From patchwork Wed Feb 28 21:10:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 879434 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="LQHsTFCh"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zs8513Lr6z9rxx for ; Thu, 1 Mar 2018 08:36:05 +1100 (AEDT) Received: from localhost ([::1]:47105 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er9ON-0005RP-JU for incoming@patchwork.ozlabs.org; Wed, 28 Feb 2018 16:36:03 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53558) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er90S-0001Sp-0R for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1er90N-0005yC-Tw for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:19 -0500 Received: from mail-sn1nam02on0057.outbound.protection.outlook.com ([104.47.36.57]:26791 helo=NAM02-SN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1er90N-0005wc-Kn for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5d59LpVex6URz2ph0rzanbLl8ENkho8UxH4wpS7qbss=; b=LQHsTFCh52Knm4qnstpQ1sIrqwf/krVHDrtva+c1v4ZP4n6Qp5/v0XV83YwbGSBUQg0pc4QM3A7Ecy9R2w0mw3apUOzUcEtHkGVpT0EMw7jwN965dnNbsuZ+qP1uLJ1X2lUOTOSm0hi/yx+H95x/XFxDZTQ+fRGRYZB0bw8IRSo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 21:11:13 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 28 Feb 2018 15:10:21 -0600 Message-Id: <20180228211028.83970-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228211028.83970-1-brijesh.singh@amd.com> References: <20180228211028.83970-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com (2603:10b6:4:2::18) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 17652ce2-303b-4553-4019-08d57eefcc8f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:2N56NCNut5dT5x4+FbdDDE9YCA8bl0Va0fbSW4Dgy4dBAh5I5xxGel/nsZLTkRqrLspADKsot9DFjaXbngRguW4BNC8dFh8gRqzrr/sUpabn/S1bL9lBZ2FXBFuUarArgOXK1+lN+DwJaShvMLCpEtccZWI0b3zO/UkoYkGDZswgkfyzccCtBbgLxsTNyKN72Yiv/BUFY5J16XCsg+Cwda9LDR50nkaj9qxvihpa2Cdgb329ckNhOxmIK6A+rFU4; 25:Wg9OzTsFfd0A2hyrOAYrKxJnb/LYYX+QMiO5lDlL5jgoW1LmGoDTrSYl/iHiUVH9BAMX8Wlfg/qzORzLrquU2ZMIyToHasSnlAslsGZWGGNJTEXICXysy82DpdQto85w9Z0b9TDWq63jGTnG2j6MfefyJ8uRmKHZacSO02mN4dy05CYU+63bKnPeFarbYdV0/fgi/lYq9SuqB7iuoOrr3cJzW48R6QI1aZRVoBitxzsHaJHyqeR4KsENc/39CCwz7qgNkfCQPYRZFuNJIlEnCA215qKNfn7V2tlxr5qtpmarw8TDXIjw93pZacz0kX3I6D4XBkFo0/bChqDgHUqBxA==; 31:x/tBAZgozO6m9Dg68FRyWxsWce8uX4kcsIFN1aldZFYFn9pIOQ/FqL5tA3aZyL+Zq8Da7buGMNtsZCxubMMSUnIJEJnLbVOLVzavKmi/h+ApitIlxl3o1efBpZ0Vl7RjoOlB66OVy/jxVp6IaqARwCazsWkbQMvTDzhdfJDo2ZIf2/eEZKfx5OoMrnA9P4S3WhqG+Z9B9T6YocP79YF6qgo8r2u2Df48lqEa6zt/Q7E= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:GtwZVjNak3bcVRQDxnyv2UfKiIQbDJl7jpunHrmORSin9ecvyt2VN+U0zOEshcGOMMT1BUitgYvGJHMxJlDTBMi5XoezU+7KgHa4BnQxjTCrUZvRuc34PmWIAw5RCEkb1nM3STSsC+QP+/DPTT3ajgJRqKaZmXfdo+Q7tTlUUnjQbh3UM5FZ1MtJv6WqT+3T1coaPU+3n1wvVWzGswbpUtEF1lNE5KpI6UxVRO09ttaLIdcwUdvioWjLKnWDkbc5+cmNQpRNYaDpCOIwEgISpfWFyNOBraJcWW1u7EBgwva+34nzB7pQRvBpsU4aObqzVCJLEEahvr+ZDNy84ZzIZMs+cWx929d3Nm7j1GB2x9LRaioS9PoJgk68FJOXyZqLk+xKWsnEe9M5x+Oxubg1F6k1BoawTSDsQBRVfSYQ2KQEAEgqchM4RI4gbEfwW23LqGtEv55Hi+OG9oTMYrvEeR2bAXQP0GSBFpM+Nk4ssHlAJ7CEd9w/leXMI0WvN1EC; 4:EoK0oYwCNOHehTOI9xYtL8Z/dmCcFxVM4UAf7mg29bGD2ibHJXaq1FKWgTcNu6ibOVRjUbmAHleXnuzTf11HQgY61sVyCzpIdJanhn2lrzu2Mmvm/zq/j5hZdaTIqFOwJDShH3bNaSYHbJlAutrXN3351OrzB4anHrPRUDdmFVSOzJrJm3CxTAAXFKtP4bM5/glr90+MvIiC+UM2RBbTKBQ9oYzebpG6+k2AY57IqeYVXhDs2ALFFjajfW//ZQyteHHyJvdCA0iATxS/nZeIbE4mQALDBxHIjH70wt1qAM2X1erZOPpT7FjNyioQYmx2 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(16586007)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(59450400001)(2361001)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(97736004)(5660300001)(2950100002)(6666003)(305945005)(4326008)(76176011)(7736002)(39060400002)(8656006)(105586002)(68736007)(50466002)(7696005)(51416003)(25786009)(48376002)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155; 23:qPAU77R+mKXCLUkWsolPnyHnSazX56bsd2yjHCMSb?= fXoHjnwbSSy67yExBYlHmTN1PLajytinQcagIDSICWYoO5Y+RGs5AyBRo68p0mVqwTyr1Rcok/2+pDwOEqfmuyLlVIqswcCOCcWf1LHtf+SE2z/83nDnD1qQukuWN9iQo5hi4y3q4ZNL8qTVjRfw3yOv/RrqvuUuKOh7p7a1NGbnxKQN+lXT9qFxd7m/SRf158O+iFQkwvYp6KU52NSbnMCMkTUYQKI4x5XjseR/i/ljJPeaj+UXqvATV5SzvpGul4WUFF1mTsXrXMlAn9LbR6p9YhdhbfVIOgwEW2qGeQdNaeu0zXoQGKGuOaEMiGNNSccXXqjScYn/B1/SzXP2C1U7gCp8MoE5cpIBkDXkIgbe+/BkKYO292Yrv+XBM/qQe8iMB5vMz70wUbVqdO14QwPZYpQJehJ3RriRL5flDLLPlhhg4Yu7+DTaY3FtDND8BbuM87tJj+b2EqssSGNPNA27tj7ZPBs3AonWoMKtLQ76cAE5IrqNkFnOvowwHzSxWa0ASNHEdiiuktGJxEMxPFgBVxVf6gOkgtTqduAeVZAQGsArAAmxIflZ3uUtL0ADhy4DOqDehusL/h8RJnvDDH/Hq/BG9KxImqdLK0fDg0i/pB6XwAk2GCZA60+bffttbfiO0SF7uApwq2ouSclg59pHravIZN8oPuMUPPWk5MOJiPnVldaqM2KBpNUu5gzPBGbss9NR7998eKgxTqRWlH53mHBvLdIhSVzFqK5jEhrkr6piJS5YbTKKi99UxaRyfTZWaqZ/B+mXnxEx7YAIZaEurYkyySpgO5oYkfbB1zGKyzHq5zMK2fcN/jQBkErd/VGMKGHQJ6Tw/XrIi/9MnQrwFzKk74u765z5wN485GUXqp+qKpEQriYZXAXcC0fNOiR7b+VBscJnjvTpFyZxz309bM43zvp7OMf0FEeUMdp0zyLW8kX7Y6U0qri8y6J2p9rbOtSRAS5n217FNGVR9VwJWyhxVr1rThz+lcM2id6UNOc/zGLRHEPAdm/ZvKmfWFQ17WJMd6rO07EVNcBnYqD00r7OSvLnhL/zL02zV+2whljkx5D0vjuyeD9gIC5zM+cR+k122+8xKIkFK7EX9uyd9Vy1sO6YwbMJzRqZWGp/Hm9j7xj5Qur1cATdHcTWg9CyLFRHn3jVLpZCqsMwZrj28xXqNX3SFansaOecN2QymR6txRLv56V4XbV8pgpB+jDXe3fRJDqjg5BezhhK6CSlrKCdu+bu3vofPZHwLeUykmS1I1LBX+ld/JbLkc0k/0= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:FPcOnB1Zl9iyv9e9Y365tdr4hE90R/pWnbf83HOrgt+qMmswaufLrBK2C/yOM3McvEF9Ey+uHXazOXDFdRntEPSppz0sGQRHF40rVcsVgsgeGHyE/vGKK9JBRd6CWQ+Uyf5xG4/ZpsaHht1bwI9eS0jlZ1DR0NEdWFEXoyUkaa/5HSX3JcwKzLK5/wqFaZBE+YWOTG+KvHKqLBoemwvjaB/G942u4uyNlx8l0YZw+4n9BLvOK6oZK+QDNku4aRElSZP4eKqGfj9T2wWFLMwmofo0J2RYnOqg2CZAE3OtWH3UVrLbFeJB3SFbQVFpNV5QvvUCPxML7ocT8Eslh1xW0uVSLyjltZ9P/+gumy1cm4E=; 5:ny0pABvE7Y912ZWUFN3eDnmtqQadhdi3bDTDuGwx67gAoZ2mJMV4QV1ScoF7QqG3PaPTFqyopHtzMJYCuvvVCLRhzGY/6rKEa90HUQZdOMDYBVr9A6yOblHVhhlz7I+H+4VQdNE3K7Zq18zE7u3npV7Hpcelh5HsxrkyiKjVz+g=; 24:8EcnEjhcXl5Kr0QyOkI/yvWICJ3jH6DWzYo7cG9TSV2h5k/Oy6ic/LWowJQl+FsocEnbTndFQzy7RxiBtdr1TQJfsfEKRezfsKBirba0IFA=; 7:zpMPESnYywgOR8CrQHKT1znrAoxbKVoEtrNKcKRkyM16F3bCa6OclcjZMQkXyFrHJbmEjzS8qphYGxZfIqhoBPFrxiFtnbfE6FHx+YuGbA2BeEc6YP77EuvdMdCYjYeLKNyGgCE3K9vgELBdCUpQI7TbxuJWvf0DAkSSSRVaJjGKqW7S2rSZvuADmB65b/LSa0M39OcCB1j71ab9zDUKQHIv+IxB0Enss3dVupuoaW5tgI4b5SFLp7M7X82kMfku SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:7s68nlEIj3yg+DoGugXTilKdOjxu7M6I8ZslhYRXrSnryEkMlnCyMSQ37En8XtuPOxE6Ye006dxhmvKhvug2OZ0skzE3jW7PBIsC1zL00/+B0S4VgBCR2agO6HT1N4jz7wRWLNf6gsAaCL0Qxtz6+jPXGRQ2epiWx9sxZWsjQcl2Q4ygDmB5zfudhkGP2PpIukIddKHaoLP4j+p6J8KowG54wfIS52Jpn1/sRwhTZiwaXec3oPpw0OY5Ztl5Fq28 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:11:13.0141 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 17652ce2-303b-4553-4019-08d57eefcc8f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.36.57 Subject: [Qemu-devel] [PATCH v10 21/28] sev/i386: add debug encrypt and decrypt commands X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for decrypting and encrypting guest memory region. The command works only if the guest policy allows the debugging. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 1 + stubs/sev.c | 4 ++++ target/i386/sev.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 4 files changed, 63 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 4974c00c46fb..f53d4ca503b0 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1681,6 +1681,7 @@ static int kvm_init(MachineState *ms) } kvm_state->memcrypt_encrypt_data = sev_encrypt_data; + kvm_state->memcrypt_debug_ops = sev_set_debug_ops; } ret = kvm_arch_init(ms, s); diff --git a/stubs/sev.c b/stubs/sev.c index 2e20f3b73a5b..73f5c7f93a67 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,10 @@ #include "qemu-common.h" #include "sysemu/sev.h" +void sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ +} + int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) { return 1; diff --git a/target/i386/sev.c b/target/i386/sev.c index c341257fcc14..23c2b6183f33 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -24,6 +24,7 @@ #define DEFAULT_SEV_DEVICE "/dev/sev" static SEVState *sev_state; +static MemoryRegionRAMReadWriteOps sev_ops; static const char *const sev_fw_errlist[] = { "", @@ -600,6 +601,46 @@ sev_vm_state_change(void *opaque, int running, RunState state) } } +static int +sev_dbg_enc_dec(uint8_t *dst, const uint8_t *src, uint32_t len, bool write) +{ + int ret, error; + struct kvm_sev_dbg dbg; + + dbg.src_uaddr = (unsigned long)src; + dbg.dst_uaddr = (unsigned long)dst; + dbg.len = len; + + trace_kvm_sev_debug(write ? "encrypt" : "decrypt", src, dst, len); + ret = sev_ioctl(sev_state->sev_fd, + write ? KVM_SEV_DBG_ENCRYPT : KVM_SEV_DBG_DECRYPT, + &dbg, &error); + if (ret) { + error_report("%s (%s) %#llx->%#llx+%#x ret=%d fw_error=%d '%s'", + __func__, write ? "write" : "read", dbg.src_uaddr, + dbg.dst_uaddr, dbg.len, ret, error, + fw_error_to_str(error)); + } + + return ret; +} + +static int +sev_mem_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, false); +} + +static int +sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, true); +} + void * sev_guest_init(const char *id) { @@ -703,6 +744,22 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) return 0; } +void +sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ + SEVState *s = (SEVState *)handle; + + /* If policy does not allow debug then no need to register ops */ + if (s->policy & SEV_POLICY_NODBG) { + return; + } + + sev_ops.read = sev_mem_read; + sev_ops.write = sev_mem_write; + + memory_region_set_ram_debug_ops(mr, &sev_ops); +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index b1fbde6e40fe..00aa6e98d810 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -15,3 +15,4 @@ kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64 kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" +kvm_sev_debug(const char *op, const uint8_t *src, uint8_t *dst, int len) "(%s) src %p dst %p len %d"