From patchwork Thu Mar 8 12:48:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 883111 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="mh270nJN"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zxrNS37phz9skq for ; Fri, 9 Mar 2018 00:05:43 +1100 (AEDT) Received: from localhost ([::1]:38543 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etvEp-0001lK-8P for incoming@patchwork.ozlabs.org; Thu, 08 Mar 2018 08:05:39 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59060) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etv02-0005bx-T0 for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etv01-0004Ir-PF for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:22 -0500 Received: from mail-co1nam03on060c.outbound.protection.outlook.com ([2a01:111:f400:fe48::60c]:52390 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etv01-0004IJ-BG for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=aOi0TlMSWcEonwAqPnjkGuqrw1pONvn0fC1V7iTcvP0=; b=mh270nJNGlDejy1N5sIxHTwFhsfwNnd1UxLOhbmjZp68YB2bSdcD2fkOoQkMS/un2KQ1fbrvo1aqHvpxWE9YCQGFW49TBaGYn5w8uLHCrotS4nvj2EAGbdYZ4i6Btn8OLOGU21HhBPJZ+GqOZrXyXkhc3HOMp+0Da1iq5xYcxsE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:50:15 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:54 -0600 Message-Id: <20180308124901.83533-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7253599c-cebe-4628-b5c5-08d584f324dc X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:rzjqfyr0fYQYm7Z98uG/0NNKQAeu3DJ7dikhHNDbGrQrcF5KQeYUGhvE07cetTPGG2lXlwMhh5OyZHv7KbWuMhKtc5A+W1H6fnnooNi3/UsSFgVdiDzRSuUTaU3zZY6wC7RXAvl+J3xalN3sQ41mCIW3TYdULNjwOf+JH+vpXiANhKShkRlHEmaNG9tSFO3KfGYF7royzbgRMav8vw3XYVQVfY8b9dA379RHnKxe7gzg/APAQdDYUVaSKWsv7YMe; 25:49F6Z1gpeuIyaj+ZvqFx58a4ZOZ1R+YVrqz51Z/72QHNEqsVNrJ7JhaDemk3XCCVFIT2UIosMPSDbgUuTw6mzlgpg1nXltHuo1HQ0jyQRbg9G3KCVxqeIUCx17gqnbHBu76ApCVRQTEqk3RLsaBr47d/+vXF7ts+76dNKUMAndPcRdTAn1qr7LTB2XRFKIaOM+kIV8THNWiYT3bi0rnR8EeFr7XyqiDiEd9pfjfYn5aIzOdGpczd6AFb18jDtKvh+IodBvsmGNTD5ofy+BE85ZaO8QxGAGg6YFOBe0cD6hmcxUuagpFmgCc8wLjebbguZT2W04HI2KgokM5HnSL53A==; 31:jMCG6iB0D2DdrakIjYAdR6uxSlbI+f5MbGHOr2E5Tapq2vIjKtB/uD7sf+ZQC0iJBUxmxOneuFtAqqyUIKptvkzGVNbuTI6d41IP/+xCv/uJRuY74DoFqrm7nUD3ylsCrzyQWgKTilvqT/gft7ZFYP2ubDp7HCjsEOJZ3CdiBabFz7D6bAZ2J1vKd2RpioHOxp4bgc0VX5otOPfVzal7guK8B3eoSolxDgIfZvJZkvY= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:8nhrFUiESGlo7+/TN3//H7dKUZPQdLfo0hgCskKJtwhqBlD0+S4V7uWMzK7U07+b88q0AYf2yqwAxwRwjjpmMXa0qdwdWz3+Sd3FaeeKFWrOlovXmBEGe6UmWr5SkfUirrObNl9J7Brjs1cgGqksivTIolE1kTBrFoG96dnSbbhdOBb02+Yj/G6qY3tIwRXmbtYRUew5OBlBpFE03PrndNZ3KYzFFP+2Aun58RDVBDVDW1CSFf4yY/uo2wpdeJV0S/vS/qIzW70HN3YjVzGkOfrc3AxBLWyfWgTcJME5P0HLUzfpWMckCDNMU2CqRO2JQyEdVOwqTBIpPpD+LHEcZ34y/FUk1e6vLLcBiIPCGn+h96MTOvdCi1iNm+wlaJBcgNkL2gkuwAhThUqLd7vPBHva5NwKs719W7Xs+jbot4yt2OGYbetoaz9JXRlV4Pwxi5it0TgOTHNODxzlYealNamsoKZwxk02NH1QYjwtO0hh8P3jHt0Ka7Xh7Q4EEZow; 4:JtwFRzAkStEb3wLDIfPLz0D34W7qutg+Nisc+iJm01UGHlhCTlL0faFPgo//j4Jc8s75NFDEWKqdx4+kIzGbq48Gprt0Vkr9ux7J1IQUcVT+3VK6Da7mYUVz6zb/pectKrl2W65Dksp6T00j1+CcC0LnRaEvrw9r+YgjD4Og2b1GGamq5eH8/YCJ/Ll3PcVmaXdlXQ+qK3ObNsOz2WdOuF8HUfdThEbKqH/FoTt/Y6y+0g5f37N6yXLdw0cLz/o8Gcg3emrYpjnWwMZpxwMpDKse41uekLTByZlIj4jkv6PtI+qJ/SUILoK4S1tuDJBk X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:tMd1J412SyybdNUBFJloslca80WxuT3xWKOc18zr/?= GV+ZMkU7I/d11iy3YGghQVHoh/VyObRdSPBM/NIWe79Olsw0GtAZjYLVQ7WnJgB9vUcOwYEKYlYyCNu05XxrUXEEklju1uOUPj9BXO3vWL4C9nUfJBOENFB01L10eK2R/dA7IZJUJv2lh9uqFvQIJfWWKGYSRz8ZzLSoK/9DoSXmVa3LmaepM/kWKLRArmJnNt/1EgO/VhI+CkoMpp0/Q7LjI9xL87wb5ZVt6T2e5blKecCOodCbOIjUuSaJYlLOiLc5qIXSshlWVnv6ejHDykaDaoja8HDafgyKOmyNDWmLF+iQ65+WxU1yncRE7WXUKCM8V877I6bKCdk6h8o57kyZJnh2n9Qj956BHeXsNK5/+vo1k4eIMYv3wqYr9/5C01zdyA46Cijn0VuqchMXkyCoq+obojV7ynjJzBIsWKrz11PjgQC2CvT1EcRm0WsYkNVpZSuJTdyaHZxZgtkfmNqK9156irvomMyZMaxHyam0eCuQUumSY4WmGbqzoTNWbO+SbYE1IDhSwLsWcwz3D1zIEjKq16C4DUjoABL4OB95KN4f17uYeZryLaS0L66ttHbUO9EXmGLhQdBeZi8f153JeTPFgLyYlM6iO0HjD5Hzy0CtOIkbifkI29qP67mtv0/Z53ILorzwYSZU0M62+TDdlsR6rfcRQ00nvepf0sg4hAfcudix7M2Cqc1Lh6mAoBjLQQTFM8Cdr8giYBmeUHhHcY7ue7xQPOr3Q3ZhB8LIv0T3YAoTesfnr/b/nIOvicnxVUIRzhnSZEDyvG06xzNG5fLVysE2o4ezeXt+7iHO7cs2K9mVXeEc1WJTOuyxlaDbeXJ22ZF7YMnKKQuA0O8DjkrZogddCZ9LsdF7r/atAdLm7HVPYhmP/cG8PYkPNoermaAYi6p860cvoP9vQhV7mIdC88nWwkr5nF4sraGAewOla+O0h6bfw3jeFHRfO6b07jcEs/o5E9UGLJywFqw0wh8zDOMHjhzfAjBPIz4ALmkGWIweIBqOyUIYdpJJFesInkH2e8QQEDaZZu242hGh9qZxpNZnFu+bc2oK/TsFINejEiKyorr2Q6MjMbzimii2K3aEU462i7P/0t10r4MT762VmuXGXyfEXq3xt16FarIiUUXxdRTBWOJM4AQDChpDPmCz24ZQ5ieMVGgUI/yADf3LjwlNofp9ARS2+dS4J/bfgE7ch3GHvqGUU7oKkEOKXGzbtR3Qb9HR5sGCMV3hwcaADJtrlYcuWqoer5exLyMXj2BpS+zvMpG3Ws85wE= X-Microsoft-Antispam-Message-Info: wAmd2JctjGdvw1UBaXnCFIFmcMQ9KZXJLDeKTaEqVIDBNpk5evRNMtTywtPJPQxSl//JWghpTR45v0MFjyuHA5XLhryG0GT5m6r4ZBNJLd/Pm9+V/J+O5QrgFS1gdqA/LsLznPKdMmsUMiqiLqXEBq4o8bwUFONZcBQNt7qTed+MyCMj6uIPPQzB9UC4YY1O X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:cIL9dDDyRovKThpgchcEAW6jxwbVEwaKnbdjWX7X72DjbYE6rccrZhwGNCjUtwIGPO8IlKwNb7maRQBY6tN5yVpYz0T01hdBvHN6Ewq03VpbVcQHnR7cSplj1H9XesWVHeeP3n7hdlHfcswcXZHH8+7iD8hpUnFJd7Pb+4xD+ZeoBZwg4BzyRMzqiZX88iBGOZR7BRhYlOakOkKvahxoApMCJl4KoZH0Tu5hhkhlED/6uh9Qbfl9w82laRObaya0yz2jJYkbW5yyrU4l4kN7BHGdn4VTJ+C/dCrqgwkpZYJrQ9xBJu2P82sP9dJasbZvrUVRKU0XQxDgNzLkqi0gw31EzaHp/YPLRN6XGmAFKPs=; 5:W/KeRdtjbioapw+LJSJ050VoPjJye6D7m9Xv6IrONj92OKqrBvipD0BUy048P5fEq5jqmI5RfLkfIzXl9iXu9xxio45vjmvj01/0PRkQ4EZMyc0VU6AygmA1UhKVF2uQvLlWLwO61GUVGsipEnx1t+ZVBZ/RgP2vUbl2/RrEjg0=; 24:tVpD4kVfE5+XRvVhiRbt479feyyCwjc+GKCQ03F5YEiMeGrf9268HHggXMCF6lE4ltLgvx0qGeBX6hp0iaiNNuWsUnZTAeBBhu/aeRn8d1M=; 7:j2e+BAHm8XEyHYuOncRO+8YfHioyh/WO0m73QSSdL+AsjMiaTCvjY8AncQC69RoQNJi/LSOGcDxQL+4ngn5ozR9MUFADIWARjgHgGMNgrrndHQKIPtZtsIYkSH7MLJ91fHW5w0eMQxxcVhsNcxOvMYdPJyhO73TMMXrn6Zd1upmjnqOWVczV6njYYCL+NrYxph8WJ+rexuEhtRNmbn4eRY+AEbPINc1xFyy1hk3pCECV6PGT8DmkzE31lNmonUPt SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:Rdb4MEI/iCYF4fZAySDEn7zEfgb0KqAaCGW9Pbo+SWjpyQLB9+Y4cfDPQ2StJA6FrZVYcFRpQa6SQboWgG0x3vsigR+Etr8LIcW1UFKoLkImHbvTlTEAPmZfVHr4V4UnnFQftCch84cDGeN1m47k+F7G+aKxseWRxd/buTwCKXns/gofqOTapnuscVCtqtGmAjkl8Qqx9f9J4L7+FccGS0Nsi2dkpqSBhmkSZEQmb7TVtPpoZ7F2pdbqJa0BxtGT X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:50:15.2531 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7253599c-cebe-4628-b5c5-08d584f324dc X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe48::60c Subject: [Qemu-devel] [PATCH v12 21/28] sev/i386: add debug encrypt and decrypt commands X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for decrypting and encrypting guest memory region. The command works only if the guest policy allows the debugging. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 1 + stubs/sev.c | 4 ++++ target/i386/sev.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 4 files changed, 63 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 411aa87719e6..8089173491dd 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1682,6 +1682,7 @@ static int kvm_init(MachineState *ms) } kvm_state->memcrypt_encrypt_data = sev_encrypt_data; + kvm_state->memcrypt_debug_ops = sev_set_debug_ops; } ret = kvm_arch_init(ms, s); diff --git a/stubs/sev.c b/stubs/sev.c index 2e20f3b73a5b..73f5c7f93a67 100644 --- a/stubs/sev.c +++ b/stubs/sev.c @@ -15,6 +15,10 @@ #include "qemu-common.h" #include "sysemu/sev.h" +void sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ +} + int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) { return 1; diff --git a/target/i386/sev.c b/target/i386/sev.c index ce199d259f7a..f687e9e40e32 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -29,6 +29,7 @@ #define DEFAULT_SEV_DEVICE "/dev/sev" static SEVState *sev_state; +static MemoryRegionRAMReadWriteOps sev_ops; static const char *const sev_fw_errlist[] = { "", @@ -606,6 +607,46 @@ sev_vm_state_change(void *opaque, int running, RunState state) } } +static int +sev_dbg_enc_dec(uint8_t *dst, const uint8_t *src, uint32_t len, bool write) +{ + int ret, error; + struct kvm_sev_dbg dbg; + + dbg.src_uaddr = (unsigned long)src; + dbg.dst_uaddr = (unsigned long)dst; + dbg.len = len; + + trace_kvm_sev_debug(write ? "encrypt" : "decrypt", src, dst, len); + ret = sev_ioctl(sev_state->sev_fd, + write ? KVM_SEV_DBG_ENCRYPT : KVM_SEV_DBG_DECRYPT, + &dbg, &error); + if (ret) { + error_report("%s (%s) %#llx->%#llx+%#x ret=%d fw_error=%d '%s'", + __func__, write ? "write" : "read", dbg.src_uaddr, + dbg.dst_uaddr, dbg.len, ret, error, + fw_error_to_str(error)); + } + + return ret; +} + +static int +sev_mem_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, false); +} + +static int +sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) +{ + assert(attrs.debug); + + return sev_dbg_enc_dec(dst, src, len, true); +} + void * sev_guest_init(const char *id) { @@ -706,6 +747,22 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) return 0; } +void +sev_set_debug_ops(void *handle, MemoryRegion *mr) +{ + SEVState *s = (SEVState *)handle; + + /* If policy does not allow debug then no need to register ops */ + if (s->policy & SEV_POLICY_NODBG) { + return; + } + + sev_ops.read = sev_mem_read; + sev_ops.write = sev_mem_write; + + memory_region_set_ram_debug_ops(mr, &sev_ops); +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index b1fbde6e40fe..00aa6e98d810 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -15,3 +15,4 @@ kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64 kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" +kvm_sev_debug(const char *op, const uint8_t *src, uint8_t *dst, int len) "(%s) src %p dst %p len %d"