From patchwork Mon Jan 29 17:41:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 867246 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="exs9/qeu"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zVcm43R5Bz9s7M for ; Tue, 30 Jan 2018 05:02:12 +1100 (AEDT) Received: from localhost ([::1]:53946 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDkw-0004op-IZ for incoming@patchwork.ozlabs.org; Mon, 29 Jan 2018 13:02:10 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49102) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDRa-0005ee-Gj for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:15 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egDRW-0003Ut-9j for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:10 -0500 Received: from mail-dm3nam03on0053.outbound.protection.outlook.com ([104.47.41.53]:39184 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egDRW-0003UE-34 for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=l6cy9TGkG1Er7+CMCYwpnLJCmsqrKJjy9qFtfhvae7w=; b=exs9/qeupPdYMsmugxEpE/tTLu/jYS2f09YuZBm02E2igbLinrR3MLYiYlOYgu0DC625D74rVBNdN5axofh2RUwgF5EhC1uuFpK9TmIKfatlLYb+hZH9CYNFRP+fz5S76ghbw1IXnEPXI0uqS9MO40Mq3Pqjc8UvS0QWvaSDoYc= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Mon, 29 Jan 2018 17:42:03 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 29 Jan 2018 11:41:20 -0600 Message-Id: <20180129174132.108925-12-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180129174132.108925-1-brijesh.singh@amd.com> References: <20180129174132.108925-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0018.namprd17.prod.outlook.com (2603:10b6:404:65::28) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7431f896-51f3-4925-b879-08d5673f9c41 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:ptXuWSnqZD3dY1b69TVY2qWfKm90DxeMAHMPy+TglPiQKBSjL7yaMtP+DoSrIp/Vjd1PNLdcyjqYyPtDGtqZEPAKrVjoRjYRB852xofamR7z2kLvXPrkbbdGBe9FnCTNI8xreBdVsJYvDgVLx88C7oQRDP4y9qE49J/hdjYrt1q7RWnmVunUmAG7nD0HlTMBITzXC3TXuSKwYPMu5abnK2X6cR45RyTPod4LG+mfu8jSDfWLGySLd7oFVbi3Sx2+; 25:x7AnPEefsmoh8SSpxfTgL6cG+wLzZuBdnDVBqD2VdrtsKdzCkQ+Bd+8XQ7GbYqlg0tPFihD+XJbEFNaw2dePcGfklDYia/mtx4XTiOD+AiTHxaaWB+aUJSi3lmcAHHxkUOqZ2sqDkQ0p8dtdPUmoBw4hdZ6Plhtmda/TjF5zleJGCoddRlV9wglnnPrGdnodGZLqOG/CM+IFg0sKk0XUPDzhOa0rZ7dHaWGXAplurEpcEX+6xFWRwFOBxdxbQoIcULvsJ/NMx+Q8KOjyjUwzdMcRsRtL9ze1k1yU5Jhya62YjgZI4XlkYy19lBQLHlRiQy2h2di7IXioPCv7K9gYuA==; 31:R2oNvqHrFs0v8BbTcVIychsV8uuOpGVNSGs9BTu8VpuvoWPEG+dpcvCv3yPXcWpaXneOyVYAvdOE4jObLt8zUWYOhdsDPQtWmtgKNEM2fA36itnGDlHSWIIU/OtPVDtwOyimBekEVwqnUEZl7a2sFBBINuat0OHpI49fvkFJXdJ1b4kDPNH0Td0TOZSMOott6BrVvc/lwAdzT0y3P6gJGRPaWpueZ1JJ3UsiEUCxj3U= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:reyzawrVhobrnMEZsLIwrI0bD1jfbYEbDeUogUInXL5hTL3Iuf2KSw48mkkDCvFTNFvXW+wto9ajMH/zc2pxs3ePT8eS2BBzxhT7mDnOFz1KQpKBczV7lIDTR4PIxocuyo2n0HXVLt8LzBNypzDAg4o3vdehmY1MxsHJtDU3hvDO66vJ7gKNEgHXOyZTgjDOWckp349VxBiJDIOXS0XcFh6U5aQNZAqXQ4rOJTm2PdqM/I9P9hhebnw8FoQUz1z8sLW9/9rQV7tRJ85NlQiLrQx19/shgtfJDRTspv5SdKyJCpzC7An5n8ljQENcqTzYZbZIWLtB05qquS4buC1eO7Xu8mOwv88SjFjPaFkm0kNzRNYtuP7FPU9liG1YmaHZ6UWMfgjEbsYCCxqHG1XAVFKqUKlJ2vPfLG9mKGkA6AuNCmnyIDIvYjMAqubN4zciFHMa5wvG2bK5om3TqsN6tcdlJvXwjccymCpLkLaOzl7QVZQb9yIVlLL7UjZOjoN/; 4:cyCOvGM1TCj7bSQ+GlC9rzDhkKgYCAMOeasJGQwcc8h0kkoNKOH0uS69IUjvE3Bde8k7/TjOZLXV+QJnVnBgBY9PdsqrEidtKgqahkLf4HTOndSFkyq0Ve9bLSKdTaNegjLxkOAQ1JsF4po9/dDlcw1sQ/V+Ov21NbT7+wwM99L0XALAUl5y6Z290pdsJL6ZiMu53qbp8Sm0x/C8Ksjox9ihovhJmgqo29Pt9J2HLZLtp11dr+Y+ZQSHRVdQ+V9jPKK/5K/UKU242ZkWX/ifv62ozwmOcqxf0sGPB4R4BjVpWsmI+6y1j/n64MlHF9yq X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0567A15835 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(39380400002)(396003)(366004)(346002)(199004)(189003)(48376002)(8656006)(39060400002)(4326008)(6486002)(68736007)(36756003)(478600001)(26005)(97736004)(16526019)(53936002)(386003)(50466002)(86362001)(25786009)(8666007)(16586007)(54906003)(186003)(47776003)(316002)(7416002)(305945005)(7696005)(105586002)(106356001)(76176011)(51416003)(2906002)(81156014)(66066001)(81166006)(8676002)(2361001)(53416004)(3846002)(50226002)(52116002)(6116002)(2351001)(1076002)(8936002)(7736002)(6666003)(6916009)(5660300001)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:cXAQ/38Uv5TfILtDs6c3TS7IYnLg2OADC3osPDLv0?= 3kuzteei9o644h0ZdZes89yeWxaLOm7opVL+Jo8CoW+kW9ME9RVlmtJ7YOO40zIK4QyMycQ855EMK8slk7m0BpLLYKA6OPMSlqbWurC+5EGydXiaxL9OuBfNIUJ6aFzf+2wErraOOH2IlzEjC6jiRaD/iW+xK1jg00XSE8RtoJUUNf77LwcDrCxw7RJ0cJNoKgqXlapfLFwOD3joqoFta4jc7vuiWNc1OJAuDyRF3Ks8LT90OzTEVZkLdhwL38uAQb0vn1JbI/+83d38+Te++S2KVJGVw3rAx7ToEHvE0CLFXvOe6iMADz9I6YeW8VY1gYCovwFU3tbN9eYuJpUEz/oZzHxuR6Y+2pfxqaGrzTZWs+dwh0BQ9xnsu/KAm4TAb8FnpSeZGNdkLZ0iAo1zVGGzJH6Cfx4h25rqhv3+TT3AyoQ9YvjzPY9V51lKX+va/myUhRCnps/PUVnTvtaRkv2HbRffchfB4+2TicuRpoE9zXEFL18lmfzZ4nzon79VfK/QQl/kpnm2/XG8/vCfyxOP5PfcyB5sBQx5Y5QFlvpLwZRtiasKKqt6YUZh5nbgkDSnBmsrpLpteSaqIr5/cPAtNlzUEU2e5CgCnbbVHVLQLFCknHDUhnAG0sL/ZVmHm6mlXFQCjcu4vnxd8SqysDL3TZtlpAXs2TN9wjnyXQm+Ery5w0KrlxtfeuPwZVKB+WUtTT18La70wohMXs8MXPRZ+hKSvExyFA1y1vqJ7Y/DTmE0urQhvy7j5S5mctOUP2d218nG6b6PyMcp7XpKP2bsxPlMgMagIB0e78wO3hg1M568s74wzi0x7kQ5jGvryjY0Lpuo8Wt1J5tTtCjic4DqwPKKswQVZxa8Kb8/ksV5xMsiP4sTmE3YbNovgItvr2Z8qB2mmRxm9QHBvUGJom//88SdBXtdujgZC7On+DP59GZj3ycUGZUcIQMskq0FLv5tguXd5a16cMg5b8qpgXr1OuwhD6DeQGPPIdTAmPssUnfk5FUPTJbp9EV3Qi6sLCyqjH2tgutwOXMZh2KKKqODBJ3rQuKIOcICWuYBFwpo1PgI1f+gSD481wolmmKw8q8FyJKLxY3FpW6VrYkK9FJcO3NsONhlfJIHt9BDA6Tro4n2wWqJjfgjMIfLnHCqmTCg0EJ2PGnqgpEC7pAQ/3aVFcFGmiPfe7p/f6nSaKTHBS4/+A0Shk/WUaiejU85NyyPCUqmzrwA9hU1XkoDris X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:lOr+RnMzNmWcSud05OrCrvizx0j8rpPQswnOlbY+5/qyrC2ZbqPpsNxLCo5rhAcmq6olFwC4+xHubq+gIUbYdfUs6oILq/QBzeHo/oHDk7v/MHJmVaW429VCTLBb4JpCz8VEgjoDDeGviXUe3RdUFaABOWdhi4vsPU7MpwECN361bzcXxa6JH9WkFRzBRteFaZ///DJf6oBkqUFfzla/MSEundzZag5bbPlRvS+PuFNAq2iHHr5W9kbvw3ahoeF7ktx8XLdMCPBLTXL/xXKo3yTTE302l0q+Emk2I7gnFGWiUXmO05M7op044Bk71QmVWB7oVv5BOtHwt+wAA2kRyTr8ZOeg+K7HlKu/jEmfYrs=; 5:/A2WpeH7YWVH+aCJyfX61XrOPI1PEro+g4IUzZhfeZJDdmhrFVZy9hAvMIyIs6vOPIbscAnWB45GXaVhRWWIuC+llE31w5nrFPuVc1PQ/EAHCe6ocQoRe8k9CiOXIm6qhwwsUqPtFPAYE18v9SiWp7xoVe2Oyxf2HWR90I2QMB4=; 24:y2OFtlAMldhFJO9um+h+mtDwVEHLZRvWNrJRWCPwEgjvAJ4UOV0vS0mRz+68zQYLwEwO6T2zv8eMfUaiHzCmsKLSQbqh5mCxPAY0u1oP6MA=; 7:qjovgTOH4Pe6qF0fZay44Txbo/yJAPyYSC9TBDvvkn3ApvyOZjH4Tx6pXtMTidW9+L1O18iFTSF9JFj4fIlqKjVXSuoUaffyEmbrA+Y47Sobjt0AkSNdMNDkbr4srUqn6YsuXBGVn6KUbOw9Wi0H71xNrI1utbKxiLeP9wAf+DKKOG5TzZO56FMB3JzOXBTYduMX4pRoFUiJSryxa6L7Th0hJnVgj4hHPWi5mj0XD90XQVsQpaWwdIZ5YBbe3d/M SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:9npf1f1SXmrxhJidmIxtRgQy4LPITzrOg7dMqku7keQwbUR5mDe+FLi5y2WKxKQ8NFg5HOsJJ5/mbjrXmA1FBtakDEJdDHmLttqemSc1iIcK25AXjGoehrwuqNllvgUPyK1l2vT+CWR3KgohakkpWzRG4vaxdBY8Uls5LbMsqW/tvZtbUxdyDothlsL1yYe5PlfkMfx21Gga+FbHfWbAYiyb1D2lOw8WQZ0lwxorn1lRMLwiYVqp/LQHy86w8SRw X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2018 17:42:03.2290 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7431f896-51f3-4925-b879-08d5673f9c41 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.53 Subject: [Qemu-devel] [PATCH v6 11/23] sev: register the guest memory range which may contain encrypted data X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E. Iglesias" , Peter Maydell , Eduardo Habkost , kvm@vger.kernel.org, Tom Lendacky , Stefan Hajnoczi , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Brijesh Singh , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- accel/kvm/sev.c | 41 +++++++++++++++++++++++++++++++++++++++++ accel/kvm/trace-events | 2 ++ 2 files changed, 43 insertions(+) diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index be1791e510b3..5ae37caeb361 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -85,6 +85,45 @@ fw_error_to_str(int code) } static void +sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_register_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); + if (r) { + error_report("%s: failed to register region (%p+%#lx)", + __func__, host, size); + } +} + +static void +sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr = (__u64)host; + range.size = size; + + trace_kvm_memcrypt_unregister_region(host, size); + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); + if (r) { + error_report("%s: failed to unregister region (%p+%#lx)", + __func__, host, size); + } +} + +static struct RAMBlockNotifier sev_ram_notifier = { + .ram_block_added = sev_ram_block_added, + .ram_block_removed = sev_ram_block_removed, +}; + +static void qsev_guest_finalize(Object *obj) { } @@ -288,6 +327,8 @@ sev_guest_init(const char *id) goto err; } + ram_block_notifier_add(&sev_ram_notifier); + return s; err: g_free(s); diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index ea487e5a5913..364c84bd7a73 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -15,3 +15,5 @@ kvm_irqchip_release_virq(int virq) "virq %d" # sev.c kvm_sev_init(void) "" +kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"