From patchwork Thu Feb 15 15:39:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 873948 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="qr/LTcxM"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zj12D6rS6z9t1t for ; Fri, 16 Feb 2018 02:50:28 +1100 (AEDT) Received: from localhost ([::1]:60776 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLnm-0003Zc-KB for incoming@patchwork.ozlabs.org; Thu, 15 Feb 2018 10:50:26 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35711) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLeU-0004Ij-9S for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emLeN-0003UZ-NJ for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:50 -0500 Received: from mail-cys01nam02on0060.outbound.protection.outlook.com ([104.47.37.60]:52287 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emLeN-0003SW-5n for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WL67HgZNUc/d6sIfHvD3wyF1YR13gauNGXMAsTlw1Ek=; b=qr/LTcxMekZizR5gOxFjiTcbdBJjjVe7Aek4bYxT9p2SVwOSsS4e57Nv4vsxaCelfFexippazSSCVhPxpRNZkFoqUfpWkJXou/WhxQb7NwlfGdhAvA6WXCCvUQ/z64c2837m/WkbnVOq91kzx+UugMUr9WGyb/NBFP5pGX+7w48= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Thu, 15 Feb 2018 15:40:37 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 15 Feb 2018 09:39:36 -0600 Message-Id: <20180215153955.3253-11-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180215153955.3253-1-brijesh.singh@amd.com> References: <20180215153955.3253-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR04CA0044.namprd04.prod.outlook.com (10.172.133.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: cfe4990e-643c-400f-ba5a-08d5748a771b X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:cinpF+bdUm2MUMWMS4nOr9CYwoyhKSN0ayhQScJj7QfVaqIoGI4415EX0FQVu11eN4MhjSi6excLnjjGirjZknauIEz9ZBwQoFppMOG4HtBptbiSVstl80PcdAdwM9dKVOfEAbzgJO3W9ggzyAhmEh0dptcwR1yJ6A722LVZHQ9cMIVW+7iaVpnabcKhzxAdbhu+P1cMM/9eIiO1wvmF4Ay/fKhGa/PT+WIpbN8b4jx+LtVJk/GfQ5xVMugjOXP3; 25:+fe7E/sBHON7CRTe9SACHY/qoI0MwM5b0nSi9ne4pujaMrnU7Ss7FvlcwWo3sdoPJ1a1fI4bd244m2Zbi0MIH+2X/Rebpa2pT8LEyivrvIr+oBcGMvqXr7neuePli6ZGn0GBXCP7o7ss/odE2dDhYl437q6Ctfr8MGliqFkL1j1kGD6FwkieFG4w3Wb5BfZJ5ajywrERFtb2Aanx0+aeslN7FU71MNu+hiHWz/o2VD6QGFY9IrKYBjU1sXuIQ1LjX8kfhO/bTet6XNkudPvbbE1zkR+ZPha2NkT0Q7lqIL/JPQyo5BnrIW1nTCI46r9w/P+iHoM1ymBpC6t9ct66rg==; 31:mmb7wkntX+8Q1MKaOEXssEjxdzZnzW5tomni+wF74oDVT9SpEogr1ce/BsANVU/xy2wr3SH1g+JsJjdIfqQWkzJa2/cZN2C2RQvzkm79H+umZLK/RlhZoykueNSrCtT41ny17kqvfYazkXixVhT+MmLw6wWev8YPx2inoa9qGlA0VLaZXRH6nJzSvikny3AvitD1bDZAwe96fuPr/OsvFYMrSmeI/4BHkJJRD5RjgtA= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:+WaJ01Kxmi21daU7ErL1zP3BftkZ0hV7Z+MXRWSb7uLY90QlIhwP/YwnmW7dg5MEj/I3fMLxb62M+vqN9ukXvVtnRjf+js1OEkL7rpoea065O/AtIe3mSff9AsSMLEThvGDF8E0yjDrEvEroNm+ygjpz9vCo/AvtUquUx1fhKNI8tmS7xksSVHwqtM6PRcYiHiuAp3qlQKV6ZVobdQMujyw7L8GMBtNNihEyzxRKHwFb16WEPwbtgWzjCGAkwxjnqavEBl0V6v7HRzEpoGNLdDP7yntqKWQdhBZi/J8Tz69MdIsV8aJW3qpptYF6UEt0skrTbxrSoNClNPv0UwF79/lAXW42G/RnSzn67nBqBxhYEg2RDiRJ7oNjdZGQw3dTSjP6WnLR6aMxpokXsh+V1QhvdFgC3VCG8iuzfEKPvclOiUxZS8lZy9HQRreG43uCM2lbRcl3+j+vxbGqdwEtLNlf2ZBNExkA2ZW8JqOEs+MPQeiMj2i4dbx8Z7i0t8nZ; 4:VADUhL0aV0Yl80uLPwgYnu7dGszUKk3Y2j2Hsp0SHNGnPXSjRM97y5AGGo0LoiPOzZIH0+PgcO1GavUz1bPUX92Q8SiRDx6yk0X9LADIK9qrl7xwtP68SNNhL/z9a3j3sv/iTVo9iwUHyyM8v0uotPNgLan7vC0zFGsvbUOYsvSnsZ32fUc7RKiyDh69J/UVYVrNHUKvFtvIfsRF48I8z0tn4eo2be/mDCLYQMPIwHbIsfhvi47b0QTjKPFaSLKyQq6KsLuCtmY6b+WJm0RqbmiM53lFOmzsl95dpQ7zRrKOTdxoXv2PztdbojvqjHbq X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0157; X-Forefront-PRVS: 058441C12A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(376002)(39380400002)(346002)(396003)(39860400002)(366004)(189003)(199004)(26005)(3846002)(386003)(8936002)(5660300001)(186003)(16526019)(316002)(8666007)(1076002)(54906003)(6116002)(48376002)(50466002)(7416002)(478600001)(59450400001)(8676002)(68736007)(86362001)(575784001)(16586007)(2906002)(50226002)(39060400002)(2351001)(6916009)(7736002)(106356001)(51416003)(8656006)(52116002)(25786009)(4326008)(97736004)(2950100002)(6486002)(2361001)(36756003)(76176011)(81166006)(53416004)(66066001)(53936002)(81156014)(47776003)(305945005)(105586002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0157; 23:ZXmtMFiBzb3Qp2zsl9wU0Ob+hVfNQI5ZfykoOZoj8?= hKym6mvFJypoTrWier/rJIQCCTUOIytijq3Nhh71oeKNao26jkmZT3nkNGfkaZ48Nv31jrR3ud+XVLeohVDTtlkIDR1ngGkKTyZ4kxBDXsR1lZU8/lQkqzVTjP7dyngwG4Z8fNWhlVh0H7JSzplTW8D1p9j4i0avb39QBcI7OPhRb7lh1xhie+83Pyy/4vXaa/j+O185bj4mZKH8KE1FJfWc+2Yu9WT2ztBNl6gATqf3dX8RB/CM1jr8EG3cx0YzMMD6lweGBgDEsqdSd/+bnddbzSsJeGG4DA7icIBjvO0igtbvHrmRc/5lLlERXHKj9eghghHKVaMOuEQsfa1KxJLMjrNe2PnTp2YcUg4ip3irBN7XMVww7Tt396QiBHzCDAWLx4WRAFVfpW/awZSnWs3XvFPaAIrIiQO9E4KBHrlUlTioyBJKM/qRkCs6SFClQECCbKhN9HF+fqk4zz6NuiUJyx4/HL8QMBzfDO/Ufra0sz7SytniI+lkcO5Vzkakq6BZlMgPnHUpeeyKHZ7z6hUkqD5qKpuAg4ABQcoomNhaVQEapwhsjRQdEL+ENVDZ1gza8RW3QVnKtHem+NuJCSWujtfi+eNV9OlXtpVTn6fPxJIt5zb5m5y6JkgtaHcveNP7PavjwdbYymSmRzbrQFlW005cKwasfrXSkzk7gcZpjTuopWjeQw+3aP2rlKrqtFy2N+hWgFs3oAT0bsKKYsXYdWZVPDIZcbm/O0lU8ANLIpv4abIe/B0WdkZNW9NBFwFs7oFAmlryhPop6B3GI9NrSBj07UtPCjOQJ2ZmAXOwFxTydTMVYUi3p8zQmDP0femVWwE72rm1GST0iuebrDKBz9y68G0Oz0PMoHKUaYUEIjiIougL0cFj4iprl/cdBDeO+J6Yr3Ns9yimeCaxJC+6Zr+hQo+yNPuuf445TRJvQut6/w8qfvbTG3knsn/r6pCFUcsOXEel+xrdn4f8I+eROYY4rRKeIAzCTCS/ipTW1CdUp2jGtWZisjvwT1BnT4qF75fbi3QUabJNlfnpQ9NC7FwpOfjIqv3dqFduyyYh5/XwqPhMfBYNnBI3/JckidcGkE+wRigc7sMGo/S+WrHxLSMWzSlYS3zhc+MtL25/WlmfhzlH5N6ZbqtBnpXtl09Nu+krqEuu/FhSU5FaYyiSU8r1gOLfehVuC44n1pZTsf/mnSgYEbb7hGkTKpbaoNHYOje+NXkC2Vsbc3IiBI1vpumksmeW0nER8BQEQAZYZmj/YUaqX9X6d76Mo8ZUTo= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:IwdMtc4cnMNU45WzB0CZwgE4FiTwPnWv7VfxGGK2Nm3Fxr5S2X7dV3w+Fceu1pl9vu1qiZd3mHqNkF4c/XcOBfFhIwYHl1LAvADvMyWztjOyd40zNN2irKRzDOskrw+KKQlbLRfb37WRmwVVY3ZYKK0/gPECEUYoZniY0ynQtFRbB3qvDCs1lvgvY2Q5AxyTn6pxb1wYsJQfae8ppp9ejRGCZ20hpUQ825FpH0SF+hPTgt0tHR3qwhONWfhBGRz06XLnJCo6cRc4zk1zxydMvmTkQOHvVnnOYWmoLWHsaoF2o48GtSF7OrjepSpQdfQaFRX8X8zmn1zh+HDUSw4KSGgHyW2XIXK5YTiiNXGAyJQ=; 5:K5XOG7CLizDbD2TzJwg0vpENc9PAP1p4QA1ExNXYI+jDBQ3iH3Fv7qzpuW0cLbLTFPkR/A1Attnocf28baHILWEJfWF3anNWyrk6KGCj7aiSQHdovc9e1lAYToAiuK4m3eDfBvboXkO+ztxMR3Mfph0/XO6BLbRG5r/U977Dfi8=; 24:UeI9PR9kFguPw+lF4ut5nLMyZSFOEQH6l7emEqlbUbaHjCQL3BNqWpauSyqkYW8fxL+sEqWNusDjDo33rWiwDnGbKpx0sJjbTXhnUHb3ALI=; 7:j8FSUTGqCzpVkd7KZEqZe3ntC4Lnq1h/PGGYlDaXEpViH6TesvNbrdP6Eomh3IzGmIsJWOqUoyYfeSVRJyvaEvHrD1+vL+wtt61affIlaKf6ZfXJiVx0lGjOsiZPpRJm35Gnm7hA2c4zhXl+TTTwq86OW+eyCdrKhTjnPonjl3sigH6WPVwY/9BO/glj+0YOxSGzzmiDxyfBHMHNxLv58hrefJo55+09Hoh3NLcLVFJfDx88ZXNKYJeZRZUZrr4B SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:q58vvSzZGTpdtKyrW+iQERvCSRoJTZv81n+Ka5PnrHtGaMf5pZqXrZDG3foveShRBKE1fQSC/ZUkpGnWSjaTWQMnPPRzdCCrGr7KR5l1q1kvHYHu+E4m7EpntcZTpInQC8knX25Q/U/P+EKoByF5NNyjzGzcLphdfnoSV/jlpie6v9qi1gHSXJdX0B7hsne9EHts6sNJDvUFqiwcDQ2WlMRtVEx6K6GSkvHFzuhY9KepUiRpy5pZBCJ5814AgS87 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2018 15:40:37.6189 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cfe4990e-643c-400f-ba5a-08d5748a771b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.60 Subject: [Qemu-devel] [PATCH v9 10/29] sev/i386: add command to initialize the memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" When memory encryption is enabled, KVM_SEV_INIT command is used to initialize the platform. The command loads the SEV related persistent data from non-volatile storage and initializes the platform context. This command should be first issued before invoking any other guest commands provided by the SEV firmware. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 15 ++++ include/sysemu/sev.h | 19 +++++ stubs/Makefile.objs | 1 + stubs/sev.c | 54 ++++++++++++++ target/i386/sev.c | 191 +++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 3 + 6 files changed, 283 insertions(+) create mode 100644 stubs/sev.c diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index b91fcb7160d3..300fc3cd44ce 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -38,6 +38,7 @@ #include "qemu/event_notifier.h" #include "trace.h" #include "hw/irq.h" +#include "sysemu/sev.h" #include "hw/boards.h" @@ -103,6 +104,9 @@ struct KVMState #endif KVMMemoryListener memory_listener; QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus; + + /* memory encryption */ + void *memcrypt_handle; }; KVMState *kvm_state; @@ -1636,6 +1640,17 @@ static int kvm_init(MachineState *ms) kvm_state = s; + /* + * if memory encryption object is specified then initialize the memory + * encryption context. + */ + if (ms->memory_encryption) { + kvm_state->memcrypt_handle = sev_guest_init(ms->memory_encryption); + if (!kvm_state->memcrypt_handle) { + goto err; + } + } + ret = kvm_arch_init(ms, s); if (ret < 0) { goto err; diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index a1936a7a79aa..5c8c549b68ec 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -14,15 +14,26 @@ #ifndef QEMU_SEV_H #define QEMU_SEV_H +#include + #include "qom/object.h" #include "qapi/error.h" #include "sysemu/kvm.h" #include "qemu/error-report.h" +#include "qapi-types.h" #define TYPE_QSEV_GUEST_INFO "sev-guest" #define QSEV_GUEST_INFO(obj) \ OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO) +extern bool sev_enabled(void); +extern uint64_t sev_get_me_mask(void); +extern SevState sev_get_current_state(void); +extern void sev_get_fw_version(uint8_t *major, uint8_t *minor, uint8_t *build); +extern void sev_get_policy(uint32_t *policy); +extern uint32_t sev_get_cbit_position(void); +extern uint32_t sev_get_reduced_phys_bits(void); + typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass; @@ -51,4 +62,12 @@ struct QSevGuestInfoClass { ObjectClass parent_class; }; +struct SEVState { + QSevGuestInfo *sev_info; +}; + +typedef struct SEVState SEVState; + +void *sev_guest_init(const char *id); + #endif diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs index 2d59d8409162..31b36fdfdb88 100644 --- a/stubs/Makefile.objs +++ b/stubs/Makefile.objs @@ -43,3 +43,4 @@ stub-obj-y += xen-common.o stub-obj-y += xen-hvm.o stub-obj-y += pci-host-piix.o stub-obj-y += ram-block.o +stub-obj-y += sev.o diff --git a/stubs/sev.c b/stubs/sev.c new file mode 100644 index 000000000000..24c7b0c3e04d --- /dev/null +++ b/stubs/sev.c @@ -0,0 +1,54 @@ +/* + * QEMU SEV stub + * + * Copyright Advanced Micro Devices 2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "sysemu/sev.h" + +SevState sev_get_current_state(void) +{ + return SEV_STATE_UNINIT; +} + +bool sev_enabled(void) +{ + return false; +} + +void *sev_guest_init(const char *id) +{ + return NULL; +} + +uint64_t sev_get_me_mask(void) +{ + return ~0UL; +} + +uint32_t sev_get_cbit_position(void) +{ + return 0; +} + +uint32_t sev_get_reduced_phys_bits(void) +{ + return 0; +} + +void sev_get_fw_version(uint8_t *major, uint8_t *minor, uint8_t *build) +{ +} + +void sev_get_policy(uint32_t *policy) +{ +} diff --git a/target/i386/sev.c b/target/i386/sev.c index f07c6465777b..f9a8748d19c1 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -18,10 +18,76 @@ #include "sysemu/kvm.h" #include "sysemu/sev.h" #include "sysemu/sysemu.h" +#include "trace.h" #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +static uint64_t me_mask; +static bool sev_active; +static int sev_fd; +static uint32_t x86_cbitpos; +static uint32_t x86_reduced_phys_bits; + +static const char *const sev_fw_errlist[] = { + "", + "Platform state is invalid", + "Guest state is invalid", + "Platform configuration is invalid", + "Buffer too small", + "Platform is already owned", + "Certificate is invalid", + "Policy is not allowed", + "Guest is not active", + "Invalid address", + "Bad signature", + "Bad measurement", + "Asid is already owned", + "Invalid ASID", + "WBINVD is required", + "DF_FLUSH is required", + "Guest handle is invalid", + "Invalid command", + "Guest is active", + "Hardware error", + "Hardware unsafe", + "Feature not supported", + "Invalid parameter" +}; + +#define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) + +static int +sev_ioctl(int cmd, void *data, int *error) +{ + int r; + struct kvm_sev_cmd input; + + memset(&input, 0x0, sizeof(input)); + + input.id = cmd; + input.sev_fd = sev_fd; + input.data = (__u64)data; + + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); + + if (error) { + *error = input.error; + } + + return r; +} + +static const char * +fw_error_to_str(int code) +{ + if (code >= SEV_FW_MAX_ERROR) { + return "unknown error"; + } + + return sev_fw_errlist[code]; +} + static void qsev_guest_finalize(Object *obj) { @@ -219,6 +285,131 @@ static const TypeInfo qsev_guest_info = { } }; +static QSevGuestInfo * +lookup_sev_guest_info(const char *id) +{ + Object *obj; + QSevGuestInfo *info; + + obj = object_resolve_path_component(object_get_objects_root(), id); + if (!obj) { + return NULL; + } + + info = (QSevGuestInfo *) + object_dynamic_cast(obj, TYPE_QSEV_GUEST_INFO); + if (!info) { + return NULL; + } + + return info; +} + +uint64_t +sev_get_me_mask(void) +{ + return ~me_mask; +} + +uint32_t +sev_get_cbit_position(void) +{ + return x86_cbitpos; +} + +uint32_t +sev_get_reduced_phys_bits(void) +{ + return x86_reduced_phys_bits; +} + +SevState +sev_get_current_state(void) +{ + return SEV_STATE_UNINIT; +} + +bool +sev_enabled(void) +{ + return sev_active; +} + +void +sev_get_fw_version(uint8_t *major, uint8_t *minor, uint8_t *build) +{ +} + +void +sev_get_policy(uint32_t *policy) +{ +} + +void * +sev_guest_init(const char *id) +{ + SEVState *s; + char *devname; + int ret, fw_error; + uint32_t ebx; + uint32_t host_cbitpos, cbitpos; + uint32_t host_reduced_phys_bits, reduced_phys_bits; + + s = g_new0(SEVState, 1); + s->sev_info = lookup_sev_guest_info(id); + if (!s->sev_info) { + error_report("%s: '%s' is not a valid '%s' object", + __func__, id, TYPE_QSEV_GUEST_INFO); + goto err; + } + + host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); + host_cbitpos = ebx & 0x3f; + host_reduced_phys_bits = (ebx >> 6) & 0x3f; + + cbitpos = object_property_get_int(OBJECT(s->sev_info), "cbitpos", NULL); + if (host_cbitpos != cbitpos) { + error_report("%s: cbitpos check failed, host '%d' requested '%d'", + __func__, host_cbitpos, cbitpos); + goto err; + } + + reduced_phys_bits = object_property_get_int(OBJECT(s->sev_info), + "reduced-phys-bits", NULL); + if (host_reduced_phys_bits != reduced_phys_bits) { + error_report("%s: reduced_phys_bits check failed," + "host '%d' requested '%d'", __func__, + host_reduced_phys_bits, reduced_phys_bits); + goto err; + } + + devname = object_property_get_str(OBJECT(s->sev_info), "sev-device", NULL); + sev_fd = open(devname, O_RDWR); + if (sev_fd < 0) { + error_report("%s: Failed to open %s '%s'", __func__, + devname, strerror(errno)); + goto err; + } + g_free(devname); + + trace_kvm_sev_init(); + ret = sev_ioctl(KVM_SEV_INIT, NULL, &fw_error); + if (ret) { + error_report("%s: failed to initialize ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + me_mask = (1UL << cbitpos); + x86_reduced_phys_bits = reduced_phys_bits; + x86_cbitpos = cbitpos; + sev_active = true; + return s; +err: + g_free(s); + return NULL; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 3153fd445488..797b716751b7 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -5,3 +5,6 @@ kvm_x86_fixup_msi_error(uint32_t gsi) "VT-d failed to remap interrupt for GSI %" kvm_x86_add_msi_route(int virq) "Adding route entry for virq %d" kvm_x86_remove_msi_route(int virq) "Removing route entry for virq %d" kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" + +# target/i386/sev.c +kvm_sev_init(void) ""