kvm_readonly_mem_enabled()) { /* From patchwork Thu May 30 11:16:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680211 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2087.outbound.protection.outlook.com [40.107.100.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A78C517554D for ; Thu, 30 May 2024 11:17:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.87 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067831; cv=fail; b=mQJfV4/JUHg/e8qkVDaM+GvU621hNTrpoKu2RopTdNLLf8UGHtpgCmp8+rot4aCF55iwbS3yAi/e4OgQDsE93RLMdekqUhQsK2UxCz+C4dyraJFM/id1SfL/iFiui3aKkXr82lJtENw/kkByNwLKDe34wgTVEnYQRfK8KP0Vps0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067831; c=relaxed/simple; bh=xKeW3WheIczmbA8L7KB+G8X6B72bOW/nB5BhmZUY+20=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VbB7l2uOkQ9D9guy4ply7ki4MOnd9uPcORDVmkdrzOhffjfi4x5LHhCJffGoa9iYPIJohsfEbaQyxvyoukvuFqtyeamzoLdGfJojvqXMyaYH2mDKMNQuCa0DLerO4ebBd+W9JB/QtLJWpZPJ8A0Ag+asuTgoLkeaeo2lpao0NcQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=CBuaH5B4; arc=fail smtp.client-ip=40.107.100.87 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="CBuaH5B4" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sh6ba1V2ZPjnzm4iOoWU86Ha6rG/ckrmF9Yls9vagDv5tFeTuMtcWU8kaSaufFbHiXzmotcmWCO6L3gFN0myccnxjbTIjMR8E/qRMmTaRjNthhdDqXNYBZjLD5qU1CwUGLqbopWdYa3nTIiRzLAFNAnjxIXcXWoc/ZuB24RdyQlpyaOnBM5ns/WdKrC490/nflEQatLzKvmA9JxjvHcrz67pCFSWxMS7MPDFb0XY3XjevhawKw8LgqnsIxcZMksHiM04raHWMeqWq8UIcwx/TYsbMC8x26csjY8cHJWumLNYywk688DxsFc8Ishow046P4YZ2gwZCljrCRWf+5Hnpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LIsthe0rC5up4jHnC6jnkP/A/JdTMz+A6gWSUy2I91Y=; b=IfjQRDC6Fcedfj7in0/HYq35wDvhVNyivZFCtqnCic8+cHg7Tcmhihb1fCinKPsseaF9+jtA/6yZoYO6+h9T5E1qeBgROaaTFU172NR951Xyrx+ssJ6EdJ6VxB8x3Il1dzPATfIrnIBMxdBc70ZFzZeafR/eNMdriTvlSX/iuzDie+VrVXWwbQjjanoURC6drS2B8iO1FedcUbFuUdRFAhuB228qk07OCKt9n/FiwbtI9Nd55DfZvEwpDsfys3Zbolhjt8fWAhBhwNytHaFdnzp/rPkjfRJho+vjv3JCg7u4rsiv31JF68a6eZ1LtxF1oYNMtSFUA1SIuG0lhA3rXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LIsthe0rC5up4jHnC6jnkP/A/JdTMz+A6gWSUy2I91Y=; b=CBuaH5B4Xx9V1Kjs5DaWGrXw4mPVHTf1ht/A5DkaOsibNIIr7U/oi3eUO0m88phYwe8zKNhySHANUp/78TITIlFjYfClLyPgUfJg9Ao4QQW4ryTTnkyaoAkyNLD0D25heDrv+MsotQHlY3cYCZRExiihds46wuAR7XyTEKa1AKI= Received: from BN9PR03CA0769.namprd03.prod.outlook.com (2603:10b6:408:13a::24) by DS0PR12MB9398.namprd12.prod.outlook.com (2603:10b6:8:1b3::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21; Thu, 30 May 2024 11:17:07 +0000 Received: from BN2PEPF00004FBF.namprd04.prod.outlook.com (2603:10b6:408:13a:cafe::4b) by BN9PR03CA0769.outlook.office365.com (2603:10b6:408:13a::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:17:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by BN2PEPF00004FBF.mail.protection.outlook.com (10.167.243.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:17:06 +0000 Received: from SATLEXMB05.amd.com (10.181.40.146) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:03 -0500 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB05.amd.com (10.181.40.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:03 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:17:02 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 30/31] i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE Date: Thu, 30 May 2024 06:16:42 -0500 Message-ID: <20240530111643.1091816-31-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB05.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBF:EE_|DS0PR12MB9398:EE_ X-MS-Office365-Filtering-Correlation-Id: 2fa55a3d-efc9-4c55-0e28-08dc809a0a85 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|36860700004|376005|1800799015|82310400017; X-Microsoft-Antispam-Message-Info: 2Si8sqX7l5nWtyICaPIjERU7VT5+2U6SSoCnS0UWCo8qXhWtnzVm9v5neIUss8mShuQuNfQTyHH2Gb7JGuNU09CEvs67fbmli/nnGwztuHjdpSCAPbKUcbBJXP+66OrfIRiU0h4tTx20HAEJHG3GZLxmh+L09nX6Bbj2moVzrQGOOLJysi3hOHsZJj+3NNC+kkD7sasnARV6IFObXrl7vhZttYLRaVwG5sh4icHGZ2ONh5i/K9C2N4I+akkgY33FyxPqdHUTmpRSXEAqL5BipSxW6rm72zQ2d+82Uj9XDEzLMzyArRwJ4+GasUVWP7EyHZ97ZZ7O1nomUqb4VGHu06Y1+qOZPCR3hSavpmhM/vIRsVn3q9gnHRa3+yF4S4zgIn7jHqVeT+NROQ8WzghvOc8tcIq2owjT2MihVo3hk0uKDMBL87Fkuii7XdwadLhHFruCvdNZQWkusWHInVqsoNYffheizkOvic5IU/hNoYkyWg1MtXcayowwofqzJwGgrcfv6MNwRrC8z+E9I/X+5rqCkXy73eJAGvWgYXmacAD/E/owe6OKHtCqAF42mMyyc7aW98C1FyuOl+CdB7kNJn+pcI9VKmxFPft2FQJNRJYSZat3wZJJN2vMPXaBL9gt2Jscy1ItsWHkSV3O6cFzqqE0+UipPSaUtznOX//NtikQiSXVjKg6OfMagdhxNpCM+eG7s714v67SCTZKQ1wKvE1+tF0pzQWcZElgc3t9N61PL+eCzqcuw3nJxK8n/F3dyFE4DSMqZ6+a0R+lDiodyIviYUMBsMvIOwwXT05r8NwuD6b0Z5n+1XYm691sq5/ESD2RN4t6M7A/y74fzSd+Ua77+3eebA21arBU7BTcmn7XnowVlvElICZ3ou3WVCxj7LqBi73He4+ynK3xs+ITTe9GEjwdG2tqPV8ipUldnqCwvgyh9+7KWxQ4in7FJU3Sa7XVwLrW5L2TQiRVENyurn1UT8Rf1DWNeMWHFGTIMuL0Qy+90cRG1ILlTuX3ytp7erUzJpl87wNGxBceWPLSWWvtCafUiL42tD2sw0Zozgutp3dC0Yna5FgAD9pqQIWuehXRIcxpWDfceoRImCAdcce2dkxJg26P12WcEl10kpjZH1Da5XFg9I1FevrB47W5KO2/MRYjGSeBwYzI+5d8TXqKFZyLRUq0T62JLYg6V/eLNUor4tdgw1e8lwrcfi0TSgPxQSMR2ACtG2CFeyCnL7VLZ6TU7LahY/ztS2VgmZZ+HLiwkqtLX0QhR7x3yLzyNn9xLWc5m+jrMqpHcusCocjlZD1WtHWvI4XHE5OgqDu8n8h6mfKyrgAJZl9oPFyaBKWkxudImZVgwyZTTS+yqvjJvd0XUqdODkLvdXTbnFSgZzvVeHyerUoCFOSypxzV X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(1800799015)(82310400017);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:17:06.9110 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2fa55a3d-efc9-4c55-0e28-08dc809a0a85 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB9398 From: Michael Roth KVM_HC_MAP_GPA_RANGE will be used to send requests to userspace for private/shared memory attribute updates requested by the guest. Implement handling for that use-case along with some basic infrastructure for enabling specific hypercall events. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/kvm/kvm.c | 55 ++++++++++++++++++++++++++++++++++++ target/i386/kvm/kvm_i386.h | 1 + target/i386/kvm/trace-events | 1 + 3 files changed, 57 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 6c864e4611..e72c295f77 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -21,6 +21,7 @@ #include #include +#include #include "standard-headers/asm-x86/kvm_para.h" #include "hw/xen/interface/arch-x86/cpuid.h" @@ -208,6 +209,13 @@ int kvm_get_vm_type(MachineState *ms) return kvm_type; } +bool kvm_enable_hypercall(uint64_t enable_mask) +{ + KVMState *s = KVM_STATE(current_accel()); + + return !kvm_vm_enable_cap(s, KVM_CAP_EXIT_HYPERCALL, 0, enable_mask); +} + bool kvm_has_smm(void) { return kvm_vm_check_extension(kvm_state, KVM_CAP_X86_SMM); @@ -5321,6 +5329,50 @@ static bool host_supports_vmx(void) return ecx & CPUID_EXT_VMX; } +/* + * Currently the handling here only supports use of KVM_HC_MAP_GPA_RANGE + * to service guest-initiated memory attribute update requests so that + * KVM_SET_MEMORY_ATTRIBUTES can update whether or not a page should be + * backed by the private memory pool provided by guest_memfd, and as such + * is only applicable to guest_memfd-backed guests (e.g. SNP/TDX). + * + * Other other use-cases for KVM_HC_MAP_GPA_RANGE, such as for SEV live + * migration, are not implemented here currently. + * + * For the guest_memfd use-case, these exits will generally be synthesized + * by KVM based on platform-specific hypercalls, like GHCB requests in the + * case of SEV-SNP, and not issued directly within the guest though the + * KVM_HC_MAP_GPA_RANGE hypercall. So in this case, KVM_HC_MAP_GPA_RANGE is + * not actually advertised to guests via the KVM CPUID feature bit, as + * opposed to SEV live migration where it would be. Since it is unlikely the + * SEV live migration use-case would be useful for guest-memfd backed guests, + * because private/shared page tracking is already provided through other + * means, these 2 use-cases should be treated as being mutually-exclusive. + */ +static int kvm_handle_hc_map_gpa_range(struct kvm_run *run) +{ + uint64_t gpa, size, attributes; + + if (!machine_require_guest_memfd(current_machine)) + return -EINVAL; + + gpa = run->hypercall.args[0]; + size = run->hypercall.args[1] * TARGET_PAGE_SIZE; + attributes = run->hypercall.args[2]; + + trace_kvm_hc_map_gpa_range(gpa, size, attributes, run->hypercall.flags); + + return kvm_convert_memory(gpa, size, attributes & KVM_MAP_GPA_RANGE_ENCRYPTED); +} + +static int kvm_handle_hypercall(struct kvm_run *run) +{ + if (run->hypercall.nr == KVM_HC_MAP_GPA_RANGE) + return kvm_handle_hc_map_gpa_range(run); + + return -EINVAL; +} + #define VMX_INVALID_GUEST_STATE 0x80000021 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) @@ -5416,6 +5468,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) ret = kvm_xen_handle_exit(cpu, &run->xen); break; #endif + case KVM_EXIT_HYPERCALL: + ret = kvm_handle_hypercall(run); + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret = -1; diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index 6b44844d95..34fc60774b 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -33,6 +33,7 @@ bool kvm_has_smm(void); bool kvm_enable_x2apic(void); bool kvm_hv_vpindex_settable(void); +bool kvm_enable_hypercall(uint64_t enable_mask); bool kvm_enable_sgx_provisioning(KVMState *s); bool kvm_hyperv_expand_features(X86CPU *cpu, Error **errp); diff --git a/target/i386/kvm/trace-events b/target/i386/kvm/trace-events index b365a8e8e2..74a6234ff7 100644 --- a/target/i386/kvm/trace-events +++ b/target/i386/kvm/trace-events @@ -5,6 +5,7 @@ kvm_x86_fixup_msi_error(uint32_t gsi) "VT-d failed to remap interrupt for GSI %" kvm_x86_add_msi_route(int virq) "Adding route entry for virq %d" kvm_x86_remove_msi_route(int virq) "Removing route entry for virq %d" kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" +kvm_hc_map_gpa_range(uint64_t gpa, uint64_t size, uint64_t attributes, uint64_t flags) "gpa 0x%" PRIx64 " size 0x%" PRIx64 " attributes 0x%" PRIx64 " flags 0x%" PRIx64 # xen-emu.c kvm_xen_hypercall(int cpu, uint8_t cpl, uint64_t input, uint64_t a0, uint64_t a1, uint64_t a2, uint64_t ret) "xen_hypercall: cpu %d cpl %d input %" PRIu64 " a0 0x%" PRIx64 " a1 0x%" PRIx64 " a2 0x%" PRIx64" ret 0x%" PRIx64 From patchwork Thu May 30 11:16:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gupta, Pankaj" X-Patchwork-Id: 13680213 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2042.outbound.protection.outlook.com [40.107.243.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 113691761B5 for ; Thu, 30 May 2024 11:17:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067834; cv=fail; b=KmFF81kOAIVUx5f23VCGMDln48VrEib1fO4wwOM1V5VFPRK4gjsVzeT2PU/enjmcElk4TnKy9xYWXAiTrN2yNFTe7n22ZwffTUuHL7YtCID8QJSDip/VbhkkbHi5JNWXZiuUfyyS4NPHiS6UhJ1aCG7Vw2yfDir/PndN6keSqxA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717067834; c=relaxed/simple; bh=9jfMN3s5bvjUBXFdYLCJGS6KPMm7ep5+iB1uVWumy9o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NEPkQv4AX2tI0CokClk/2RP6zMzlxauoQQDVTOXr0B7nDTTmeaZ2N2ChfF8U4c3xDyZ2OFW9bwd7W7c/vjekLnIkjKeX39+fGvTnDVHE5WudZMZY0EUsalgCk7G8ExdIYX1rogMukvGWmIAaky5qjaX2drvZ3xPJU557Ja/oc50= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wLeSwyiJ; arc=fail smtp.client-ip=40.107.243.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wLeSwyiJ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MRTqGNfZsv/yiaSCx8CamY+5hcv+ObNtLHdFUKRwBO575RfKBZxDdGHaMt4A7U6FKgnOf8kPsSW+vkW0YIgBY5kyez7znxoM6LUMrIRS541IdtDcKpbtopP2Ua+fHqOdQsMx9S8gdlAcc58xu8OntICcdCq4vymq5DUIcfukRcjBHbNcdz/tam2/Ud7XkZGj9zD75UCLqv2z0Lv6y8OKtxHamvuSqirsAHW8YipPGDc0XyQxwk6RJg2LBC6gAvxcv/vwfDElwc/8weCYzJByrNMY3VyJBCh2U+bz0Z+X+jfLVXXDym3WBYlJidx52lobf8BcpC3A/qUMzY8murjWxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=30NN+Noba7skJcAXk9WnPHE7RGKVP305PPHVASSr+ys=; b=FupDqEpbOUHr0trDtWnoXUKLyTi+qG3d1s/vdBthPV67lEbrueGdQIJ9mkgqmYTI5zoifsw/l2zwsg+YFn1tgIMk955bGpgMVx7SCdulxQwkehPfcLbcEtB1WaxzlLKiwvQmhhYNSeBn/Y/27Xv1XEOIqkuzmayULWG4mN1cbxJGauJ9+mIH1K1JI/pdYc/5QfC1B2gfbyck/hiEOXwbzPkESjpKj5YyzSk6nCtxw964PwxR+1Xyoyp6Lop3sAJPjGAaja7T9b8NIXLEDDRr7iF7iBGL3EqDD4Thp3ry4XJY50gU3dk/mJwMWkFGpb2Ix4E+hQUOVi3KnhmHLtgT3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=30NN+Noba7skJcAXk9WnPHE7RGKVP305PPHVASSr+ys=; b=wLeSwyiJIUXkezFTuPwxNV1qz6k7jhNd07Lm2s93w7gkbYrQA8I0cMLOOqVOagQgh6qaJ799j4XnvwyZ/1nqhynEKG3V04CZXfWBlYZDKwu7gPwWFGnPlAlw0sa4hLLYyTV8qEW/jJBluUD4TO7HA632ceJeP6gj6qch59oGm74= Received: from BN9PR03CA0566.namprd03.prod.outlook.com (2603:10b6:408:138::31) by MN0PR12MB5809.namprd12.prod.outlook.com (2603:10b6:208:375::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.21; Thu, 30 May 2024 11:17:09 +0000 Received: from BN3PEPF0000B076.namprd04.prod.outlook.com (2603:10b6:408:138:cafe::96) by BN9PR03CA0566.outlook.office365.com (2603:10b6:408:138::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.18 via Frontend Transport; Thu, 30 May 2024 11:17:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN3PEPF0000B076.mail.protection.outlook.com (10.167.243.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7633.15 via Frontend Transport; Thu, 30 May 2024 11:17:09 +0000 Received: from SATLEXMB04.amd.com (10.181.40.145) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 May 2024 06:17:03 -0500 Received: from pankaj-M75q.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Thu, 30 May 2024 06:17:03 -0500 From: Pankaj Gupta To: CC: , , , , , , , , , , , Subject: [PATCH v4 31/31] i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests Date: Thu, 30 May 2024 06:16:43 -0500 Message-ID: <20240530111643.1091816-32-pankaj.gupta@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240530111643.1091816-1-pankaj.gupta@amd.com> References: <20240530111643.1091816-1-pankaj.gupta@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Received-SPF: None (SATLEXMB04.amd.com: pankaj.gupta@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN3PEPF0000B076:EE_|MN0PR12MB5809:EE_ X-MS-Office365-Filtering-Correlation-Id: 7c85b27c-01a2-4ceb-83b8-08dc809a0bf6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|1800799015|82310400017|36860700004|376005; X-Microsoft-Antispam-Message-Info: xtgjdDYCcJBhveDNUVV25tdKaoAVxQkKpUS3VWn5V7AbPW9SRx14iV/vcm9WvM+sWBELdPR73TIIM/MyuvaELO10wSV5PjTovQTaqX8PpDpV/+Lb063+caZPWx3ZqIMkwWPAAm716js1JAcBcXXWJ2u+cizl8NVkFW2OT56jzFt2ZUqPS8TsRKqU5GYjts/WPPv2jxPnXpVQ5WRUscGN/QaHOUvKoCbmS4oMFpBW2Eh/ZCrD/OF+YGKBPSAX4menWOyzDHgOHm9kiV/zOGgTXjTbZ33mvKSRByVdbyTs2p38MfRCt4ags1oRmEQCgq94HkIZ9KnMr8Iy8mDcOaPalzIQVwhy4Umwd8wuoCiQE7SC0DC3L/l5xJqAj6PdOaatRhwl9eyLGyLsYgn6+9G2d0xcbPUsp/xo3J+DrSs69X3yK86yMonFCARap2fDGpSpyvJYocYsiwsyueCG0JvX6yBsPOX/uAYLaXvkKErcBMChLwRD1iSEyH6KcaDxGsWqaD4ARlPAzLXC6VMvQNLpjuHFN+raGduYfycfEEjUyAdJuK+CFRL0Uw9jIl9tcuRzsxt3d80z+u2+I57GxNglou0E5HGJc5cGIEWixrZw9+8cL+qL+aP85W0m0h0aT3EbdI24Rt6Ht7LuHrL9ioVGvUdRdERSh5Dq8FoO6kZONgzGhh1vPnjiSUDZsNvbGVVaKtgOtSOs08SJv1eBEqEpgZAMaMCsSkJhqFn96YL5ryYEEEjzrPmdONEBb8/dVGsLu3SuQOr+4loUXnDqgfUlpSdmzf0PnQwH0c1OJZUix1cuj4aN8Ihr9Iw+3UgdzCUnIcukGmasuV8kmC4s8Zudn5HdLMdQumynxy3vtS9KmUQZrgid8aDWY/RHp5QGwLDxFdz5UkI4ggNLN0OCoPuq9Usre+LWOTTcR0ow4Hhd38MeDQ9kjeLubXE/Atct9upw3pgjWUc6gBjOnd89Ubenkx1kxp4tdJSIAg02+cnrHlWKZ4tXLRZk7IFQ9dXo+Bb79AsYKL3w7ZcOAHKEFCFg4JIdRjianEQHZx7f436Z6QGjIEjD0snLbs1mJJVc1qnxyiy0iEZl8O8ZzS1VBvXM18DGSlQ/j1WDZ+YDmW1qqf85qf6yWUbTRLS8iYrqm26nBrqhoYi9yrSKg80DEUJVDDtoMvynwOfqR84MFzq1xCi4hp97nC5qpFDbR2ZoUfZCw0hzbTsc/crC6VstXLmqdazVEsERishjOvKiKIrjBwwZ/NLIW/jRMA2DSsjAgMevcNLwPCrwzdocOzfD8o6uzh2PvAsSRh2G2AnSFWiKnhiDKej6W3BpAWeEhyTRsXQ+BqV7JjL3/vu0QhU8nK4RWqxO7KF7chYJoYoqieH20tFXep21Awr+M1YQuztYpQbd X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400017)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 11:17:09.3322 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7c85b27c-01a2-4ceb-83b8-08dc809a0bf6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN3PEPF0000B076.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB5809 From: Michael Roth KVM will forward GHCB page-state change requests to userspace in the form of KVM_HC_MAP_GPA_RANGE, so make sure the hypercall handling is enabled for SNP guests. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta --- target/i386/sev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 7d2f67e2f3..c1872ce3a4 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -14,6 +14,7 @@ #include "qemu/osdep.h" #include +#include #include #include @@ -774,6 +775,10 @@ sev_snp_launch_start(SevCommonState *sev_common) trace_kvm_sev_snp_launch_start(start->policy, sev_snp_guest->guest_visible_workarounds); + if (!kvm_enable_hypercall(BIT_ULL(KVM_HC_MAP_GPA_RANGE))) { + return 1; + } + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, start, &fw_error); if (rc < 0) {