From patchwork Mon Jan 29 17:41:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 867229 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="DSCq2Olz"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zVcT12mlVz9sNV for ; Tue, 30 Jan 2018 04:49:08 +1100 (AEDT) Received: from localhost ([::1]:53675 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDYH-0002NK-Il for incoming@patchwork.ozlabs.org; Mon, 29 Jan 2018 12:49:05 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49117) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDRc-0005fa-90 for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egDRY-0003Ws-3y for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:12 -0500 Received: from mail-dm3nam03on0066.outbound.protection.outlook.com ([104.47.41.66]:5376 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egDRX-0003W9-TP for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=84VVRamiwEmyyOf+EPwrpYiHNZvj7LrvW+lOYoxniGU=; b=DSCq2OlzVsoMUs8Uj6/ZzPi1g+rCBXgC9/ssKO6zrw0sma1rDQOjsMNt4N+6NKqtlQWbPrTGIn5JWXix6YzeoIefVOg+7403C+tA6VepTl33hUGcID5gkXftXOBmx/H3ssbgO5POV8nbYUbTDCQ/zeYT8KlsXwopkwmJm2rqi/c= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Mon, 29 Jan 2018 17:42:04 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 29 Jan 2018 11:41:21 -0600 Message-Id: <20180129174132.108925-13-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180129174132.108925-1-brijesh.singh@amd.com> References: <20180129174132.108925-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0018.namprd17.prod.outlook.com (2603:10b6:404:65::28) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2bdf8248-aa94-4ff2-85ef-08d5673f9d32 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:f8cUJHbmGUiln57uMdc3iC0KndsbccYSoXUifHAM3uHqo4FhgVVl4Urywtw5+UoyloqXxjKvHErP/Z6OPKemManfP3LDmhaXJMcClSN2nh7vpfFCKtNWP2sdyXut1rPOaGafIP+ix+iOEAuQVMubF0XkUY1OWI3anmWYU2JB1BiThjMzhwt6OjAez75ZDHq0EQzqWqrAuJC052xTuNBJxShZOTu9ZxCOXD8zTENllIf2NvmAb9WoPol34/6x3Y/g; 25:DvQiBhDu1r19vpGpSb5PJD+jX0IcTKjitSr1LQCO8nUIaMu9yhk6HKazHDdJpDS/AsF56dShSRK1TcGxIvbOHqWvTm4KHWmA/N9tLt54BB4uXxiZdVCXEuKx1bF0DhbjuNkknt2oD7doQyqkmD+42cO/upHMANphQ4Wey6m3dN9zr/E6GdowJm4POKM29Oy7bsLqkI8IKZuCxOsdMa5/xnfNsMKAmHXjamCJ0y2/G1VV7RnbBrLsBPGMuiGQRb9BNiOQUmvWQu6ogKMizuu3wkFRS4oe9aDGKXysZsl27y9ONvR/3KYypKYt/rz6m9vD1fNr8Qvd3dfR1jOqBnPpkA==; 31:o0TGNF7Kv3jlNFxiX7ZKwHIvZ+c1OosLXIltBkeEdSWAylUYS4m6r83KifA7RRPg3VnAiKxQ0AOmx9dgMfRFGC9TlFPiA8XsvOQ015OkWoR16Ojl0SrpBn3NrMQhiR1QhkW4AsX1iHcGN5J5vFrS44/geACYqnuFquWahVl+W3+GBKNElRuUrK367r3iafYMPIIbTXAeJoWfU0oAvQfoD4xOxVbcZKZKlQ9KVcVARaI= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:7YIC7MHNwYxRP3OWhSfFFoIJo63m52Y/227XampfTu1WbLj5QR9wSQBUAqNzoQo8gBc5ucToXdJscQprCzxES2YEyAsYAB4UbumtrblhvrcL57PkpNb7cPckHJMDgqZJwbohJQ5Haf8JBDkOBNwL6u9zEDTJJPMpW4tKl6AH0s5QT8ABfo5uwgZUrj/E8ERbmhomSaOZiXZ4EEyM5yxI100grlHbeU5HDFTWBx31ghK2adM0Wn+qfjb6+fufQIqOvbXoAJGhTJCi2CnrRKqqN54Aao8oqxNpMM/1bXZEJ6feAY7JUf9A1Ikwt1G0GKJF9uq3m3OfkJ2eyP3rGi6m5mm9EFe7G7HS4gfVsPowfQ5CG7yCoMDvqc1uicH1d2BPMIZCQlCOy06+TQvSQkBLIfWP42e6Md1Kho64H5s8p9fRQcl6I4x4ISoZPGc2AywdTsIGO8oW0QbCSTrdU4SfGWAT3YZkRxZbHRM5x2r62QaE+ki8ODjswbuJZHcxnyY6; 4:7pObmCrJMNhoLaqSVYg7DYi3HVdJ2G9J06pMkpOa2PX3qHBMlnU48B8jOTTYXAFBrItU6zxMnU7PeRcHGB4B1R4wFAlGAFIySqcxOj7cqmHpcWiuJn62NVJGW3t6aUhSKdwZF5gpQVobJn6s03Cw8GeAv1PJ2L+2uYo9Ud0MsGINsZgfQ9jfc/iONHE7gItjekVI3MwyiLZQmDaAzWgpo4BLPJbSdRlHDMIr9rFIfqjzXuBOkmV9b6wRx0bjzmWrlAz1krHQtz0sDSdWk9QiImT7y9skrXO171DYCP/QDfQ0g0OD/iZje3YQq466AEW3uBWb74B6J+mVZxPgZDHbHw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0567A15835 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(39380400002)(396003)(366004)(346002)(199004)(189003)(48376002)(8656006)(39060400002)(4326008)(6486002)(68736007)(36756003)(478600001)(26005)(97736004)(16526019)(53936002)(386003)(50466002)(86362001)(575784001)(25786009)(8666007)(16586007)(54906003)(186003)(47776003)(59450400001)(316002)(7416002)(305945005)(7696005)(105586002)(106356001)(76176011)(51416003)(2906002)(81156014)(66066001)(81166006)(8676002)(2361001)(53416004)(3846002)(50226002)(52116002)(6116002)(2351001)(1076002)(8936002)(7736002)(6666003)(6916009)(5660300001)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:W91JjMrgC2GfLpgs/z0hitKaw/X+Pv8/9i9ARtDTL?= HmMji1re1BTcpdG0CnVjEp3nWHJyEdTFdFhEWbN4y1+NvvSVsuamy2yDty++Znt/32pNEVlLYt4s7qxAVwnscs8Q2KM1rzo5Umot6wccOHv9t2xHsvDConQcU9hdoQsgJ8rWHMkK7/OJ2alferTTj5X3Urqp+jUy3vbx6ulhSY/FSHC+Y8Jucy2S1vNGwsgq/GKaYxwiXenYpOZ8Va1A0hgsLm3BU1TdR6lxYGD4fc3bNMf0zpcU+JnJl8ED6CdXklvlnPD9Yl8MKzOBndNaI5zZ/YD02xzXpHarZwbnYOmyT03e1tyH4SfJdku9caSbKVQBNslbncmxU/EFMfM11zKy3ZwLI/bro5TFR0TgjmEGwV+4/bc//Y61tqWxgS9FoRqtty52UWcnTbQ8F1EIWU+2GJkmQUZ/8DgOamrPPnOZTmrTfSD/NnUIYBTV29/KeDi/ic/IZSX/o2ysu+B4EYgSTHuPK8BC86GGXd/K7DTWvR0I9YrbsoJYccC7095MB1yS62bjvW4Exsn7p9o03NEJbitEgl97CTvPLtnWs0AoEWBefGD9EonEufosyL4fwRnlMYW2W/BVy4nU9bFYdT44e6BCe90l9XC0PSTxesAmC7zkFXOHRYCmeWYpkFtOKELvgMSFRwt5VAGrw+wp7fPoJB9VxxdQYo8ylHJNyI4IbhHleUEL8KXoMNAibG7wy/bitQ0YzmrwH8TnTdJEx1O+X0SMNgrrEALSKyCNkK4MAnP3F3PLTIwkM2yjsr4WGJQ/pirEhrAkTnBgM8rr7PurCFFGcLW6efruWoBpjDu7ZLjo0czSKYk2Y4gNe6mrkb8MB2Y/vwiMRQDxoTo1CdKb3JDv/Oc2qEJ+xkCMAXs9KUiMKfGlrqt8C52NqfWyPyYz1R2jVNKpxM+K3MMTqSwM6NOmYVe0ZPU/KevQIwXx09PFZlw9YMZVBxmzKfA5MIhrHK9qVMJsYJAdTYeNrLTdIDJghwzRqKAvtQZVSTAxjczxuw3sDSzhIyc+1Pkw7EufHfCEnUMTdamntM8LGP39vWuyyJlXH3U/4verhMS0tQ0xMZi3Q1tcKyBuf+N7oHr5AY/LFunS/cjmFgCkbjddGH7EcfDxIIxAZQ8022jopehDWXjx0kRomJnLlOHJeqZmdAnk0vZMfEbnRFpwAgoOkfYlklX6ghQMPWOCFm5573alOyZyLGtYkdhI6khVOO675ez+LZYaHHJVmSyWCNxbcmfESthsu2sKuFDHjH+U7HRPlb7P/ZXCraCeS2Ld9A= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:cmfGRua/6gD4SmvYxq777R2dx16zFXrjZUj8lGyKcJDC6cinck33obIJLXfK7kXouUXee5kk5bk/GdUYqojwiqoHMk0CrEhKbfrfssf4xpH+1jDzVhYD5c3n/wj8bTCnro5gvFsigNrNxGodzbJBeuOcw+WgN8wnNCpJS0Q3MnfwZfgR4Zh94Do+x2aqQEyAWcpJTWxBWTD3Gq1HbGpNVKN8EYR7FuW4jSEiGgmn2HR4S8F4TDI8WKELc2JnV7fX7gewmWYMhojg5/6ef8qePGhIoQMn1wKK3+NHAVyTn3tDZ9AolWaF+49mL9d2aaFWTVMZnV92rhqeyLQYSTeOVCUvlMOr4t1cutjdV5VUoNY=; 5:AE3lSjzXzMs7BCkUpAek4F+LI6pJj+6mZpPUcOBPLhsh22gheADX6M7FIRWlGcPHfRNEmnjFWqKLv0b2BlyP/JJZBrHLIfwNTNmIRoOIPhtA1OZDZmJ1ZpuyjQPQuVwqcJfQU/UwsJ1qaEL4Wg476mDsXLaLREs/pfLmw8hmuLo=; 24:4Au5+5KEnDWgoK9oDBxleoq+TXA6v8rr2YrTmKljWDcF5mtGFMR/2xNLzZp3RUWQmWrApCrBCkBr6tpkyUzwE4C91K2rvgm0OkNwp1eXzkY=; 7:5QIgM+fDtKSnooE3kXQpO6zdYLbklekrQC+stX6eueBsOC4JgZZmXxF/ms/v/QZRca0DtxAWAJ6oTaj+zdgNMjDv6nXmz5ijSM8c3bKKo7MSLlfFpb2a8r1NOcBCvCfVNr9vjMVS7+VhuEpLO1YD31V9qDEzdV9QeHRBjhPKHmGC9jE/erqS9E4t4xhEu92kzAGuh5KzfQrpKHB9O3xUjFu91m6UKSejLpdH2DfEIGkS94G67pd1Cvnrda5rs0dU SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:dChLOmXMNzFMLER+6QPAt2JB2MTEZ1Ds7JWj+sCLKQPDoWhpQ6vhKdDp5RoMzqLyCkI4uDwKdT7AzGFg1c6ZZo8imbfOLerkKlEpBiDjX+7yH+TDeycKA925U4zURXrGFkQvPekt3+UldBD7lHqf6hCcNKFG/1Is6IUwJX97PqsjDIgrPr3zUDKJcxFCO5FuufPg8xCjRZpYCCNl7DUoTYzrzyr7sYaCT54SlmZKoHfm6ZtaOpr+tae0xcTx65ej X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2018 17:42:04.8071 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2bdf8248-aa94-4ff2-85ef-08d5673f9d32 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.66 Subject: [Qemu-devel] [PATCH v6 12/23] kvm: introduce memory encryption APIs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E. Iglesias" , Peter Maydell , Eduardo Habkost , kvm@vger.kernel.org, Tom Lendacky , Stefan Hajnoczi , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Brijesh Singh , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 30 ++++++++++++++++++++++++++++++ accel/stubs/kvm-stub.c | 14 ++++++++++++++ include/sysemu/kvm.h | 25 +++++++++++++++++++++++++ 3 files changed, 69 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a9b16846675e..54a0fd6097fb 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -107,6 +107,8 @@ struct KVMState /* memory encryption */ void *memcrypt_handle; + int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len); + void (*memcrypt_debug_ops)(void *handle, MemoryRegion *mr); }; KVMState *kvm_state; @@ -142,6 +144,34 @@ int kvm_get_max_memslots(void) return s->nr_slots; } +bool kvm_memcrypt_enabled(void) +{ + if (kvm_state && kvm_state->memcrypt_handle) { + return true; + } + + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_encrypt_data) { + return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle, + ptr, len); + } + + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_debug_ops) { + kvm_state->memcrypt_debug_ops(kvm_state->memcrypt_handle, mr); + } +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s = kvm_state; diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index c964af3e1c97..5739712a67e3 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -105,6 +105,20 @@ int kvm_on_sigbus(int code, void *addr) return 1; } +bool kvm_memcrypt_enabled(void) +{ + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index bbf12a172339..4a5db5dde390 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -231,6 +231,31 @@ int kvm_destroy_vcpu(CPUState *cpu); */ bool kvm_arm_supports_user_irq(void); +/** + * kvm_memcrypt_enabled - return boolean indicating whether memory encryption + * is enabled + * Returns: 1 memory encryption is enabled + * 0 memory encryption is disabled + */ +bool kvm_memcrypt_enabled(void); + +/** + * kvm_memcrypt_encrypt_data: encrypt the memory range + * + * Return: 1 failed to encrypt the range + * 0 succesfully encrypted memory region + */ +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len); + +/** + * kvm_memcrypt_set_debug_ram_ops: set debug_ram_ops callback + * + * When debug_ram_ops is set, debug access to this memory region will use + * memory encryption APIs. + */ +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr); + + #ifdef NEED_CPU_H #include "cpu.h"