From nobody Mon Feb 9 10:42:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1556263664; cv=none; d=zoho.com; s=zohoarc; b=KWPDGRVvEaVCS+/HfqwdnDQRv0/iSIZW7EehaWH9EjD5fQ4kJ7XgmbWkHMY6hS4T3uzvJ6QMGiLfqBZlzYWxvgusj0hsRxBLEiknZWqC5ibgzeKW8jhWxnjgwH422I7eANQ0te6gSuxMkMYPo7QKuURZ802+vX1OrkT6rG6OPzI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556263664; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=AgqdD6kckmnGWDK3dLu7nHaxf4DCngxnUzmWrb4JS+U=; b=IjclFHoLtjxmZv/RomIJzniuPPAm8aG9ToK+xI2tanYizyn1OT7rZqnKsLnH1HNsqVSAdAQdPSuKyQBk7tuEo+h1o0TNCA7SOPWyguxOOTdBpePMjow74a/5E/GMJd87kxRtHGHGNr42GMjAGTgjaw8nYCAs2ExiAbqwYfzkPRY= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1556263664289188.00032733695593; Fri, 26 Apr 2019 00:27:44 -0700 (PDT) Received: from localhost ([127.0.0.1]:40843 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJvGm-0004x7-9a for importer@patchew.org; Fri, 26 Apr 2019 03:27:40 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45795) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJnPt-0000sW-Sh for qemu-devel@nongnu.org; Thu, 25 Apr 2019 19:04:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJnK1-0000TG-3i for qemu-devel@nongnu.org; Thu, 25 Apr 2019 18:58:31 -0400 Received: from mail-eopbgr730086.outbound.protection.outlook.com ([40.107.73.86]:18512 helo=NAM05-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJnK0-0008Tp-U8 for qemu-devel@nongnu.org; Thu, 25 Apr 2019 18:58:29 -0400 Received: from SN6PR12MB2736.namprd12.prod.outlook.com (52.135.107.27) by SN6PR12MB2752.namprd12.prod.outlook.com (52.135.107.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.13; Thu, 25 Apr 2019 22:58:19 +0000 Received: from SN6PR12MB2736.namprd12.prod.outlook.com ([fe80::65cb:af55:6bd4:55a]) by SN6PR12MB2736.namprd12.prod.outlook.com ([fe80::65cb:af55:6bd4:55a%4]) with mapi id 15.20.1835.010; Thu, 25 Apr 2019 22:58:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AgqdD6kckmnGWDK3dLu7nHaxf4DCngxnUzmWrb4JS+U=; b=d/hcSk58Zeff+pK7f3UjT3K3eUKziH4nY1ugTZw4eHq9eYHk6bwjsDHTrE5TuTEm/BHJjambavVA17KoUkpNh++aLwzYf+CAHt4/p4HBDBqfRmU8dcLpPDeVrVmwcoMyhJEIXLsAs23PQgAsAZCXQekvTLfnsjLktFb67NPZ49k= From: "Natarajan, Janakarajan" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier Thread-Index: AQHU+7pfUbGsMaOONk2PjUweDqC9Xg== Date: Thu, 25 Apr 2019 22:58:18 +0000 Message-ID: <20190425225610.28350-2-Janakarajan.Natarajan@amd.com> References: <20190425225610.28350-1-Janakarajan.Natarajan@amd.com> In-Reply-To: <20190425225610.28350-1-Janakarajan.Natarajan@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0018.namprd06.prod.outlook.com (2603:10b6:803:2f::28) To SN6PR12MB2736.namprd12.prod.outlook.com (2603:10b6:805:77::27) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Janakarajan.Natarajan@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-originating-ip: [165.204.78.2] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ce883240-f058-44d4-f359-08d6c9d181dd x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR12MB2752; x-ms-traffictypediagnostic: SN6PR12MB2752: x-microsoft-antispam-prvs: x-forefront-prvs: 0018A2705B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(396003)(346002)(136003)(39860400002)(189003)(199004)(256004)(99286004)(2351001)(81156014)(316002)(11346002)(68736007)(81166006)(2616005)(71200400001)(71190400001)(476003)(446003)(1076003)(486006)(478600001)(14454004)(72206003)(54906003)(53936002)(8676002)(4326008)(14444005)(76176011)(6506007)(305945005)(6916009)(2906002)(7736002)(386003)(66946007)(5640700003)(6436002)(64756008)(66476007)(66446008)(6486002)(25786009)(73956011)(66556008)(2501003)(26005)(186003)(86362001)(50226002)(102836004)(8936002)(6116002)(5660300002)(3846002)(6512007)(52116002)(97736004)(66066001)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR12MB2752; H:SN6PR12MB2736.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: dzmcyd2+WmXK5wKH63zt57EaSPWwAJGzNCQc2qPQU2DLyv9+HGQRtBCDGEgb+OWbBLeKYjgp8EwRwJYTJoz1SkS5/JExU+0rRpbg8seyGg4zgqdcxNOQjK8sWYl39caeQiE6b/0Fo3819VfjPNJ9rkFEe2lZUC4B4TB07e3Va4SVMEm1VBR+eZrCu62BpapoMO6c6VdXj7HjjGu+6sGP6EPxlAI8qPZHZYQ88iUGVVxbJpIAStiD4+hLCnnrSB4qnv21F2ylEs/3LLyP98Zp4aiPI7WMe4kzGe8sMgaGuNla9fNrzpfCS1qZOE7txqgtSowa229DDQNan0TNzy/g5Hzi9sy3yuXRsYB1Srjb+xB82+51WmpTIhYbZ8pLE5FfUSEMNU7Y6pJLyne/JQs+foHEdwL+c5bRPJPBq9VuWLQ= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce883240-f058-44d4-f359-08d6c9d181dd X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2019 22:58:18.7110 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2752 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.73.86 X-Mailman-Approved-At: Fri, 26 Apr 2019 03:24:01 -0400 Subject: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Singh, Brijesh" , Eduardo Habkost , "Natarajan, Janakarajan" , "Michael S . Tsirkin" , Igor Mammedov , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) A client can register to this notifier to know whether the newly added or removed memory region is marked as encrypted. This information is needed for the SEV guest launch. In SEV guest, some memory regions may contain encrypted data (e.g guest RAM). The memory region which contains the encrypted data should be registered/unregistered using the KVM_MEMORY_{REG,UNREG}_ENCRYPTED ioctl. Signed-off-by: Janakarajan Natarajan --- exec.c | 1 + include/exec/memory.h | 18 ++++++++++++++++++ include/exec/ramlist.h | 19 +++++++++++++++++++ memory.c | 16 ++++++++++++++++ numa.c | 33 +++++++++++++++++++++++++++++++++ stubs/ram-block.c | 8 ++++++++ 6 files changed, 95 insertions(+) diff --git a/exec.c b/exec.c index 2646207661..a02c394e48 100644 --- a/exec.c +++ b/exec.c @@ -79,6 +79,7 @@ * are protected by the ramlist lock. */ RAMList ram_list =3D { .blocks =3D QLIST_HEAD_INITIALIZER(ram_list.blocks)= }; +RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list; =20 static MemoryRegion *system_memory; static MemoryRegion *system_io; diff --git a/include/exec/memory.h b/include/exec/memory.h index 9144a47f57..ae720ff511 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -374,6 +374,7 @@ struct MemoryRegion { bool terminates; bool ram_device; bool enabled; + bool encrypted; bool warning_printed; /* For reservations */ uint8_t vga_logging_count; MemoryRegion *alias; @@ -1131,6 +1132,23 @@ int memory_region_iommu_attrs_to_index(IOMMUMemoryRe= gion *iommu_mr, */ int memory_region_iommu_num_indexes(IOMMUMemoryRegion *iommu_mr); =20 +/** + * memory_region_mark_encrypted: marks the memory region as encrypted and + * lets the listeners of encrypted ram know that a memory region containing + * encrypted ram block has been added + * + * @mr: the memory region + */ +void memory_region_mark_encrypted(MemoryRegion *mr); + +/** + * memory_region_is_encrypted: returns if the memory region was marked as + * encrypted when it was created + * + * @mr: the memory region + */ +bool memory_region_is_encrypted(MemoryRegion *mr); + /** * memory_region_name: get a memory region's name * diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h index bc4faa1b00..5349f27fa5 100644 --- a/include/exec/ramlist.h +++ b/include/exec/ramlist.h @@ -7,6 +7,7 @@ #include "qemu/rcu_queue.h" =20 typedef struct RAMBlockNotifier RAMBlockNotifier; +typedef struct RAMBlockEncryptedNotifier RAMBlockEncryptedNotifier; =20 #define DIRTY_MEMORY_VGA 0 #define DIRTY_MEMORY_CODE 1 @@ -55,6 +56,11 @@ typedef struct RAMList { } RAMList; extern RAMList ram_list; =20 +typedef struct RAMBlockEncryptedNotifierList { + QLIST_HEAD(, RAMBlockEncryptedNotifier) ram_block_notifiers; +} RAMBlockEncryptedNotifierList; +extern RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list; + /* Should be holding either ram_list.mutex, or the RCU lock. */ #define INTERNAL_RAMBLOCK_FOREACH(block) \ QLIST_FOREACH_RCU(block, &ram_list.blocks, next) @@ -70,6 +76,14 @@ struct RAMBlockNotifier { QLIST_ENTRY(RAMBlockNotifier) next; }; =20 +struct RAMBlockEncryptedNotifier { + void (*ram_block_encrypted_added)(RAMBlockEncryptedNotifier *n, + void *host, size_t size); + void (*ram_block_encrypted_removed)(RAMBlockEncryptedNotifier *n, + void *host, size_t size); + QLIST_ENTRY(RAMBlockEncryptedNotifier) next; +}; + void ram_block_notifier_add(RAMBlockNotifier *n); void ram_block_notifier_remove(RAMBlockNotifier *n); void ram_block_notify_add(void *host, size_t size); @@ -77,4 +91,9 @@ void ram_block_notify_remove(void *host, size_t size); =20 void ram_block_dump(Monitor *mon); =20 +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n); +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n); +void ram_block_encrypted_notify_add(void *host, size_t size); +void ram_block_encrypted_notify_remove(void *host, size_t size); + #endif /* RAMLIST_H */ diff --git a/memory.c b/memory.c index bb2b71ee38..eca02d369b 100644 --- a/memory.c +++ b/memory.c @@ -2009,6 +2009,22 @@ int memory_region_iommu_num_indexes(IOMMUMemoryRegio= n *iommu_mr) return imrc->num_indexes(iommu_mr); } =20 +void memory_region_mark_encrypted(MemoryRegion *mr) +{ + RAMBlock *block =3D mr->ram_block; + + mr->encrypted =3D kvm_memcrypt_enabled(); + + if (mr->encrypted) { + ram_block_encrypted_notify_add(block->host, block->max_length); + } +} + +bool memory_region_is_encrypted(MemoryRegion *mr) +{ + return mr->encrypted; +} + void memory_region_set_log(MemoryRegion *mr, bool log, unsigned client) { uint8_t mask =3D 1 << client; diff --git a/numa.c b/numa.c index 3875e1efda..08601366c5 100644 --- a/numa.c +++ b/numa.c @@ -638,6 +638,39 @@ MemdevList *qmp_query_memdev(Error **errp) return list; } =20 +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n) +{ + QLIST_INSERT_HEAD(&ram_block_encrypted_notifier_list.ram_block_notifie= rs, + n, next); +} + +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n) +{ + QLIST_REMOVE(n, next); +} + +void ram_block_encrypted_notify_add(void *host, size_t size) +{ + RAMBlockEncryptedNotifier *notifier; + + QLIST_FOREACH(notifier, + &ram_block_encrypted_notifier_list.ram_block_notifiers, + next) { + notifier->ram_block_encrypted_added(notifier, host, size); + } +} + +void ram_block_encrypted_notify_remove(void *host, size_t size) +{ + RAMBlockEncryptedNotifier *notifier; + + QLIST_FOREACH(notifier, + &ram_block_encrypted_notifier_list.ram_block_notifiers, + next) { + notifier->ram_block_encrypted_removed(notifier, host, size); + } +} + void ram_block_notifier_add(RAMBlockNotifier *n) { QLIST_INSERT_HEAD(&ram_list.ramblock_notifiers, n, next); diff --git a/stubs/ram-block.c b/stubs/ram-block.c index 73c0a3ee08..0f68922feb 100644 --- a/stubs/ram-block.c +++ b/stubs/ram-block.c @@ -25,6 +25,14 @@ void ram_block_notifier_remove(RAMBlockNotifier *n) { } =20 +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n) +{ +} + +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n) +{ +} + int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque) { return 0; --=20 2.20.1 From nobody Mon Feb 9 10:42:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1556263673; cv=none; d=zoho.com; s=zohoarc; b=OUdSJo/z3774VBoRXsSSQ88mCZZ8ag8KejS4RjIxWHjHqqpbHNcVqF2m9N6KjwII30G1l4boLx9nF9hoTglyJTs30ux3FOzoz375817tW5zVRfdV6WdUR0uheSULWoOHLfOgWVgV5Wqev5qfsA9EkMBt+/YmD8GUq9GysA8tecw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556263673; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=F65ITms6J8Nm39P+icx+qFggGA3VCR8lkIfgvqjWliU=; b=jVaivSJ/1b4E6umK7LULmEHy4DgSzywVQVynUSifx8GkXP9LRkjw7CcYEKl5Kg6YQP35G3OUZkSAuPAM0Xfzr2vD0h1s7ezgWf4FrsOVAyE45jh3vVm5FihPbq5q5FlNzISwtIWDvJ16ChdDJfs6CPs94b10IVjtbR3lf2iJ4O4= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1556263673374257.9552642284938; Fri, 26 Apr 2019 00:27:53 -0700 (PDT) Received: from localhost ([127.0.0.1]:40845 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJvGw-00055k-NU for importer@patchew.org; Fri, 26 Apr 2019 03:27:50 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45827) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJnPv-0000sy-OE for qemu-devel@nongnu.org; Thu, 25 Apr 2019 19:04:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJnK1-0000Vb-FA for qemu-devel@nongnu.org; Thu, 25 Apr 2019 18:58:30 -0400 Received: from mail-eopbgr730086.outbound.protection.outlook.com ([40.107.73.86]:18512 helo=NAM05-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJnK1-0008Tp-9J for qemu-devel@nongnu.org; Thu, 25 Apr 2019 18:58:29 -0400 Received: from SN6PR12MB2736.namprd12.prod.outlook.com (52.135.107.27) by SN6PR12MB2752.namprd12.prod.outlook.com (52.135.107.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.13; Thu, 25 Apr 2019 22:58:20 +0000 Received: from SN6PR12MB2736.namprd12.prod.outlook.com ([fe80::65cb:af55:6bd4:55a]) by SN6PR12MB2736.namprd12.prod.outlook.com ([fe80::65cb:af55:6bd4:55a%4]) with mapi id 15.20.1835.010; Thu, 25 Apr 2019 22:58:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F65ITms6J8Nm39P+icx+qFggGA3VCR8lkIfgvqjWliU=; b=dNaTkoAgLfKUuBLRn1RYw8kvmIcAjki6AQB5nJni8u0mlFp+ErsOLs2smIh1Ddub3Xjf10y9BxBTeLbmlKdzgrB57p6B6hJefl8B+w3nbltFJbY1TG+cz1cUYU0l9CrBKEXm+Tw9ZevdcPsTw1FqJcmkISeOfxHt42ytIDTRgjM= From: "Natarajan, Janakarajan" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH 2/3] hw: Notify listeners about guest pages which contain encrypted data Thread-Index: AQHU+7pfOeem7eBqGUG7OM4ayEByug== Date: Thu, 25 Apr 2019 22:58:19 +0000 Message-ID: <20190425225610.28350-3-Janakarajan.Natarajan@amd.com> References: <20190425225610.28350-1-Janakarajan.Natarajan@amd.com> In-Reply-To: <20190425225610.28350-1-Janakarajan.Natarajan@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0018.namprd06.prod.outlook.com (2603:10b6:803:2f::28) To SN6PR12MB2736.namprd12.prod.outlook.com (2603:10b6:805:77::27) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Janakarajan.Natarajan@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-originating-ip: [165.204.78.2] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5f7759fd-6bd7-4913-3015-08d6c9d18243 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR12MB2752; x-ms-traffictypediagnostic: SN6PR12MB2752: x-microsoft-antispam-prvs: x-forefront-prvs: 0018A2705B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(396003)(346002)(136003)(39860400002)(189003)(199004)(256004)(99286004)(2351001)(81156014)(316002)(11346002)(68736007)(81166006)(2616005)(71200400001)(71190400001)(476003)(446003)(1076003)(486006)(478600001)(14454004)(72206003)(54906003)(53936002)(8676002)(4326008)(76176011)(6506007)(305945005)(6916009)(2906002)(7736002)(386003)(66946007)(5640700003)(6436002)(64756008)(66476007)(66446008)(6486002)(25786009)(73956011)(66556008)(2501003)(26005)(186003)(86362001)(50226002)(102836004)(8936002)(6116002)(5660300002)(3846002)(6512007)(52116002)(97736004)(66066001)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR12MB2752; H:SN6PR12MB2736.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: jfToagu6KEqS626wPQljFrJ3D9gtUlB8R//67ZUoa/cPrluSVAUqS1yTecDUgJTJElqPiPwKkK0HwPCrzw3JUAXpwtNGK1IxBkp+awaoG1BLchiOhsAvApIe5+QcEPGyDuwsac5vFgGWMzuXggCNsbkyQuRB1jHHILx25nlnKKwyIhnv3GQRz5uZZ+5aOVSOjpyOfGIrHkPJpOqV+yhv126pcCrXWkukDFCm6gPtt2r1UrgC9wb3NBP3GiLRZkl5jux36auMNsSq+GiU3Ud8M1GA8txH6R/60c9pcXS1pDyR8poQGS3Z3tbiZCEdWVdcAN4dkVJLDBIbSy5rtvquqbZGH/jYAfi9u2yvo3IE3yAjsGkgznPFH+UOTY9uYEPuE+QasKEKj6ecDnuhJPC/6zjf7bfaeLrNbv0+WJPvfF4= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5f7759fd-6bd7-4913-3015-08d6c9d18243 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2019 22:58:19.3295 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2752 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.73.86 X-Mailman-Approved-At: Fri, 26 Apr 2019 03:24:03 -0400 Subject: [Qemu-devel] [PATCH 2/3] hw: Notify listeners about guest pages which contain encrypted data X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Singh, Brijesh" , Eduardo Habkost , "Natarajan, Janakarajan" , "Michael S . Tsirkin" , Igor Mammedov , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) PC ram, pflash unit 0 rom and pc-dimm memory hotplug ram blocks need to be encrypted. Also, notify listeners when freeing a MemoryRegion if it has encrypted data. Signed-off-by: Janakarajan Natarajan --- exec.c | 5 +++++ hw/i386/pc.c | 1 + hw/i386/pc_sysfw.c | 2 ++ hw/mem/memory-device.c | 1 + 4 files changed, 9 insertions(+) diff --git a/exec.c b/exec.c index a02c394e48..25be8f84f3 100644 --- a/exec.c +++ b/exec.c @@ -2442,6 +2442,11 @@ void qemu_ram_free(RAMBlock *block) } =20 if (block->host) { + /* Notify only if encrypted */ + if (memory_region_is_encrypted(block->mr)) { + ram_block_encrypted_notify_remove(block->host, block->max_leng= th); + } + ram_block_notify_remove(block->host, block->max_length); } =20 diff --git a/hw/i386/pc.c b/hw/i386/pc.c index f2c15bf1f2..3af3094543 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1740,6 +1740,7 @@ void pc_memory_init(PCMachineState *pcms, ram =3D g_malloc(sizeof(*ram)); memory_region_allocate_system_memory(ram, NULL, "pc.ram", machine->ram_size); + memory_region_mark_encrypted(ram); *ram_memory =3D ram; ram_below_4g =3D g_malloc(sizeof(*ram_below_4g)); memory_region_init_alias(ram_below_4g, NULL, "ram-below-4g", ram, diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index c628540774..40d7da5ff6 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -199,6 +199,8 @@ static void pc_system_flash_map(PCMachineState *pcms, =20 /* Encrypt the pflash boot ROM */ if (kvm_memcrypt_enabled()) { + /* Mark pflash unit 0 as encrypted. This will pin the page= s */ + memory_region_mark_encrypted(flash_mem); flash_ptr =3D memory_region_get_ram_ptr(flash_mem); flash_size =3D memory_region_size(flash_mem); ret =3D kvm_memcrypt_encrypt_data(flash_ptr, flash_size); diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c index 5f2c408036..b2e77774d4 100644 --- a/hw/mem/memory-device.c +++ b/hw/mem/memory-device.c @@ -295,6 +295,7 @@ void memory_device_plug(MemoryDeviceState *md, MachineS= tate *ms) =20 memory_region_add_subregion(&ms->device_memory->mr, addr - ms->device_memory->base, mr); + memory_region_mark_encrypted(mr); trace_memory_device_plug(DEVICE(md)->id ? DEVICE(md)->id : "", addr); } =20 --=20 2.20.1 From nobody Mon Feb 9 10:42:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1556263558; cv=none; d=zoho.com; s=zohoarc; b=K2XdqQTsn+4VG1+lgTybp7SIfYEna5ayJEJ56aY7ftqVKO5iA1v064I2hBonlULS9G/v2c6LXKcjZq8PcCQNxWocG8+24/v7cBnToWDNdBz6yjHFD+Y2x7WCXh8E7Es9ea5SLQ98x86HdxM8LmLsYNRWbLCymECV5oaKIlcXKsQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556263558; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=c2P3uEZ3kAZf80Y9GmRli0svyzzkvQ+9J6QBBgDLDZU=; b=BhLR//OgPX+QSMwqLwg5BjNoAmhlZLIjy/E2FRAggTPav/jwxtr7pWHMJZQe38GcSwcHLHXUP3nRuhiCArcCE9qsCDyqeRvztxFFj3jW2FJrGedjAKUAQNpyIttgkW5OiKlv/sDOR9P+nvneYQErSpsd9fmQucKF7vuHioPK/eY= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1556263558569496.1665980848388; Fri, 26 Apr 2019 00:25:58 -0700 (PDT) Received: from localhost ([127.0.0.1]:40831 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJvEy-00032K-6I for importer@patchew.org; Fri, 26 Apr 2019 03:25:48 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45827) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJnPs-0000sy-MH for qemu-devel@nongnu.org; Thu, 25 Apr 2019 19:04:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJnK1-0000XR-TH for qemu-devel@nongnu.org; Thu, 25 Apr 2019 18:58:31 -0400 Received: from mail-eopbgr730086.outbound.protection.outlook.com ([40.107.73.86]:18512 helo=NAM05-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJnK1-0008Tp-KZ for qemu-devel@nongnu.org; Thu, 25 Apr 2019 18:58:29 -0400 Received: from SN6PR12MB2736.namprd12.prod.outlook.com (52.135.107.27) by SN6PR12MB2752.namprd12.prod.outlook.com (52.135.107.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.13; Thu, 25 Apr 2019 22:58:20 +0000 Received: from SN6PR12MB2736.namprd12.prod.outlook.com ([fe80::65cb:af55:6bd4:55a]) by SN6PR12MB2736.namprd12.prod.outlook.com ([fe80::65cb:af55:6bd4:55a%4]) with mapi id 15.20.1835.010; Thu, 25 Apr 2019 22:58:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c2P3uEZ3kAZf80Y9GmRli0svyzzkvQ+9J6QBBgDLDZU=; b=MGJe5sV7/QohLDKicdsESpuQqC6oCD+AtX6kctJt5DWatQ5DkiWlq4UCfKK7Uaz8CEMpHKyjvmAs5eyva4/L73XejeHoKdr01Syd552IOy7BuhnHDLre1PfMzQZkjlw5s/hQRKRQH8wyp8k9SoGmUMd2Nh/OVpdHThuA4C5w+U8= From: "Natarajan, Janakarajan" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH 3/3] sev: Change SEV to use EncryptedRAMBlock Notifier Thread-Index: AQHU+7pgyQ2ttP00hE6cLK0uTTt6AA== Date: Thu, 25 Apr 2019 22:58:20 +0000 Message-ID: <20190425225610.28350-4-Janakarajan.Natarajan@amd.com> References: <20190425225610.28350-1-Janakarajan.Natarajan@amd.com> In-Reply-To: <20190425225610.28350-1-Janakarajan.Natarajan@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0018.namprd06.prod.outlook.com (2603:10b6:803:2f::28) To SN6PR12MB2736.namprd12.prod.outlook.com (2603:10b6:805:77::27) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Janakarajan.Natarajan@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-originating-ip: [165.204.78.2] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 159e3312-4ec1-4c48-7c26-08d6c9d182a0 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR12MB2752; x-ms-traffictypediagnostic: SN6PR12MB2752: x-microsoft-antispam-prvs: x-forefront-prvs: 0018A2705B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(396003)(346002)(136003)(39860400002)(189003)(199004)(256004)(99286004)(2351001)(81156014)(316002)(11346002)(68736007)(81166006)(2616005)(71200400001)(71190400001)(476003)(446003)(1076003)(486006)(478600001)(14454004)(72206003)(54906003)(53936002)(8676002)(4326008)(76176011)(6506007)(305945005)(6916009)(2906002)(7736002)(386003)(66946007)(5640700003)(6436002)(64756008)(66476007)(66446008)(6486002)(25786009)(73956011)(66556008)(2501003)(26005)(186003)(86362001)(50226002)(102836004)(8936002)(6116002)(5660300002)(3846002)(6512007)(52116002)(97736004)(66066001)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR12MB2752; H:SN6PR12MB2736.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: cgDn/8OI6loUHDNvAWJ1/3HD8+4THLeealSGqYJzbm8nDhDkroxPAGe8D3FqBQDaj91qFRnINBw9uMqMhhlM2WEAoHenktzLMXgkc7kcupO0BD2RJ54cGPZVAPI5WOmUpJjNw3YVh8CdQzpClF2BJK+y3Sj24aJNkk2UarYzFPWA47+fU+Et8bt77GnjT5K99pIbtsCmdmkbjK40ics3TfSHZZkDesKOkmpZsF67aPCxlUT3J5MYEAiS7nEQj7HPOfC3vdnktAKXzOBARAo9u8kVxXZ3xhATRlPZhqtXAkIr1wrnzPpq+c9qoUbrim4boNvUVWxtgv1oaiJcAh7XMBiWRJx/uBMnWep/eGxTxx8bRWuS7s1S2er/+ONNBY1+Bf2v+QZiydmo0NJ0nuTpCjSd46PD+Ud8UlK5lzxQvxQ= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 159e3312-4ec1-4c48-7c26-08d6c9d182a0 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2019 22:58:20.0630 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2752 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.73.86 X-Mailman-Approved-At: Fri, 26 Apr 2019 03:23:59 -0400 Subject: [Qemu-devel] [PATCH 3/3] sev: Change SEV to use EncryptedRAMBlock Notifier X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Singh, Brijesh" , Eduardo Habkost , "Natarajan, Janakarajan" , "Michael S . Tsirkin" , Igor Mammedov , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) The EncryptedRAMBlock Notifier lets SEV know which guest RAM pages will contain encrypted guest data. Using this notifier lets SEV skip pinning pages that do not contain encrypted data. Signed-off-by: Janakarajan Natarajan --- target/i386/sev.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index cd77f6b5d4..610e992e64 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -127,21 +127,11 @@ sev_set_guest_state(SevState new_state) } =20 static void -sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) +sev_ram_block_encrypted_added(RAMBlockEncryptedNotifier *n, + void *host, size_t size) { int r; struct kvm_enc_region range; - ram_addr_t offset; - MemoryRegion *mr; - - /* - * The RAM device presents a memory region that should be treated - * as IO region and should not be pinned. - */ - mr =3D memory_region_from_host(host, &offset); - if (mr && memory_region_is_ram_device(mr)) { - return; - } =20 range.addr =3D (__u64)(unsigned long)host; range.size =3D size; @@ -156,7 +146,8 @@ sev_ram_block_added(RAMBlockNotifier *n, void *host, si= ze_t size) } =20 static void -sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) +sev_ram_block_encrypted_removed(RAMBlockEncryptedNotifier *n, + void *host, size_t size) { int r; struct kvm_enc_region range; @@ -172,9 +163,9 @@ sev_ram_block_removed(RAMBlockNotifier *n, void *host, = size_t size) } } =20 -static struct RAMBlockNotifier sev_ram_notifier =3D { - .ram_block_added =3D sev_ram_block_added, - .ram_block_removed =3D sev_ram_block_removed, +static struct RAMBlockEncryptedNotifier sev_ram_encrypted_notifier =3D { + .ram_block_encrypted_added =3D sev_ram_block_encrypted_added, + .ram_block_encrypted_removed =3D sev_ram_block_encrypted_removed, }; =20 static void @@ -794,7 +785,7 @@ sev_guest_init(const char *id) goto err; } =20 - ram_block_notifier_add(&sev_ram_notifier); + ram_block_encrypted_notifier_add(&sev_ram_encrypted_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, s); =20 --=20 2.20.1