[RFC,v1,11/22] sev: add SEV debug encrypt command

Message ID	147377811888.11859.2777245831487772253.stgit@brijesh-build-machine
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Brijesh Singh <brijesh.singh@amd.com> To: <ehabkost@redhat.com>, <crosthwaite.peter@gmail.com>, <armbru@redhat.com>, <mst@redhat.com>, <p.fedin@samsung.com>, <qemu-devel@nongnu.org>, <lcapitulino@redhat.com>, <pbonzini@redhat.com>, <rth@twiddle.net> Date: Tue, 13 Sep 2016 10:48:38 -0400 Message-ID: <147377811888.11859.2777245831487772253.stgit@brijesh-build-machine> In-Reply-To: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine> References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjEyTUIwNjU3OzIzOlJTSjRaYS9hTUl5SnhBNzNHamhrWkh1aGFE?= =?utf-8?B?emJ6Z2FZZ2F2MW9DSVBNbFAyOWJxOWh6Q3FEYkRwT0pKV2FGeDlLNjIrajNL?= =?utf-8?B?b0pLSDJTWElsR0hkQzcyam1IZlZPbGlFcjlDVnA0d1JROHhSSFlDVHZpb0xV?= =?utf-8?B?SmJ4S3VsNlJxc3hrRzFndXc0dzFWWTNNTmN5K245MThxREVzeXNNODY0eUpi?= =?utf-8?B?amppWWpGT29IOG95VFJkY3IxbGd2YjhxM3VVSW9FOEY0YmdWUFNaUHpPdUVw?= =?utf-8?B?d2ZEZkJqQmNyQkxPTCtmTnBBeXR0ZXFoejFVYW84Yk5Ga0gxcnMwQ0RNL3Vr?= =?utf-8?B?M3hCaDdqZFVxcDNRSjZMNzhOTlljMDhzSldhaU0vTVk3YnZNZWlQM3pmenpz?= =?utf-8?B?ZXF5K1RvbCtydUJHcE5vdUUyS1B3RThWN1lEbllZMVNIMkwzcVlpNGJqdkZ3?= =?utf-8?B?RDMrK3lMeitjSTNacnc1cnNRemVqaStyazFWbERGNjNSUWw0V1ZFQlY0SzNj?= =?utf-8?B?a0hVSjBCRkFQazRLWjJ5SFZFbmY2RTVuT2IvbDFNR01qNXhTNDBURnVNVXk4?= =?utf-8?B?NFZ5SDFWSkdaSnZZbjhEZVdvR1VsWVFsbnlPQjBKQkFqbXZzdnkvMVdraVVG?= =?utf-8?B?bFlaaVdwWlVXc2dkeW5BRHUyT3dObi8ybkwwOEhHcGNWVUk2c0w2YzVsbXRz?= =?utf-8?B?bFVqYUNtUW5lOEw3U3EyL0M3QlJZc1BCbzlIMUdUL3gyQTV2bityd0tvUjg0?= =?utf-8?B?MXZQK0V1MHdnTnUrRnl2QlZvcitNRU15WTFEaHNZVWk5WE1kV3BIc1hTaFFF?= =?utf-8?B?VVVWVnVsZDhJZktxeG11aXNtNkZhSTQraEpqd25PbnJjY2lIQzNleDZDajBG?= =?utf-8?B?Z0JwZmgxV0ZIblZmandTMHV0b1MrVmJwaWZramcyRU9KZXBCNlB1MDUyc2lD?= =?utf-8?B?WEhrcXhiRHFMczVGTW9OdUl5RGc1bExabm0weVppN0hrQStSNVpsSno4bEtq?= =?utf-8?B?QVZyNFkwUDdQVmFwS1ROSUVVR2grTnNXSFR5MnlKSnpPWGVCZENMNmJ4R0tt?= =?utf-8?B?Q0RWUGpYdTBTbEY2VXN4VU0rUmhJUm1jSnRKcVh0a05sUHM1emNKZkxISXJU?= =?utf-8?B?U0NTUVBORXArYTJ4QW9PODNJSDFSa1BabmJNTEtuOXViT0hISWxBZytFNGRi?= =?utf-8?B?Sm9xQ3Q3eStMUkZObDYwai9oajNZejNXY2YyMFFCeXFTeGM1N1Bsb1V1Sk1N?= =?utf-8?B?M2hXUWkvdERCQzQrZWppVjZwUHRnYkxkOVBuMXlWNFJ1TEdTVmNnT0l2cVZZ?= =?utf-8?B?ZE4ycVNnTmdXTXNObFlZRVplWmJtVW0wSGxsVmNUdUMra2YycElCc0FrMkNO?= =?utf-8?B?ei83TVR5eEhCS0d6UGhDbjFxMzJKVXM2UVREbnhlTkJ3T05MYmNQb0s4aVdS?= =?utf-8?B?VlhjQXhJUDRXMjdUQUQrNjJTbzg4RFFhNnZkdkdiY09HRU1IaUpJdUdBcFdq?= =?utf-8?B?SjhYUE44WThQeXdEcFpZK1p1WUlJaDVNYytrdStqR3ZXTVlIQWFpSUF4Rysr?= =?utf-8?B?Z045bCtGMFdhOERlL09MYmZ3SHNzVnkyMnlObVorZnRLQW52ZmErRjdjTmts?= =?utf-8?B?OFZyVXhhNm1UVTM4TkFBVjFnVUJGR2tCK2lYbWt6d2Q0VWdBYVlLbVp1UEZu?= =?utf-8?B?bEU0d01hUmErQ2JVZXhxaDN5cnpIeEJXNkcvK295QjlNdEh2dTAzbnBYSEF3?= =?utf-8?B?cWpmUEE0MitSaGNWWmVjeGVLckFjSWgzUXhBbVcvNjZRU1N5ZXM4aWxMcW1Y?= =?utf-8?Q?ILgnOlgWhWlhK?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 6:+aPLly/BMw0jwYQnHjRhgOkmM++DF32RA+RstHroSwqRk5Yue0aBag+rKFJBqeFBFOup5Uu9ZD4+8OyhWHNQnRNCZyEEPIeZ8P2JJIvBghdxmGsXzTk0pUcPAuYmQ8W6Hrii3zf06NafPQdwj3HxvJPCJ6ePoWyUKaF52Ea6fU4OY74uFN028rCGrSHgbUYPxSrhKhNp00sZMo5yu86U5TQf3oM4B9cc7L28TqZhEojwogmWW0mtG+9uKZxhM8paGue0XzUcDlRaPlz5xvPfuGCrEwaQWRC9n3oJGPpCSbanF1WOYGu1KOaQijtZLbgDZHLf2XlzRppPfwk0AW0lUQ==; 5:PHKTaNPcqVc5nru+GHyBkWYWw4FBGz/jMR1cxbuik6rikllMbadNhTSooc9JTd6IudDd4JgMps1obk96AqFPweMZHbDBVlDKdX1fZJkuJD5d+VXTgqW51RTw1ZRLa0zo7WIwRof31eYgNcqf3jRjPQ==; 24:NHCR36ivbMP361oqECu9F7FUTGFiwGouGAiVeRFk4Wq++Fd+JUqAYOxx+NvzRJqxVjr4fx3d1+jUg0mQ0c79JZq/W9swAdjxWxS34E1YWcc=; 7:YMktpnq5vS5hV+NX2+yf17/UN3rob/t7g4Gy1fPWpO4o6oEw7F6uKbKdC/gDfcOP9I9Ta58aroroTH+1TIxvojZkzMPSNtxtfrvSVIdr4+cFVeYyfCN7C9oiqKO90g+85xhn7ETwMTpFdtwwF/WSpInAHrh4w5ba8lweHUAnrms74MC2HNuEa+pzNPu9DPkyJ86DRvXvIl2PR1f12UfUkwXh9/FJUBTCeUJ8khKG+sxeva3QlfKY7CHGFGUmfHLP SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 20:tEJLAFC1g3Atct8ueld/DWoWs9Mxk78L3P/iT6TAaksSZXNSFbke8l5BCujeqWMHBgUsfiIktBduE0YFmOj5wLOwY/euo40srYmTzUd58f3b3AIFq7pKUe88Pw0UHRBUsRNjCUHdq7mEQi2ddMJY8ZmHuirYkoXmubTxCHMVG0W8BUQXLW8k71XrvVXvqNAi49QMyPiJJJynbgOMJoQqYO23ylvJUyOs+7tkq4i+Pm/MboFukvQ2MEO5BQx27X8K Subject: [Qemu-devel] [RFC PATCH v1 11/22] sev: add SEV debug encrypt command Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Message ID

147377811888.11859.2777245831487772253.stgit@brijesh-build-machine

State

New

Headers

From: Brijesh Singh <brijesh.singh@amd.com>
To: <ehabkost@redhat.com>, <crosthwaite.peter@gmail.com>, <armbru@redhat.com>,
	<mst@redhat.com>, <p.fedin@samsung.com>, <qemu-devel@nongnu.org>,
	<lcapitulino@redhat.com>, <pbonzini@redhat.com>, <rth@twiddle.net>
Date: Tue, 13 Sep 2016 10:48:38 -0400
Message-ID: <147377811888.11859.2777245831487772253.stgit@brijesh-build-machine>
In-Reply-To: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2016 14:48:45.5637
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR12MB0657
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-Received-From: 104.47.33.44
X-Mailman-Approved-At: Tue, 13 Sep 2016 11:45:46 -0400
Subject: [Qemu-devel] [RFC PATCH v1 11/22] sev: add SEV debug encrypt command
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Commit Message

Brijesh Singh Sept. 13, 2016, 2:48 p.m. UTC

The SEV DEBUG_ENCRYPT command is used for injecting a code into
SEV-enabled guest memory

For more information see [1], section 7.2

[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf

The following KVM RFC patches defines and implements this command

http://marc.info/?l=kvm&m=147190861124032&w=2
http://marc.info/?l=kvm&m=147190861124032&w=2

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 include/sysemu/sev.h |   10 ++++++++++
 sev.c                |   23 +++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
index 5872c3e..a505d75 100644
--- a/include/sysemu/sev.h
+++ b/include/sysemu/sev.h
@@ -65,4 +65,14 @@  int kvm_sev_guest_measurement(uint8_t *measurement);
  */
 int kvm_sev_dbg_decrypt(uint8_t *dest, const uint8_t *src, uint32_t len);
 
+/**
+ * kvm_sev_dbg_encrypt -  encrypt the guest memory in SEV mode.
+ * @src - guest memory address
+ * @dest - host memory address where the encrypted data should be copied
+ * @length - length of memory region
+ *
+ * Returns: 0 on success and dest will contains the encrypted data
+ */
+int kvm_sev_dbg_encrypt(uint8_t *dest, const uint8_t *src, uint32_t len);
+
 #endif
diff --git a/sev.c b/sev.c
index c7031d3..4e5da84 100644
--- a/sev.c
+++ b/sev.c
@@ -455,3 +455,26 @@  int kvm_sev_dbg_decrypt(uint8_t *dst, const uint8_t *src, uint32_t len)
     DPRINTF("SEV: DBG_DECRYPT dst %p src %p sz %d\n", dst, src, len);
     return 0;
 }
+
+int kvm_sev_dbg_encrypt(uint8_t *dst, const uint8_t *src, uint32_t len)
+{
+    int ret;
+    struct kvm_sev_dbg_encrypt encrypt;
+    struct kvm_sev_issue_cmd input;
+
+    encrypt.src_addr = (unsigned long)src;
+    encrypt.dst_addr = (unsigned long)dst;
+    encrypt.length = len;
+
+    input.cmd = KVM_SEV_DBG_ENCRYPT;
+    input.opaque = (unsigned long)&encrypt;
+    ret = kvm_vm_ioctl(kvm_state, KVM_SEV_ISSUE_CMD, &input);
+    if (ret) {
+        fprintf(stderr, "SEV: dbg_encrypt failed ret=%d(%#010x)\n",
+                ret, input.ret_code);
+        return 1;
+    }
+
+    DPRINTF("SEV: DBG_ENCRYPT dst %p src %p sz %d\n", dst, src, len);
+    return 0;
+}

[RFC,v1,11/22] sev: add SEV debug encrypt command

Commit Message

Patch