From patchwork Wed Feb 7 16:06:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 870509 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="xZI/KSfZ"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zc6R01jwWz9s71 for ; Thu, 8 Feb 2018 03:36:28 +1100 (AEDT) Received: from localhost ([::1]:56410 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejShu-00034s-7W for incoming@patchwork.ozlabs.org; Wed, 07 Feb 2018 11:36:26 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51790) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejSFz-00066E-Ce for qemu-devel@nongnu.org; Wed, 07 Feb 2018 11:07:38 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ejSFv-0006zs-DP for qemu-devel@nongnu.org; Wed, 07 Feb 2018 11:07:35 -0500 Received: from mail-by2nam01on0043.outbound.protection.outlook.com ([104.47.34.43]:21580 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ejSFv-0006zW-3V for qemu-devel@nongnu.org; Wed, 07 Feb 2018 11:07:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bPaExoeztNvAPRD/zjtiUx3FAvFrgLOx4ogB2G7AM9Q=; b=xZI/KSfZB80u3kQU1PBbdGpgT9JL/ItazS3NZvfWM4f//cVIHewP6BxghpPG0CA57LBY9UuA+1FpMB7k18c31QXyVM/3pj7qzsniDAWPoLAY8RO0dWAT95qt0+slFfDb9VoEFCOcnWn305wt/r2IUaVXiFZ4v/slRi4Pf0VwY/M= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by CY1PR12MB0152.namprd12.prod.outlook.com (10.161.173.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.464.11; Wed, 7 Feb 2018 16:07:27 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 7 Feb 2018 10:06:33 -0600 Message-Id: <20180207160638.98872-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180207160638.98872-1-brijesh.singh@amd.com> References: <20180207160638.98872-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM3PR12CA0071.namprd12.prod.outlook.com (10.161.151.143) To CY1PR12MB0152.namprd12.prod.outlook.com (10.161.173.22) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f63febf2-136b-4118-fc56-08d56e44e304 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:CY1PR12MB0152; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 3:0vs6jRrlZgrq6/jwI/BJFff7TrmUhmnFSGyEIWDwHi/dfqBtIANYJTytFMDNUHk1KWYoyNKAR3MGgV4MOObPgPaKu0StNgJehKQohbHl7+qvjN9Ob+EXdfz5LOvCa7xLZoFl0lYSd8x14FeW+MAs/G8DB6R1cB97qWZK8FfITqmJv2Py/UOiVMQram6FcmDxQmF8yi0uiqxU/MNzAj1EKo6NeYGXLVJOeBIxQQu67cHLqbeQ0JlcqLJ1COebgF3I; 25:lIhpwmep5I5vCGjxZpmXMjopYLDFmkA1prTrnAvQsR4nDf3ZmKH/nCEU/V0G2k5tF7hzMiQet//hA7JYNkLEYsMK2K0rFxBfs6TAx42TSdFXCx1fMuBhJ5gbIo3/tupwKlqxS08XVuNlVzZNKvj4GLOMxlgwwDgLwxFs0df53Ztx5e9YRugRGwRreAK2j7K3dgIuAdJKhLFkyHyxXSgVzIL1mh4eOM8Tq+up8iViD+5JbpKQHTMFl7XwBRYWJVL88VmU1iEy6umV5Jgy9/lHLp5Yh6YG0/j0/5iay9XsO6+Owi173VmzzXxK8OgH3HqWYem697SnvsHLhcNz+h9X5A==; 31:YmS/p5qg3Vm2U5CyGxoX0wTgmhSaRiryVSfMnvTW9gh+T1dHtJSkWRJJVvG7rwIpemcvd3FAOAoa2086ebmWG6+0FQM4CxJ45o3W51dZFDDBWq0IgsYge8IASpV39+hjvZTT4hJGykpm1RQ+0qfwHWwd4EKdFF1Em1PKgvVLPYjnFUz8sibSQUOoXcvHlNEWJkBUt0OzmiQWemfIUaXI/L0c65A0/s/KZLKZ5XV8+OY= X-MS-TrafficTypeDiagnostic: CY1PR12MB0152: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 20:IzcXOaI5aaKR6nPw7Z1HGk1yoeCQV5jykygKUWx6RKIl1d3r76SL5fEUl/uDHjRk5Izecta3sPMK8LDpSCxV2hJQOMrUMnjppnrsdBxHr/UycFWpZMlYMoxV5seM9K1X+cR/OKOdnNNbAACq1IeOs55bVo35MyHgP3257UZAzlDgQXda9fziB52u7Avep3SZMESo41uTWc8NAA3fNJcvtbYzJ8OBOEjHorEVIYzDAa9+XviI/b+gr3ly+PEG2C+FFw5moMsFuE/4LAnl+A02Emx+qiqPLajlSmAfcdlVjydi8B5AKGl+FnfTByWyIHKfjmW4plLAN6WsbIXREbJX7u5DvBVrq2aQ7uleplkX6X8qKoRuj1Ied5vTV5rBWGJo2J+eWOOiAoNN0L39nwiMnIhoVAWY8SgrziGAahv9vnY7BrP0pNgMU0lDaWjzF47+F3xmTm5gkE1terxE863MOSqpq5mnA2iMvggaIuOjpFAa+UmphvSacHeLLtqb2NE7; 4:0LIJG2E/lpurnDnY6o3tRi/B6pcjtZVBgsFz2szPO7DEpC3T2+abgIHproXHrkdK3wI0Ws443iHvtHVrTrDvHNWDbW44oHWyzg69iAbs1FZ/TGAFpBP9S3AHYc9MU74txXOPpe9+vJs0nKf6lwZ05rMuIRg/UVUOH/QErFLe9SGrtu0aAEkQ0t7RqgP21rUwHKUT1ohN5mvL0ttzdEUJCPYpOj/Q0IokclOwlDeVzA0Aq0IdMFzk/I3HAdnqBh3R9srXhGUNomI4sGJ7pOVDGapFPKBeZe6ca6zsP1ZbMaMHVzRVW2032u8e3mDsGLQyNlsFgzp5NR5F9LfJOVpfVQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231101)(2400082)(944501161)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:CY1PR12MB0152; BCL:0; PCL:0; RULEID:; SRVR:CY1PR12MB0152; X-Forefront-PRVS: 0576145E86 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39860400002)(366004)(39380400002)(346002)(396003)(376002)(199004)(189003)(50226002)(68736007)(8666007)(51416003)(6916009)(7696005)(16526019)(1076002)(50466002)(6486002)(53416004)(7736002)(575784001)(305945005)(53936002)(8656006)(8936002)(8676002)(7416002)(86362001)(4326008)(81156014)(81166006)(52116002)(6666003)(2950100002)(478600001)(2351001)(66066001)(16586007)(2906002)(54906003)(5660300001)(106356001)(2361001)(47776003)(48376002)(105586002)(3846002)(59450400001)(6116002)(36756003)(386003)(316002)(39060400002)(26005)(97736004)(186003)(76176011)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0152; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR12MB0152; 23:xc1Fq8NEuGe4d9vUowsz6RMJ76wFa+wuUwIw38EB8?= Ljp88XsxhuS6wPIOFisflHYZLctPL0D+Dcp1zhJDo8sWqTiVqk34XKQLW+oZjj70tdfSBKdarxDStod3ruvldUrBp51qAF5VnNKfl9zFWQHlL2GtR6oHaPk96utt4m0luvd0eLnNe4XB3sdeSlLRQxzzMCLxatffA4aVrVIfbq0ocUyvAqCrHroX32HEr/UmvBY2AGHTjnlGSyt3RHKAjhn9kNZNRWn1uwgDJaCryQZXPIK2+JAWuMCruTcX0bvZbulTKVrA4+JRJk9yh/q4cwV5R+ZIvLUa0N9r2ypvKKdfDtVkXMu5tLafgRSHS3y9ltyXeT+Eks7NkM0pUs17n2hHTXB1V6dqvYgjmRQQu2/Zq7r0lJjAdQ0bentxhGIByeq3WFweUloYGVhZhMpmll0wnkV3DCxXaOrUaYl2eQXEv2pKAJOhs1CDnuvmlFnK3wZTb9IXNPykhKgAVa6q2np0UV/ac1RbR+I32lY0/2UumhhX5seLYrIAumSpYbTNJ+iTctGo0R7azQP7IazwE0ELnc2K500n7o19S+OxywgxsxvLm7VggQl8Lf7tf2tDlcTEm+l08A4RWWCEay/A7YCWNL/I+9QJZdrJdiNkvdSeLV+/phlyO+P/QQT3FOnS6yCvLWVlYKcUopStHzr5bEaiJoFTqVRhae8x18VcSYjdbOXMd8heq5hQrq1/SpFPIRxrzFNnknUNLYCVC5/Y3riSu8fBmeA3A/Ui1eaKTo3/VpY/aprgtMzWynOq55yGzAPIfwbcY1Sfv8ShLbsFpYL+vFZ5sDSQfHO7ZCwQguAJh6rcSlM4Xvt77p3gXTVliA7Ak7Ktv1rbWx1yYWekYf/WZ6rzlW+YcOCOd5uruMyue1s+z8px1Am7G+cmwpRRykcHdFsP0EkoRVmKkB5CEoSFmKp0ekV7wxxDorXtPDKk51qRODCh86EGfdhqDQ0arJnOvorjNOLWh67vnCW1QCv08qoS2gC+NYdHZTwqqru+6b1nYTYKa+joptxZfEYoWgTerJSXbeLQ9PSV2/lpMC2gwGLk0HxwR2fSYwdcbj9NLbnajTCHfnQycMn/vKRp98UCFqwTAWmAyULG+IzYcwmZ1exksCKwss4juickA4BVnzkwvRreIGAVasM529MprG1lpBy7Prg10TtlPeYUlZMdqoAeO3E8XaTK+/65uS7XsO8IciUVHRMK46sezzy/h1I5s4xOk4iJxyP1dLf5jgCpOWAgZUABjS2E2V61abuTFarfuiJoGEMD59an4qf92eAgRpsVrzQAQ7mZXbtN/Lv X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 6:sak6Ep836DbVnhe8ACNgsd5BbHRdO8Zlu4qI07g1LuYd8GHlDCwX2hYsk699rtH2XCRpJOt8iCw0MaiRBA6QZphdf4MA8L//GxwdLpFw2HKNyvwn3l3f6j6ngz9Tt/0Dezi4fvEQP4aJGFEwBPtBR2PRjsq4SGO26ZfK9l4ODWmoRMCyVpdsiQUkjDfdAh9R2HUTcj9CnNlOqiXPQm1TEHGzG7Eeu0QLgZ7q/VAaIItKieUjq9TF6R+WhvWqmPrJbDdOHNrBqSHMUTyZbvQm3yLGN7I95RC/q8DfFVPp5qjsL5RBP+2MoW75sxtM9AA7LtuLVsBUt9O4a0kFgdh/WkTMDP090kJVhmdgOl+BWTE=; 5:asvioQofdMa4GSwERnDVE02Ht5NlhAnBrDldNvZhmifxOJEWC98JwImVl3jj9hRgnD2JZVSgE7xPn8nbYrBCMpci2Taj4fmM5FJVK4WSgPy99TXNGOL/TJrBwQlCzaORR+orH4Q+IpxLbH0YGfTdnese6z3XY1OQUcKb+4fEb+w=; 24:BUOkaEnRIOblKGyTF8bl+B/sXuA04R/NvRx2WbsfiDiFsx5Q2rgzZFsfiXshG8ZnyMK4f2AN5Uz7jRS+I0rfRCh96GRs4Q9P5D3v8T+OaJ8=; 7:NUASpQRRuJ2tnGlzdVzuahD4KsDfTGnQmJri1xGpAM45OUArzRiPB294l+Vc/yqzNFxQVr3yxT0xQiNVf9B55Tf+wr8MgxWBqAI/YDIdEHLmvWM15LxnNtFpVEpllTAwuGOs7oghvrVs5o1H+6yQ3StsvlyxZwo6pmeixp59RjZMe02JxWhEkb5WSBgAqyB8aIwhgWfFHoELeFYS+UJQDO3qFLG8Fgai25jTJpkdhXqtlslTm/hAftrvjI6dNpgY SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 20:vLRrzKAF8euubFeXIZkXTW98v5akxeTitDT2kqGHAaKv4GpJA++5zw5OR6vPODD0awwwc+aMAxScWuX0h2PbUcGFwNLlSTqLh6DkKiimjtgN4Irgad3ebfAzYMayryecKhwg8jvJPeN47DWMcngCPmBakUdDLMe2xc/d/laiiz7JazzuhpmjkC9RFiEt0Ms7o4rBTEgAOgZ8Wpx6fU+buOcdlFz8fSAO6YrGicWJScKWgIgv+mPkdLxFSLQzQJa2 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2018 16:07:27.8535 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f63febf2-136b-4118-fc56-08d56e44e304 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0152 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.34.43 Subject: [Qemu-devel] [PATCH v7 21/26] sev: add debug encrypt and decrypt commands X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E. Iglesias" , Peter Maydell , Eduardo Habkost , kvm@vger.kernel.org, "Michael S. Tsirkin" , Marcel Apfelbaum , Markus Armbruster , Peter Crosthwaite , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Christian Borntraeger , Brijesh Singh , Stefan Hajnoczi , Cornelia Huck , Paolo Bonzini , Thomas Lendacky , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for decrypting and encrypting guest memory region. The command works only if the guest policy allows the debugging. Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 1 + accel/kvm/sev.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++ accel/kvm/trace-events | 1 + include/sysemu/sev.h | 1 + 4 files changed, 75 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 37f7c442dc3f..7d3b7b4107eb 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1677,6 +1677,7 @@ static int kvm_init(MachineState *ms) } kvm_state->memcrypt_encrypt_data = sev_encrypt_data; + kvm_state->memcrypt_debug_ops = sev_set_debug_ops; } ret = kvm_arch_init(ms, s); diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index e422f43caa0b..7b57575e2f93 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -23,11 +23,13 @@ #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define GUEST_POLICY_DBG_BIT 0x1 static uint64_t me_mask; static bool sev_active; static int sev_fd; static SEVState *sev_state; +static MemoryRegionRAMReadWriteOps sev_ops; #define SEV_FW_MAX_ERROR 0x17 @@ -575,6 +577,51 @@ sev_vm_state_change(void *opaque, int running, RunState state) } } +static int +sev_dbg_enc_dec(uint8_t *dst, const uint8_t *src, uint32_t len, bool write) +{ + int ret, error; + struct kvm_sev_dbg *dbg; + + dbg = g_malloc0(sizeof(*dbg)); + if (!dbg) { + return 1; + } + + dbg->src_uaddr = (unsigned long)src; + dbg->dst_uaddr = (unsigned long)dst; + dbg->len = len; + + trace_kvm_sev_debug(write ? "encrypt" : "decrypt", src, dst, len); + ret = sev_ioctl(write ? KVM_SEV_DBG_ENCRYPT : KVM_SEV_DBG_DECRYPT, + dbg, &error); + if (ret) { + error_report("%s (%s) %#llx->%#llx+%#x ret=%d fw_error=%d '%s'", + __func__, write ? "write" : "read", dbg->src_uaddr, + dbg->dst_uaddr, dbg->len, ret, error, + fw_error_to_str(error)); + } + + g_free(dbg); + return ret; +} + +static int +sev_mem_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, false); +} + +static int +sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, true); +} + void * sev_guest_init(const char *id) { @@ -651,6 +698,31 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) return 0; } +void +sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ + int policy; + SEVState *s = (SEVState *)handle; + + policy = object_property_get_int(OBJECT(s->sev_info), + "policy", &error_abort); + + /* + * Check if guest policy supports debugging + * Bit 0 : + * 0 - debug allowed + * 1 - debug is not allowed + */ + if (policy & GUEST_POLICY_DBG_BIT) { + return; + } + + sev_ops.read = sev_mem_read; + sev_ops.write = sev_mem_write; + + memory_region_set_ram_debug_ops(mr, &sev_ops); +} + static void sev_register_types(void) { diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index e810d75ea1b3..de6a12c51e06 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -22,3 +22,4 @@ kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64 kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" +kvm_sev_debug(const char *op, const uint8_t *src, uint8_t *dst, int len) "(%s) src %p dst %p len %d" diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index c173ad33f8bb..186ebca0f945 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -78,6 +78,7 @@ typedef struct SEVState SEVState; void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); +void sev_set_debug_ops(void *handle, MemoryRegion *mr); #endif