From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946164530504.8419419619838; Tue, 13 Mar 2018 06:02:44 -0700 (PDT) Received: from localhost ([::1]:39769 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjZh-0005aj-CW for importer@patchew.org; Tue, 13 Mar 2018 09:02:43 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60434) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUX-0001Cc-Oj for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUS-0000el-CY for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:21 -0400 Received: from mail-wr0-x232.google.com ([2a00:1450:400c:c0c::232]:34676) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUR-0000eS-UG for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:16 -0400 Received: by mail-wr0-x232.google.com with SMTP id o8so22402502wra.1 for ; Tue, 13 Mar 2018 05:57:15 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references; bh=1KhPWKBrv0trhzND3rC5P1fUo4H2ySpNnvSjFszvVSQ=; b=ulY+o2LWeg4oFci62Apbj7srtDvvS0/9LIfV7GJEJsqGfKcZRtYdmb1rHF9HYfxbXW V8+tDKQI+O72KLL7NRugp9S/cEdtkkrBNdhj7psswRaRGooW0FcZTsqW4obGWRa36zTn gGHeAvJ0M/avGUfhE3HobjnsnbOPRULg1CEYBzF1mdFBv6/USwLjKZ34qOA17DLD0A0T 06zTMvW8BWDMgaWfr4wYvAjaqLgmAXqZSAH3qowTQlIUN2XAr1eCa3c5UBp40nwf0nWv ArRUTbTz1WQCu6vZdabcah3zXK+kni0xSrXt6tZX0f6rCO8AKedD8SpoP6b3xcOHZxLg gm9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :in-reply-to:references; bh=1KhPWKBrv0trhzND3rC5P1fUo4H2ySpNnvSjFszvVSQ=; b=Ww8ZHpxMyKAj/hnKR5JmktnuWa3T8sjOtvCrV0kBwG1IeWiX+qHUxZ9xCcokodC48k 923Sux6FhOvHZE3UYIrrt8JyZlyIfQzhEhosTx9ZgCgA7Q+ivVDMRlqcojPnU8EpjDYB fCLOPUl9R/u8R2NAvFQRdIa5a/RP359Bz6PQ/q2EEe6K7h6DslZuMRWGhpGZk3AhxeZx tEELD0ymLkOmgf8t58fM+2yUB/m9+I9646TpJtI15OZJb45oQQ/Vg6qgDKb3NzO1ECy3 Met55TWn0lfGEm2SkFev1c76vU47pjHIyaRId6shpZPB8ENWcqpptJQ/X4gT5uzu9AXg GUHQ== X-Gm-Message-State: AElRT7Ezv1aU2ZTmhkPjoAVCXWHG+urMOgNMbmfkhrPbSuZWZ4T8FCJV XXw9fDrktq789R3ZaB60u3lfP4Vn X-Google-Smtp-Source: AG47ELtHRfPLNb/tI0+OCt5QEzWnnc6i1COOxtLa5Ws9CyBibiyrFiB2ypRhapR8dbrzZ/MBQo2fag== X-Received: by 10.28.124.20 with SMTP id x20mr678598wmc.62.1520945833537; Tue, 13 Mar 2018 05:57:13 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:17 +0100 Message-Id: <1520945798-50640-2-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::232 Subject: [Qemu-devel] [PULL 01/22] update Linux headers to 4.16-rc5 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Note that VIRTIO_GPU_CAPSET_VIRGL2 was added manually so it has to be added manually after re-running scripts/update-linux-headers.sh. Signed-off-by: Paolo Bonzini --- include/standard-headers/linux/input-event-codes.h | 1 + include/standard-headers/linux/input.h | 11 + include/standard-headers/linux/pci_regs.h | 30 +- include/standard-headers/linux/virtio_net.h | 13 + include/standard-headers/linux/virtio_ring.h | 2 +- include/standard-headers/rdma/vmw_pvrdma-abi.h | 13 +- linux-headers/asm-powerpc/kvm.h | 2 + linux-headers/asm-powerpc/unistd.h | 3 + linux-headers/asm-s390/unistd.h | 401 +----------------= ---- linux-headers/asm-s390/unistd_32.h | 364 +++++++++++++++++= ++ linux-headers/asm-s390/unistd_64.h | 331 +++++++++++++++++ linux-headers/asm-x86/kvm_para.h | 5 + linux-headers/linux/kvm.h | 92 +++++ linux-headers/linux/psci.h | 3 + linux-headers/linux/vfio.h | 72 ++++ scripts/update-linux-headers.sh | 3 + 16 files changed, 930 insertions(+), 416 deletions(-) create mode 100644 linux-headers/asm-s390/unistd_32.h create mode 100644 linux-headers/asm-s390/unistd_64.h diff --git a/include/standard-headers/linux/input-event-codes.h b/include/s= tandard-headers/linux/input-event-codes.h index 79841b5..9e6a8ba 100644 --- a/include/standard-headers/linux/input-event-codes.h +++ b/include/standard-headers/linux/input-event-codes.h @@ -594,6 +594,7 @@ #define BTN_DPAD_RIGHT 0x223 =20 #define KEY_ALS_TOGGLE 0x230 /* Ambient light sensor */ +#define KEY_ROTATE_LOCK_TOGGLE 0x231 /* Display rotation lock */ =20 #define KEY_BUTTONCONFIG 0x240 /* AL Button Configuration */ #define KEY_TASKMANAGER 0x241 /* AL Task/Project Manager */ diff --git a/include/standard-headers/linux/input.h b/include/standard-head= ers/linux/input.h index bc3e6d3..939b627 100644 --- a/include/standard-headers/linux/input.h +++ b/include/standard-headers/linux/input.h @@ -18,10 +18,21 @@ =20 /* * The event structure itself + * Note that __USE_TIME_BITS64 is defined by libc based on + * application's request to use 64 bit time_t. */ =20 struct input_event { +#if (HOST_LONG_BITS !=3D 32 || !defined(__USE_TIME_BITS64)) && !defined(__= KERNEL) struct timeval time; +#define input_event_sec time.tv_sec +#define input_event_usec time.tv_usec +#else + __kernel_ulong_t __sec; + __kernel_ulong_t __usec; +#define input_event_sec __sec +#define input_event_usec __usec +#endif uint16_t type; uint16_t code; int32_t value; diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-h= eaders/linux/pci_regs.h index 70c2b2a..0c79eac 100644 --- a/include/standard-headers/linux/pci_regs.h +++ b/include/standard-headers/linux/pci_regs.h @@ -622,15 +622,19 @@ * safely. */ #define PCI_EXP_DEVCAP2 36 /* Device Capabilities 2 */ +#define PCI_EXP_DEVCAP2_COMP_TMOUT_DIS 0x00000010 /* Completion Timeout D= isable supported */ #define PCI_EXP_DEVCAP2_ARI 0x00000020 /* Alternative Routing-ID */ #define PCI_EXP_DEVCAP2_ATOMIC_ROUTE 0x00000040 /* Atomic Op routing */ -#define PCI_EXP_DEVCAP2_ATOMIC_COMP64 0x00000100 /* Atomic 64-bit compare = */ +#define PCI_EXP_DEVCAP2_ATOMIC_COMP32 0x00000080 /* 32b AtomicOp completi= on */ +#define PCI_EXP_DEVCAP2_ATOMIC_COMP64 0x00000100 /* 64b AtomicOp completi= on */ +#define PCI_EXP_DEVCAP2_ATOMIC_COMP128 0x00000200 /* 128b AtomicOp comple= tion */ #define PCI_EXP_DEVCAP2_LTR 0x00000800 /* Latency tolerance reporting */ #define PCI_EXP_DEVCAP2_OBFF_MASK 0x000c0000 /* OBFF support mechanism */ #define PCI_EXP_DEVCAP2_OBFF_MSG 0x00040000 /* New message signaling */ #define PCI_EXP_DEVCAP2_OBFF_WAKE 0x00080000 /* Re-use WAKE# for OBFF */ #define PCI_EXP_DEVCTL2 40 /* Device Control 2 */ #define PCI_EXP_DEVCTL2_COMP_TIMEOUT 0x000f /* Completion Timeout Value */ +#define PCI_EXP_DEVCTL2_COMP_TMOUT_DIS 0x0010 /* Completion Timeout Disab= le */ #define PCI_EXP_DEVCTL2_ARI 0x0020 /* Alternative Routing-ID */ #define PCI_EXP_DEVCTL2_ATOMIC_REQ 0x0040 /* Set Atomic requests */ #define PCI_EXP_DEVCTL2_ATOMIC_EGRESS_BLOCK 0x0080 /* Block atomic egress = */ @@ -966,26 +970,28 @@ =20 /* Downstream Port Containment */ #define PCI_EXP_DPC_CAP 4 /* DPC Capability */ -#define PCI_EXP_DPC_IRQ 0x1f /* DPC Interrupt Message Number */ -#define PCI_EXP_DPC_CAP_RP_EXT 0x20 /* Root Port Extensions for DPC */ -#define PCI_EXP_DPC_CAP_POISONED_TLP 0x40 /* Poisoned TLP Egress Blocking= Supported */ -#define PCI_EXP_DPC_CAP_SW_TRIGGER 0x80 /* Software Triggering Supported = */ -#define PCI_EXP_DPC_RP_PIO_LOG_SIZE 0xF00 /* RP PIO log size */ +#define PCI_EXP_DPC_IRQ 0x001F /* Interrupt Message Number */ +#define PCI_EXP_DPC_CAP_RP_EXT 0x0020 /* Root Port Extensions */ +#define PCI_EXP_DPC_CAP_POISONED_TLP 0x0040 /* Poisoned TLP Egress Blocki= ng Supported */ +#define PCI_EXP_DPC_CAP_SW_TRIGGER 0x0080 /* Software Triggering Supporte= d */ +#define PCI_EXP_DPC_RP_PIO_LOG_SIZE 0x0F00 /* RP PIO Log Size */ #define PCI_EXP_DPC_CAP_DL_ACTIVE 0x1000 /* ERR_COR signal on DL_Active s= upported */ =20 #define PCI_EXP_DPC_CTL 6 /* DPC control */ -#define PCI_EXP_DPC_CTL_EN_NONFATAL 0x02 /* Enable trigger on ERR_NONFAT= AL message */ -#define PCI_EXP_DPC_CTL_INT_EN 0x08 /* DPC Interrupt Enable */ +#define PCI_EXP_DPC_CTL_EN_NONFATAL 0x0002 /* Enable trigger on ERR_NONF= ATAL message */ +#define PCI_EXP_DPC_CTL_INT_EN 0x0008 /* DPC Interrupt Enable */ =20 #define PCI_EXP_DPC_STATUS 8 /* DPC Status */ -#define PCI_EXP_DPC_STATUS_TRIGGER 0x01 /* Trigger Status */ -#define PCI_EXP_DPC_STATUS_INTERRUPT 0x08 /* Interrupt Status */ -#define PCI_EXP_DPC_RP_BUSY 0x10 /* Root Port Busy */ +#define PCI_EXP_DPC_STATUS_TRIGGER 0x0001 /* Trigger Status */ +#define PCI_EXP_DPC_STATUS_TRIGGER_RSN 0x0006 /* Trigger Reason */ +#define PCI_EXP_DPC_STATUS_INTERRUPT 0x0008 /* Interrupt Status */ +#define PCI_EXP_DPC_RP_BUSY 0x0010 /* Root Port Busy */ +#define PCI_EXP_DPC_STATUS_TRIGGER_RSN_EXT 0x0060 /* Trig Reason Extensio= n */ =20 #define PCI_EXP_DPC_SOURCE_ID 10 /* DPC Source Identifier */ =20 #define PCI_EXP_DPC_RP_PIO_STATUS 0x0C /* RP PIO Status */ -#define PCI_EXP_DPC_RP_PIO_MASK 0x10 /* RP PIO MASK */ +#define PCI_EXP_DPC_RP_PIO_MASK 0x10 /* RP PIO Mask */ #define PCI_EXP_DPC_RP_PIO_SEVERITY 0x14 /* RP PIO Severity */ #define PCI_EXP_DPC_RP_PIO_SYSERROR 0x18 /* RP PIO SysError */ #define PCI_EXP_DPC_RP_PIO_EXCEPTION 0x1C /* RP PIO Exception */ diff --git a/include/standard-headers/linux/virtio_net.h b/include/standard= -headers/linux/virtio_net.h index 30ff249..e9f255e 100644 --- a/include/standard-headers/linux/virtio_net.h +++ b/include/standard-headers/linux/virtio_net.h @@ -57,6 +57,8 @@ * Steering */ #define VIRTIO_NET_F_CTRL_MAC_ADDR 23 /* Set MAC address */ =20 +#define VIRTIO_NET_F_SPEED_DUPLEX 63 /* Device set linkspeed and duplex */ + #ifndef VIRTIO_NET_NO_LEGACY #define VIRTIO_NET_F_GSO 6 /* Host handles pkts w/ any GSO type */ #endif /* VIRTIO_NET_NO_LEGACY */ @@ -76,6 +78,17 @@ struct virtio_net_config { uint16_t max_virtqueue_pairs; /* Default maximum transmit unit advice */ uint16_t mtu; + /* + * speed, in units of 1Mb. All values 0 to INT_MAX are legal. + * Any other value stands for unknown. + */ + uint32_t speed; + /* + * 0x00 - half duplex + * 0x01 - full duplex + * Any other value stands for unknown. + */ + uint8_t duplex; } QEMU_PACKED; =20 /* diff --git a/include/standard-headers/linux/virtio_ring.h b/include/standar= d-headers/linux/virtio_ring.h index f1dc05d..d26e72b 100644 --- a/include/standard-headers/linux/virtio_ring.h +++ b/include/standard-headers/linux/virtio_ring.h @@ -78,7 +78,7 @@ struct vring_avail { __virtio16 ring[]; }; =20 -/* u32 is used here for ids for padding reasons. */ +/* uint32_t is used here for ids for padding reasons. */ struct vring_used_elem { /* Index of start of used descriptor chain. */ __virtio32 id; diff --git a/include/standard-headers/rdma/vmw_pvrdma-abi.h b/include/stand= ard-headers/rdma/vmw_pvrdma-abi.h index 0d0f7a8..07a820d 100644 --- a/include/standard-headers/rdma/vmw_pvrdma-abi.h +++ b/include/standard-headers/rdma/vmw_pvrdma-abi.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Cl= ause) */ /* * Copyright (c) 2012-2016 VMware, Inc. All rights reserved. * @@ -51,12 +52,14 @@ #define PVRDMA_UVERBS_ABI_VERSION 3 /* ABI Version. */ #define PVRDMA_UAR_HANDLE_MASK 0x00FFFFFF /* Bottom 24 bits. */ #define PVRDMA_UAR_QP_OFFSET 0 /* QP doorbell. */ -#define PVRDMA_UAR_QP_SEND BIT(30) /* Send bit. */ -#define PVRDMA_UAR_QP_RECV BIT(31) /* Recv bit. */ +#define PVRDMA_UAR_QP_SEND (1 << 30) /* Send bit. */ +#define PVRDMA_UAR_QP_RECV (1 << 31) /* Recv bit. */ #define PVRDMA_UAR_CQ_OFFSET 4 /* CQ doorbell. */ -#define PVRDMA_UAR_CQ_ARM_SOL BIT(29) /* Arm solicited bit. */ -#define PVRDMA_UAR_CQ_ARM BIT(30) /* Arm bit. */ -#define PVRDMA_UAR_CQ_POLL BIT(31) /* Poll bit. */ +#define PVRDMA_UAR_CQ_ARM_SOL (1 << 29) /* Arm solicited bit. */ +#define PVRDMA_UAR_CQ_ARM (1 << 30) /* Arm bit. */ +#define PVRDMA_UAR_CQ_POLL (1 << 31) /* Poll bit. */ +#define PVRDMA_UAR_SRQ_OFFSET 8 /* SRQ doorbell. */ +#define PVRDMA_UAR_SRQ_RECV (1 << 30) /* Recv bit. */ =20 enum pvrdma_wr_opcode { PVRDMA_WR_RDMA_WRITE, diff --git a/linux-headers/asm-powerpc/kvm.h b/linux-headers/asm-powerpc/kv= m.h index 637b726..833ed9a 100644 --- a/linux-headers/asm-powerpc/kvm.h +++ b/linux-headers/asm-powerpc/kvm.h @@ -632,6 +632,8 @@ struct kvm_ppc_cpu_char { #define KVM_REG_PPC_TIDR (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0xbc) #define KVM_REG_PPC_PSSCR (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0xbd) =20 +#define KVM_REG_PPC_DEC_EXPIRY (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0xbe) + /* Transactional Memory checkpointed state: * This is all GPRs, all VSX regs and a subset of SPRs */ diff --git a/linux-headers/asm-powerpc/unistd.h b/linux-headers/asm-powerpc= /unistd.h index 36abf58..0c08edc 100644 --- a/linux-headers/asm-powerpc/unistd.h +++ b/linux-headers/asm-powerpc/unistd.h @@ -395,5 +395,8 @@ #define __NR_pwritev2 381 #define __NR_kexec_file_load 382 #define __NR_statx 383 +#define __NR_pkey_alloc 384 +#define __NR_pkey_free 385 +#define __NR_pkey_mprotect 386 =20 #endif /* _ASM_POWERPC_UNISTD_H_ */ diff --git a/linux-headers/asm-s390/unistd.h b/linux-headers/asm-s390/unist= d.h index 99223b8..27b8b21 100644 --- a/linux-headers/asm-s390/unistd.h +++ b/linux-headers/asm-s390/unistd.h @@ -8,405 +8,10 @@ #ifndef _ASM_S390_UNISTD_H_ #define _ASM_S390_UNISTD_H_ =20 -/* - * This file contains the system call numbers. - */ - -#define __NR_exit 1 -#define __NR_fork 2 -#define __NR_read 3 -#define __NR_write 4 -#define __NR_open 5 -#define __NR_close 6 -#define __NR_restart_syscall 7 -#define __NR_creat 8 -#define __NR_link 9 -#define __NR_unlink 10 -#define __NR_execve 11 -#define __NR_chdir 12 -#define __NR_mknod 14 -#define __NR_chmod 15 -#define __NR_lseek 19 -#define __NR_getpid 20 -#define __NR_mount 21 -#define __NR_umount 22 -#define __NR_ptrace 26 -#define __NR_alarm 27 -#define __NR_pause 29 -#define __NR_utime 30 -#define __NR_access 33 -#define __NR_nice 34 -#define __NR_sync 36 -#define __NR_kill 37 -#define __NR_rename 38 -#define __NR_mkdir 39 -#define __NR_rmdir 40 -#define __NR_dup 41 -#define __NR_pipe 42 -#define __NR_times 43 -#define __NR_brk 45 -#define __NR_signal 48 -#define __NR_acct 51 -#define __NR_umount2 52 -#define __NR_ioctl 54 -#define __NR_fcntl 55 -#define __NR_setpgid 57 -#define __NR_umask 60 -#define __NR_chroot 61 -#define __NR_ustat 62 -#define __NR_dup2 63 -#define __NR_getppid 64 -#define __NR_getpgrp 65 -#define __NR_setsid 66 -#define __NR_sigaction 67 -#define __NR_sigsuspend 72 -#define __NR_sigpending 73 -#define __NR_sethostname 74 -#define __NR_setrlimit 75 -#define __NR_getrusage 77 -#define __NR_gettimeofday 78 -#define __NR_settimeofday 79 -#define __NR_symlink 83 -#define __NR_readlink 85 -#define __NR_uselib 86 -#define __NR_swapon 87 -#define __NR_reboot 88 -#define __NR_readdir 89 -#define __NR_mmap 90 -#define __NR_munmap 91 -#define __NR_truncate 92 -#define __NR_ftruncate 93 -#define __NR_fchmod 94 -#define __NR_getpriority 96 -#define __NR_setpriority 97 -#define __NR_statfs 99 -#define __NR_fstatfs 100 -#define __NR_socketcall 102 -#define __NR_syslog 103 -#define __NR_setitimer 104 -#define __NR_getitimer 105 -#define __NR_stat 106 -#define __NR_lstat 107 -#define __NR_fstat 108 -#define __NR_lookup_dcookie 110 -#define __NR_vhangup 111 -#define __NR_idle 112 -#define __NR_wait4 114 -#define __NR_swapoff 115 -#define __NR_sysinfo 116 -#define __NR_ipc 117 -#define __NR_fsync 118 -#define __NR_sigreturn 119 -#define __NR_clone 120 -#define __NR_setdomainname 121 -#define __NR_uname 122 -#define __NR_adjtimex 124 -#define __NR_mprotect 125 -#define __NR_sigprocmask 126 -#define __NR_create_module 127 -#define __NR_init_module 128 -#define __NR_delete_module 129 -#define __NR_get_kernel_syms 130 -#define __NR_quotactl 131 -#define __NR_getpgid 132 -#define __NR_fchdir 133 -#define __NR_bdflush 134 -#define __NR_sysfs 135 -#define __NR_personality 136 -#define __NR_afs_syscall 137 /* Syscall for Andrew File System */ -#define __NR_getdents 141 -#define __NR_flock 143 -#define __NR_msync 144 -#define __NR_readv 145 -#define __NR_writev 146 -#define __NR_getsid 147 -#define __NR_fdatasync 148 -#define __NR__sysctl 149 -#define __NR_mlock 150 -#define __NR_munlock 151 -#define __NR_mlockall 152 -#define __NR_munlockall 153 -#define __NR_sched_setparam 154 -#define __NR_sched_getparam 155 -#define __NR_sched_setscheduler 156 -#define __NR_sched_getscheduler 157 -#define __NR_sched_yield 158 -#define __NR_sched_get_priority_max 159 -#define __NR_sched_get_priority_min 160 -#define __NR_sched_rr_get_interval 161 -#define __NR_nanosleep 162 -#define __NR_mremap 163 -#define __NR_query_module 167 -#define __NR_poll 168 -#define __NR_nfsservctl 169 -#define __NR_prctl 172 -#define __NR_rt_sigreturn 173 -#define __NR_rt_sigaction 174 -#define __NR_rt_sigprocmask 175 -#define __NR_rt_sigpending 176 -#define __NR_rt_sigtimedwait 177 -#define __NR_rt_sigqueueinfo 178 -#define __NR_rt_sigsuspend 179 -#define __NR_pread64 180 -#define __NR_pwrite64 181 -#define __NR_getcwd 183 -#define __NR_capget 184 -#define __NR_capset 185 -#define __NR_sigaltstack 186 -#define __NR_sendfile 187 -#define __NR_getpmsg 188 -#define __NR_putpmsg 189 -#define __NR_vfork 190 -#define __NR_pivot_root 217 -#define __NR_mincore 218 -#define __NR_madvise 219 -#define __NR_getdents64 220 -#define __NR_readahead 222 -#define __NR_setxattr 224 -#define __NR_lsetxattr 225 -#define __NR_fsetxattr 226 -#define __NR_getxattr 227 -#define __NR_lgetxattr 228 -#define __NR_fgetxattr 229 -#define __NR_listxattr 230 -#define __NR_llistxattr 231 -#define __NR_flistxattr 232 -#define __NR_removexattr 233 -#define __NR_lremovexattr 234 -#define __NR_fremovexattr 235 -#define __NR_gettid 236 -#define __NR_tkill 237 -#define __NR_futex 238 -#define __NR_sched_setaffinity 239 -#define __NR_sched_getaffinity 240 -#define __NR_tgkill 241 -/* Number 242 is reserved for tux */ -#define __NR_io_setup 243 -#define __NR_io_destroy 244 -#define __NR_io_getevents 245 -#define __NR_io_submit 246 -#define __NR_io_cancel 247 -#define __NR_exit_group 248 -#define __NR_epoll_create 249 -#define __NR_epoll_ctl 250 -#define __NR_epoll_wait 251 -#define __NR_set_tid_address 252 -#define __NR_fadvise64 253 -#define __NR_timer_create 254 -#define __NR_timer_settime 255 -#define __NR_timer_gettime 256 -#define __NR_timer_getoverrun 257 -#define __NR_timer_delete 258 -#define __NR_clock_settime 259 -#define __NR_clock_gettime 260 -#define __NR_clock_getres 261 -#define __NR_clock_nanosleep 262 -/* Number 263 is reserved for vserver */ -#define __NR_statfs64 265 -#define __NR_fstatfs64 266 -#define __NR_remap_file_pages 267 -#define __NR_mbind 268 -#define __NR_get_mempolicy 269 -#define __NR_set_mempolicy 270 -#define __NR_mq_open 271 -#define __NR_mq_unlink 272 -#define __NR_mq_timedsend 273 -#define __NR_mq_timedreceive 274 -#define __NR_mq_notify 275 -#define __NR_mq_getsetattr 276 -#define __NR_kexec_load 277 -#define __NR_add_key 278 -#define __NR_request_key 279 -#define __NR_keyctl 280 -#define __NR_waitid 281 -#define __NR_ioprio_set 282 -#define __NR_ioprio_get 283 -#define __NR_inotify_init 284 -#define __NR_inotify_add_watch 285 -#define __NR_inotify_rm_watch 286 -#define __NR_migrate_pages 287 -#define __NR_openat 288 -#define __NR_mkdirat 289 -#define __NR_mknodat 290 -#define __NR_fchownat 291 -#define __NR_futimesat 292 -#define __NR_unlinkat 294 -#define __NR_renameat 295 -#define __NR_linkat 296 -#define __NR_symlinkat 297 -#define __NR_readlinkat 298 -#define __NR_fchmodat 299 -#define __NR_faccessat 300 -#define __NR_pselect6 301 -#define __NR_ppoll 302 -#define __NR_unshare 303 -#define __NR_set_robust_list 304 -#define __NR_get_robust_list 305 -#define __NR_splice 306 -#define __NR_sync_file_range 307 -#define __NR_tee 308 -#define __NR_vmsplice 309 -#define __NR_move_pages 310 -#define __NR_getcpu 311 -#define __NR_epoll_pwait 312 -#define __NR_utimes 313 -#define __NR_fallocate 314 -#define __NR_utimensat 315 -#define __NR_signalfd 316 -#define __NR_timerfd 317 -#define __NR_eventfd 318 -#define __NR_timerfd_create 319 -#define __NR_timerfd_settime 320 -#define __NR_timerfd_gettime 321 -#define __NR_signalfd4 322 -#define __NR_eventfd2 323 -#define __NR_inotify_init1 324 -#define __NR_pipe2 325 -#define __NR_dup3 326 -#define __NR_epoll_create1 327 -#define __NR_preadv 328 -#define __NR_pwritev 329 -#define __NR_rt_tgsigqueueinfo 330 -#define __NR_perf_event_open 331 -#define __NR_fanotify_init 332 -#define __NR_fanotify_mark 333 -#define __NR_prlimit64 334 -#define __NR_name_to_handle_at 335 -#define __NR_open_by_handle_at 336 -#define __NR_clock_adjtime 337 -#define __NR_syncfs 338 -#define __NR_setns 339 -#define __NR_process_vm_readv 340 -#define __NR_process_vm_writev 341 -#define __NR_s390_runtime_instr 342 -#define __NR_kcmp 343 -#define __NR_finit_module 344 -#define __NR_sched_setattr 345 -#define __NR_sched_getattr 346 -#define __NR_renameat2 347 -#define __NR_seccomp 348 -#define __NR_getrandom 349 -#define __NR_memfd_create 350 -#define __NR_bpf 351 -#define __NR_s390_pci_mmio_write 352 -#define __NR_s390_pci_mmio_read 353 -#define __NR_execveat 354 -#define __NR_userfaultfd 355 -#define __NR_membarrier 356 -#define __NR_recvmmsg 357 -#define __NR_sendmmsg 358 -#define __NR_socket 359 -#define __NR_socketpair 360 -#define __NR_bind 361 -#define __NR_connect 362 -#define __NR_listen 363 -#define __NR_accept4 364 -#define __NR_getsockopt 365 -#define __NR_setsockopt 366 -#define __NR_getsockname 367 -#define __NR_getpeername 368 -#define __NR_sendto 369 -#define __NR_sendmsg 370 -#define __NR_recvfrom 371 -#define __NR_recvmsg 372 -#define __NR_shutdown 373 -#define __NR_mlock2 374 -#define __NR_copy_file_range 375 -#define __NR_preadv2 376 -#define __NR_pwritev2 377 -#define __NR_s390_guarded_storage 378 -#define __NR_statx 379 -#define __NR_s390_sthyi 380 -#define NR_syscalls 381 - -/*=20 - * There are some system calls that are not present on 64 bit, some - * have a different name although they do the same (e.g. __NR_chown32 - * is __NR_chown on 64 bit). - */ -#ifndef __s390x__ - -#define __NR_time 13 -#define __NR_lchown 16 -#define __NR_setuid 23 -#define __NR_getuid 24 -#define __NR_stime 25 -#define __NR_setgid 46 -#define __NR_getgid 47 -#define __NR_geteuid 49 -#define __NR_getegid 50 -#define __NR_setreuid 70 -#define __NR_setregid 71 -#define __NR_getrlimit 76 -#define __NR_getgroups 80 -#define __NR_setgroups 81 -#define __NR_fchown 95 -#define __NR_ioperm 101 -#define __NR_setfsuid 138 -#define __NR_setfsgid 139 -#define __NR__llseek 140 -#define __NR__newselect 142 -#define __NR_setresuid 164 -#define __NR_getresuid 165 -#define __NR_setresgid 170 -#define __NR_getresgid 171 -#define __NR_chown 182 -#define __NR_ugetrlimit 191 /* SuS compliant getrlimit */ -#define __NR_mmap2 192 -#define __NR_truncate64 193 -#define __NR_ftruncate64 194 -#define __NR_stat64 195 -#define __NR_lstat64 196 -#define __NR_fstat64 197 -#define __NR_lchown32 198 -#define __NR_getuid32 199 -#define __NR_getgid32 200 -#define __NR_geteuid32 201 -#define __NR_getegid32 202 -#define __NR_setreuid32 203 -#define __NR_setregid32 204 -#define __NR_getgroups32 205 -#define __NR_setgroups32 206 -#define __NR_fchown32 207 -#define __NR_setresuid32 208 -#define __NR_getresuid32 209 -#define __NR_setresgid32 210 -#define __NR_getresgid32 211 -#define __NR_chown32 212 -#define __NR_setuid32 213 -#define __NR_setgid32 214 -#define __NR_setfsuid32 215 -#define __NR_setfsgid32 216 -#define __NR_fcntl64 221 -#define __NR_sendfile64 223 -#define __NR_fadvise64_64 264 -#define __NR_fstatat64 293 - +#ifdef __s390x__ +#include #else - -#define __NR_select 142 -#define __NR_getrlimit 191 /* SuS compliant getrlimit */ -#define __NR_lchown 198 -#define __NR_getuid 199 -#define __NR_getgid 200 -#define __NR_geteuid 201 -#define __NR_getegid 202 -#define __NR_setreuid 203 -#define __NR_setregid 204 -#define __NR_getgroups 205 -#define __NR_setgroups 206 -#define __NR_fchown 207 -#define __NR_setresuid 208 -#define __NR_getresuid 209 -#define __NR_setresgid 210 -#define __NR_getresgid 211 -#define __NR_chown 212 -#define __NR_setuid 213 -#define __NR_setgid 214 -#define __NR_setfsuid 215 -#define __NR_setfsgid 216 -#define __NR_newfstatat 293 - +#include #endif =20 #endif /* _ASM_S390_UNISTD_H_ */ diff --git a/linux-headers/asm-s390/unistd_32.h b/linux-headers/asm-s390/un= istd_32.h new file mode 100644 index 0000000..1ae66a2 --- /dev/null +++ b/linux-headers/asm-s390/unistd_32.h @@ -0,0 +1,364 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _ASM_S390_UNISTD_32_H +#define _ASM_S390_UNISTD_32_H + +#define __NR_exit 1 +#define __NR_fork 2 +#define __NR_read 3 +#define __NR_write 4 +#define __NR_open 5 +#define __NR_close 6 +#define __NR_restart_syscall 7 +#define __NR_creat 8 +#define __NR_link 9 +#define __NR_unlink 10 +#define __NR_execve 11 +#define __NR_chdir 12 +#define __NR_time 13 +#define __NR_mknod 14 +#define __NR_chmod 15 +#define __NR_lchown 16 +#define __NR_lseek 19 +#define __NR_getpid 20 +#define __NR_mount 21 +#define __NR_umount 22 +#define __NR_setuid 23 +#define __NR_getuid 24 +#define __NR_stime 25 +#define __NR_ptrace 26 +#define __NR_alarm 27 +#define __NR_pause 29 +#define __NR_utime 30 +#define __NR_access 33 +#define __NR_nice 34 +#define __NR_sync 36 +#define __NR_kill 37 +#define __NR_rename 38 +#define __NR_mkdir 39 +#define __NR_rmdir 40 +#define __NR_dup 41 +#define __NR_pipe 42 +#define __NR_times 43 +#define __NR_brk 45 +#define __NR_setgid 46 +#define __NR_getgid 47 +#define __NR_signal 48 +#define __NR_geteuid 49 +#define __NR_getegid 50 +#define __NR_acct 51 +#define __NR_umount2 52 +#define __NR_ioctl 54 +#define __NR_fcntl 55 +#define __NR_setpgid 57 +#define __NR_umask 60 +#define __NR_chroot 61 +#define __NR_ustat 62 +#define __NR_dup2 63 +#define __NR_getppid 64 +#define __NR_getpgrp 65 +#define __NR_setsid 66 +#define __NR_sigaction 67 +#define __NR_setreuid 70 +#define __NR_setregid 71 +#define __NR_sigsuspend 72 +#define __NR_sigpending 73 +#define __NR_sethostname 74 +#define __NR_setrlimit 75 +#define __NR_getrlimit 76 +#define __NR_getrusage 77 +#define __NR_gettimeofday 78 +#define __NR_settimeofday 79 +#define __NR_getgroups 80 +#define __NR_setgroups 81 +#define __NR_symlink 83 +#define __NR_readlink 85 +#define __NR_uselib 86 +#define __NR_swapon 87 +#define __NR_reboot 88 +#define __NR_readdir 89 +#define __NR_mmap 90 +#define __NR_munmap 91 +#define __NR_truncate 92 +#define __NR_ftruncate 93 +#define __NR_fchmod 94 +#define __NR_fchown 95 +#define __NR_getpriority 96 +#define __NR_setpriority 97 +#define __NR_statfs 99 +#define __NR_fstatfs 100 +#define __NR_ioperm 101 +#define __NR_socketcall 102 +#define __NR_syslog 103 +#define __NR_setitimer 104 +#define __NR_getitimer 105 +#define __NR_stat 106 +#define __NR_lstat 107 +#define __NR_fstat 108 +#define __NR_lookup_dcookie 110 +#define __NR_vhangup 111 +#define __NR_idle 112 +#define __NR_wait4 114 +#define __NR_swapoff 115 +#define __NR_sysinfo 116 +#define __NR_ipc 117 +#define __NR_fsync 118 +#define __NR_sigreturn 119 +#define __NR_clone 120 +#define __NR_setdomainname 121 +#define __NR_uname 122 +#define __NR_adjtimex 124 +#define __NR_mprotect 125 +#define __NR_sigprocmask 126 +#define __NR_create_module 127 +#define __NR_init_module 128 +#define __NR_delete_module 129 +#define __NR_get_kernel_syms 130 +#define __NR_quotactl 131 +#define __NR_getpgid 132 +#define __NR_fchdir 133 +#define __NR_bdflush 134 +#define __NR_sysfs 135 +#define __NR_personality 136 +#define __NR_afs_syscall 137 +#define __NR_setfsuid 138 +#define __NR_setfsgid 139 +#define __NR__llseek 140 +#define __NR_getdents 141 +#define __NR__newselect 142 +#define __NR_flock 143 +#define __NR_msync 144 +#define __NR_readv 145 +#define __NR_writev 146 +#define __NR_getsid 147 +#define __NR_fdatasync 148 +#define __NR__sysctl 149 +#define __NR_mlock 150 +#define __NR_munlock 151 +#define __NR_mlockall 152 +#define __NR_munlockall 153 +#define __NR_sched_setparam 154 +#define __NR_sched_getparam 155 +#define __NR_sched_setscheduler 156 +#define __NR_sched_getscheduler 157 +#define __NR_sched_yield 158 +#define __NR_sched_get_priority_max 159 +#define __NR_sched_get_priority_min 160 +#define __NR_sched_rr_get_interval 161 +#define __NR_nanosleep 162 +#define __NR_mremap 163 +#define __NR_setresuid 164 +#define __NR_getresuid 165 +#define __NR_query_module 167 +#define __NR_poll 168 +#define __NR_nfsservctl 169 +#define __NR_setresgid 170 +#define __NR_getresgid 171 +#define __NR_prctl 172 +#define __NR_rt_sigreturn 173 +#define __NR_rt_sigaction 174 +#define __NR_rt_sigprocmask 175 +#define __NR_rt_sigpending 176 +#define __NR_rt_sigtimedwait 177 +#define __NR_rt_sigqueueinfo 178 +#define __NR_rt_sigsuspend 179 +#define __NR_pread64 180 +#define __NR_pwrite64 181 +#define __NR_chown 182 +#define __NR_getcwd 183 +#define __NR_capget 184 +#define __NR_capset 185 +#define __NR_sigaltstack 186 +#define __NR_sendfile 187 +#define __NR_getpmsg 188 +#define __NR_putpmsg 189 +#define __NR_vfork 190 +#define __NR_ugetrlimit 191 +#define __NR_mmap2 192 +#define __NR_truncate64 193 +#define __NR_ftruncate64 194 +#define __NR_stat64 195 +#define __NR_lstat64 196 +#define __NR_fstat64 197 +#define __NR_lchown32 198 +#define __NR_getuid32 199 +#define __NR_getgid32 200 +#define __NR_geteuid32 201 +#define __NR_getegid32 202 +#define __NR_setreuid32 203 +#define __NR_setregid32 204 +#define __NR_getgroups32 205 +#define __NR_setgroups32 206 +#define __NR_fchown32 207 +#define __NR_setresuid32 208 +#define __NR_getresuid32 209 +#define __NR_setresgid32 210 +#define __NR_getresgid32 211 +#define __NR_chown32 212 +#define __NR_setuid32 213 +#define __NR_setgid32 214 +#define __NR_setfsuid32 215 +#define __NR_setfsgid32 216 +#define __NR_pivot_root 217 +#define __NR_mincore 218 +#define __NR_madvise 219 +#define __NR_getdents64 220 +#define __NR_fcntl64 221 +#define __NR_readahead 222 +#define __NR_sendfile64 223 +#define __NR_setxattr 224 +#define __NR_lsetxattr 225 +#define __NR_fsetxattr 226 +#define __NR_getxattr 227 +#define __NR_lgetxattr 228 +#define __NR_fgetxattr 229 +#define __NR_listxattr 230 +#define __NR_llistxattr 231 +#define __NR_flistxattr 232 +#define __NR_removexattr 233 +#define __NR_lremovexattr 234 +#define __NR_fremovexattr 235 +#define __NR_gettid 236 +#define __NR_tkill 237 +#define __NR_futex 238 +#define __NR_sched_setaffinity 239 +#define __NR_sched_getaffinity 240 +#define __NR_tgkill 241 +#define __NR_io_setup 243 +#define __NR_io_destroy 244 +#define __NR_io_getevents 245 +#define __NR_io_submit 246 +#define __NR_io_cancel 247 +#define __NR_exit_group 248 +#define __NR_epoll_create 249 +#define __NR_epoll_ctl 250 +#define __NR_epoll_wait 251 +#define __NR_set_tid_address 252 +#define __NR_fadvise64 253 +#define __NR_timer_create 254 +#define __NR_timer_settime 255 +#define __NR_timer_gettime 256 +#define __NR_timer_getoverrun 257 +#define __NR_timer_delete 258 +#define __NR_clock_settime 259 +#define __NR_clock_gettime 260 +#define __NR_clock_getres 261 +#define __NR_clock_nanosleep 262 +#define __NR_fadvise64_64 264 +#define __NR_statfs64 265 +#define __NR_fstatfs64 266 +#define __NR_remap_file_pages 267 +#define __NR_mbind 268 +#define __NR_get_mempolicy 269 +#define __NR_set_mempolicy 270 +#define __NR_mq_open 271 +#define __NR_mq_unlink 272 +#define __NR_mq_timedsend 273 +#define __NR_mq_timedreceive 274 +#define __NR_mq_notify 275 +#define __NR_mq_getsetattr 276 +#define __NR_kexec_load 277 +#define __NR_add_key 278 +#define __NR_request_key 279 +#define __NR_keyctl 280 +#define __NR_waitid 281 +#define __NR_ioprio_set 282 +#define __NR_ioprio_get 283 +#define __NR_inotify_init 284 +#define __NR_inotify_add_watch 285 +#define __NR_inotify_rm_watch 286 +#define __NR_migrate_pages 287 +#define __NR_openat 288 +#define __NR_mkdirat 289 +#define __NR_mknodat 290 +#define __NR_fchownat 291 +#define __NR_futimesat 292 +#define __NR_fstatat64 293 +#define __NR_unlinkat 294 +#define __NR_renameat 295 +#define __NR_linkat 296 +#define __NR_symlinkat 297 +#define __NR_readlinkat 298 +#define __NR_fchmodat 299 +#define __NR_faccessat 300 +#define __NR_pselect6 301 +#define __NR_ppoll 302 +#define __NR_unshare 303 +#define __NR_set_robust_list 304 +#define __NR_get_robust_list 305 +#define __NR_splice 306 +#define __NR_sync_file_range 307 +#define __NR_tee 308 +#define __NR_vmsplice 309 +#define __NR_move_pages 310 +#define __NR_getcpu 311 +#define __NR_epoll_pwait 312 +#define __NR_utimes 313 +#define __NR_fallocate 314 +#define __NR_utimensat 315 +#define __NR_signalfd 316 +#define __NR_timerfd 317 +#define __NR_eventfd 318 +#define __NR_timerfd_create 319 +#define __NR_timerfd_settime 320 +#define __NR_timerfd_gettime 321 +#define __NR_signalfd4 322 +#define __NR_eventfd2 323 +#define __NR_inotify_init1 324 +#define __NR_pipe2 325 +#define __NR_dup3 326 +#define __NR_epoll_create1 327 +#define __NR_preadv 328 +#define __NR_pwritev 329 +#define __NR_rt_tgsigqueueinfo 330 +#define __NR_perf_event_open 331 +#define __NR_fanotify_init 332 +#define __NR_fanotify_mark 333 +#define __NR_prlimit64 334 +#define __NR_name_to_handle_at 335 +#define __NR_open_by_handle_at 336 +#define __NR_clock_adjtime 337 +#define __NR_syncfs 338 +#define __NR_setns 339 +#define __NR_process_vm_readv 340 +#define __NR_process_vm_writev 341 +#define __NR_s390_runtime_instr 342 +#define __NR_kcmp 343 +#define __NR_finit_module 344 +#define __NR_sched_setattr 345 +#define __NR_sched_getattr 346 +#define __NR_renameat2 347 +#define __NR_seccomp 348 +#define __NR_getrandom 349 +#define __NR_memfd_create 350 +#define __NR_bpf 351 +#define __NR_s390_pci_mmio_write 352 +#define __NR_s390_pci_mmio_read 353 +#define __NR_execveat 354 +#define __NR_userfaultfd 355 +#define __NR_membarrier 356 +#define __NR_recvmmsg 357 +#define __NR_sendmmsg 358 +#define __NR_socket 359 +#define __NR_socketpair 360 +#define __NR_bind 361 +#define __NR_connect 362 +#define __NR_listen 363 +#define __NR_accept4 364 +#define __NR_getsockopt 365 +#define __NR_setsockopt 366 +#define __NR_getsockname 367 +#define __NR_getpeername 368 +#define __NR_sendto 369 +#define __NR_sendmsg 370 +#define __NR_recvfrom 371 +#define __NR_recvmsg 372 +#define __NR_shutdown 373 +#define __NR_mlock2 374 +#define __NR_copy_file_range 375 +#define __NR_preadv2 376 +#define __NR_pwritev2 377 +#define __NR_s390_guarded_storage 378 +#define __NR_statx 379 +#define __NR_s390_sthyi 380 + +#endif /* _ASM_S390_UNISTD_32_H */ diff --git a/linux-headers/asm-s390/unistd_64.h b/linux-headers/asm-s390/un= istd_64.h new file mode 100644 index 0000000..8aa9d04 --- /dev/null +++ b/linux-headers/asm-s390/unistd_64.h @@ -0,0 +1,331 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _ASM_S390_UNISTD_64_H +#define _ASM_S390_UNISTD_64_H + +#define __NR_exit 1 +#define __NR_fork 2 +#define __NR_read 3 +#define __NR_write 4 +#define __NR_open 5 +#define __NR_close 6 +#define __NR_restart_syscall 7 +#define __NR_creat 8 +#define __NR_link 9 +#define __NR_unlink 10 +#define __NR_execve 11 +#define __NR_chdir 12 +#define __NR_mknod 14 +#define __NR_chmod 15 +#define __NR_lseek 19 +#define __NR_getpid 20 +#define __NR_mount 21 +#define __NR_umount 22 +#define __NR_ptrace 26 +#define __NR_alarm 27 +#define __NR_pause 29 +#define __NR_utime 30 +#define __NR_access 33 +#define __NR_nice 34 +#define __NR_sync 36 +#define __NR_kill 37 +#define __NR_rename 38 +#define __NR_mkdir 39 +#define __NR_rmdir 40 +#define __NR_dup 41 +#define __NR_pipe 42 +#define __NR_times 43 +#define __NR_brk 45 +#define __NR_signal 48 +#define __NR_acct 51 +#define __NR_umount2 52 +#define __NR_ioctl 54 +#define __NR_fcntl 55 +#define __NR_setpgid 57 +#define __NR_umask 60 +#define __NR_chroot 61 +#define __NR_ustat 62 +#define __NR_dup2 63 +#define __NR_getppid 64 +#define __NR_getpgrp 65 +#define __NR_setsid 66 +#define __NR_sigaction 67 +#define __NR_sigsuspend 72 +#define __NR_sigpending 73 +#define __NR_sethostname 74 +#define __NR_setrlimit 75 +#define __NR_getrusage 77 +#define __NR_gettimeofday 78 +#define __NR_settimeofday 79 +#define __NR_symlink 83 +#define __NR_readlink 85 +#define __NR_uselib 86 +#define __NR_swapon 87 +#define __NR_reboot 88 +#define __NR_readdir 89 +#define __NR_mmap 90 +#define __NR_munmap 91 +#define __NR_truncate 92 +#define __NR_ftruncate 93 +#define __NR_fchmod 94 +#define __NR_getpriority 96 +#define __NR_setpriority 97 +#define __NR_statfs 99 +#define __NR_fstatfs 100 +#define __NR_socketcall 102 +#define __NR_syslog 103 +#define __NR_setitimer 104 +#define __NR_getitimer 105 +#define __NR_stat 106 +#define __NR_lstat 107 +#define __NR_fstat 108 +#define __NR_lookup_dcookie 110 +#define __NR_vhangup 111 +#define __NR_idle 112 +#define __NR_wait4 114 +#define __NR_swapoff 115 +#define __NR_sysinfo 116 +#define __NR_ipc 117 +#define __NR_fsync 118 +#define __NR_sigreturn 119 +#define __NR_clone 120 +#define __NR_setdomainname 121 +#define __NR_uname 122 +#define __NR_adjtimex 124 +#define __NR_mprotect 125 +#define __NR_sigprocmask 126 +#define __NR_create_module 127 +#define __NR_init_module 128 +#define __NR_delete_module 129 +#define __NR_get_kernel_syms 130 +#define __NR_quotactl 131 +#define __NR_getpgid 132 +#define __NR_fchdir 133 +#define __NR_bdflush 134 +#define __NR_sysfs 135 +#define __NR_personality 136 +#define __NR_afs_syscall 137 +#define __NR_getdents 141 +#define __NR_select 142 +#define __NR_flock 143 +#define __NR_msync 144 +#define __NR_readv 145 +#define __NR_writev 146 +#define __NR_getsid 147 +#define __NR_fdatasync 148 +#define __NR__sysctl 149 +#define __NR_mlock 150 +#define __NR_munlock 151 +#define __NR_mlockall 152 +#define __NR_munlockall 153 +#define __NR_sched_setparam 154 +#define __NR_sched_getparam 155 +#define __NR_sched_setscheduler 156 +#define __NR_sched_getscheduler 157 +#define __NR_sched_yield 158 +#define __NR_sched_get_priority_max 159 +#define __NR_sched_get_priority_min 160 +#define __NR_sched_rr_get_interval 161 +#define __NR_nanosleep 162 +#define __NR_mremap 163 +#define __NR_query_module 167 +#define __NR_poll 168 +#define __NR_nfsservctl 169 +#define __NR_prctl 172 +#define __NR_rt_sigreturn 173 +#define __NR_rt_sigaction 174 +#define __NR_rt_sigprocmask 175 +#define __NR_rt_sigpending 176 +#define __NR_rt_sigtimedwait 177 +#define __NR_rt_sigqueueinfo 178 +#define __NR_rt_sigsuspend 179 +#define __NR_pread64 180 +#define __NR_pwrite64 181 +#define __NR_getcwd 183 +#define __NR_capget 184 +#define __NR_capset 185 +#define __NR_sigaltstack 186 +#define __NR_sendfile 187 +#define __NR_getpmsg 188 +#define __NR_putpmsg 189 +#define __NR_vfork 190 +#define __NR_getrlimit 191 +#define __NR_lchown 198 +#define __NR_getuid 199 +#define __NR_getgid 200 +#define __NR_geteuid 201 +#define __NR_getegid 202 +#define __NR_setreuid 203 +#define __NR_setregid 204 +#define __NR_getgroups 205 +#define __NR_setgroups 206 +#define __NR_fchown 207 +#define __NR_setresuid 208 +#define __NR_getresuid 209 +#define __NR_setresgid 210 +#define __NR_getresgid 211 +#define __NR_chown 212 +#define __NR_setuid 213 +#define __NR_setgid 214 +#define __NR_setfsuid 215 +#define __NR_setfsgid 216 +#define __NR_pivot_root 217 +#define __NR_mincore 218 +#define __NR_madvise 219 +#define __NR_getdents64 220 +#define __NR_readahead 222 +#define __NR_setxattr 224 +#define __NR_lsetxattr 225 +#define __NR_fsetxattr 226 +#define __NR_getxattr 227 +#define __NR_lgetxattr 228 +#define __NR_fgetxattr 229 +#define __NR_listxattr 230 +#define __NR_llistxattr 231 +#define __NR_flistxattr 232 +#define __NR_removexattr 233 +#define __NR_lremovexattr 234 +#define __NR_fremovexattr 235 +#define __NR_gettid 236 +#define __NR_tkill 237 +#define __NR_futex 238 +#define __NR_sched_setaffinity 239 +#define __NR_sched_getaffinity 240 +#define __NR_tgkill 241 +#define __NR_io_setup 243 +#define __NR_io_destroy 244 +#define __NR_io_getevents 245 +#define __NR_io_submit 246 +#define __NR_io_cancel 247 +#define __NR_exit_group 248 +#define __NR_epoll_create 249 +#define __NR_epoll_ctl 250 +#define __NR_epoll_wait 251 +#define __NR_set_tid_address 252 +#define __NR_fadvise64 253 +#define __NR_timer_create 254 +#define __NR_timer_settime 255 +#define __NR_timer_gettime 256 +#define __NR_timer_getoverrun 257 +#define __NR_timer_delete 258 +#define __NR_clock_settime 259 +#define __NR_clock_gettime 260 +#define __NR_clock_getres 261 +#define __NR_clock_nanosleep 262 +#define __NR_statfs64 265 +#define __NR_fstatfs64 266 +#define __NR_remap_file_pages 267 +#define __NR_mbind 268 +#define __NR_get_mempolicy 269 +#define __NR_set_mempolicy 270 +#define __NR_mq_open 271 +#define __NR_mq_unlink 272 +#define __NR_mq_timedsend 273 +#define __NR_mq_timedreceive 274 +#define __NR_mq_notify 275 +#define __NR_mq_getsetattr 276 +#define __NR_kexec_load 277 +#define __NR_add_key 278 +#define __NR_request_key 279 +#define __NR_keyctl 280 +#define __NR_waitid 281 +#define __NR_ioprio_set 282 +#define __NR_ioprio_get 283 +#define __NR_inotify_init 284 +#define __NR_inotify_add_watch 285 +#define __NR_inotify_rm_watch 286 +#define __NR_migrate_pages 287 +#define __NR_openat 288 +#define __NR_mkdirat 289 +#define __NR_mknodat 290 +#define __NR_fchownat 291 +#define __NR_futimesat 292 +#define __NR_newfstatat 293 +#define __NR_unlinkat 294 +#define __NR_renameat 295 +#define __NR_linkat 296 +#define __NR_symlinkat 297 +#define __NR_readlinkat 298 +#define __NR_fchmodat 299 +#define __NR_faccessat 300 +#define __NR_pselect6 301 +#define __NR_ppoll 302 +#define __NR_unshare 303 +#define __NR_set_robust_list 304 +#define __NR_get_robust_list 305 +#define __NR_splice 306 +#define __NR_sync_file_range 307 +#define __NR_tee 308 +#define __NR_vmsplice 309 +#define __NR_move_pages 310 +#define __NR_getcpu 311 +#define __NR_epoll_pwait 312 +#define __NR_utimes 313 +#define __NR_fallocate 314 +#define __NR_utimensat 315 +#define __NR_signalfd 316 +#define __NR_timerfd 317 +#define __NR_eventfd 318 +#define __NR_timerfd_create 319 +#define __NR_timerfd_settime 320 +#define __NR_timerfd_gettime 321 +#define __NR_signalfd4 322 +#define __NR_eventfd2 323 +#define __NR_inotify_init1 324 +#define __NR_pipe2 325 +#define __NR_dup3 326 +#define __NR_epoll_create1 327 +#define __NR_preadv 328 +#define __NR_pwritev 329 +#define __NR_rt_tgsigqueueinfo 330 +#define __NR_perf_event_open 331 +#define __NR_fanotify_init 332 +#define __NR_fanotify_mark 333 +#define __NR_prlimit64 334 +#define __NR_name_to_handle_at 335 +#define __NR_open_by_handle_at 336 +#define __NR_clock_adjtime 337 +#define __NR_syncfs 338 +#define __NR_setns 339 +#define __NR_process_vm_readv 340 +#define __NR_process_vm_writev 341 +#define __NR_s390_runtime_instr 342 +#define __NR_kcmp 343 +#define __NR_finit_module 344 +#define __NR_sched_setattr 345 +#define __NR_sched_getattr 346 +#define __NR_renameat2 347 +#define __NR_seccomp 348 +#define __NR_getrandom 349 +#define __NR_memfd_create 350 +#define __NR_bpf 351 +#define __NR_s390_pci_mmio_write 352 +#define __NR_s390_pci_mmio_read 353 +#define __NR_execveat 354 +#define __NR_userfaultfd 355 +#define __NR_membarrier 356 +#define __NR_recvmmsg 357 +#define __NR_sendmmsg 358 +#define __NR_socket 359 +#define __NR_socketpair 360 +#define __NR_bind 361 +#define __NR_connect 362 +#define __NR_listen 363 +#define __NR_accept4 364 +#define __NR_getsockopt 365 +#define __NR_setsockopt 366 +#define __NR_getsockname 367 +#define __NR_getpeername 368 +#define __NR_sendto 369 +#define __NR_sendmsg 370 +#define __NR_recvfrom 371 +#define __NR_recvmsg 372 +#define __NR_shutdown 373 +#define __NR_mlock2 374 +#define __NR_copy_file_range 375 +#define __NR_preadv2 376 +#define __NR_pwritev2 377 +#define __NR_s390_guarded_storage 378 +#define __NR_statx 379 +#define __NR_s390_sthyi 380 + +#endif /* _ASM_S390_UNISTD_64_H */ diff --git a/linux-headers/asm-x86/kvm_para.h b/linux-headers/asm-x86/kvm_p= ara.h index 4c300f6..4c58184 100644 --- a/linux-headers/asm-x86/kvm_para.h +++ b/linux-headers/asm-x86/kvm_para.h @@ -25,6 +25,8 @@ #define KVM_FEATURE_STEAL_TIME 5 #define KVM_FEATURE_PV_EOI 6 #define KVM_FEATURE_PV_UNHALT 7 +#define KVM_FEATURE_PV_TLB_FLUSH 9 +#define KVM_FEATURE_ASYNC_PF_VMEXIT 10 =20 /* The last 8 bits are used to indicate how to interpret the flags field * in pvclock structure. If no bits are set, all flags are ignored. @@ -51,6 +53,9 @@ struct kvm_steal_time { __u32 pad[11]; }; =20 +#define KVM_VCPU_PREEMPTED (1 << 0) +#define KVM_VCPU_FLUSH_TLB (1 << 1) + #define KVM_CLOCK_PAIRING_WALLCLOCK 0 struct kvm_clock_pairing { __s64 sec; diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index d92c9b2..a167be8 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -761,6 +761,7 @@ struct kvm_ppc_resize_hpt { #define KVM_TRACE_PAUSE __KVM_DEPRECATED_MAIN_0x07 #define KVM_TRACE_DISABLE __KVM_DEPRECATED_MAIN_0x08 #define KVM_GET_EMULATED_CPUID _IOWR(KVMIO, 0x09, struct kvm_cpuid2) +#define KVM_GET_MSR_FEATURE_INDEX_LIST _IOWR(KVMIO, 0x0a, struct kvm_ms= r_list) =20 /* * Extension capability list. @@ -934,6 +935,7 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_S390_AIS_MIGRATION 150 #define KVM_CAP_PPC_GET_CPU_CHAR 151 #define KVM_CAP_S390_BPB 152 +#define KVM_CAP_GET_MSR_FEATURES 153 =20 #ifdef KVM_CAP_IRQ_ROUTING =20 @@ -1362,6 +1364,96 @@ struct kvm_s390_ucas_mapping { /* Available with KVM_CAP_S390_CMMA_MIGRATION */ #define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmm= a_log) #define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma= _log) +/* Memory Encryption Commands */ +#define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long) + +struct kvm_enc_region { + __u64 addr; + __u64 size; +}; + +#define KVM_MEMORY_ENCRYPT_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_= region) +#define KVM_MEMORY_ENCRYPT_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_= region) + +/* Secure Encrypted Virtualization command */ +enum sev_cmd_id { + /* Guest initialization commands */ + KVM_SEV_INIT =3D 0, + KVM_SEV_ES_INIT, + /* Guest launch commands */ + KVM_SEV_LAUNCH_START, + KVM_SEV_LAUNCH_UPDATE_DATA, + KVM_SEV_LAUNCH_UPDATE_VMSA, + KVM_SEV_LAUNCH_SECRET, + KVM_SEV_LAUNCH_MEASURE, + KVM_SEV_LAUNCH_FINISH, + /* Guest migration commands (outgoing) */ + KVM_SEV_SEND_START, + KVM_SEV_SEND_UPDATE_DATA, + KVM_SEV_SEND_UPDATE_VMSA, + KVM_SEV_SEND_FINISH, + /* Guest migration commands (incoming) */ + KVM_SEV_RECEIVE_START, + KVM_SEV_RECEIVE_UPDATE_DATA, + KVM_SEV_RECEIVE_UPDATE_VMSA, + KVM_SEV_RECEIVE_FINISH, + /* Guest status and debug commands */ + KVM_SEV_GUEST_STATUS, + KVM_SEV_DBG_DECRYPT, + KVM_SEV_DBG_ENCRYPT, + /* Guest certificates commands */ + KVM_SEV_CERT_EXPORT, + + KVM_SEV_NR_MAX, +}; + +struct kvm_sev_cmd { + __u32 id; + __u64 data; + __u32 error; + __u32 sev_fd; +}; + +struct kvm_sev_launch_start { + __u32 handle; + __u32 policy; + __u64 dh_uaddr; + __u32 dh_len; + __u64 session_uaddr; + __u32 session_len; +}; + +struct kvm_sev_launch_update_data { + __u64 uaddr; + __u32 len; +}; + + +struct kvm_sev_launch_secret { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + +struct kvm_sev_launch_measure { + __u64 uaddr; + __u32 len; +}; + +struct kvm_sev_guest_status { + __u32 handle; + __u32 policy; + __u32 state; +}; + +struct kvm_sev_dbg { + __u64 src_uaddr; + __u64 dst_uaddr; + __u32 len; +}; =20 #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) diff --git a/linux-headers/linux/psci.h b/linux-headers/linux/psci.h index ccd1773..3905492 100644 --- a/linux-headers/linux/psci.h +++ b/linux-headers/linux/psci.h @@ -88,6 +88,9 @@ (((ver) & PSCI_VERSION_MAJOR_MASK) >> PSCI_VERSION_MAJOR_SHIFT) #define PSCI_VERSION_MINOR(ver) \ ((ver) & PSCI_VERSION_MINOR_MASK) +#define PSCI_VERSION(maj, min) \ + ((((maj) << PSCI_VERSION_MAJOR_SHIFT) & PSCI_VERSION_MAJOR_MASK) | \ + ((min) & PSCI_VERSION_MINOR_MASK)) =20 /* PSCI features decoding (>=3D1.0) */ #define PSCI_1_0_FEATURES_CPU_SUSPEND_PF_SHIFT 1 diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h index 4312e96..3a0a305 100644 --- a/linux-headers/linux/vfio.h +++ b/linux-headers/linux/vfio.h @@ -301,6 +301,16 @@ struct vfio_region_info_cap_type { #define VFIO_REGION_SUBTYPE_INTEL_IGD_HOST_CFG (2) #define VFIO_REGION_SUBTYPE_INTEL_IGD_LPC_CFG (3) =20 +/* + * The MSIX mappable capability informs that MSIX data of a BAR can be mma= pped + * which allows direct access to non-MSIX registers which happened to be w= ithin + * the same system page. + * + * Even though the userspace gets direct access to the MSIX data, the exis= ting + * VFIO_DEVICE_SET_IRQS interface must still be used for MSIX configuratio= n. + */ +#define VFIO_REGION_INFO_CAP_MSIX_MAPPABLE 3 + /** * VFIO_DEVICE_GET_IRQ_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 9, * struct vfio_irq_info) @@ -503,6 +513,68 @@ struct vfio_pci_hot_reset { =20 #define VFIO_DEVICE_PCI_HOT_RESET _IO(VFIO_TYPE, VFIO_BASE + 13) =20 +/** + * VFIO_DEVICE_QUERY_GFX_PLANE - _IOW(VFIO_TYPE, VFIO_BASE + 14, + * struct vfio_device_query_gfx_plane) + * + * Set the drm_plane_type and flags, then retrieve the gfx plane info. + * + * flags supported: + * - VFIO_GFX_PLANE_TYPE_PROBE and VFIO_GFX_PLANE_TYPE_DMABUF are set + * to ask if the mdev supports dma-buf. 0 on support, -EINVAL on no + * support for dma-buf. + * - VFIO_GFX_PLANE_TYPE_PROBE and VFIO_GFX_PLANE_TYPE_REGION are set + * to ask if the mdev supports region. 0 on support, -EINVAL on no + * support for region. + * - VFIO_GFX_PLANE_TYPE_DMABUF or VFIO_GFX_PLANE_TYPE_REGION is set + * with each call to query the plane info. + * - Others are invalid and return -EINVAL. + * + * Note: + * 1. Plane could be disabled by guest. In that case, success will be + * returned with zero-initialized drm_format, size, width and height + * fields. + * 2. x_hot/y_hot is set to 0xFFFFFFFF if no hotspot information available + * + * Return: 0 on success, -errno on other failure. + */ +struct vfio_device_gfx_plane_info { + __u32 argsz; + __u32 flags; +#define VFIO_GFX_PLANE_TYPE_PROBE (1 << 0) +#define VFIO_GFX_PLANE_TYPE_DMABUF (1 << 1) +#define VFIO_GFX_PLANE_TYPE_REGION (1 << 2) + /* in */ + __u32 drm_plane_type; /* type of plane: DRM_PLANE_TYPE_* */ + /* out */ + __u32 drm_format; /* drm format of plane */ + __u64 drm_format_mod; /* tiled mode */ + __u32 width; /* width of plane */ + __u32 height; /* height of plane */ + __u32 stride; /* stride of plane */ + __u32 size; /* size of plane in bytes, align on page*/ + __u32 x_pos; /* horizontal position of cursor plane */ + __u32 y_pos; /* vertical position of cursor plane*/ + __u32 x_hot; /* horizontal position of cursor hotspot */ + __u32 y_hot; /* vertical position of cursor hotspot */ + union { + __u32 region_index; /* region index */ + __u32 dmabuf_id; /* dma-buf id */ + }; +}; + +#define VFIO_DEVICE_QUERY_GFX_PLANE _IO(VFIO_TYPE, VFIO_BASE + 14) + +/** + * VFIO_DEVICE_GET_GFX_DMABUF - _IOW(VFIO_TYPE, VFIO_BASE + 15, __u32) + * + * Return a new dma-buf file descriptor for an exposed guest framebuffer + * described by the provided dmabuf_id. The dmabuf_id is returned from VFI= O_ + * DEVICE_QUERY_GFX_PLANE as a token of the exposed guest framebuffer. + */ + +#define VFIO_DEVICE_GET_GFX_DMABUF _IO(VFIO_TYPE, VFIO_BASE + 15) + /* -------- API for Type1 VFIO IOMMU -------- */ =20 /** diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers= .sh index be06570..9767172 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -56,6 +56,7 @@ cp_portable() { -e 's/__bitwise//' \ -e 's/__attribute__((packed))/QEMU_PACKED/' \ -e 's/__inline__/inline/' \ + -e 's/__BITS_PER_LONG/HOST_LONG_BITS/' \ -e '/sys\/ioctl.h/d' \ -e 's/SW_MAX/SW_MAX_/' \ -e 's/atomic_t/int/' \ @@ -99,6 +100,8 @@ for arch in $ARCHLIST; do mkdir -p "$output/include/standard-headers/asm-$arch" if [ $arch =3D s390 ]; then cp_portable "$tmpdir/include/asm/virtio-ccw.h" "$output/include/st= andard-headers/asm-s390/" + cp "$tmpdir/include/asm/unistd_32.h" "$output/linux-headers/asm-s3= 90/" + cp "$tmpdir/include/asm/unistd_64.h" "$output/linux-headers/asm-s3= 90/" fi if [ $arch =3D arm ]; then cp "$tmpdir/include/asm/unistd-eabi.h" "$output/linux-headers/asm-= arm/" --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520945961991419.1413061724385; Tue, 13 Mar 2018 05:59:21 -0700 (PDT) Received: from localhost ([::1]:39747 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjWT-0002eO-3V for importer@patchew.org; Tue, 13 Mar 2018 08:59:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60380) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUT-0001Ak-RN for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUS-0000ev-Oq for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:17 -0400 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:39005) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUS-0000eb-E6 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:16 -0400 Received: by mail-wr0-x242.google.com with SMTP id k3so2972577wrg.6 for ; Tue, 13 Mar 2018 05:57:16 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=Kk9QAMMKH5ij2zB6evVLWRkiMK6ojP+EpTHT0jTTOCQ=; b=S3A8ziwI64FIKlkrlSKB7knmYqgHQPGIE47ndkeCr4nhZSBMT2c+ivd1iBBOsONjJ6 YqqaXIxwD95TwUqY8UFMKV3Zqycn9OM3F8lic0BKdjWqiK+rgPvwrjz2fLFWoZnY9uuG DGlFhyqZ7TH6QVD1WRiORoQbOPqP2vEyN9aYJYocQ3W5KMbgtULkzJ1jTmmkyyaMMBzu nKyTe5qMU1gIHhFUx/4VLMOzMV5GVav1YBkUSHUcNph6ZfcJ/uxxRTZlag15pXVmNw8g XQQnQYNLpbImzheWtZdCCJMmHBirX7rxBIzIABoxSRVl5lqI5TwpqK79X2u6YCs/8atl 4Y8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=Kk9QAMMKH5ij2zB6evVLWRkiMK6ojP+EpTHT0jTTOCQ=; b=m++IbocimJdYMUODUOWG6MUHKWCASW1Ah/23Hp+U4jbsY8x5PUfZvfKqD+mwjLkGnX pcJzqofR85+IOAJ4Lwes1yxQIVxEcZQNtilqgn6M7YfVHR0QEuoHh2DQUJ7r2/WpjDMN XcEQMLPqwQROmjsUaVVcN7xAx2tWJ7eRsGPal+ZRv2VSHQQs65cm5ZLjfxuuZSmAayIz giTOY5xNwuq9uhXWGrTyZBzvkq1MYDcnqTKdvQ2N0CNIMyE5NWr/9abvbAx/ojSsspKL PD7ZMeyrZxu3dl1hrc7a3cJRlJUmxA+FkwfeaVGqqBw04iJBIxUfonFCg6GniVe8/END CiCw== X-Gm-Message-State: AElRT7FXBdzbcOLa3pWXJ+GtS4oLyR20NzwF7ibm1J0Qh5ITWqEHVkXW StLW8i0HrqxAfjjRqYlDA/8dVy/5 X-Google-Smtp-Source: AG47ELtyL1mlyiwnVZTESyBPBtVdP1MYTTn7jDJQEOPvEsEeDRAY1y/Ta1hIk40bLs1uNCLatOM+XA== X-Received: by 10.223.200.2 with SMTP id d2mr496179wrh.81.1520945834810; Tue, 13 Mar 2018 05:57:14 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:18 +0100 Message-Id: <1520945798-50640-3-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::242 Subject: [Qemu-devel] [PULL 02/22] KVM: x86: Add support for save/load MSR_SMI_COUNT X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Liran Alon , Konrad Rzeszutek Wilk Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Liran Alon This MSR returns the number of #SMIs that occurred on CPU since boot. KVM commit 52797bf9a875 ("KVM: x86: Add emulation of MSR_SMI_COUNT") introduced support for emulating this MSR. This commit adds support for QEMU to save/load this MSR for migration purposes. Signed-off-by: Liran Alon Reviewed-by: Konrad Rzeszutek Wilk Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 1 + target/i386/cpu.h | 3 +++ target/i386/kvm.c | 13 +++++++++++++ target/i386/machine.c | 20 ++++++++++++++++++++ 4 files changed, 37 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 2c04645..8ee0140 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -3645,6 +3645,7 @@ static void x86_cpu_reset(CPUState *s) cpu_x86_update_cr0(env, 0x60000010); env->a20_mask =3D ~0x0; env->smbase =3D 0x30000; + env->msr_smi_count =3D 0; =20 env->idt.limit =3D 0xffff; env->gdt.limit =3D 0xffff; diff --git a/target/i386/cpu.h b/target/i386/cpu.h index faf39ec..254e557 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1,3 +1,4 @@ + /* * i386 virtual CPU header * @@ -359,6 +360,7 @@ typedef enum X86Seg { #define MSR_P6_PERFCTR0 0xc1 =20 #define MSR_IA32_SMBASE 0x9e +#define MSR_SMI_COUNT 0x34 #define MSR_MTRRcap 0xfe #define MSR_MTRRcap_VCNT 8 #define MSR_MTRRcap_FIXRANGE_SUPPORT (1 << 8) @@ -1123,6 +1125,7 @@ typedef struct CPUX86State { =20 uint64_t pat; uint32_t smbase; + uint64_t msr_smi_count; =20 uint32_t pkru; =20 diff --git a/target/i386/kvm.c b/target/i386/kvm.c index ad4b159..a53735f 100644 --- a/target/i386/kvm.c +++ b/target/i386/kvm.c @@ -92,6 +92,7 @@ static bool has_msr_hv_stimer; static bool has_msr_hv_frequencies; static bool has_msr_xss; static bool has_msr_spec_ctrl; +static bool has_msr_smi_count; =20 static uint32_t has_architectural_pmu_version; static uint32_t num_architectural_pmu_gp_counters; @@ -1124,6 +1125,9 @@ static int kvm_get_supported_msrs(KVMState *s) case MSR_IA32_SMBASE: has_msr_smbase =3D true; break; + case MSR_SMI_COUNT: + has_msr_smi_count =3D true; + break; case MSR_IA32_MISC_ENABLE: has_msr_misc_enable =3D true; break; @@ -1633,6 +1637,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level) if (has_msr_smbase) { kvm_msr_entry_add(cpu, MSR_IA32_SMBASE, env->smbase); } + if (has_msr_smi_count) { + kvm_msr_entry_add(cpu, MSR_SMI_COUNT, env->msr_smi_count); + } if (has_msr_bndcfgs) { kvm_msr_entry_add(cpu, MSR_IA32_BNDCFGS, env->msr_bndcfgs); } @@ -1979,6 +1986,9 @@ static int kvm_get_msrs(X86CPU *cpu) if (has_msr_smbase) { kvm_msr_entry_add(cpu, MSR_IA32_SMBASE, 0); } + if (has_msr_smi_count) { + kvm_msr_entry_add(cpu, MSR_SMI_COUNT, 0); + } if (has_msr_feature_control) { kvm_msr_entry_add(cpu, MSR_IA32_FEATURE_CONTROL, 0); } @@ -2205,6 +2215,9 @@ static int kvm_get_msrs(X86CPU *cpu) case MSR_IA32_SMBASE: env->smbase =3D msrs[i].data; break; + case MSR_SMI_COUNT: + env->msr_smi_count =3D msrs[i].data; + break; case MSR_IA32_FEATURE_CONTROL: env->msr_ia32_feature_control =3D msrs[i].data; break; diff --git a/target/i386/machine.c b/target/i386/machine.c index 361c05a..9432496 100644 --- a/target/i386/machine.c +++ b/target/i386/machine.c @@ -395,6 +395,25 @@ static const VMStateDescription vmstate_msr_tsc_adjust= =3D { } }; =20 +static bool msr_smi_count_needed(void *opaque) +{ + X86CPU *cpu =3D opaque; + CPUX86State *env =3D &cpu->env; + + return env->msr_smi_count !=3D 0; +} + +static const VMStateDescription vmstate_msr_smi_count =3D { + .name =3D "cpu/msr_smi_count", + .version_id =3D 1, + .minimum_version_id =3D 1, + .needed =3D msr_smi_count_needed, + .fields =3D (VMStateField[]) { + VMSTATE_UINT64(env.msr_smi_count, X86CPU), + VMSTATE_END_OF_LIST() + } +}; + static bool tscdeadline_needed(void *opaque) { X86CPU *cpu =3D opaque; @@ -952,6 +971,7 @@ VMStateDescription vmstate_x86_cpu =3D { &vmstate_avx512, &vmstate_xss, &vmstate_tsc_khz, + &vmstate_msr_smi_count, #ifdef TARGET_X86_64 &vmstate_pkru, #endif --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520945961400736.0980164734801; Tue, 13 Mar 2018 05:59:21 -0700 (PDT) Received: from localhost ([::1]:39746 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjWO-0002al-4g for importer@patchew.org; Tue, 13 Mar 2018 08:59:16 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60398) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUV-0001Ax-2P for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUU-0000fc-0Z for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:19 -0400 Received: from mail-wr0-x241.google.com ([2a00:1450:400c:c0c::241]:33250) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUT-0000f9-PS for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:17 -0400 Received: by mail-wr0-x241.google.com with SMTP id r8so7234110wrg.0 for ; Tue, 13 Mar 2018 05:57:17 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=/Pds2mOmLJRZkaAB0QRfelhhvelhvRO1lYUcwNpTF/U=; b=mEBVdeRGhbI9IbV2gwP7eFDTUcJM60Tllq7Sq9UUqPGVLDKbIt7p0XnhV1AX5YNiBW HZGwPWnt5NCaW8Rvk/rr4dh5lq/mYfyfu+sFE6v/lv/FpLN5egI+J0osFb9OvEGgMXof jalZKFR2GszmN77xeK8nIRBqhBMITDHblhw7Jm3yU4WvNVJnWyzmWoRNbFyy6i/COfwX /qUoMdtJSSQbpARVN1Aw1M8z6xChtoctBQ14hTvKT8vk1P/lFGPFxgEJhM7DQPJeL+V+ kLUOlkcjf9s+ROMCcnQ3+S7yWxzXmxBcA/WiGkhX3jWRtTpUlizmA/AnfgnTNTwHAZZ/ v5Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=/Pds2mOmLJRZkaAB0QRfelhhvelhvRO1lYUcwNpTF/U=; b=rK/ra4uun9+7OE/Hx8APkcfrYBUBlPUbW22zK7Shpjah0nSaKgbyWRzdYAUK9rpo26 +FU4p5KB3JFUk5lf76s7wUadefWnZT/tAAdLs9vqIPls8RkLhwm8tQoljo8EFxxffkNv TJ0stOP2ClaB40+eY9Cp9HeSekD2D23nsuxUwwd/ud4axkiJxGRdjWZNbsBKpNzbKwqs q1V1fsw2q35AwCwngc6PlSxQ7kknHP1a8W+ETxptBXyBvMcZSH6ELUFTRIRNN8IA7Zgw iDHoKJtd+uIu/FZqUv+E7oRPvg41Y1dYVUxsHfA5ZbnP8/n0O0Hw+DjyBwTXv5k4EZPi 04zA== X-Gm-Message-State: AElRT7E/Qm3TrR2rHoxnCPtpnh8dq7hdn/Fd8fWEWWDnR70a677A2JrK TvKTeXzZkcvWe8eYRCQOMKCzepHU X-Google-Smtp-Source: AG47ELsz31o+eOakrsmxFTEW+eAPd2Kgzzt5oHYr2eec1iMfrPWo6rA7qYHeSjzTQjprWz8prvJ0tQ== X-Received: by 10.223.200.144 with SMTP id k16mr527298wrh.282.1520945836254; Tue, 13 Mar 2018 05:57:16 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:19 +0100 Message-Id: <1520945798-50640-4-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::241 Subject: [Qemu-devel] [PULL 03/22] machine: add memory-encryption option X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcel Apfelbaum , Stefan Hajnoczi , Brijesh Singh , Eduardo Habkost Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When CPU supports memory encryption feature, the property can be used to specify the encryption object to use when launching an encrypted guest. Cc: Paolo Bonzini Cc: Eduardo Habkost Cc: Marcel Apfelbaum Cc: Stefan Hajnoczi Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- hw/core/machine.c | 22 ++++++++++++++++++++++ include/hw/boards.h | 1 + qemu-options.hx | 5 ++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/hw/core/machine.c b/hw/core/machine.c index 5e2bbcd..2040177 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -334,6 +334,22 @@ static bool machine_get_enforce_config_section(Object = *obj, Error **errp) return ms->enforce_config_section; } =20 +static char *machine_get_memory_encryption(Object *obj, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + return g_strdup(ms->memory_encryption); +} + +static void machine_set_memory_encryption(Object *obj, const char *value, + Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + g_free(ms->memory_encryption); + ms->memory_encryption =3D g_strdup(value); +} + void machine_class_allow_dynamic_sysbus_dev(MachineClass *mc, const char *= type) { strList *item =3D g_new0(strList, 1); @@ -612,6 +628,12 @@ static void machine_class_init(ObjectClass *oc, void *= data) &error_abort); object_class_property_set_description(oc, "enforce-config-section", "Set on to enforce configuration section migration", &error_abort); + + object_class_property_add_str(oc, "memory-encryption", + machine_get_memory_encryption, machine_set_memory_encryption, + &error_abort); + object_class_property_set_description(oc, "memory-encryption", + "Set memory encyption object to use", &error_abort); } =20 static void machine_class_base_init(ObjectClass *oc, void *data) diff --git a/include/hw/boards.h b/include/hw/boards.h index efb0a9e..8ce9a7a 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -243,6 +243,7 @@ struct MachineState { bool suppress_vmdesc; bool enforce_config_section; bool enable_graphics; + char *memory_encryption; =20 ram_addr_t ram_size; ram_addr_t maxram_size; diff --git a/qemu-options.hx b/qemu-options.hx index 6585058..4c28014 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -43,7 +43,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \ " suppress-vmdesc=3Don|off disables self-describing mig= ration (default=3Doff)\n" " nvdimm=3Don|off controls NVDIMM support (default=3Dof= f)\n" " enforce-config-section=3Don|off enforce configuration= section migration (default=3Doff)\n" - " s390-squash-mcss=3Don|off (deprecated) controls suppo= rt for squashing into default css (default=3Doff)\n", + " s390-squash-mcss=3Don|off (deprecated) controls suppo= rt for squashing into default css (default=3Doff)\n" + " memory-encryption=3D@var{} memory encryption object t= o use (default=3Dnone)\n", QEMU_ARCH_ALL) STEXI @item -machine [type=3D]@var{name}[,prop=3D@var{value}[,...]] @@ -110,6 +111,8 @@ code to send configuration section even if the machine-= type sets the @option{migration.send-configuration} property to @var{off}. NOTE: this parameter is deprecated. Please use @option{-global} @option{migration.send-configuration}=3D@var{on|off} instead. +@item memory-encryption=3D@var{} +Memory encryption object to use. The default is none. @end table ETEXI =20 --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520945963841511.1278141460906; Tue, 13 Mar 2018 05:59:23 -0700 (PDT) Received: from localhost ([::1]:39748 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjWV-0002g5-3U for importer@patchew.org; Tue, 13 Mar 2018 08:59:23 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60409) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUW-0001BO-EL for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUV-0000gC-4H for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:20 -0400 Received: from mail-wr0-x231.google.com ([2a00:1450:400c:c0c::231]:43732) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUU-0000fm-Qj for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:19 -0400 Received: by mail-wr0-x231.google.com with SMTP id o1so10637194wro.10 for ; Tue, 13 Mar 2018 05:57:18 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=6GVTTpg0v7VnqAi7JGkin/bE+56vheDv409EmN7VJ74=; b=mPggNudiKjimiDn+OVuW5kGvUk5dxuBuVX5+aYl8BzHXX2aIA/0/4kgy1HMe57bTm2 Egn+ZNa+Qq3sCiA+S5MexJ02inLwSbCSxqNyMILkg8N916UJGg3Qtr2nTEF7m2qCaC8b Wur5hTGG1HKOCaHIGEHiaqViByCnc3n+klK+OMnITBHRwbwJxzERUzdin84SI9B7QQlU vDuzoQG7r5wlRtAHvtr6LS7qPHYNPBPTgtxiVwfBZvQLjfrVPBS8UGlVYqNo1eg0TwSt 9F6BXJFxdIvP8Jz/ZsTQzyKTWkE1Wib+OIU1klcAJlU42sw/EfDFsuetAljFNwh3fPjo lMgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=6GVTTpg0v7VnqAi7JGkin/bE+56vheDv409EmN7VJ74=; b=r66PC4I3quUpnTaBlqBgWrvZXNSP4QAsC+VJlb2HJT1XYOi6hPIFMSUaqfbF8KDS2N so1ApNSJwke2vT0HyvxBfxVG7MjGPzjUNGxwKTxy9pdRbS3LRTdexprqXlS/gxVsRmFH yvoHG7RpKNO9pwBedv77o1Jmy73ru0xsz42Zd+AWrTxQuYWo4NzJSFWRP9WCZEug5KJq A0gfeuyCRrRpKiUIdwQqv5tAcw4AIZomzhnwMVxbchULEv0TgldPa45YvjaIhe9zIS0v IwStoI2gSC136FdJGwf4ZN4d0ttTAl48aXrw7y3UgsejuztkFCeZFhomS3daH3y75wEn xIpQ== X-Gm-Message-State: AElRT7HJwkoEiHnDYlqc9QJBNJimEmuuzJPcyE6FY/Gz+H48y2JB0R3o NkYlDOiNmzCbadA0WFzh7u1O3o0R X-Google-Smtp-Source: AG47ELupKbbOyjmzEFvd8gE+0tfmdFI9aIg1RiOpe3iKyp16o8Zwrxiq88zQVwVi8AsMgM9eg8+wFQ== X-Received: by 10.28.85.7 with SMTP id j7mr676452wmb.38.1520945837224; Tue, 13 Mar 2018 05:57:17 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:20 +0100 Message-Id: <1520945798-50640-5-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::231 Subject: [Qemu-devel] [PULL 04/22] docs: add AMD Secure Encrypted Virtualization (SEV) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- docs/amd-memory-encryption.txt | 92 ++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 92 insertions(+) create mode 100644 docs/amd-memory-encryption.txt diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt new file mode 100644 index 0000000..9486a22 --- /dev/null +++ b/docs/amd-memory-encryption.txt @@ -0,0 +1,92 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running encry= pted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their p= ages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encrypt= ion +key; if its data is accessed to a different entity using a different key t= he +encrypted guests data will be incorrectly decrypted, leading to unintellig= ible +data. + +The key management of this feature is handled by separate processor known = as +AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware runni= ng +inside the AMD-SP provide commands to support common VM lifecycle. This +includes commands for launching, snapshotting, migrating and debugging the +encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP +ioctls. + +Launching +--------- +Boot images (such as bios) must be encrypted before guest can be booted. +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_ST= ART, +LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands +together generate a fresh memory encryption key for the VM, encrypt the bo= ot +images and provide a measurement than can be used as an attestation of the +successful launch. + +LAUNCH_START is called first to create a cryptographic launch context with= in +the firmware. To create this context, guest owner must provides guest poli= cy, +its public Diffie-Hellman key (PDH) and session parameters. These inputs +should be treated as binary blob and must be passed as-is to the SEV firmw= are. + +The guest policy is passed as plaintext and hypervisor may able to read it +but should not modify it (any modification of the policy bits will result +in bad measurement). The guest policy is a 4-byte data structure containing +several flags that restricts what can be done on running SEV guest. +See KM Spec section 3 and 6.2 for more details. + +Guest owners provided DH certificate and session parameters will be used to +establish a cryptographic session with the guest owner to negotiate keys u= sed +for the attestation. + +LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic cont= ext +created via LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calcu= lates +the measurement of the memory contents as it encrypts. + +LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted +memory. This measurement is a signature of the memory contents that can be +sent to the guest owner as an attestation that the memory was encrypted +correctly by the firmware. The guest owner may wait to provide the guest +confidential information until it can verify the attestation measurement. +Since the guest owner knows the initial contents of the guest at boot, the +attestation measurement can be verified by comparing it to what the guest = owner +expects. + +LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptog= raphic +context. + +See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the +complete flow chart. + +Debugging +----------- +Since memory contents of SEV guest is encrypted hence hypervisor access to= the +guest memory will get a cipher text. If guest policy allows debugging, then +hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the gue= st +memory region for debug purposes. This is not supported in QEMU yet. + +Snapshot/Restore +----------------- +TODO + +Live Migration +---------------- +TODO + +References +----------------- + +AMD Memory Encryption whitepaper: +http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_= Encryption_Whitepaper_v7-Public.pdf + +Secure Encrypted Virutualization Key Management: +[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf + +KVM Forum slides: +http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualiz= atoin_Memory_Encryption_Technology.pdf + +AMD64 Architecture Programmer's Manual: + http://support.amd.com/TechDocs/24593.pdf + SME is section 7.10 + SEV is section 15.34 --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 152094615525958.93290417844344; Tue, 13 Mar 2018 06:02:35 -0700 (PDT) Received: from localhost ([::1]:39768 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjZZ-0005WN-Ek for importer@patchew.org; Tue, 13 Mar 2018 09:02:33 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60420) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUX-0001CC-98 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUW-0000gt-9R for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:21 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:44772) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUV-0000gO-Vs for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:20 -0400 Received: by mail-wr0-x243.google.com with SMTP id v65so22374840wrc.11 for ; Tue, 13 Mar 2018 05:57:19 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=ywfvRPAvHfEVZIHMNRFPdn7SAwwKduG3dvbK8Nbehfc=; b=lQ0Q3TPixshKeduwhJQsWjLpymZRhwL9iB07HoNPeKc2IZjE1EmM0rrDzLg0zQJVtq g4Cua77gK5XeChehDjomrGIdyTnCS8jqgmhuo0hXjPHKCO4WOfBSehKBAs3Qm2UVdZXg YDiQnI2gsXEDMAjzuu7g+CP9RYXaGO29MwjTq1BqH9/21fqX2D63ET+olduQTp0Uik5G ap4XcKbbOsBQNRPOvgzLs+5KlnpZsTX1VZePFb/itAazHnEXzBfZ3ddizxwGFMdyEQty KMLiHq2HdTm5yqm7ZFqJxoOLAIRUqjGrhJFkyEXLFj96NQyCwAIZMCk29wgipR3CmGAw eH/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=ywfvRPAvHfEVZIHMNRFPdn7SAwwKduG3dvbK8Nbehfc=; b=J8ESVk7An8Ii0B9w5HklSTWgTvoFCmzyVnKlCB38HwPOjO3ByNqjuOhAh4jJj1kyBZ lHkfFciHMM5UAlYJuZaMkhYlY6O7PygwShuiqwM8QE/iIoUjz6IkzsUsMLwMbnN0p5UU 19PlGjy+Gl05BGsDv1REeGexKwfwXJ4ml5gEhogaoja6olsVEC56e/doTPS7WHNs/oAr e3+ei8FjnD528FB6z2suCNrAqeTBjQ783UKboX4iOWO1faiyRe/mrifldNCUfpSg/ffh MDu2/+70g2pHIM5Izs3to2q8P+DOWJN8qXX9yewbhZS/Nlt8SzrAp156BuLKTfLH4jlQ ewkg== X-Gm-Message-State: AElRT7FVA4JZBGoc0L3l/EhMC+S5WJWNJOiYU8HYoZDW/hBB/7nNfxKn 7yZFv9Yj47Ni98TKjT6YqMZlPavH X-Google-Smtp-Source: AG47ELuJiIpp1a9CNpSXn7nqwRUcvz6dTL2V9x0gXbR5KBsvOo6eBdw7G2PjDSV2iHp6CFtv//gnxw== X-Received: by 10.28.241.2 with SMTP id p2mr663975wmh.105.1520945838480; Tue, 13 Mar 2018 05:57:18 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:21 +0100 Message-Id: <1520945798-50640-6-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 05/22] kvm: add memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Split from a patch by Brijesh Singh (brijesh.singh@amd.com). Signed-off-by: Paolo Bonzini Signed-off-by: Brijesh Singh --- accel/Makefile.objs | 2 +- accel/kvm/Makefile.objs | 3 ++- accel/kvm/kvm-all.c | 25 +++++++++++++++++++++++++ accel/kvm/sev-stub.c | 21 +++++++++++++++++++++ accel/stubs/kvm-stub.c | 5 +++++ include/sysemu/kvm.h | 9 +++++++++ include/sysemu/sev.h | 20 ++++++++++++++++++++ 7 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 accel/kvm/sev-stub.c create mode 100644 include/sysemu/sev.h diff --git a/accel/Makefile.objs b/accel/Makefile.objs index 10666ed..c3718a1 100644 --- a/accel/Makefile.objs +++ b/accel/Makefile.objs @@ -1,4 +1,4 @@ obj-$(CONFIG_SOFTMMU) +=3D accel.o -obj-y +=3D kvm/ +obj-$(CONFIG_KVM) +=3D kvm/ obj-$(CONFIG_TCG) +=3D tcg/ obj-y +=3D stubs/ diff --git a/accel/kvm/Makefile.objs b/accel/kvm/Makefile.objs index 85351e7..fdfa481 100644 --- a/accel/kvm/Makefile.objs +++ b/accel/kvm/Makefile.objs @@ -1 +1,2 @@ -obj-$(CONFIG_KVM) +=3D kvm-all.o +obj-y +=3D kvm-all.o +obj-$(call lnot,$(CONFIG_SEV)) +=3D sev-stub.o diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index b91fcb7..e0e43fd 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -38,6 +38,7 @@ #include "qemu/event_notifier.h" #include "trace.h" #include "hw/irq.h" +#include "sysemu/sev.h" =20 #include "hw/boards.h" =20 @@ -103,6 +104,9 @@ struct KVMState #endif KVMMemoryListener memory_listener; QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus; + + /* memory encryption */ + void *memcrypt_handle; }; =20 KVMState *kvm_state; @@ -138,6 +142,15 @@ int kvm_get_max_memslots(void) return s->nr_slots; } =20 +bool kvm_memcrypt_enabled(void) +{ + if (kvm_state && kvm_state->memcrypt_handle) { + return true; + } + + return false; +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s =3D kvm_state; @@ -1636,6 +1649,18 @@ static int kvm_init(MachineState *ms) =20 kvm_state =3D s; =20 + /* + * if memory encryption object is specified then initialize the memory + * encryption context. + */ + if (ms->memory_encryption) { + kvm_state->memcrypt_handle =3D sev_guest_init(ms->memory_encryptio= n); + if (!kvm_state->memcrypt_handle) { + ret =3D -1; + goto err; + } + } + ret =3D kvm_arch_init(ms, s); if (ret < 0) { goto err; diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c new file mode 100644 index 0000000..4a5cc55 --- /dev/null +++ b/accel/kvm/sev-stub.c @@ -0,0 +1,21 @@ +/* + * QEMU SEV stub + * + * Copyright Advanced Micro Devices 2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "sysemu/sev.h" + +void *sev_guest_init(const char *id) +{ + return NULL; +} diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index c964af3..f83192d 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -105,6 +105,11 @@ int kvm_on_sigbus(int code, void *addr) return 1; } =20 +bool kvm_memcrypt_enabled(void) +{ + return false; +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 85002ac..84017a0 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -231,6 +231,15 @@ int kvm_destroy_vcpu(CPUState *cpu); */ bool kvm_arm_supports_user_irq(void); =20 +/** + * kvm_memcrypt_enabled - return boolean indicating whether memory encrypt= ion + * is enabled + * Returns: 1 memory encryption is enabled + * 0 memory encryption is disabled + */ +bool kvm_memcrypt_enabled(void); + + #ifdef NEED_CPU_H #include "cpu.h" =20 diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h new file mode 100644 index 0000000..f7a6057 --- /dev/null +++ b/include/sysemu/sev.h @@ -0,0 +1,20 @@ +/* + * QEMU Secure Encrypted Virutualization (SEV) support + * + * Copyright: Advanced Micro Devices, 2016-2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef QEMU_SEV_H +#define QEMU_SEV_H + +#include "sysemu/kvm.h" + +void *sev_guest_init(const char *id); +#endif --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946147887662.8517810763099; Tue, 13 Mar 2018 06:02:27 -0700 (PDT) Received: from localhost ([::1]:39766 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjZN-0005M2-Mz for importer@patchew.org; Tue, 13 Mar 2018 09:02:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60460) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUY-0001DG-Fd for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUX-0000hn-GQ for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:22 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:40699) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUX-0000h9-9V for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:21 -0400 Received: by mail-wr0-x243.google.com with SMTP id m4so9587635wrb.7 for ; Tue, 13 Mar 2018 05:57:21 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=kkkX171d/8hFRNvuk7h2SLLnGTPe3yhRYtuivpik8Z0=; b=M1UQaxvTtbqD6v8cc7J+ww+T39lcpNvu67+Vng7u246vlZ4RT2G9hCnY5+7yguzXqj oZ6QsPC5fBHbiTHMifqV5UPi0D8Q4sGMYVUCeRCnWVBjX7ibY5pa2XkZXEhKI7HEV89S 5dl4ipoTtKBkOTyRVFK6MecqOaKPepy/70qXcpFGBkA95M3tvr/iCi/jrRARddhaKsAN IDkS8p5+l/WWAD4Gjlcpch3o3NyPsZJ2Wc52cM4bIKDCQ0OTzaiK58QvEqSHM5vk9tKA qLLLPNnPk3cXwxdOwjLqpd87z5KSvJnikiJ1av3h5gF2RY+8KBxPQBgvlrkY0uZ/rGMO ryzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=kkkX171d/8hFRNvuk7h2SLLnGTPe3yhRYtuivpik8Z0=; b=umoF0bbpZatyCRKLOb5txDZYY0AnWBAHyYTuRWIGWdg+umwuPTNGBw3aNVjAMNbgup ZsmtcR2gePvT8CO8uLi80cod2WClcATixkDzI93NDmA1xhYvqckCzQUL5AptRlxLDxr9 Rym8QR7nZcnXhZK9YO93G6lAr255zY5pJrXcllFW1Q4etZR2NBA7UTPYkLNq3js6p5AP jjVAH+Xt0xjTfWpWV4+aJ3neRVJyXMBD02u3F0+WvgACuCEEUD16W9DSq+vxO6uGbNQA 34KbmuWrxnZ80JkAi1/9bQk94Zh3Egqha4FnKFiVlSgUzamO44ZhJPsydBTO1FgCadtZ G37g== X-Gm-Message-State: AElRT7F2Pq0qWsPW4HdO4f/i/9PXlf0Dg8qDOTnCC8xv+wuTX4nFDymb JpmiNCFbngybAM8QcHO4kQZQLGud X-Google-Smtp-Source: AG47ELtO6D2n4BqEEIq2p0j+A1WEyukZ96Kmun/FF2X3McME+p0FYt7ATzQjMXIBimiGIiNy1AWAVg== X-Received: by 10.223.208.198 with SMTP id z6mr525865wrh.15.1520945839800; Tue, 13 Mar 2018 05:57:19 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:22 +0100 Message-Id: <1520945798-50640-7-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 06/22] kvm: introduce memory encryption APIs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , kvm@vger.kernel.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- accel/kvm/kvm-all.c | 14 ++++++++++++++ accel/kvm/sev-stub.c | 5 +++++ accel/stubs/kvm-stub.c | 5 +++++ include/sysemu/kvm.h | 8 ++++++++ include/sysemu/sev.h | 1 + 5 files changed, 33 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index e0e43fd..ffee68e 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -107,6 +107,7 @@ struct KVMState =20 /* memory encryption */ void *memcrypt_handle; + int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len); }; =20 KVMState *kvm_state; @@ -151,6 +152,17 @@ bool kvm_memcrypt_enabled(void) return false; } =20 +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_encrypt_data) { + return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle, + ptr, len); + } + + return 1; +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s =3D kvm_state; @@ -1659,6 +1671,8 @@ static int kvm_init(MachineState *ms) ret =3D -1; goto err; } + + kvm_state->memcrypt_encrypt_data =3D sev_encrypt_data; } =20 ret =3D kvm_arch_init(ms, s); diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index 4a5cc55..4f97452 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -15,6 +15,11 @@ #include "qemu-common.h" #include "sysemu/sev.h" =20 +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + abort(); +} + void *sev_guest_init(const char *id) { return NULL; diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index f83192d..02d5170 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -110,6 +110,11 @@ bool kvm_memcrypt_enabled(void) return false; } =20 +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + return 1; +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 84017a0..23669c4 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -239,6 +239,14 @@ bool kvm_arm_supports_user_irq(void); */ bool kvm_memcrypt_enabled(void); =20 +/** + * kvm_memcrypt_encrypt_data: encrypt the memory range + * + * Return: 1 failed to encrypt the range + * 0 succesfully encrypted memory region + */ +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len); + =20 #ifdef NEED_CPU_H #include "cpu.h" diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index f7a6057..98c1ec8 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -17,4 +17,5 @@ #include "sysemu/kvm.h" =20 void *sev_guest_init(const char *id); +int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); #endif --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946599474525.6510894243768; Tue, 13 Mar 2018 06:09:59 -0700 (PDT) Received: from localhost ([::1]:39803 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjgg-0003V1-Fl for importer@patchew.org; Tue, 13 Mar 2018 09:09:54 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60598) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUd-0001Iv-9o for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUZ-0000jU-5V for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:27 -0400 Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244]:33253) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUY-0000ig-RN for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:23 -0400 Received: by mail-wr0-x244.google.com with SMTP id r8so7234874wrg.0 for ; Tue, 13 Mar 2018 05:57:22 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=Z5/x02aDuJXNZlTqNKlXeLOwZPi77Ax0DYOV0cJ2f5Q=; b=kOiv6gHTZaOcIkwFt59PimAIZM/l/cbHQFxnEktqIdFSKgYuofjIJvRm8qpiBSnMxu HrBsJ998EI3Un5+CeXzjOp8GYYvD1cyUdhbBICAS+RVApPfC908nFbq1XLIqqgNnSC1+ wwBFTcubrLt9fsG+TjpubDnj2PSlr5esGTRqJARW0sEdxxjikO53+fDq+jbiNjbzsYNt oZxhfXpMZXXEMu/qOF5Q2kswVkedDGPDM7UEJQ0CWBImW0K+lECz4fxJ/PHCORHroQDB +2PYbf2MRCB0e5mIMwHSnLaWw7oFxiCV3tNC6ikRlKFygk6JNhAr5Ln/hvnbX8bbis+2 h9+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=Z5/x02aDuJXNZlTqNKlXeLOwZPi77Ax0DYOV0cJ2f5Q=; b=cUDOEUhfzbr43FanD9ofLel83xLWuuFjBJ963zKr4g6P6Jy7Zj1Ttbnoka/5PHScVh 029Vjeb3IQpH+mbfLKwFKNDTZ4y+C6UdJ0XA/Txynpm62aoTpUCQ77ZDGRPUiLUAZHpo J1HDOyk0300pE9FiPA/OPB3+arZMPSdAjiigi9rxZadT0iG09/K9+P18xwBayBzIOgze k5/H0ag57z9+rN4a9aplFPt5fF/I6+6hIZT3LdGaEezfzbnRJNeuhcIV0JuQSf/3PtgE xZntpTrjM8AeD1dIytD51SujRBG5DWunWQlLHtBqqx9u7cyoV+91qTEhthLsG4clzUp0 a5Tg== X-Gm-Message-State: AElRT7GkGReoeotqNqJAJFYtb0UdjhaD+ilkor+6cFmXSuyK0nborYZL VNeoe1XyINtK4zvXJNariQVQK5cG X-Google-Smtp-Source: AG47ELsY33kw2GkUZzYF2OpFL/Klq4DPQh5kSsUMIyjd35NJ6VxCAsJLlvtplz0N7/+cdxKCWOh1qQ== X-Received: by 10.223.135.26 with SMTP id a26mr505683wra.211.1520945841284; Tue, 13 Mar 2018 05:57:21 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:23 +0100 Message-Id: <1520945798-50640-8-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::244 Subject: [Qemu-devel] [PULL 07/22] target/i386: add Secure Encrypted Virtualization (SEV) object X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Add a new memory encryption object 'sev-guest'. The object will be used to create encrypted VMs on AMD EPYC CPU. The object provides the properties to pass guest owner's public Diffie-hellman key, guest policy and session information required to create the memory encryption context within the SEV firmware. e.g to launch SEV guest # $QEMU \ -object sev-guest,id=3Dsev0 \ -machine ....,memory-encryption=3Dsev0 Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- default-configs/i386-softmmu.mak | 1 + default-configs/x86_64-softmmu.mak | 1 + docs/amd-memory-encryption.txt | 17 +++ qemu-options.hx | 44 +++++++ target/i386/Makefile.objs | 1 + target/i386/sev.c | 228 +++++++++++++++++++++++++++++++++= ++++ target/i386/sev_i386.h | 61 ++++++++++ 7 files changed, 353 insertions(+) create mode 100644 target/i386/sev.c create mode 100644 target/i386/sev_i386.h diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmm= u.mak index 3326e3e..8973579 100644 --- a/default-configs/i386-softmmu.mak +++ b/default-configs/i386-softmmu.mak @@ -63,3 +63,4 @@ CONFIG_PXB=3Dy CONFIG_ACPI_VMGENID=3Dy CONFIG_FW_CFG_DMA=3Dy CONFIG_I2C=3Dy +CONFIG_SEV=3D$(CONFIG_KVM) diff --git a/default-configs/x86_64-softmmu.mak b/default-configs/x86_64-so= ftmmu.mak index 1c6cda1..5e27a7a 100644 --- a/default-configs/x86_64-softmmu.mak +++ b/default-configs/x86_64-softmmu.mak @@ -63,3 +63,4 @@ CONFIG_PXB=3Dy CONFIG_ACPI_VMGENID=3Dy CONFIG_FW_CFG_DMA=3Dy CONFIG_I2C=3Dy +CONFIG_SEV=3D$(CONFIG_KVM) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index 9486a22..f483795 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -35,10 +35,21 @@ in bad measurement). The guest policy is a 4-byte data = structure containing several flags that restricts what can be done on running SEV guest. See KM Spec section 3 and 6.2 for more details. =20 +The guest policy can be provided via the 'policy' property (see below) + +# ${QEMU} \ + sev-guest,id=3Dsev0,policy=3D0x1...\ + Guest owners provided DH certificate and session parameters will be used to establish a cryptographic session with the guest owner to negotiate keys u= sed for the attestation. =20 +The DH certificate and session blob can be provided via 'dh-cert-file' and +'session-file' property (see below + +# ${QEMU} \ + sev-guest,id=3Dsev0,dh-cert-file=3D,session-file=3D + LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic cont= ext created via LAUNCH_START command. If required, this command can be called multiple times to encrypt different memory regions. The command also calcu= lates @@ -59,6 +70,12 @@ context. See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the complete flow chart. =20 +To launch a SEV guest + +# ${QEMU} \ + -machine ...,memory-encryption=3Dsev0 \ + -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1 + Debugging ----------- Since memory contents of SEV guest is encrypted hence hypervisor access to= the diff --git a/qemu-options.hx b/qemu-options.hx index 4c28014..6113bce 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4353,6 +4353,50 @@ contents of @code{iv.b64} to the second secret data=3D$SECRET,iv=3D$( + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "qemu/base64.h" +#include "sysemu/kvm.h" +#include "sev_i386.h" +#include "sysemu/sysemu.h" + +#define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ +#define DEFAULT_SEV_DEVICE "/dev/sev" + +static void +qsev_guest_finalize(Object *obj) +{ +} + +static char * +qsev_guest_get_session_file(Object *obj, Error **errp) +{ + QSevGuestInfo *s =3D QSEV_GUEST_INFO(obj); + + return s->session_file ? g_strdup(s->session_file) : NULL; +} + +static void +qsev_guest_set_session_file(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *s =3D QSEV_GUEST_INFO(obj); + + s->session_file =3D g_strdup(value); +} + +static char * +qsev_guest_get_dh_cert_file(Object *obj, Error **errp) +{ + QSevGuestInfo *s =3D QSEV_GUEST_INFO(obj); + + return g_strdup(s->dh_cert_file); +} + +static void +qsev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *s =3D QSEV_GUEST_INFO(obj); + + s->dh_cert_file =3D g_strdup(value); +} + +static char * +qsev_guest_get_sev_device(Object *obj, Error **errp) +{ + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + + return g_strdup(sev->sev_device); +} + +static void +qsev_guest_set_sev_device(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + + sev->sev_device =3D g_strdup(value); +} + +static void +qsev_guest_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_str(oc, "sev-device", + qsev_guest_get_sev_device, + qsev_guest_set_sev_device, + NULL); + object_class_property_set_description(oc, "sev-device", + "SEV device to use", NULL); + object_class_property_add_str(oc, "dh-cert-file", + qsev_guest_get_dh_cert_file, + qsev_guest_set_dh_cert_file, + NULL); + object_class_property_set_description(oc, "dh-cert-file", + "guest owners DH certificate (encoded with base64)", NULL); + object_class_property_add_str(oc, "session-file", + qsev_guest_get_session_file, + qsev_guest_set_session_file, + NULL); + object_class_property_set_description(oc, "session-file", + "guest owners session parameters (encoded with base64)", NULL); +} + +static void +qsev_guest_set_handle(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->handle =3D value; +} + +static void +qsev_guest_set_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->policy =3D value; +} + +static void +qsev_guest_set_cbitpos(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->cbitpos =3D value; +} + +static void +qsev_guest_set_reduced_phys_bits(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->reduced_phys_bits =3D value; +} + +static void +qsev_guest_get_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + + value =3D sev->policy; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_handle(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + + value =3D sev->handle; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_cbitpos(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + + value =3D sev->cbitpos; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_reduced_phys_bits(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + + value =3D sev->reduced_phys_bits; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_init(Object *obj) +{ + QSevGuestInfo *sev =3D QSEV_GUEST_INFO(obj); + + sev->sev_device =3D g_strdup(DEFAULT_SEV_DEVICE); + sev->policy =3D DEFAULT_GUEST_POLICY; + object_property_add(obj, "policy", "uint32", qsev_guest_get_policy, + qsev_guest_set_policy, NULL, NULL, NULL); + object_property_add(obj, "handle", "uint32", qsev_guest_get_handle, + qsev_guest_set_handle, NULL, NULL, NULL); + object_property_add(obj, "cbitpos", "uint32", qsev_guest_get_cbitpos, + qsev_guest_set_cbitpos, NULL, NULL, NULL); + object_property_add(obj, "reduced-phys-bits", "uint32", + qsev_guest_get_reduced_phys_bits, + qsev_guest_set_reduced_phys_bits, NULL, NULL, NULL= ); +} + +/* sev guest info */ +static const TypeInfo qsev_guest_info =3D { + .parent =3D TYPE_OBJECT, + .name =3D TYPE_QSEV_GUEST_INFO, + .instance_size =3D sizeof(QSevGuestInfo), + .instance_finalize =3D qsev_guest_finalize, + .class_size =3D sizeof(QSevGuestInfoClass), + .class_init =3D qsev_guest_class_init, + .instance_init =3D qsev_guest_init, + .interfaces =3D (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void +sev_register_types(void) +{ + type_register_static(&qsev_guest_info); +} + +type_init(sev_register_types); diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h new file mode 100644 index 0000000..caf879c --- /dev/null +++ b/target/i386/sev_i386.h @@ -0,0 +1,61 @@ +/* + * QEMU Secure Encrypted Virutualization (SEV) support + * + * Copyright: Advanced Micro Devices, 2016-2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef QEMU_SEV_I386_H +#define QEMU_SEV_I386_H + +#include "qom/object.h" +#include "qapi/error.h" +#include "sysemu/kvm.h" +#include "qemu/error-report.h" + +#define SEV_POLICY_NODBG 0x1 +#define SEV_POLICY_NOKS 0x2 +#define SEV_POLICY_ES 0x4 +#define SEV_POLICY_NOSEND 0x8 +#define SEV_POLICY_DOMAIN 0x10 +#define SEV_POLICY_SEV 0x20 + +#define TYPE_QSEV_GUEST_INFO "sev-guest" +#define QSEV_GUEST_INFO(obj) \ + OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO) + +typedef struct QSevGuestInfo QSevGuestInfo; +typedef struct QSevGuestInfoClass QSevGuestInfoClass; + +/** + * QSevGuestInfo: + * + * The QSevGuestInfo object is used for creating a SEV guest. + * + * # $QEMU \ + * -object sev-guest,id=3Dsev0 \ + * -machine ...,memory-encryption=3Dsev0 + */ +struct QSevGuestInfo { + Object parent_obj; + + char *sev_device; + uint32_t policy; + uint32_t handle; + char *dh_cert_file; + char *session_file; + uint32_t cbitpos; + uint32_t reduced_phys_bits; +}; + +struct QSevGuestInfoClass { + ObjectClass parent_class; +}; + +#endif --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946417967587.6345266082416; Tue, 13 Mar 2018 06:06:57 -0700 (PDT) Received: from localhost ([::1]:39790 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjdp-0000xN-3O for importer@patchew.org; Tue, 13 Mar 2018 09:06:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60597) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUd-0001Is-98 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUa-0000kY-Lt for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:27 -0400 Received: from mail-wr0-x234.google.com ([2a00:1450:400c:c0c::234]:38011) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUa-0000jw-D4 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:24 -0400 Received: by mail-wr0-x234.google.com with SMTP id l8so8045564wrg.5 for ; Tue, 13 Mar 2018 05:57:24 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0M8b+HOlvAt/UfLt21zNfneddfPfK5rk9LNYMRrugZI=; b=sUHAHCHIWIJUfCOt6KFrfavnQd/bGQdRXGZ8XRZ54gh4i2RO0QEGb/ZiyQwLCJhBfU CU7DxAXMgtRJi7abibJqSYCGS2g9gG/eawQGMC4+mrlLpLnFE/c2FIngSMY7uMTQM8LO yobVzzkfjRVY6L7sKimN90CJVbK4/djWnh051XyuWqqkrIf11K2mnFY0UpX4tqyg2yhb 5U4sbem+ctQbLDxYImAgLVyeRk3K6uPGDt8BJFm48LbYDQbmOncXWzxFUhY4qVN2k9pH whoLRkSiqTcFMyG32B91gO+s0iPB1UeM9u1k44eaXuwM+tUVF2K2IgNd3xEIty80S+Uk yKmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=0M8b+HOlvAt/UfLt21zNfneddfPfK5rk9LNYMRrugZI=; b=UuEWdk1kmN/b3xMQB5JImtznjxt0xaKdZ6n9kaQdZ8FKYLHKC+NUaQp/7W+r1kuq+C sCx5bZDffr8Jt7kmO86hP8NpwrZTao7QdEIvMXtMgdLaroQawT4MTlRjYaJRZDJdnMe/ BOc2Bo/cDGVq7XDKhXpoC5HmOkyHKX5+onpoGf3WjRNvWqqUx9/zqPXV9veEPKf9n+AZ aaXJWhPlrWxPYxlgZC8dj2uEnu0UYY0B6gN54CwuO0pzHqZFNUaQIjIlt3v9gvVO63lj h0AmQQyhvzPggi05wFHw5lJcqngSzgHnZpvTj9OeaTL+Hf7weF66+chw5bFoXkKscaIA nwAw== X-Gm-Message-State: AElRT7HLAF5kmNIaO7cFajsLItzfwOI2KbqmiQivvk973hq68kGlJ4KG CIdj4wGtGKd8hUiaKEo83ADbhX3C X-Google-Smtp-Source: AG47ELsnzCCuU5sVJd2jAQNjmxODd+h6dX0soGszfl2R3xemeh9+ZB8vowkUMvWN0rRjiTF+vnMXcQ== X-Received: by 10.223.136.164 with SMTP id f33mr509583wrf.77.1520945842398; Tue, 13 Mar 2018 05:57:22 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:24 +0100 Message-Id: <1520945798-50640-9-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::234 Subject: [Qemu-devel] [PULL 08/22] sev/i386: qmp: add query-sev command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Markus Armbruster , "Dr. David Alan Gilbert" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 From: Brijesh Singh The QMP query command can used to retrieve the SEV information when memory encryption is enabled on AMD platform. Cc: Eric Blake Cc: "Daniel P. Berrang=C3=A9" Cc: "Dr. David Alan Gilbert" Cc: Markus Armbruster Reviewed-by: Eric Blake Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- monitor.c | 7 +++++ qapi/misc.json | 77 +++++++++++++++++++++++++++++++++++++++++++++++= ++++ target/i386/monitor.c | 8 ++++++ tests/qmp-test.c | 2 ++ 4 files changed, 94 insertions(+) diff --git a/monitor.c b/monitor.c index a4417f2..af11654 100644 --- a/monitor.c +++ b/monitor.c @@ -983,6 +983,7 @@ static void qmp_unregister_commands_hack(void) #endif #ifndef TARGET_I386 qmp_unregister_command(&qmp_commands, "rtc-reset-reinjection"); + qmp_unregister_command(&qmp_commands, "query-sev"); #endif #ifndef TARGET_S390X qmp_unregister_command(&qmp_commands, "dump-skeys"); @@ -4103,6 +4104,12 @@ void qmp_rtc_reset_reinjection(Error **errp) { error_setg(errp, QERR_FEATURE_DISABLED, "rtc-reset-reinjection"); } + +SevInfo *qmp_query_sev(Error **errp) +{ + error_setg(errp, QERR_FEATURE_DISABLED, "query-sev"); + return NULL; +} #endif =20 #ifndef TARGET_S390X diff --git a/qapi/misc.json b/qapi/misc.json index bcd5d10..7b628c2 100644 --- a/qapi/misc.json +++ b/qapi/misc.json @@ -3216,3 +3216,80 @@ # Since: 2.9 ## { 'command': 'query-vm-generation-id', 'returns': 'GuidInfo' } + + +## +# @SevState: +# +# An enumeration of SEV state information used during @query-sev. +# +# @uninit: The guest is uninitialized. +# +# @launch-update: The guest is currently being launched; plaintext data and +# register state is being imported. +# +# @launch-secret: The guest is currently being launched; ciphertext data +# is being imported. +# +# @running: The guest is fully launched or migrated in. +# +# @send-update: The guest is currently being migrated out to another machi= ne. +# +# @receive-update: The guest is currently being migrated from another mach= ine. +# +# Since: 2.12 +## +{ 'enum': 'SevState', + 'data': ['uninit', 'launch-update', 'launch-secret', 'running', + 'send-update', 'receive-update' ] } + +## +# @SevInfo: +# +# Information about Secure Encrypted Virtualization (SEV) support +# +# @enabled: true if SEV is active +# +# @api-major: SEV API major version +# +# @api-minor: SEV API minor version +# +# @build-id: SEV FW build id +# +# @policy: SEV policy value +# +# @state: SEV guest state +# +# @handle: SEV firmware handle +# +# Since: 2.12 +## +{ 'struct': 'SevInfo', + 'data': { 'enabled': 'bool', + 'api-major': 'uint8', + 'api-minor' : 'uint8', + 'build-id' : 'uint8', + 'policy' : 'uint32', + 'state' : 'SevState', + 'handle' : 'uint32' + } +} + +## +# @query-sev: +# +# Returns information about SEV +# +# Returns: @SevInfo +# +# Since: 2.12 +# +# Example: +# +# -> { "execute": "query-sev" } +# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, +# "build-id" : 0, "policy" : 0, "state" : "running", +# "handle" : 1 } } +# +## +{ 'command': 'query-sev', 'returns': 'SevInfo' } diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 7542912..0d1556f 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -30,6 +30,8 @@ #include "hw/i386/pc.h" #include "sysemu/kvm.h" #include "hmp.h" +#include "qapi/error.h" +#include "qapi/qapi-commands-misc.h" =20 =20 static void print_pte(Monitor *mon, CPUArchState *env, hwaddr addr, @@ -661,3 +663,9 @@ void hmp_info_io_apic(Monitor *mon, const QDict *qdict) ioapic_dump_state(mon, qdict); } } + +SevInfo *qmp_query_sev(Error **errp) +{ + error_setg(errp, "SEV feature is not available"); + return NULL; +} diff --git a/tests/qmp-test.c b/tests/qmp-test.c index 22445d9..a77ff92 100644 --- a/tests/qmp-test.c +++ b/tests/qmp-test.c @@ -204,6 +204,8 @@ static bool query_is_blacklisted(const char *cmd) "query-gic-capabilities", /* arm */ /* Success depends on target-specific build configuration: */ "query-pci", /* CONFIG_PCI */ + /* Success depends on Host or Hypervisor SEV support */ + "query-sev", NULL }; int i; --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946148002619.9325375026742; Tue, 13 Mar 2018 06:02:28 -0700 (PDT) Received: from localhost ([::1]:39767 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjZP-0005OA-JE for importer@patchew.org; Tue, 13 Mar 2018 09:02:23 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60599) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUd-0001Iy-AB for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUb-0000l4-5m for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:27 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:33253) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUa-0000kG-SX for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:25 -0400 Received: by mail-wr0-x243.google.com with SMTP id r8so7235216wrg.0 for ; Tue, 13 Mar 2018 05:57:24 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=WsrZrL3+iyhJuRspG2a1VQFslD9ltYNWKWDxTkXXlFs=; b=HHyIXP8mxYZfs8LcARWdSWNS21oFIQxfyqhSxd5vRBdxZfgXHx4yBnjrScUWBCXx/9 +HU9GPOezPBqkvZBcNGaXCkuqjZq5SLVrAKWZ9n9PA6eFKF8xBc92V0n2YvUQ6jWvpFU gdpdzVqa3ukkfQRolExcJDEOE4bwnKT9WlXTMva0VZCGrfJUBd6q23+dbZCZqxGYTybT xmt1bhJtL67yISimyTj6TddQ+1cQnemllO8J9dioxTwVwnEoRumd40Kx1phS5xMn3tlr NBfjdVGoIPA8uCQ3YkxTR8hU59Pqras6FIZumSBhy/Lx3kSXxhuMGuxotJDOEV/Mj3CM 4R+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=WsrZrL3+iyhJuRspG2a1VQFslD9ltYNWKWDxTkXXlFs=; b=nMuQ0x1w2Vb2M3UfPDyKs12sQeRQ27WMXXnoz0oWpOg2HljPMCTbDx2COeX1B6l+hT 5Xcxipi3gtJTspwHJKbcbiOJOK4Puuy/HhcqCf5oFrI8X7RyfAySgVOey+cfMsYuLpCQ 14wVBa+qUVYWOiaW7TJwIosPrHOnHWinAQ94BKWyoBP9NfBD5SqMaJgYmybWQnRg9iik XBGwzqr7QpvOIIi95tONacJtVBm0/+zC3yCXsdRXap24bd1Tbmb1hA3Hc6G6VzGi3/w4 Qi1MinuwcoEXR6iBcv4kP2iTMPa7nfayVdMmUjnvHH9B+p7Z4ayKSYxz7C00JqcvN6N9 VaZw== X-Gm-Message-State: AElRT7FHd+m8FcabhHkJ8yRlGrK1cWfm64/jinaJ+uAaEJK9uVNsb+zI W48rqwH2L5NwjnMB/NnsUBJPw1cC X-Google-Smtp-Source: AG47ELuALjFxfM+SJ1nd/MaijdUwrj4ORzWLBLcnZYr1ybftA4kfGwLhDY05OtsmPIw5hkKL1pedFA== X-Received: by 10.223.145.226 with SMTP id 89mr512336wri.262.1520945843405; Tue, 13 Mar 2018 05:57:23 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:25 +0100 Message-Id: <1520945798-50640-10-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 09/22] include: add psp-sev.h header file X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The header file provide the ioctl command and structure to communicate with /dev/sev device. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Brijesh Singh --- linux-headers/linux/psp-sev.h | 142 ++++++++++++++++++++++++++++++++++++= ++++ scripts/update-linux-headers.sh | 2 +- 2 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 linux-headers/linux/psp-sev.h diff --git a/linux-headers/linux/psp-sev.h b/linux-headers/linux/psp-sev.h new file mode 100644 index 0000000..33e2474 --- /dev/null +++ b/linux-headers/linux/psp-sev.h @@ -0,0 +1,142 @@ +/* + * Userspace interface for AMD Secure Encrypted Virtualization (SEV) + * platform management commands. + * + * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. + * + * Author: Brijesh Singh + * + * SEV spec 0.14 is available at: + * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#ifndef __PSP_SEV_USER_H__ +#define __PSP_SEV_USER_H__ + +#include + +/** + * SEV platform commands + */ +enum { + SEV_FACTORY_RESET =3D 0, + SEV_PLATFORM_STATUS, + SEV_PEK_GEN, + SEV_PEK_CSR, + SEV_PDH_GEN, + SEV_PDH_CERT_EXPORT, + SEV_PEK_CERT_IMPORT, + + SEV_MAX, +}; + +/** + * SEV Firmware status code + */ +typedef enum { + SEV_RET_SUCCESS =3D 0, + SEV_RET_INVALID_PLATFORM_STATE, + SEV_RET_INVALID_GUEST_STATE, + SEV_RET_INAVLID_CONFIG, + SEV_RET_INVALID_LEN, + SEV_RET_ALREADY_OWNED, + SEV_RET_INVALID_CERTIFICATE, + SEV_RET_POLICY_FAILURE, + SEV_RET_INACTIVE, + SEV_RET_INVALID_ADDRESS, + SEV_RET_BAD_SIGNATURE, + SEV_RET_BAD_MEASUREMENT, + SEV_RET_ASID_OWNED, + SEV_RET_INVALID_ASID, + SEV_RET_WBINVD_REQUIRED, + SEV_RET_DFFLUSH_REQUIRED, + SEV_RET_INVALID_GUEST, + SEV_RET_INVALID_COMMAND, + SEV_RET_ACTIVE, + SEV_RET_HWSEV_RET_PLATFORM, + SEV_RET_HWSEV_RET_UNSAFE, + SEV_RET_UNSUPPORTED, + SEV_RET_MAX, +} sev_ret_code; + +/** + * struct sev_user_data_status - PLATFORM_STATUS command parameters + * + * @major: major API version + * @minor: minor API version + * @state: platform state + * @flags: platform config flags + * @build: firmware build id for API version + * @guest_count: number of active guests + */ +struct sev_user_data_status { + __u8 api_major; /* Out */ + __u8 api_minor; /* Out */ + __u8 state; /* Out */ + __u32 flags; /* Out */ + __u8 build; /* Out */ + __u32 guest_count; /* Out */ +} __attribute__((packed)); + +/** + * struct sev_user_data_pek_csr - PEK_CSR command parameters + * + * @address: PEK certificate chain + * @length: length of certificate + */ +struct sev_user_data_pek_csr { + __u64 address; /* In */ + __u32 length; /* In/Out */ +} __attribute__((packed)); + +/** + * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters + * + * @pek_address: PEK certificate chain + * @pek_len: length of PEK certificate + * @oca_address: OCA certificate chain + * @oca_len: length of OCA certificate + */ +struct sev_user_data_pek_cert_import { + __u64 pek_cert_address; /* In */ + __u32 pek_cert_len; /* In */ + __u64 oca_cert_address; /* In */ + __u32 oca_cert_len; /* In */ +} __attribute__((packed)); + +/** + * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command paramete= rs + * + * @pdh_address: PDH certificate address + * @pdh_len: length of PDH certificate + * @cert_chain_address: PDH certificate chain + * @cert_chain_len: length of PDH certificate chain + */ +struct sev_user_data_pdh_cert_export { + __u64 pdh_cert_address; /* In */ + __u32 pdh_cert_len; /* In/Out */ + __u64 cert_chain_address; /* In */ + __u32 cert_chain_len; /* In/Out */ +} __attribute__((packed)); + +/** + * struct sev_issue_cmd - SEV ioctl parameters + * + * @cmd: SEV commands to execute + * @opaque: pointer to the command structure + * @error: SEV FW return code on failure + */ +struct sev_issue_cmd { + __u32 cmd; /* In */ + __u64 data; /* In */ + __u32 error; /* Out */ +} __attribute__((packed)); + +#define SEV_IOC_TYPE 'S' +#define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd) + +#endif /* __PSP_USER_SEV_H */ diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers= .sh index 9767172..e152417 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -121,7 +121,7 @@ done rm -rf "$output/linux-headers/linux" mkdir -p "$output/linux-headers/linux" for header in kvm.h kvm_para.h vfio.h vfio_ccw.h vhost.h \ - psci.h userfaultfd.h; do + psci.h psp-sev.h userfaultfd.h; do cp "$tmpdir/include/linux/$header" "$output/linux-headers/linux" done rm -rf "$output/linux-headers/asm-generic" --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946358771827.2974525344539; Tue, 13 Mar 2018 06:05:58 -0700 (PDT) Received: from localhost ([::1]:39789 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjcr-000084-TM for importer@patchew.org; Tue, 13 Mar 2018 09:05:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60672) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUf-0001L5-8Y for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUc-0000ms-Ka for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:29 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:44774) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUc-0000lW-64 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:26 -0400 Received: by mail-wr0-x243.google.com with SMTP id v65so22375865wrc.11 for ; Tue, 13 Mar 2018 05:57:25 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=JQFwpW0c2YVJxkK13Ue1HW8lH9nuo0zPf9R12QMb6FI=; b=riVFaX284bTRSYQTKEEm/TIUeCqblPinYBxGGz0pm1/i1nkb+tax5uyGsn6QBPZJyY wALmRti2bFXObN5WRmeYXOSMSJmCpGRIyTMPP17QRN8kr4hwr+xy6BSIDHRFRxVzORQV xa6uGcogvVxOlG9m9a99Yn4DykX5p1OO/ej2gHvtkkljBtaXBPuKY9btJv4BJkeoxx+i T74c4Dc+2y6pMswqZUMb0/TGWmKQAZ09IeS2Cq1iKbrYWFBC5PkUPhweScISSWfg0/1a NJioIa+Ylmc3VJGoGbK3E9Nn9GVVGkrlVXZznSP8+OjX79p4N/rqlKiXNC2e60xKg8lZ DPVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=JQFwpW0c2YVJxkK13Ue1HW8lH9nuo0zPf9R12QMb6FI=; b=CVUR06h7lzFTSFMk9R/ygg4glCjpDI0HFXb2WN2efWf/PIKxweBGx/4rQiCmcSov8r B4f6qMhkUpZKWq9UeK52Pw8nsqQ1hJEvN+HFnfs+I42amm16DyoacX3GlVvv2cMqyD7D Bhx66uM2pmx9bVEXSb8yFNdX/SGz7qd1kozSMRo/mTW+II4iV3plDof1fu5poh+nJUug yIq6NvoV/gz/9KO2VpAWtjdn5SfWlCqv+tHI1/O4MHxSy/oviu3Rqy65i5cdoifPT02i q5u6cSs755AtYf1T4kJj239iMhZd98diN5+s9DnYjzpfD16xckTMdhkB9KAuHp+9UQ/m AAOg== X-Gm-Message-State: AElRT7GxlLJl8yIjaFl2qFEg50A8L5NfW1UQ5HlJqp5tiMGVh+ZG15zr YeKvhJF6PSd9U+L+NnQd8210e00r X-Google-Smtp-Source: AG47ELvN44wky5q2toXw49YiJxdg/toGxX3M0unO8BxdWTbX+GnoNw7YwJ+R2mlGQFLfRbYlE0sHXw== X-Received: by 10.28.16.138 with SMTP id 132mr769120wmq.28.1520945844675; Tue, 13 Mar 2018 05:57:24 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:26 +0100 Message-Id: <1520945798-50640-11-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 10/22] sev/i386: add command to initialize the memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When memory encryption is enabled, KVM_SEV_INIT command is used to initialize the platform. The command loads the SEV related persistent data from non-volatile storage and initializes the platform context. This command should be first issued before invoking any other guest commands provided by the SEV firmware. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/Makefile.objs | 1 + target/i386/monitor.c | 12 ++- target/i386/sev-stub.c | 41 +++++++++ target/i386/sev.c | 224 ++++++++++++++++++++++++++++++++++++++++++= ++++ target/i386/sev_i386.h | 24 +++++ target/i386/trace-events | 3 + 6 files changed, 303 insertions(+), 2 deletions(-) create mode 100644 target/i386/sev-stub.c diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs index d4697d8..04678f5 100644 --- a/target/i386/Makefile.objs +++ b/target/i386/Makefile.objs @@ -7,6 +7,7 @@ obj-$(CONFIG_SOFTMMU) +=3D machine.o arch_memory_mapping.o = arch_dump.o monitor.o obj-$(CONFIG_KVM) +=3D kvm.o hyperv.o obj-$(CONFIG_SEV) +=3D sev.o obj-$(call lnot,$(CONFIG_KVM)) +=3D kvm-stub.o +obj-$(call lnot,$(CONFIG_SEV)) +=3D sev-stub.o # HAX support ifdef CONFIG_WIN32 obj-$(CONFIG_HAX) +=3D hax-all.o hax-mem.o hax-windows.o diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 0d1556f..4eae0a6 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -31,6 +31,7 @@ #include "sysemu/kvm.h" #include "hmp.h" #include "qapi/error.h" +#include "sev_i386.h" #include "qapi/qapi-commands-misc.h" =20 =20 @@ -666,6 +667,13 @@ void hmp_info_io_apic(Monitor *mon, const QDict *qdict) =20 SevInfo *qmp_query_sev(Error **errp) { - error_setg(errp, "SEV feature is not available"); - return NULL; + SevInfo *info; + + info =3D sev_get_info(); + if (!info) { + error_setg(errp, "SEV feature is not available"); + return NULL; + } + + return info; } diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c new file mode 100644 index 0000000..c86d8c1 --- /dev/null +++ b/target/i386/sev-stub.c @@ -0,0 +1,41 @@ +/* + * QEMU SEV stub + * + * Copyright Advanced Micro Devices 2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "sev_i386.h" + +SevInfo *sev_get_info(void) +{ + return NULL; +} + +bool sev_enabled(void) +{ + return false; +} + +uint64_t sev_get_me_mask(void) +{ + return ~0; +} + +uint32_t sev_get_cbit_position(void) +{ + return 0; +} + +uint32_t sev_get_reduced_phys_bits(void) +{ + return 0; +} diff --git a/target/i386/sev.c b/target/i386/sev.c index ab42e4a..91b5190 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -11,6 +11,11 @@ * */ =20 +#include +#include + +#include + #include "qemu/osdep.h" #include "qapi/error.h" #include "qom/object_interfaces.h" @@ -18,10 +23,88 @@ #include "sysemu/kvm.h" #include "sev_i386.h" #include "sysemu/sysemu.h" +#include "trace.h" =20 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" =20 +static SEVState *sev_state; + +static const char *const sev_fw_errlist[] =3D { + "", + "Platform state is invalid", + "Guest state is invalid", + "Platform configuration is invalid", + "Buffer too small", + "Platform is already owned", + "Certificate is invalid", + "Policy is not allowed", + "Guest is not active", + "Invalid address", + "Bad signature", + "Bad measurement", + "Asid is already owned", + "Invalid ASID", + "WBINVD is required", + "DF_FLUSH is required", + "Guest handle is invalid", + "Invalid command", + "Guest is active", + "Hardware error", + "Hardware unsafe", + "Feature not supported", + "Invalid parameter" +}; + +#define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) + +static int +sev_ioctl(int fd, int cmd, void *data, int *error) +{ + int r; + struct kvm_sev_cmd input; + + memset(&input, 0x0, sizeof(input)); + + input.id =3D cmd; + input.sev_fd =3D fd; + input.data =3D (__u64)data; + + r =3D kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); + + if (error) { + *error =3D input.error; + } + + return r; +} + +static int +sev_platform_ioctl(int fd, int cmd, void *data, int *error) +{ + int r; + struct sev_issue_cmd arg; + + arg.cmd =3D cmd; + arg.data =3D (unsigned long)data; + r =3D ioctl(fd, SEV_ISSUE_CMD, &arg); + if (error) { + *error =3D arg.error; + } + + return r; +} + +static const char * +fw_error_to_str(int code) +{ + if (code < 0 || code >=3D SEV_FW_MAX_ERROR) { + return "unknown error"; + } + + return sev_fw_errlist[code]; +} + static void qsev_guest_finalize(Object *obj) { @@ -219,6 +302,147 @@ static const TypeInfo qsev_guest_info =3D { } }; =20 +static QSevGuestInfo * +lookup_sev_guest_info(const char *id) +{ + Object *obj; + QSevGuestInfo *info; + + obj =3D object_resolve_path_component(object_get_objects_root(), id); + if (!obj) { + return NULL; + } + + info =3D (QSevGuestInfo *) + object_dynamic_cast(obj, TYPE_QSEV_GUEST_INFO); + if (!info) { + return NULL; + } + + return info; +} + +bool +sev_enabled(void) +{ + return sev_state ? true : false; +} + +uint64_t +sev_get_me_mask(void) +{ + return sev_state ? sev_state->me_mask : ~0; +} + +uint32_t +sev_get_cbit_position(void) +{ + return sev_state ? sev_state->cbitpos : 0; +} + +uint32_t +sev_get_reduced_phys_bits(void) +{ + return sev_state ? sev_state->reduced_phys_bits : 0; +} + +SevInfo * +sev_get_info(void) +{ + SevInfo *info; + + info =3D g_new0(SevInfo, 1); + info->enabled =3D sev_state ? true : false; + + if (info->enabled) { + info->api_major =3D sev_state->api_major; + info->api_minor =3D sev_state->api_minor; + info->build_id =3D sev_state->build_id; + info->policy =3D sev_state->policy; + info->state =3D sev_state->state; + info->handle =3D sev_state->handle; + } + + return info; +} + +void * +sev_guest_init(const char *id) +{ + SEVState *s; + char *devname; + int ret, fw_error; + uint32_t ebx; + uint32_t host_cbitpos; + struct sev_user_data_status status =3D {}; + + s =3D g_new0(SEVState, 1); + s->sev_info =3D lookup_sev_guest_info(id); + if (!s->sev_info) { + error_report("%s: '%s' is not a valid '%s' object", + __func__, id, TYPE_QSEV_GUEST_INFO); + goto err; + } + + sev_state =3D s; + s->state =3D SEV_STATE_UNINIT; + + host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); + host_cbitpos =3D ebx & 0x3f; + + s->cbitpos =3D object_property_get_int(OBJECT(s->sev_info), "cbitpos",= NULL); + if (host_cbitpos !=3D s->cbitpos) { + error_report("%s: cbitpos check failed, host '%d' requested '%d'", + __func__, host_cbitpos, s->cbitpos); + goto err; + } + + s->reduced_phys_bits =3D object_property_get_int(OBJECT(s->sev_info), + "reduced-phys-bits", NULL); + if (s->reduced_phys_bits < 1) { + error_report("%s: reduced_phys_bits check failed, it should be >= =3D1," + "' requested '%d'", __func__, s->reduced_phys_bits); + goto err; + } + + s->me_mask =3D ~(1UL << s->cbitpos); + + devname =3D object_property_get_str(OBJECT(s->sev_info), "sev-device",= NULL); + s->sev_fd =3D open(devname, O_RDWR); + if (s->sev_fd < 0) { + error_report("%s: Failed to open %s '%s'", __func__, + devname, strerror(errno)); + goto err; + } + g_free(devname); + + ret =3D sev_platform_ioctl(s->sev_fd, SEV_PLATFORM_STATUS, &status, + &fw_error); + if (ret) { + error_report("%s: failed to get platform status ret=3D%d" + "fw_error=3D'%d: %s'", __func__, ret, fw_error, + fw_error_to_str(fw_error)); + goto err; + } + s->build_id =3D status.build; + s->api_major =3D status.api_major; + s->api_minor =3D status.api_minor; + + trace_kvm_sev_init(); + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_INIT, NULL, &fw_error); + if (ret) { + error_report("%s: failed to initialize ret=3D%d fw_error=3D%d '%s'= ", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + return s; +err: + g_free(sev_state); + sev_state =3D NULL; + return NULL; +} + static void sev_register_types(void) { diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index caf879c..924cebc 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -17,7 +17,9 @@ #include "qom/object.h" #include "qapi/error.h" #include "sysemu/kvm.h" +#include "sysemu/sev.h" #include "qemu/error-report.h" +#include "qapi/qapi-commands-misc.h" =20 #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 @@ -30,6 +32,12 @@ #define QSEV_GUEST_INFO(obj) \ OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO) =20 +extern bool sev_enabled(void); +extern uint64_t sev_get_me_mask(void); +extern SevInfo *sev_get_info(void); +extern uint32_t sev_get_cbit_position(void); +extern uint32_t sev_get_reduced_phys_bits(void); + typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass; =20 @@ -58,4 +66,20 @@ struct QSevGuestInfoClass { ObjectClass parent_class; }; =20 +struct SEVState { + QSevGuestInfo *sev_info; + uint8_t api_major; + uint8_t api_minor; + uint8_t build_id; + uint32_t policy; + uint64_t me_mask; + uint32_t cbitpos; + uint32_t reduced_phys_bits; + uint32_t handle; + int sev_fd; + SevState state; +}; + +typedef struct SEVState SEVState; + #endif diff --git a/target/i386/trace-events b/target/i386/trace-events index 3153fd4..797b716 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -5,3 +5,6 @@ kvm_x86_fixup_msi_error(uint32_t gsi) "VT-d failed to remap= interrupt for GSI %" kvm_x86_add_msi_route(int virq) "Adding route entry for virq %d" kvm_x86_remove_msi_route(int virq) "Removing route entry for virq %d" kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" + +# target/i386/sev.c +kvm_sev_init(void) "" --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946330279896.490128431636; Tue, 13 Mar 2018 06:05:30 -0700 (PDT) Received: from localhost ([::1]:39781 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjcP-00087u-Em for importer@patchew.org; Tue, 13 Mar 2018 09:05:29 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60664) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUe-0001Kc-Pe for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUd-0000oF-Kf for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:28 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:39010) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUd-0000n7-96 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:27 -0400 Received: by mail-wr0-x243.google.com with SMTP id k3so2974384wrg.6 for ; Tue, 13 Mar 2018 05:57:27 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=qoykH4sXNVvSai/71/nnmG7Ovm+6nZe07pgC5jEEAlw=; b=au9uifqhNCgZkFtU5jgbidHDULteYGD4KAmzY/8cYclny2ePbwzTsoJaCmq2nFk6KG tnLrlbz3LwwtNxKfQy01Dnxkem8e0X140meWL5bvUbHI2seXzhcQ/IepCVQcDCTZJuzC cS5TBsaufu2o3OS6w+RppMWdTFN45sQOVavsxU4xd3EU3q8KtF0+pJ4QvsNsvm64e/G8 Ur8/JKsFd/ZYnzlGbVNYH6dQqTfsGo5A9ZsTwn/3zm54y2F122/RKo1bw/xiRylo6pBd IxILzejCXVzIaDJ3N3WL7Vz9n58laqvaykFBpHYZz9BW8xvseg5SkAYrNAJZBb6pGDwg ysoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=qoykH4sXNVvSai/71/nnmG7Ovm+6nZe07pgC5jEEAlw=; b=JDnqtGgeqXiBEUnPwiZcGpbL87cCD/IEuHNbht5R5vR3IToFaAmivQAoMw3ybvTXh0 OOw/oy1zk9xEEc+MFZMvot0m83T1BA7sfLW4+fFg8tsQq43QdNmVsZu7t+sDcJCYvCi9 gXOWi6VYQIpZy91pE+HeU5fwmS4qpirKvKB90kqjXRm7vPkeJOYVC5Vh1l4+EzKn8SXY eTbTIP2AlY2+Bt0agYzmU0nUXnbG7DDVfVEs78TjSweQKzW4NyAKgP3+Dtxn7Lp/fpdE r6RBcKd4T/t9zT63OyJJ/leyScAQXKTCcrvOY6lHuAB6MuThiJzBtrT/KCbB1POi2Jl2 JbdQ== X-Gm-Message-State: AElRT7H4RQQ1Iuup7tHq0cBajMipcS3YUFMcBPWH+8am56e4uvOn0b9p 8aFWtak4O1kOOhMMwzXBLK+IAVsZ X-Google-Smtp-Source: AG47ELuqhl9VZibiHQuOLR7V209N7IM2c3861BQqeQXE4a65hwluftgC0B83Z0tx39zOvZfGRDLkSQ== X-Received: by 10.223.163.136 with SMTP id l8mr530401wrb.270.1520945845709; Tue, 13 Mar 2018 05:57:25 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:27 +0100 Message-Id: <1520945798-50640-12-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 11/22] sev/i386: register the guest memory range which may contain encrypted data X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 42 ++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 2 files changed, 44 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 91b5190..c63012a 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -106,6 +106,46 @@ fw_error_to_str(int code) } =20 static void +sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr =3D (__u64)host; + range.size =3D size; + + trace_kvm_memcrypt_register_region(host, size); + r =3D kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); + if (r) { + error_report("%s: failed to register region (%p+%#lx) error '%s'", + __func__, host, size, strerror(errno)); + exit(1); + } +} + +static void +sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) +{ + int r; + struct kvm_enc_region range; + + range.addr =3D (__u64)host; + range.size =3D size; + + trace_kvm_memcrypt_unregister_region(host, size); + r =3D kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); + if (r) { + error_report("%s: failed to unregister region (%p+%#lx)", + __func__, host, size); + } +} + +static struct RAMBlockNotifier sev_ram_notifier =3D { + .ram_block_added =3D sev_ram_block_added, + .ram_block_removed =3D sev_ram_block_removed, +}; + +static void qsev_guest_finalize(Object *obj) { } @@ -436,6 +476,8 @@ sev_guest_init(const char *id) goto err; } =20 + ram_block_notifier_add(&sev_ram_notifier); + return s; err: g_free(sev_state); diff --git a/target/i386/trace-events b/target/i386/trace-events index 797b716..ffa3d22 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -8,3 +8,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" =20 # target/i386/sev.c kvm_sev_init(void) "" +kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946737002472.15413379956885; Tue, 13 Mar 2018 06:12:17 -0700 (PDT) Received: from localhost ([::1]:39830 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjiy-0005q4-5q for importer@patchew.org; Tue, 13 Mar 2018 09:12:16 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60714) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUg-0001ML-8d for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUf-0000pc-4G for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:30 -0400 Received: from mail-wr0-x236.google.com ([2a00:1450:400c:c0c::236]:40566) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUe-0000ok-PS for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:29 -0400 Received: by mail-wr0-x236.google.com with SMTP id m4so9588837wrb.7 for ; Tue, 13 Mar 2018 05:57:28 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=l9Qnv69KNa5Two4Lf3sRRQQHkQ1t720RD6O+cBdjgqs=; b=KgaM63opTmjaubD2305QxcRXWe5CWyFeI3n8dR+xbCniEo1+mmzESsntVEdfgaAB/3 8HAPTZgsi7LZqEC1a8A/w61TXsA7UKf6WvcXy21qoF0Nx1/6bXB6VvdAbotla+7kYBTY e4HwpL6CwH8uMBLmL4TmjJi1c/IB0JhIAO7+KtuZ5cZ+RYCfQQZCJso27d+4itTZ257N qqk8rv41tgBCCO31p4SQkTMUAJpMOhrTUaXyxHeBrEaGkbeYNNfVpxIjxjdn/xS50eTW 1/BMYsJ5xv5Z2OAqlRPLWe4fBu2SI+xibn27IE9EoxOHxCqLkqkP8UL5IURDG3O2FAHD EeuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=l9Qnv69KNa5Two4Lf3sRRQQHkQ1t720RD6O+cBdjgqs=; b=cYHPBPKNZfYMp+MCgarlnH4ww2Q50li2YhO/JQcC5342IZLZNbWpuqpnTMKPw7U32L K5ekIpSQOa718IZiN4KxgSXQ195sdq8o3IHYyQsaiKo1pmvpjb4f46OTk/+nt54tH98/ lGlavIW62GVKiBc9X1BB1NCSKonj+MiKZdSVo8HlIdAPN0QU+lQjwHHcK1iraKs0M00E GHgr5UD9C1dbu9tW5gvmEqtkBKuIv+kqGkhrn9BAahYycN5lSGcpKVCo/yP2cFbdIru1 /8ZBKzfeB92ViFKHBOQ70iNy9eBqqr0qK+N4lDJscZuzTP0QljyS3my0/0o3SLh4UiVX fPcQ== X-Gm-Message-State: AElRT7ExbqVtOfTbMI8Is+Tj3fRPjruL5sbE1JXXYUQR1KAR5n/AaYWW jpBech3Xp5qNdhPuB1FatbuFPZyQ X-Google-Smtp-Source: AG47ELvobFVxBJ+UaonfODBWe/x4Ysw73wirhNqDoyz3HmoiLGEe4fbzhJaRpQLTJqJdDTZzqxasLA== X-Received: by 10.28.97.7 with SMTP id v7mr680688wmb.154.1520945847287; Tue, 13 Mar 2018 05:57:27 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:28 +0100 Message-Id: <1520945798-50640-13-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::236 Subject: [Qemu-devel] [PULL 12/22] sev/i386: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 86 ++++++++++++++++++++++++++++++++++++++++++++= ++++ target/i386/trace-events | 2 ++ 2 files changed, 88 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index c63012a..d855dd5 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -106,6 +106,17 @@ fw_error_to_str(int code) } =20 static void +sev_set_guest_state(SevState new_state) +{ + assert(new_state < SEV_STATE__MAX); + assert(sev_state); + + trace_kvm_sev_change_state(SevState_str(sev_state->state), + SevState_str(new_state)); + sev_state->state =3D new_state; +} + +static void sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) { int r; @@ -406,6 +417,75 @@ sev_get_info(void) return info; } =20 +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error =3D NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data =3D g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret =3D 1; + int fw_error; + QSevGuestInfo *sev =3D s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session =3D NULL, *dh_cert =3D NULL; + + start =3D g_new0(struct kvm_sev_launch_start, 1); + + start->handle =3D object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy =3D object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr =3D (unsigned long)session; + start->session_len =3D sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr =3D (unsigned long)dh_cert; + start->dh_len =3D sz; + } + + trace_kvm_sev_launch_start(start->policy, session, dh_cert); + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + sev_set_guest_state(SEV_STATE_LAUNCH_UPDATE); + s->handle =3D start->handle; + s->policy =3D start->policy; + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -476,6 +556,12 @@ sev_guest_init(const char *id) goto err; } =20 + ret =3D sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + ram_block_notifier_add(&sev_ram_notifier); =20 return s; diff --git a/target/i386/trace-events b/target/i386/trace-events index ffa3d22..9402251 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" kvm_sev_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_sev_change_state(const char *old, const char *new) "%s -> %s" +kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x se= ssion %p pdh %p" --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 152094633524527.247888829608655; Tue, 13 Mar 2018 06:05:35 -0700 (PDT) Received: from localhost ([::1]:39782 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjcQ-0008Ai-AJ for importer@patchew.org; Tue, 13 Mar 2018 09:05:30 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60740) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUh-0001Nb-6u for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUg-0000qb-30 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:31 -0400 Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244]:41782) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUf-0000pj-SO for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:30 -0400 Received: by mail-wr0-x244.google.com with SMTP id f14so22394658wre.8 for ; Tue, 13 Mar 2018 05:57:29 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=CkNguahfiJfVI5z1d0MSzJ0MaSOOQkeiKdOd0SAlcYA=; b=JrQr311tttaF/4pJM1yETGx2jmHG8ju37nueL7ixN2D3VCcaTKwLvAQvBrVJcWdC/S QfFrQAmuLsafWmBqLOUh2wCvhNo08+e9z13LePERFCWMSI8KLUyhvsrz94NK/3NmmcxJ D+B3yyO4a/4QqI3qPkqzLKfPmPJPGhGXrEZ4VMtMQzexwuBiCBgsRB+CrTjhme1fWMo7 FRFDski46G4h5UzEzecOkjS2Eu3d91ecngXuIpW9ZLwpF/rytfb2HUZwXCBCA/8RwsQa 64S/JYOcpfQEBy8ABCBfQISXPedmmerLYIXgcpTjzlQydTGhRsoUDt7iGyCAUzlQjzp4 wwbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=CkNguahfiJfVI5z1d0MSzJ0MaSOOQkeiKdOd0SAlcYA=; b=iU2eAGOzNfNENSsVAP3C2Gz75uOtPL4qC7gQqQeGphOacanboRzY7/yG8UxcGSybWl uMx2ihkcZ3jMnYxs72BHhGqyZDODPdWmJP8y1TsI4GkSiAKKaapXSFtQdzJYZlOdUe2y 86z3r2fC+H4Ca48oijmNzpyUIT6wI8VVejDdAEXBT6PUFIdzPuO0wa9BDdZBUbVmPf0j sTi2Dk/yTtsu1Z2Ve+JzcyHW1UGr7vm+LHSOncYQ5GF5zb2KfeYzoWfE/Lo0Sk8zbMK5 EeyzatJrFYIp92/Le0wzfW5fkputst2p2HpGUyYDLe0Oay2UWm3OwbEvOtzek3+20fJk oQPQ== X-Gm-Message-State: AElRT7Gi8x8WPE6WPfdUhu0HXo61DItYshYJU7GozJLVZkWw7EKQSRPE Ndmfie0Hf2fWN3rpGrFo4TtWnlow X-Google-Smtp-Source: AG47ELv3AVAN4uSmLngFhOISYOCgd+ZazkLsEQP4z1z/GKWRYSvjxarJgZGdAVy81L14S6SOpuQ8Og== X-Received: by 10.223.133.70 with SMTP id 64mr520354wrh.164.1520945848386; Tue, 13 Mar 2018 05:57:28 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:29 +0100 Message-Id: <1520945798-50640-14-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::244 Subject: [Qemu-devel] [PULL 13/22] sev/i386: add command to encrypt guest memory region X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 43 +++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 2 files changed, 44 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index d855dd5..ff98159 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -105,6 +105,13 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } =20 +static bool +sev_check_state(SevState state) +{ + assert(sev_state); + return sev_state->state =3D=3D state ? true : false; +} + static void sev_set_guest_state(SevState new_state) { @@ -486,6 +493,29 @@ sev_launch_start(SEVState *s) return 0; } =20 +static int +sev_launch_update_data(uint8_t *addr, uint64_t len) +{ + int ret, fw_error; + struct kvm_sev_launch_update_data update; + + if (!addr || !len) { + return 1; + } + + update.uaddr =3D (__u64)addr; + update.len =3D len; + trace_kvm_sev_launch_update_data(addr, len); + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + &update, &fw_error); + if (ret) { + error_report("%s: LAUNCH_UPDATE ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + } + + return ret; +} + void * sev_guest_init(const char *id) { @@ -571,6 +601,19 @@ err: return NULL; } =20 +int +sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) +{ + assert(handle); + + /* if SEV is in update state then encrypt the data else do nothing */ + if (sev_check_state(SEV_STATE_LAUNCH_UPDATE)) { + return sev_launch_update_data(ptr, len); + } + + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 9402251..c0cd8e9 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "add= r %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x se= ssion %p pdh %p" +kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRI= u64 --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946865651109.7469041277725; Tue, 13 Mar 2018 06:14:25 -0700 (PDT) Received: from localhost ([::1]:39856 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjl2-00082p-RU for importer@patchew.org; Tue, 13 Mar 2018 09:14:24 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60759) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUh-0001OG-Sw for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUh-0000rb-5l for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:31 -0400 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:39010) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUg-0000qp-VC for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:31 -0400 Received: by mail-wr0-x242.google.com with SMTP id k3so2974956wrg.6 for ; Tue, 13 Mar 2018 05:57:30 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=Il3NGs+JnhyoXiKuu40B2PaBV/o2DX6WVZo6kEkJVOE=; b=uFQuXpFcI8vE3bXz3+okQ12bH//sOOM6IZlTLadPPl8hJPKA/ylxwv6XCToSZLk8N8 YYwJOAynhUme1sp44FpNoovQipunoyo//62h0lmZa0XAGJOdDIh/YAl2Od1/lajTA7rh RWVx4mmDcIibI1ZxtgM/ONCntL1RG+BaQnpJKlCpAPkVL9+Hwl/qWENyl3KlSK7cixmW rbt/LSOnqLLRHJuRbbA6ErxGS7By5c04LX3V2vnvOtA5PWgZWv3cpGztMO7WLbe+vY7q HsFCVGV773ww7AHk2DTukMmeyjKb38V2VC7PGC8rct44bqbZju6hosvMUs3QE2dowFyx pADw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=Il3NGs+JnhyoXiKuu40B2PaBV/o2DX6WVZo6kEkJVOE=; b=ljQUzmK6uGV4lLKYg2OqcZ25GKGTmkbx2GhJnp3iOutwhWEEQFJPrW5ZQjd/bCdpov trd82EuDzsTGZ3wY54nw7J+uS2DBZpQX1Sxcwm8t2Z6VfIoVKyvKcBUKhxXiPxk8pHE8 NpToLFoXryL4UoYWmY0WWkizE0tHomzTgo5m2YU+Iqx734BAuNfZANubwdCNc5A5d6t3 ZoXXWCYCynRAUsIPXu5p/LwnqD+u0vicjTy2EslmxzbXFF86IAVOpU1b5ciqmUnWvmuU 9xFibOv8vz7vCdqHiQR9qpzsx2z1qmft3/jXX2+CAh7wmAVVQzp8gKp39AZG3EYzu3Rv 2OTw== X-Gm-Message-State: AElRT7F/B7kTtZpfeYy2xTDjkVF0s9mnXIQluobZ1qpR8DwE3R4Py4xO YhUev7dRJQVDwq9diCMPyOQtWzsq X-Google-Smtp-Source: AG47ELsKAI7VxM0WtEnl/YV85G3vfEJwN7YvDwnfthgRsLI62/0LWdBLGr864u4Cwo4pPcd7KybLNQ== X-Received: by 10.223.189.131 with SMTP id l3mr510967wrh.140.1520945849678; Tue, 13 Mar 2018 05:57:29 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:30 +0100 Message-Id: <1520945798-50640-15-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::242 Subject: [Qemu-devel] [PULL 14/22] target/i386: encrypt bios rom X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , Brijesh Singh , Eduardo Habkost , "Michael S. Tsirkin" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh SEV requires that guest bios must be encrypted before booting the guest. Cc: "Michael S. Tsirkin" Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- hw/i386/pc_sysfw.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 4325575..73ac783 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -113,6 +113,8 @@ static void pc_system_flash_init(MemoryRegion *rom_memo= ry) pflash_t *system_flash; MemoryRegion *flash_mem; char name[64]; + void *flash_ptr; + int ret, flash_size; =20 sector_bits =3D 12; sector_size =3D 1 << sector_bits; @@ -169,6 +171,17 @@ static void pc_system_flash_init(MemoryRegion *rom_mem= ory) if (unit =3D=3D 0) { flash_mem =3D pflash_cfi01_get_memory(system_flash); pc_isa_bios_init(rom_memory, flash_mem, size); + + /* Encrypt the pflash boot ROM */ + if (kvm_memcrypt_enabled()) { + flash_ptr =3D memory_region_get_ram_ptr(flash_mem); + flash_size =3D memory_region_size(flash_mem); + ret =3D kvm_memcrypt_encrypt_data(flash_ptr, flash_size); + if (ret) { + error_report("failed to encrypt pflash rom"); + exit(1); + } + } } } } --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520947016057212.85354238984064; Tue, 13 Mar 2018 06:16:56 -0700 (PDT) Received: from localhost ([::1]:39874 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjnT-0001XV-4r for importer@patchew.org; Tue, 13 Mar 2018 09:16:55 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60789) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUj-0001Qa-Om for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUi-0000su-Ov for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:33 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:46808) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUi-0000sA-ER for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:32 -0400 Received: by mail-wr0-x243.google.com with SMTP id m12so22358898wrm.13 for ; Tue, 13 Mar 2018 05:57:32 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=gXKOL/pjLP2VBAqA2TCzFD76iFcc0hsMg3EHMmnieHg=; b=PqkqG5qxInda2D9VNs3OVHVvvcFqSFL4sA/Xmx1BRH4U1gJ7giubGCCM8KGkIU+VSc Rdst3yKijYYf00MrKsAHhVA53DeVWMItmtkJvq7x2YNBiWWW2XyPjbjiTFAEmbmaf1tD gRXKa6hAb84e5o/g1MELq+NISv/cdZ2pU1y74aSSFEPJGnwg4hHwEH5oZAcoYS2IBqRj pRWKSK4rZ4+nBua1n4SXEIDXihw656s2MUEgRSwYXACyj7phVxf09zZw+Lk773IeBGjn kafrSBMSYwD3GoPGOcYlf6LZhkvt3IQwt9rjhgTdweoVRx7lb6MDisqqfR1p9WL2qn3Y RkrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=gXKOL/pjLP2VBAqA2TCzFD76iFcc0hsMg3EHMmnieHg=; b=SqmTTTQp5Yx7czha5rnQmkbtw31pP67JCda08VrBE9Zvm8F6rnE/b8JUkvR1j8NZoc hfoMQgEv53eGV548YyqoMkOC04g0uxEE/WfVXw4X32KHg5+Zp8avIz/zFUOphO0h12IJ uX1w4VFJoxhyVAIq/Se5c6ihN0fsFb7IGwZ9CGi57az487zY7hjYeKBRVhSaON9nKzCs B9x5TxAAX6J4R0RFrXaLcDnDYzHfj7jK5us7lxj3+Oefs9RZDY8SXojyMUtjyywguq1z t7e4f4s7nacNWcZZlNYNlEzZ2oVjlsoBFE+VRJ9qlwQXbLxplNQCUFl9DJ/gqRdbJrxo dJOQ== X-Gm-Message-State: AElRT7HL4+y7GoJ45wUtnQdt10uMuN5TrIBkfixQ8gG8VgVJorpFkgaB sNQFPjNIrHpvN/x79BCdT3njZRWm X-Google-Smtp-Source: AG47ELtwliJbtS5UgjvOO3tuLzUotsqvR9TOYERXeS0nZaMsQv9OhjsdkhP9u1zv8MJXitIotUreHw== X-Received: by 10.223.135.26 with SMTP id a26mr506108wra.211.1520945850960; Tue, 13 Mar 2018 05:57:30 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:31 +0100 Message-Id: <1520945798-50640-16-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 15/22] sev/i386: add support to LAUNCH_MEASURE command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh During machine creation we encrypted the guest bios image, the LAUNCH_MEASURE command can be used to retrieve the measurement of the encrypted memory region. This measurement is a signature of the memory contents that can be sent to the guest owner as an attestation that the memory was encrypted correctly by the firmware. VM management tools like libvirt can query the measurement using query-sev-launch-measure QMP command. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/sev-stub.c | 5 ++++ target/i386/sev.c | 63 ++++++++++++++++++++++++++++++++++++++++++++= ++++ target/i386/sev_i386.h | 2 ++ target/i386/trace-events | 1 + 4 files changed, 71 insertions(+) diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index c86d8c1..2f61c32 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -39,3 +39,8 @@ uint32_t sev_get_reduced_phys_bits(void) { return 0; } + +char *sev_get_launch_measurement(void) +{ + return NULL; +} diff --git a/target/i386/sev.c b/target/i386/sev.c index ff98159..b4346c1 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -516,6 +516,68 @@ sev_launch_update_data(uint8_t *addr, uint64_t len) return ret; } =20 +static void +sev_launch_get_measure(Notifier *notifier, void *unused) +{ + int ret, error; + guchar *data; + SEVState *s =3D sev_state; + struct kvm_sev_launch_measure *measurement; + + if (!sev_check_state(SEV_STATE_LAUNCH_UPDATE)) { + return; + } + + measurement =3D g_new0(struct kvm_sev_launch_measure, 1); + + /* query the measurement blob length */ + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_MEASURE, + measurement, &error); + if (!measurement->len) { + error_report("%s: LAUNCH_MEASURE ret=3D%d fw_error=3D%d '%s'", + __func__, ret, error, fw_error_to_str(errno)); + goto free_measurement; + } + + data =3D g_new0(guchar, measurement->len); + measurement->uaddr =3D (unsigned long)data; + + /* get the measurement blob */ + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_MEASURE, + measurement, &error); + if (ret) { + error_report("%s: LAUNCH_MEASURE ret=3D%d fw_error=3D%d '%s'", + __func__, ret, error, fw_error_to_str(errno)); + goto free_data; + } + + sev_set_guest_state(SEV_STATE_LAUNCH_SECRET); + + /* encode the measurement value and emit the event */ + s->measurement =3D g_base64_encode(data, measurement->len); + trace_kvm_sev_launch_measurement(s->measurement); + +free_data: + g_free(data); +free_measurement: + g_free(measurement); +} + +char * +sev_get_launch_measurement(void) +{ + if (sev_state && + sev_state->state >=3D SEV_STATE_LAUNCH_SECRET) { + return g_strdup(sev_state->measurement); + } + + return NULL; +} + +static Notifier sev_machine_done_notify =3D { + .notify =3D sev_launch_get_measure, +}; + void * sev_guest_init(const char *id) { @@ -593,6 +655,7 @@ sev_guest_init(const char *id) } =20 ram_block_notifier_add(&sev_ram_notifier); + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); =20 return s; err: diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 924cebc..6e37077 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -37,6 +37,7 @@ extern uint64_t sev_get_me_mask(void); extern SevInfo *sev_get_info(void); extern uint32_t sev_get_cbit_position(void); extern uint32_t sev_get_reduced_phys_bits(void); +extern char *sev_get_launch_measurement(void); =20 typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass; @@ -78,6 +79,7 @@ struct SEVState { uint32_t handle; int sev_fd; SevState state; + gchar *measurement; }; =20 typedef struct SEVState SEVState; diff --git a/target/i386/trace-events b/target/i386/trace-events index c0cd8e9..f7a1a1e 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -13,3 +13,4 @@ kvm_memcrypt_unregister_region(void *addr, size_t len) "a= ddr %p len 0x%lu" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x se= ssion %p pdh %p" kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRI= u64 +kvm_sev_launch_measurement(const char *value) "data %s" --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520947182243135.4674809534839; Tue, 13 Mar 2018 06:19:42 -0700 (PDT) Received: from localhost ([::1]:39893 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjq3-0003du-8y for importer@patchew.org; Tue, 13 Mar 2018 09:19:35 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60869) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUn-0001Us-Ou for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUj-0000ta-SQ for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:37 -0400 Received: from mail-wr0-x22d.google.com ([2a00:1450:400c:c0c::22d]:40559) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUj-0000t5-LK for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:33 -0400 Received: by mail-wr0-x22d.google.com with SMTP id m4so9589645wrb.7 for ; Tue, 13 Mar 2018 05:57:33 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=7u6B/7oabeRjZTetlPTQfPsH8xcSDoS8KCvVTJt3+eI=; b=huYy/DK5lWkdwqCqOzdRIRN7coVZjoXwRdZQYOlJJI8y+pYRMIkjb+6tBZzhWdChin 4iz1VJA7gV8Oy3KlF+HPN3BZneD2oASf//xOwOGgY0ISDNxhfEKClCSHOLvO25GcJEU4 qCyG+3tGlHNswMQoWMa+VzQO5mF8D21KQ9SwD1cI1zaK1Of0PkHuVsIC7ef/hw0it48t /LN3Axdcm8/mcdEYBMRYvfM5tQ62UOhJuAb2V4FJ4ZT3hDLknQ6mo9Zo1THn5GlHJr3u c6qYicwHksJNP14W+Lokig68fMwndSbKbNHqVEoFVAOV2qWqqOZNsUg3dwpCQFWYgvg4 qOfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=7u6B/7oabeRjZTetlPTQfPsH8xcSDoS8KCvVTJt3+eI=; b=MER4vc4IrdkR2sshyGrHJtOOGHJM2KutvfrVdX8uEB5DnF5wCQDttbSnVnLHJnd1du RzbdR4xz2PErldScktjIAQv8VOquucKuIQsN4yS/FWlCkp3SeOquzcFpbJCnDdcoExlb ialpkEjT2bKsWvvDJkWaMWC+96JmRb7bBR+0hlpD3JmVtDgWPeW3MCUEczMZvTKKKuiE uQC8zFYn8G0fpiIfjgJhDmr2qc7SdbnaHikhNAcxAza94KgW9byKi6xfO50DBjEXsoR4 bQdc4ehuyhf4iCz+aV0jTT1WPkJnAZYvig9H3o5su3BHaZDFgKPjB21amquj7wLGkjV8 zwhg== X-Gm-Message-State: AElRT7Gty+4RNyCIZEzL8SwY/4qqyKwZTpiZiGtbeC9rlBWWSilyjaha h7cMUMEwbzFsHV3kwfphi5fSn7RY X-Google-Smtp-Source: AG47ELtD9ycKoK68G6FZiLRboyxnHCvAAzjiqImZtHIynubbc455kOjk/vgofUmVOLWui2pb4Cexkg== X-Received: by 10.223.177.132 with SMTP id q4mr510566wra.27.1520945851974; Tue, 13 Mar 2018 05:57:31 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:32 +0100 Message-Id: <1520945798-50640-17-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::22d Subject: [Qemu-devel] [PULL 16/22] sev/i386: finalize the SEV guest launch flow X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh SEV launch flow requires us to issue LAUNCH_FINISH command before guest is ready to run. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 29 +++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 2 files changed, 30 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index b4346c1..bb85d94 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -578,6 +578,34 @@ static Notifier sev_machine_done_notify =3D { .notify =3D sev_launch_get_measure, }; =20 +static void +sev_launch_finish(SEVState *s) +{ + int ret, error; + + trace_kvm_sev_launch_finish(); + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); + if (ret) { + error_report("%s: LAUNCH_FINISH ret=3D%d fw_error=3D%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + exit(1); + } + + sev_set_guest_state(SEV_STATE_RUNNING); +} + +static void +sev_vm_state_change(void *opaque, int running, RunState state) +{ + SEVState *s =3D opaque; + + if (running) { + if (!sev_check_state(SEV_STATE_RUNNING)) { + sev_launch_finish(s); + } + } +} + void * sev_guest_init(const char *id) { @@ -656,6 +684,7 @@ sev_guest_init(const char *id) =20 ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); + qemu_add_vm_change_state_handler(sev_vm_state_change, s); =20 return s; err: diff --git a/target/i386/trace-events b/target/i386/trace-events index f7a1a1e..b1fbde6 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -14,3 +14,4 @@ kvm_sev_change_state(const char *old, const char *new) "%= s -> %s" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x se= ssion %p pdh %p" kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRI= u64 kvm_sev_launch_measurement(const char *value) "data %s" +kvm_sev_launch_finish(void) "" --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946511415535.0537222196388; Tue, 13 Mar 2018 06:08:31 -0700 (PDT) Received: from localhost ([::1]:39800 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjfK-0002Dw-85 for importer@patchew.org; Tue, 13 Mar 2018 09:08:30 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60870) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUn-0001Uu-Oy for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUl-0000uG-4i for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:37 -0400 Received: from mail-wr0-x241.google.com ([2a00:1450:400c:c0c::241]:41781) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUk-0000to-Ts for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:35 -0400 Received: by mail-wr0-x241.google.com with SMTP id f14so22395370wre.8 for ; Tue, 13 Mar 2018 05:57:34 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=MtO5Wmjv0LfQH5d8wcGE7dKh1kBJit4WM53+P0Gg7JI=; b=TKp4H43SAjNWA0FSjXkckSk9JEdWPjhel2+AUj8fIA9UVTWGrSXKPg0vXe7E8ostp0 a95LkQNMnSoHLfwins3LxaRKQ5bTipyC3bTKUMPmxwTKka2wEexRbBkguPas9VzPVccn b2Y9sYOoa0U/ac1ac/W34kuod2k/oYLWs7TVPjgc0QrLZklG6aYPAqGMfSP2y3KcnKSX HJ35CNwDHmplx/w0SP6MXoQ5dxaQjVf2ngbsEzrA03Eiy0zja3xcCDGiCQrh1HREbimB fUibMM2ODqciC4y+e0y+9onvhtBnxYOHGvnxhRRqg0tnh4+RF+P+xEdIrValF1viFPzT 98Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=MtO5Wmjv0LfQH5d8wcGE7dKh1kBJit4WM53+P0Gg7JI=; b=Svm+vGlf/ri5X23P6tT4xKfmj4dMgb8RM28kNfmv1E5iGt2GEY7hyiL6axkbflt14Q 6FTy7sw4/8m8aXnSTv5FLJXfec/BwWFwXkVlFwF/Qz801iZ1+u6T5tiB7bD5ckgnT0Xs B5qh1sFD6wjTr6IUdtXSuo9Er+RT36bqfsA03aBXW7LPgAyuD+6xTBB2N/zi9uXlxadZ 0I+m3XkcyIt7wuSBihivfIa9OapgDaqs64cflc+Z6qpOy8d/wpWg/v9qlsARRX2hPeUc gv+8QK8oyU934Y7gmSfyWOoKrtqBNTYh9spdEdgMgYVzRfvlA8D/7FKJ8QbyyTJxF7F2 eTdA== X-Gm-Message-State: AElRT7E6AhYc6WRpcCB4e4PMe7uc6OS2bEqx8wHClmq6Datz3/guxHPx 91jbHwTMjNdxhxoNcShSntMcAknU X-Google-Smtp-Source: AG47ELuCFS0oyQUYk2CWti5Np99jS2xEfens0w0R05o7fgvcDNOR/ebWSH2qo3QeV9N+SJt8P3rfoA== X-Received: by 10.28.130.9 with SMTP id e9mr665152wmd.161.1520945853454; Tue, 13 Mar 2018 05:57:33 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:33 +0100 Message-Id: <1520945798-50640-18-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::241 Subject: [Qemu-devel] [PULL 17/22] sev/i386: add migration blocker X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh SEV guest migration is not implemented yet. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index bb85d94..bcf4f1e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -24,11 +24,13 @@ #include "sev_i386.h" #include "sysemu/sysemu.h" #include "trace.h" +#include "migration/blocker.h" =20 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" =20 static SEVState *sev_state; +static Error *sev_mig_blocker; =20 static const char *const sev_fw_errlist[] =3D { "", @@ -582,6 +584,7 @@ static void sev_launch_finish(SEVState *s) { int ret, error; + Error *local_err =3D NULL; =20 trace_kvm_sev_launch_finish(); ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); @@ -592,6 +595,16 @@ sev_launch_finish(SEVState *s) } =20 sev_set_guest_state(SEV_STATE_RUNNING); + + /* add migration blocker */ + error_setg(&sev_mig_blocker, + "SEV: Migration is not implemented"); + ret =3D migrate_add_blocker(sev_mig_blocker, &local_err); + if (local_err) { + error_report_err(local_err); + error_free(sev_mig_blocker); + exit(1); + } } =20 static void --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520947276754267.5276579820177; Tue, 13 Mar 2018 06:21:16 -0700 (PDT) Received: from localhost ([::1]:39913 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjrg-0005D8-1e for importer@patchew.org; Tue, 13 Mar 2018 09:21:16 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60868) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUn-0001Ur-OW for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUm-0000v6-5f for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:37 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:46809) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUl-0000uV-Vr for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:36 -0400 Received: by mail-wr0-x243.google.com with SMTP id m12so22359448wrm.13 for ; Tue, 13 Mar 2018 05:57:35 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=fXZnStbkWSrsGL5kuvBqxBkV0H0wd6Nls9v9MNKny7E=; b=Yc62gVn79xxtSPrMQYFRZ+lf2gGgcdRyYiW2yKx4jQ8UYrPnm6W/Cnffe/gJ+5p3s4 4/EKw5PCZOz6Zgp028PWVwW7g7DGlYvTKgGaj4r+Y6wsG33Me5ltSr6ccJSZSHFLVaEz 3XhLN8tcBjf1spaaAL2GyB1Tx/sdfFfBb1v3ALaGvcXgTtt82RVGLJeIO7bgvN8P0UEq sKUB/tWL4TbpS1X5qZnjCJhxzX/vXhVXDmLLLYASXd/8XaGDd7EolL0hcI6l/U2nXzuK IinGp9qViO4GP+lc0Mrv+f6vtbYJcjMn2bOYDBt3dY8o9a6yuGB3W8lTfxVFwFitFWpr QEqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=fXZnStbkWSrsGL5kuvBqxBkV0H0wd6Nls9v9MNKny7E=; b=YG6GWmUd6jJigaZzjrvCG9m2sxTie7mZQCSpjBBfpBFpqBV+38h4pdPy+KOPhzWRZ6 EUU8xPewjXcjfnWdWK0EbY3hAqRy10bE5T++dsvl5tYQs9/eHEIw9AwY0gR7Yyyv9/qf UdaSGli8ehOT2gWEPHdi6aPap42CKRWWDGPZ9aiuI/ZHu9U5Vx9Zu+QmrMl/AA1uwGyS y6WavE3/EHuYeqFsvw5Ca+5oklI94CWdaDxGxR2zhay8oL1IV1V7/d+mTbZGz7iMVEdR uGc0MX8AbQIYec1X2teHma08r9VlwVtVDENTU/EuWCw2HHt2NUXYYjZN0SUpuh2i1+w6 lStQ== X-Gm-Message-State: AElRT7E7XIQSQX0tK6oxrm9M3A0wQ8RaCXCixpmx0hAnjFJmi+E2Fkzb VeVAIGRKq3DYOS47rSGftbBWuc9e X-Google-Smtp-Source: AG47ELuSUr6EO1/Ck0RLM5buynkDxpVk5Q8Iv8B716ACiwD3UGAvolWKtFTZqHdC33ORYk6nh06OGQ== X-Received: by 10.28.142.142 with SMTP id q136mr703901wmd.131.1520945854562; Tue, 13 Mar 2018 05:57:34 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:34 +0100 Message-Id: <1520945798-50640-19-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 18/22] cpu/i386: populate CPUID 0x8000_001F when SEV is active X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, CPUID 0x8000_001F should provide additional information regarding the feature (such as which page table bit is used to mark the pages as encrypted etc). The details for memory encryption CPUID is available in AMD APM (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17 Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Reviewed-by: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 8ee0140..01607dd 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -26,6 +26,7 @@ #include "sysemu/hvf.h" #include "sysemu/cpus.h" #include "kvm_i386.h" +#include "sev_i386.h" =20 #include "qemu/error-report.h" #include "qemu/option.h" @@ -3612,6 +3613,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, *ecx =3D 0; *edx =3D 0; break; + case 0x8000001F: + *eax =3D sev_enabled() ? 0x2 : 0; + *ebx =3D sev_get_cbit_position(); + *ebx |=3D sev_get_reduced_phys_bits() << 6; + *ecx =3D 0; + *edx =3D 0; + break; default: /* reserved values: zero */ *eax =3D 0; @@ -4042,6 +4050,11 @@ static void x86_cpu_expand_features(X86CPU *cpu, Err= or **errp) if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) { x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A); } + + /* SEV requires CPUID[0x8000001F] */ + if (sev_enabled()) { + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F); + } } =20 /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set = */ --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946667716403.9500350734569; Tue, 13 Mar 2018 06:11:07 -0700 (PDT) Received: from localhost ([::1]:39829 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjhq-0004wV-Qd for importer@patchew.org; Tue, 13 Mar 2018 09:11:06 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60939) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUr-0001ZG-FQ for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUn-0000w1-HO for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:41 -0400 Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244]:39013) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUn-0000vV-BG for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:37 -0400 Received: by mail-wr0-x244.google.com with SMTP id k3so2976012wrg.6 for ; Tue, 13 Mar 2018 05:57:37 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=myw/Qt058u/FcaEi3CYkhTBO9E6bq64KTgmzkTqqdRA=; b=bASqjG+XLw2cl4c7raWY182LlvjyeLzGuo1VTTi2me88A/oFr1hJgecKGfSZSSh5dp q47MrHlGmqyDyJc837Ddj0E/QlX3gOSajqM6imRlY6WSbhNGrpArUCLG0grmqBKCg2Yj Mi8Ro0y2J8KCjYC3N7kpZjpeyCszbUCA9LGIsuVSAtZ6WiG82czhfJedvozRoSPwRu7J /nR9X84XjIUtvpUDwo3SCkr+nY2pmuUfdnXo8zyKYsvhHlPMygnsl3/mb6iL+0GMmGBv 4ZCoQh7U7rz2A7Y7N/U/Q5uPPPsu/8QDnDBDfO52wQAKzpGkRvIlxotNN7i0IgouOsB4 ilCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=myw/Qt058u/FcaEi3CYkhTBO9E6bq64KTgmzkTqqdRA=; b=VST9l8g0r3kXozUhFommKoroC3TviiUWDFExBgcVwn5yuM79bVrlZDDhmf6kP1CFK7 E6iV+W6OHETL2ctyb7iBlBJSIAufjqM7Ilmv9vKNAKU4npqWLtdioeayommRthb4Vxmp aQ2goGZqi6bHyusg6jRfzQSoslu8P8wP/2wFScz1bMT0i5ylepxfKH61LRixtG9zefGS 7MDZN88VwQClp12wsrEIwFzrWbBRjhg90xRNun+KtFVGBM4bG58A084H0vphmPLbRase C6devG8RBcO3UDyhHK7kOtTCQGQp2Ea/5egXnOAGVK5jyRPUNC5fj+iohX0DKMB32qUy wP/A== X-Gm-Message-State: AElRT7GoZpmvr0u/gxMo01PERlZ9Jp589Pea7ZoWi0GZshcTGS9HPuz9 VW/WfsIFBL4R6BmD1RP26nvAuDlo X-Google-Smtp-Source: AG47ELsfZBPBMmYKxxr3o9tg+cK4zWoXdnrRDV+As1+Dx/Y/6TjJeIQ/orbmjpO2thCIi7wzwlfquQ== X-Received: by 10.28.32.70 with SMTP id g67mr723121wmg.146.1520945855936; Tue, 13 Mar 2018 05:57:35 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:35 +0100 Message-Id: <1520945798-50640-20-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::244 Subject: [Qemu-devel] [PULL 19/22] sev/i386: hmp: add 'info sev' command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Markus Armbruster , "Dr. David Alan Gilbert" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 From: Brijesh Singh The command can be used to show the SEV information when memory encryption is enabled on AMD platform. Cc: Eric Blake Cc: "Daniel P. Berrang=C3=A9" Cc: "Dr. David Alan Gilbert" Cc: Markus Armbruster Reviewed-by: "Dr. David Alan Gilbert" Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- hmp-commands-info.hx | 16 ++++++++++++++++ hmp.h | 1 + target/i386/monitor.c | 20 ++++++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index ad590a4..ddfcd5a 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -867,6 +867,22 @@ Display the amount of initially allocated and present = hotpluggable (if enabled) memory in bytes. ETEXI =20 +#if defined(TARGET_I386) + { + .name =3D "sev", + .args_type =3D "", + .params =3D "", + .help =3D "show SEV information", + .cmd =3D hmp_info_sev, + }, +#endif + +STEXI +@item info sev +@findex info sev +Show SEV information. +ETEXI + STEXI @end table ETEXI diff --git a/hmp.h b/hmp.h index b897338..4e2ec37 100644 --- a/hmp.h +++ b/hmp.h @@ -143,5 +143,6 @@ void hmp_info_ramblock(Monitor *mon, const QDict *qdict= ); void hmp_hotpluggable_cpus(Monitor *mon, const QDict *qdict); void hmp_info_vm_generation_id(Monitor *mon, const QDict *qdict); void hmp_info_memory_size_summary(Monitor *mon, const QDict *qdict); +void hmp_info_sev(Monitor *mon, const QDict *qdict); =20 #endif diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 4eae0a6..64b5e6e 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -29,6 +29,7 @@ #include "qapi/qmp/qdict.h" #include "hw/i386/pc.h" #include "sysemu/kvm.h" +#include "sysemu/sev.h" #include "hmp.h" #include "qapi/error.h" #include "sev_i386.h" @@ -677,3 +678,22 @@ SevInfo *qmp_query_sev(Error **errp) =20 return info; } + +void hmp_info_sev(Monitor *mon, const QDict *qdict) +{ + SevInfo *info =3D sev_get_info(); + + if (info && info->enabled) { + monitor_printf(mon, "handle: %d\n", info->handle); + monitor_printf(mon, "state: %s\n", SevState_str(info->state)); + monitor_printf(mon, "build: %d\n", info->build_id); + monitor_printf(mon, "api version: %d.%d\n", + info->api_major, info->api_minor); + monitor_printf(mon, "debug: %s\n", + info->policy & SEV_POLICY_NODBG ? "off" : "on"); + monitor_printf(mon, "key-sharing: %s\n", + info->policy & SEV_POLICY_NOKS ? "off" : "on"); + } else { + monitor_printf(mon, "SEV is not enabled\n"); + } +} --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946673545994.1424019829177; Tue, 13 Mar 2018 06:11:13 -0700 (PDT) Received: from localhost ([::1]:39827 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjhs-0004wK-9b for importer@patchew.org; Tue, 13 Mar 2018 09:11:08 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60907) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUp-0001XB-L2 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUo-0000wz-Ow for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:39 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:33257) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUo-0000wd-I2 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:38 -0400 Received: by mail-wr0-x243.google.com with SMTP id r8so7237238wrg.0 for ; Tue, 13 Mar 2018 05:57:38 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NoFKXfnU3ZmFOtA8uKcRV/BHgCXVDmmos9PqaEPpvgM=; b=LXJJvWgdirne0UIuxyu23wQZcKrOJQv4yynQSMlYJfZSIeGxZTRq68RTF4BdWxjdx0 2O0m/0HTzoBakzEe9quaIE+dowi8gb8Hhqijp1DbQi94NxuKPw97OzCRlGOCcmInwK1D 7nNYueB9PxO+Oa1FOpgcVQTLPvFWAnhaFB6OdtkczCGafoQnBB9uxaznwsTjFZUqAi9O yBCOpyMZ5RFZCIhnHND+7LvQU+rkDfAOF0SkE46Ju7GMUwt46/xLLl2QWPm+0Qn9U7g+ rLfJgmkH6nISjgHQlbkE67DPq3CVyW9tkyZA+fUj0z9CrVbqNJov6uwzi9vDuV9gqB6Z 4wuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=NoFKXfnU3ZmFOtA8uKcRV/BHgCXVDmmos9PqaEPpvgM=; b=AZrYfseXc/ihOBGMiG6v6iZwSGYpCtAdoovF+QQ4LGKUtjk43/OMLN24ptNb4viGgV uf8ja8q2XW1Vv899mX47BurD456lVyZAymh7wKAdkZ0K4vhRqJYgo6xLysa4rlsDC3Us XbBGnyOtzmkZP1Gg5RC+nlz4agjEd2SliGVtPQliS6fjmLwlxjJ+2ww69YprUqck2bjt vRbbV5jrVoeeJ0n8WAxly5wLjP6jVLB7+QqxcnJtsSUWlby57AaVvHgMRrFI2YX7egH/ 9BC/MV9u11MvTCb9YUfWrDLl/UfxmEVHQw2w85QMan4esTsPRyx6ZUlRNCAbin8EoycG utQg== X-Gm-Message-State: AElRT7G+nrfaogPDvbWycSh5AFG2MdwY8Cl35Cx6FAaL0GA8U08iyBjR hF/2ZDLxR7ndvDGqERChG2NOgC3Y X-Google-Smtp-Source: AG47ELt8w6AfpzXUr7IFBcJVNDrys2yaYC5KOV02DFYhfCa3TwBgnEIopaT1znJtFu3S3ZFOf5n+vA== X-Received: by 10.223.200.2 with SMTP id d2mr497073wrh.81.1520945857077; Tue, 13 Mar 2018 05:57:37 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:36 +0100 Message-Id: <1520945798-50640-21-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PULL 20/22] sev/i386: qmp: add query-sev-launch-measure command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , "Dr. David Alan Gilbert" , Markus Armbruster Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 From: Brijesh Singh The command can be used by libvirt to retrieve the measurement of SEV guest. This measurement is a signature of the memory contents that was encrypted through the LAUNCH_UPDATE_DATA. Cc: "Daniel P. Berrang=C3=A9" Cc: "Dr. David Alan Gilbert" Cc: Markus Armbruster Reviewed-by: Eric Blake Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- monitor.c | 7 +++++++ qapi/misc.json | 29 +++++++++++++++++++++++++++++ target/i386/monitor.c | 17 +++++++++++++++++ tests/qmp-test.c | 2 ++ 4 files changed, 55 insertions(+) diff --git a/monitor.c b/monitor.c index af11654..36ed087 100644 --- a/monitor.c +++ b/monitor.c @@ -984,6 +984,7 @@ static void qmp_unregister_commands_hack(void) #ifndef TARGET_I386 qmp_unregister_command(&qmp_commands, "rtc-reset-reinjection"); qmp_unregister_command(&qmp_commands, "query-sev"); + qmp_unregister_command(&qmp_commands, "query-sev-launch-measure"); #endif #ifndef TARGET_S390X qmp_unregister_command(&qmp_commands, "dump-skeys"); @@ -4110,6 +4111,12 @@ SevInfo *qmp_query_sev(Error **errp) error_setg(errp, QERR_FEATURE_DISABLED, "query-sev"); return NULL; } + +SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) +{ + error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-launch-measure"); + return NULL; +} #endif =20 #ifndef TARGET_S390X diff --git a/qapi/misc.json b/qapi/misc.json index 7b628c2..b8318f5 100644 --- a/qapi/misc.json +++ b/qapi/misc.json @@ -3293,3 +3293,32 @@ # ## { 'command': 'query-sev', 'returns': 'SevInfo' } + +## +# @SevLaunchMeasureInfo: +# +# SEV Guest Launch measurement information +# +# @data: the measurement value encoded in base64 +# +# Since: 2.12 +# +## +{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'} } + +## +# @query-sev-launch-measure: +# +# Query the SEV guest launch information. +# +# Returns: The @SevLaunchMeasureInfo for the guest +# +# Since: 2.12 +# +# Example: +# +# -> { "execute": "query-sev-launch-measure" } +# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } +# +## +{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo'= } diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 64b5e6e..f8a0e4b 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -697,3 +697,20 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict) monitor_printf(mon, "SEV is not enabled\n"); } } + +SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) +{ + char *data; + SevLaunchMeasureInfo *info; + + data =3D sev_get_launch_measurement(); + if (!data) { + error_setg(errp, "Measurement is not available"); + return NULL; + } + + info =3D g_malloc0(sizeof(*info)); + info->data =3D data; + + return info; +} diff --git a/tests/qmp-test.c b/tests/qmp-test.c index a77ff92..ec8c7c7 100644 --- a/tests/qmp-test.c +++ b/tests/qmp-test.c @@ -204,6 +204,8 @@ static bool query_is_blacklisted(const char *cmd) "query-gic-capabilities", /* arm */ /* Success depends on target-specific build configuration: */ "query-pci", /* CONFIG_PCI */ + /* Success depends on launching SEV guest */ + "query-sev-launch-measure", /* Success depends on Host or Hypervisor SEV support */ "query-sev", NULL --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520946513903541.655554835136; Tue, 13 Mar 2018 06:08:33 -0700 (PDT) Received: from localhost ([::1]:39801 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjfK-0002FH-V9 for importer@patchew.org; Tue, 13 Mar 2018 09:08:31 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60923) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUq-0001YV-Ph for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUp-0000xr-Sl for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:40 -0400 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:46809) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUp-0000xF-Li for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:39 -0400 Received: by mail-wr0-x242.google.com with SMTP id m12so22360093wrm.13 for ; Tue, 13 Mar 2018 05:57:39 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wxt322WCiMab5ktbwy5sGK/7g+XAiWafE2S8XYkmqfQ=; b=QvgduqYNJCBygFaCHu4wWl1R524fVBM4HZjGk1frpqwvmgmIggncxwIE3zKiaX81RV yBcqLJtxJFyqa1Sz7NKvD9Fet0Q7whjjNcGw6j4CosV4NF2OyzqsR1lYxCnTCBVICkcn wgT1A9QEOXsL9bkee2KtY937ACYQwfFR+BOk8eYY7at7vpyGeUXTUvOxI3Y7SP9zRyue 7MJB6YNbVrgU7e/+RHojDMvROdFHALdLcuWPFgAZRU668oppSa4PqoEBEPPALkVlBHNr SzTr0XnUG1/oTrI+d69gWKyAqNlPGlaCRoDs8Uxl9OwG5lxKV2Ijui4EVU5Yl5QGW0B3 ZUTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=wxt322WCiMab5ktbwy5sGK/7g+XAiWafE2S8XYkmqfQ=; b=nNmYdC0UD1WwZXd1qf8n61Khic5bXrBjwuU5bl8zKQAosMyqULCNyknQz8ifl+RZmK qixrEbgxYQPxsNzp6D8TRhZxBz0LWFBhw5s6Yq/0mhTaJ27mXoCfnnTc5M2rdj0zCR42 YOx1s0bNnKgwou9Uc6GsgUNPg/ufR9wmLyS0mI1FZ1fldnwtFAWAw7jtvBGhAdl8nvq9 FZYvzd4nAU082jTqD2eS7TlRTxlEGPos4vVri70/BvzuCG3Kc1pGGyBLu5A064gqlo1Q 33kOQYwy1Kzpu38rg3i2RcG4MdO8sDAC/00tFuaRtyKeaJP+FntsrZojHgMJzFgxYQaY o8qA== X-Gm-Message-State: AElRT7G9V8mo+G0iYgtxZLlOXTbuDqI9CU/TiI4rYEPqOBYpIcwW5NV+ M/uwjpkYSh0mhz53KzHs2+D0isYp X-Google-Smtp-Source: AG47ELuk2dSNC0ajWRVJUEPchNyzZwLiUES71ozM7oT6GXdJTgynwi8Bm7wiWuc/1k/PKxV+etFLvQ== X-Received: by 10.223.145.33 with SMTP id j30mr496765wrj.172.1520945858236; Tue, 13 Mar 2018 05:57:38 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:37 +0100 Message-Id: <1520945798-50640-22-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::242 Subject: [Qemu-devel] [PULL 21/22] sev/i386: qmp: add query-sev-capabilities command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , "Dr. David Alan Gilbert" , Markus Armbruster Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 From: Brijesh Singh The command can be used by libvirt to query the SEV capabilities. Cc: "Daniel P. Berrang=C3=A9" Cc: "Dr. David Alan Gilbert" Cc: Markus Armbruster Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- monitor.c | 7 +++++++ qapi/misc.json | 42 ++++++++++++++++++++++++++++++++++++++++++ target/i386/monitor.c | 6 ++++++ tests/qmp-test.c | 1 + 4 files changed, 56 insertions(+) diff --git a/monitor.c b/monitor.c index 36ed087..3117a3e 100644 --- a/monitor.c +++ b/monitor.c @@ -985,6 +985,7 @@ static void qmp_unregister_commands_hack(void) qmp_unregister_command(&qmp_commands, "rtc-reset-reinjection"); qmp_unregister_command(&qmp_commands, "query-sev"); qmp_unregister_command(&qmp_commands, "query-sev-launch-measure"); + qmp_unregister_command(&qmp_commands, "query-sev-capabilities"); #endif #ifndef TARGET_S390X qmp_unregister_command(&qmp_commands, "dump-skeys"); @@ -4117,6 +4118,12 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(E= rror **errp) error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-launch-measure"); return NULL; } + +SevCapability *qmp_query_sev_capabilities(Error **errp) +{ + error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-capabilities"); + return NULL; +} #endif =20 #ifndef TARGET_S390X diff --git a/qapi/misc.json b/qapi/misc.json index b8318f5..6150b9a 100644 --- a/qapi/misc.json +++ b/qapi/misc.json @@ -3322,3 +3322,45 @@ # ## { 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo'= } + +## +# @SevCapability: +# +# The struct describes capability for a Secure Encrypted Virtualization +# feature. +# +# @pdh: Platform Diffie-Hellman key (base64 encoded) +# +# @cert-chain: PDH certificate chain (base64 encoded) +# +# @cbitpos: C-bit location in page table entry +# +# @reduced-phys-bits: Number of physical Address bit reduction when SEV is +# enabled +# +# Since: 2.12 +## +{ 'struct': 'SevCapability', + 'data': { 'pdh': 'str', + 'cert-chain': 'str', + 'cbitpos': 'int', + 'reduced-phys-bits': 'int'} } + +## +# @query-sev-capabilities: +# +# This command is used to get the SEV capabilities, and is supported on AMD +# X86 platforms only. +# +# Returns: SevCapability objects. +# +# Since: 2.12 +# +# Example: +# +# -> { "execute": "query-sev-capabilities" } +# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", +# "cbitpos": 47, "reduced-phys-bits": 5}} +# +## +{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability' } diff --git a/target/i386/monitor.c b/target/i386/monitor.c index f8a0e4b..8a786fb 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -714,3 +714,9 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Erro= r **errp) =20 return info; } + +SevCapability *qmp_query_sev_capabilities(Error **errp) +{ + error_setg(errp, "SEV feature is not available"); + return NULL; +} diff --git a/tests/qmp-test.c b/tests/qmp-test.c index ec8c7c7..7470c6b 100644 --- a/tests/qmp-test.c +++ b/tests/qmp-test.c @@ -208,6 +208,7 @@ static bool query_is_blacklisted(const char *cmd) "query-sev-launch-measure", /* Success depends on Host or Hypervisor SEV support */ "query-sev", + "query-sev-capabilities", NULL }; int i; --=20 1.8.3.1 From nobody Mon Apr 29 10:06:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 15209468124561010.4978847512718; Tue, 13 Mar 2018 06:13:32 -0700 (PDT) Received: from localhost ([::1]:39848 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjk4-0006ou-C7 for importer@patchew.org; Tue, 13 Mar 2018 09:13:24 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60959) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1evjUs-0001a6-8z for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1evjUr-0000yk-59 for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:42 -0400 Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244]:44779) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1evjUq-0000y1-Rf for qemu-devel@nongnu.org; Tue, 13 Mar 2018 08:57:41 -0400 Received: by mail-wr0-x244.google.com with SMTP id v65so22378375wrc.11 for ; Tue, 13 Mar 2018 05:57:40 -0700 (PDT) Received: from 640k.lan (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id i127sm187460wmf.33.2018.03.13.05.57.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 05:57:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZNTNYh0SgcnXaMc2tI5yDL/V5suhHdeKjx4vB0pW7Qs=; b=Ats5RGGXi7ZpEPrKuxy5Wb5ZSETyC+sPDJMuF6k6VxVGZCrxiPHT4uDcmXrYljpiwx Z3A4sDQ6YkE+TKdVs+CFCmK/w6/8IZdmuSqUENG17yF93R/2hh5KcxDHJ/yy1cqSmNsE Nu/HsnwsDFpJyOQk0TzfJF9wdsQ1lOwIxkGzyjvC+ZmWHSPJtP1X8uFzvvFjhn7bN4sO wEAUOOMmTrH5kw7dKNSqPqbaiRRXdvepeTFEZpRaMshdCdObIHLgMN1tDJOEjH4AO+se rd4rTXZBatE6jOt5c6anPNU1ElJZ1Sk7kzknFK2xBUfEkSB0grt1nFbv+NWfvaGJckjR whHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=ZNTNYh0SgcnXaMc2tI5yDL/V5suhHdeKjx4vB0pW7Qs=; b=ADik07MVpFJODKviR5E/1NYJ+6AWpBMhbmidp1+mBVOxRQpOapEcgFRw9QOTYDhtxp Vnam4naaKOU7Lq6HcojJf1hOdo7mWqoPCuzm5wSyuxRSbyPr/BrMiSNYOgibu6mQvnmN rtXZfpY3jD+eRG6Kjoe4Z5/f5MR971MN4rBS4WiA8GrJZpgIwRZTyvgaQqH78rklQlXd C8P9mkc2TYIiPG6Mbnh+ilt2KamDwfxdAPhHKFzNlAAgYA3VB/aniE6bYH0fFe4X2nMa gR+um2O+2JB0G87jxjHG8xYd1sPXw5nVFpiDSAyayIhZAkK7jOJrzsZ+dL8xv5x4KLgg lClg== X-Gm-Message-State: AElRT7EJnwhuLmzokCb5GSOjtcqvhVT4yxEAlc3JeX8RRPskvEyGzIUQ jOBsegJUElB83GHGdcf34Wu1ZA14 X-Google-Smtp-Source: AG47ELtksnHYLyEhkizejghrIr+PORPqTTOnx207c8SiMsVKNpP/yAq0rCRPtPN4u3hmhQm8hWDiOA== X-Received: by 10.223.136.112 with SMTP id e45mr466102wre.189.1520945859294; Tue, 13 Mar 2018 05:57:39 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 13 Mar 2018 13:56:38 +0100 Message-Id: <1520945798-50640-23-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> References: <1520945798-50640-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::244 Subject: [Qemu-devel] [PULL 22/22] sev/i386: add sev_get_capabilities() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The function can be used to get the current SEV capabilities. The capabilities include platform diffie-hellman key (pdh) and certificate chain. The key can be provided to the external entities which wants to establish a trusted channel between SEV firmware and guest owner. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini --- target/i386/monitor.c | 11 +++++-- target/i386/sev-stub.c | 5 +++ target/i386/sev.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ target/i386/sev_i386.h | 1 + 4 files changed, 98 insertions(+), 2 deletions(-) diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 8a786fb..011419e 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -717,6 +717,13 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Err= or **errp) =20 SevCapability *qmp_query_sev_capabilities(Error **errp) { - error_setg(errp, "SEV feature is not available"); - return NULL; + SevCapability *data; + + data =3D sev_get_capabilities(); + if (!data) { + error_setg(errp, "SEV feature is not available"); + return NULL; + } + + return data; } diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index 2f61c32..59a003a4 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -44,3 +44,8 @@ char *sev_get_launch_measurement(void) { return NULL; } + +SevCapability *sev_get_capabilities(void) +{ + return NULL; +} diff --git a/target/i386/sev.c b/target/i386/sev.c index bcf4f1e..34733f9 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -427,6 +427,89 @@ sev_get_info(void) } =20 static int +sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chai= n, + size_t *cert_chain_len) +{ + guchar *pdh_data, *cert_chain_data; + struct sev_user_data_pdh_cert_export export =3D {}; + int err, r; + + /* query the certificate length */ + r =3D sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); + if (r < 0) { + if (err !=3D SEV_RET_INVALID_LEN) { + error_report("failed to export PDH cert ret=3D%d fw_err=3D%d (= %s)", + r, err, fw_error_to_str(err)); + return 1; + } + } + + pdh_data =3D g_new(guchar, export.pdh_cert_len); + cert_chain_data =3D g_new(guchar, export.cert_chain_len); + export.pdh_cert_address =3D (unsigned long)pdh_data; + export.cert_chain_address =3D (unsigned long)cert_chain_data; + + r =3D sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); + if (r < 0) { + error_report("failed to export PDH cert ret=3D%d fw_err=3D%d (%s)", + r, err, fw_error_to_str(err)); + goto e_free; + } + + *pdh =3D pdh_data; + *pdh_len =3D export.pdh_cert_len; + *cert_chain =3D cert_chain_data; + *cert_chain_len =3D export.cert_chain_len; + return 0; + +e_free: + g_free(pdh_data); + g_free(cert_chain_data); + return 1; +} + +SevCapability * +sev_get_capabilities(void) +{ + SevCapability *cap; + guchar *pdh_data, *cert_chain_data; + size_t pdh_len =3D 0, cert_chain_len =3D 0; + uint32_t ebx; + int fd; + + fd =3D open(DEFAULT_SEV_DEVICE, O_RDWR); + if (fd < 0) { + error_report("%s: Failed to open %s '%s'", __func__, + DEFAULT_SEV_DEVICE, strerror(errno)); + return NULL; + } + + if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, + &cert_chain_data, &cert_chain_len)) { + return NULL; + } + + cap =3D g_new0(SevCapability, 1); + cap->pdh =3D g_base64_encode(pdh_data, pdh_len); + cap->cert_chain =3D g_base64_encode(cert_chain_data, cert_chain_len); + + host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); + cap->cbitpos =3D ebx & 0x3f; + + /* + * When SEV feature is enabled, we loose one bit in guest physical + * addressing. + */ + cap->reduced_phys_bits =3D 1; + + g_free(pdh_data); + g_free(cert_chain_data); + + close(fd); + return cap; +} + +static int sev_read_file_base64(const char *filename, guchar **data, gsize *len) { gsize sz; diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 6e37077..b8622df 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -38,6 +38,7 @@ extern SevInfo *sev_get_info(void); extern uint32_t sev_get_cbit_position(void); extern uint32_t sev_get_reduced_phys_bits(void); extern char *sev_get_launch_measurement(void); +extern SevCapability *sev_get_capabilities(void); =20 typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass; --=20 1.8.3.1