Currently, the SEV guest launch registers to a RAM block notifier. When
called, we issue KVM_MEMORY_ENCRYPT_{REG,UNREG}_REGION ioctl to register
the memory with the KVM driver. These ioctls should be called only for
the region which contains the encrypted data but the RAM block notifier
gets called for any memory region allocated during the guest creation.
Some of those memory regions do not contain encrypted data so we end up
calling the ioctl for a memory region which contains unencrypted data
(e.g. vga RAM etc.).

In case of SEV, only the guest RAM and pflash unit=0 contain the
encrypted data. To solve this problem, we introduce a new notifier (RAM
block encrypted). If a memory region will contain encrypted data then
the caller can use memory_region_mark_encrypted() to set the memory
region as encrypted. Clients can register to the RAM block encrypted
notifier and they will be called when a memory region is set encrypted.

Janakarajan Natarajan (3):
  ram-encrypted-notifier: Introduce a RAM block encrypted notifier
  hw: Notify listeners about guest pages which contain encrypted data
  sev: Change SEV to use EncryptedRAMBlock Notifier

 exec.c                 |  6 ++++++
 hw/i386/pc.c           |  1 +
 hw/i386/pc_sysfw.c     |  2 ++
 hw/mem/memory-device.c |  1 +
 include/exec/memory.h  | 18 ++++++++++++++++++
 include/exec/ramlist.h | 19 +++++++++++++++++++
 memory.c               | 16 ++++++++++++++++
 numa.c                 | 33 +++++++++++++++++++++++++++++++++
 stubs/ram-block.c      |  8 ++++++++
 target/i386/sev.c      | 25 ++++++++-----------------
 10 files changed, 112 insertions(+), 17 deletions(-)

-- 
2.20.1