From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110555897487.44098081344157; Tue, 6 Aug 2019 09:55:55 -0700 (PDT) Received: from localhost ([::1]:35054 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2kX-0005YZ-Tu for importer@patchew.org; Tue, 06 Aug 2019 12:55:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50850) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jc-0003zU-I8 for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jb-0003hc-B4 for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:52 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jb-0003ei-1H for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:51 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:47 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:47 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=byW2TeIa0b0hnF4aLG+EdRkRsod/msvPfjVRxmTEjtwotKYNGY06r3I7ZmBKS/S0Zvg8vvlDcIWV3YVgTQhHbFq+w1Oi5SFkU20J/YLq41+OYl3mrLFYH0WQb8SHzN4uGBtS+IwsmF2hpzLc8kLTxidANH/tDGs5w/cT/MASr4WKZMNa+DnvKZM8dxhSP4csU9ESG2RQXOHS9KNaMeedZGpztmNqr6LC5X4YOcyk/Xa0pVvZIqFehrvb5F6SKxn4HrVfqEpySWLrjC3behCOYamJIC2XjjmMyLmZkSFoZyNPx7wOLe3mVQ43sBlUyay9X1pLkuOsSpckTxvfwIQK7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=21sF05LyInfIb90Asv9ZsFtYhgwWJqZXz1er03jlqOE=; b=an9BD7Y7Sf/TS76G4ahSdHgH+dELIp9+vwyn4HHmwjf0Z4+jgk9BtTuSPDe17ksnjqSQVKhRnPUj61NIdLkkKXG9ueGgNoF8akjDXh15EZisjN6ApgwWvMGWCQL3ikhwR00qvk+yZ5xMlhHFVpTFb0pzVtvLclVfh1BDCjp8cV/g5GWMMgAWh0Fc4xPVOtZOgtpXXJzFKa1XQ+nq73JNvQoaGSyK33jRvqK44oMWfk6UQYZA3ARt9IANRESdlpaMzEEZIsonF9fJktzL8GRp+KSgE59p/4j4Ou82enO/9UObtb8V8yS9jYUn4HfCqk1rug414OqfgejMHyCSPbjj5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=21sF05LyInfIb90Asv9ZsFtYhgwWJqZXz1er03jlqOE=; b=jbvB9iDqB9apAezGNcSPRf1hbrm9zyawl6qG/sDP1TYn/iuf4ilW4GL6acy1aJD6Vkic+dqmvrIE1QOQ6/zW+/7rxtIaqE1hrHzLVZV6bWCu1Z6x/CmIPuexVpIvAUqGfNEYqtWc3ZAUxMFV/FuwhYk1R/TKTTaQvzG0LNTBfTQ= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 01/14] doc: update AMD SEV API spec web link Thread-Index: AQHVTHenNR6VmUYEGEm6ROL1YUusmg== Date: Tue, 6 Aug 2019 16:54:46 +0000 Message-ID: <20190806165429.19327-2-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 268acc8c-a0a1-4ae6-0915-08d71a8ec96c x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-ms-exchange-purlcount: 4 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3044; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6306002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(966005)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: JmJ0Ww485nOPzy8hkzOwvKiVnswbWs1sTfcduGG7jdsHh7NqwTboTCcZRu/xfsC+DI9y1kqFLJD3wIlpK1v0kPrauOv8jF+T/oKPjnk5AHHU6DTl5JlnIpXKuqZuc/sp9JObQR8G/dZIqjhlMwJObR2L0+o5fTwbuq+hajmJRcT0byc1vw9iVRHoGvpK6nVmzxlOmPg+Wa9eNKq32X1FmJaY5Pfu3VBC9Hep2evAqv8XBgetN1gwras6Bhxip47UmQwGmRAc7vkUJDWQHbvGg63Uj5VRlzRJP7So+504XgQcWwD+OPRqJYP2bsq9Y+VRdyJQzcE6BRNCDYWfz73X5HuAWqIOdEWlMvSfvlHeoz+W8al39qFV7UBXJdqRxr9jRss34vgRaJ4lpSUwVyrzeIkTOOzjufHQ8cvlwoUMJCo= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 268acc8c-a0a1-4ae6-0915-08d71a8ec96c X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:46.5931 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 01/14] doc: update AMD SEV API spec web link X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- docs/amd-memory-encryption.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index 43bf3ee6a5..8822cadda1 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -67,8 +67,8 @@ expects. LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptog= raphic context. =20 -See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the -complete flow chart. +See Secure Encrypted Virtualization Key Management API spec section +'Launching a guest' usage flow (Appendix A) for the complete flow chart. =20 To launch a SEV guest =20 @@ -97,8 +97,8 @@ References AMD Memory Encryption whitepaper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_= Encryption_Whitepaper_v7-Public.pdf =20 -Secure Encrypted Virtualization Key Management: -[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf +Secure Encrypted Virtualization Key Management API Spec: +[1] https://developer.amd.com/sev/ (Secure Encrypted Virtualization API) =20 KVM Forum slides: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualiz= atoin_Memory_Encryption_Technology.pdf --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110554678351.05779356801986; Tue, 6 Aug 2019 09:55:54 -0700 (PDT) Received: from localhost ([::1]:35056 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2kb-0005ic-Ia for importer@patchew.org; Tue, 06 Aug 2019 12:55:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50867) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jd-0003zW-8r for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jb-0003hk-RW for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:53 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jb-0003ei-KX for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:51 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:47 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:47 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UVR+o9Ijzi033iKkdagUa7bNpf369XvhMOyYFsU32TMQNb6nHQATR0UOH2f5XVrqLZsHVDObfuTQkj7Dno2+MTeIXs/YS5BDD7wMT5J9XRxUXO9E55RJWbIg348NBYOFf++Bian2wJn+HrYNj2eBUxZL+ftddPP7Odwr9EjKM5+rbz291LLhYJ/i3Ae0I342xlbDpQFmCntfvyvPVEouAqckSbeTUHzo9/pMCR1pVGQ4JpB4Q8gADBEV56qjK5bLXmHUyTQChBy3SjuuhFF7Ak5ZWFOyx8Krkiwn1wMyeNrGb9E08tjXtGqKTYm8QRzwAF3L5aPV/Pg9JrfAnbUfSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qLZyMSP6ZsQ/etSgcRdFs5I9oCCNDMrZtuVbnRNKJzg=; b=lq/VvRbwLAhDWNS86j7TrWuQQ9WCjCSUwLvW6WUle2DuyEeWjzQgFtnUwIFzP6OupcAucTKI/uhXOInTMsxoUTrvQYksafQNPg1iL6xPvzatH6rT3y/C1LAxFM6iyjWGCnoLCHaWTk3vHNHSk3LmbQ0U0ddQZSFVkrxxywmFs+vXutkcCuYOR+1F74u5UYpn+BRDIJ7f4LxZh+nmfc1Udr1oIYL9HfDo2jWyGkTSDAqhpPnunPY1v4v8pYGKwduhZ7UDOtD+cfNKS+pKq6sts12/NXnOdFDZErVHwVLEgx9UOYPGsJ31fsQKhFUSpC0CEalDv7OT6GUJuGkUbNwDIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qLZyMSP6ZsQ/etSgcRdFs5I9oCCNDMrZtuVbnRNKJzg=; b=CHjTinZG8Beg3Zo7HwAWG6qtV+yjjSPGV9YtT8NX0Bi+LvDhnioKQTuvSx5LhQurLNSYNG81lashJZg/wpSWWUe6HTBGOetKVFVPMYM08zkNro8X+0vsls94Yp+4fbBjpuvJXV5J+PQnC52/0v0iRQWeYxKM9go9TmoCSjs6Z9w= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 02/14] doc: update AMD SEV to include Live migration flow Thread-Index: AQHVTHen3F1mgv5cv0WeCKaa+G3INw== Date: Tue, 6 Aug 2019 16:54:47 +0000 Message-ID: <20190806165429.19327-3-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9881d971-c230-47ec-15a3-08d71a8ec9f2 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3631; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(15650500001)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(14444005)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: gPO1kM+6ZGMCVO9Tfe41djbhR8Q3D2vtLBPnxUTeZKeYoGdxXr5q56oLsUBQRXVUFU3E62+ACENuDq9i9bpEj8YOUjKPEYLGG2gIvIp07vptmURbxGgnRCQ2gx4jP8Ks+g6JGXVXvl274KaqlY98Q6bJQ6tuuFyJhFexaaS9kw+D3E2DE5i3pk9lMR4QhAvgKJ8VfQPYVXZKiAmvqKFBkNaRmWsy1llmL70S2iK09FFDwO74Xc6e3ycm1KLM+vMgmzXcNkPkLX1AZqA5HS+9u7RTkZLqJTGQb+YO6pdszMUEcgx2l0SL2CPDUJDn5Ty9d/nmm67OzEQ6jb+HXIDxFs1Z3nbYjeB+X2WsgVhmR+1xHyyFu916qXEc//jIUYrWmT3lJ2eybKvZyFES7IwdYl1/bleCWVyvTa/0EXNoyxw= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9881d971-c230-47ec-15a3-08d71a8ec9f2 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:47.5246 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 02/14] doc: update AMD SEV to include Live migration flow X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- docs/amd-memory-encryption.txt | 40 +++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index 8822cadda1..01d95089a8 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -89,7 +89,45 @@ TODO =20 Live Migration ---------------- -TODO +AMD SEV encrypts the memory of VMs and because a different key is used +in each VM, the hypervisor will be unable to simply copy the +ciphertext from one VM to another to migrate the VM. Instead the AMD SEV K= ey +Management API provides sets of function which the hypervisor can use +to package a guest page for migration, while maintaining the confidentiali= ty +provided by AMD SEV. + +SEV guest VMs have the concept of private and shared memory. The private +memory is encrypted with the guest-specific key, while shared memory may +be encrypted with the hypervisor key. The migration APIs provided by the +SEV API spec should be used for migrating the private pages. The +KVM_GET_PAGE_ENC_BITMAP ioctl can be used to get the guest page encryption +bitmap. The bitmap can be used to check if the given guest page is +private or shared. + +Before initiating the migration, we need to know the targets machine's pub= lic +Diffie-Hellman key (PDH) and certificate chain. It can be retrieved +with the 'query-sev-capabilities' QMP command or using the sev-tool. The +migrate-set-parameter can be used to pass the target machine's PDH and +certificate chain. + +During the migration flow, the SEND_START is called on the source hypervis= or +to create an outgoing encryption context. The SEV guest policy dictates wh= ether +the certificate passed through the migrate-sev-set-info command will be +validated. SEND_UPDATE_DATA is called to encrypt the guest private pages. +After migration is completed, SEND_FINISH is called to destroy the encrypt= ion +context and make the VM non-runnable to protect it against cloning. + +On the target machine, RECEIVE_START is called first to create an +incoming encryption context. The RECEIVE_UPDATE_DATA is called to copy +the received encrypted page into guest memory. After migration has +completed, RECEIVE_FINISH is called to make the VM runnable. + +For more information about the migration see SEV API Appendix A +Usage flow (Live migration section). + +NOTE: +To protect against the memory clone SEV APIs are designed to make the VM +unrunnable in case of the migration failure. =20 References ----------------- --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110737304853.8930009140389; Tue, 6 Aug 2019 09:58:57 -0700 (PDT) Received: from localhost ([::1]:35104 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2nY-0003hm-AH for importer@patchew.org; Tue, 06 Aug 2019 12:58:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50888) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2je-0003zf-1y for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jc-0003i3-Bf for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:54 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jc-0003ei-4c for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:52 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:49 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:49 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UVF4OKkq/2GPUfwGX0cP5fxYcRq9WfP5QmgPDncjre9Ij84YbjHGRHqieScqZOHOn3z8HTozskAYjRUeQcANctNcSF7+ycUXEYXXenklTdkWYBP86RYYD0S6s7GAgIGfCn/kXGN1bQNHgCwBT0uONPvcvTTFvDwsEh5KW6LgdhCtyMMRm/JxCyh9KXBRWh2cwKCWY/xCgtUst/kjpyH1T0BC4KL5SDJ0wlB8a9frMFCg5frbnDSBvM+D2Nar82Yor4XSpfC4BHWHOA8ZZ2fEvy/VE4cqrdXb+CwmHaeBtt6sjrMtDUAUC3yxXAB+BQqC+SpXxrucGgRT09LC/52ktA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+xGY6k4izIRMq1nHfe74JtfJtz/xPoPEgZ4BQdYuLH8=; b=iwGQFW/45WCP6btpCRuG0CnvKMklZNrZy7CV9SrW5SvWRUjrIYlAomY5UGk6ttlfzIN+UoPrFNDLh9UEH/TAv0TEujmTT5s5+q4sd6rseGSSEel2tD//qYfrgjqusb7r//j7khjf5qlmcOeXgIR3pG2A/ewDHFgkUBWswkN4CTYNPHYWBeSPq2RQRobg5JlVd5X3rQUPsV5NUwq1AH37FZgm9/NYE7nC+BGwJs4pTbFJyQ+N30PIZ2FGNYSx8ZlTw9EgrCF1JPSTST94teWsdNxq2XIGq0MwvHYKCYhmIvY6pF33jf/Ixz/0aYeaRDEtZ/2UvtQ5u5uexB89gk0n+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+xGY6k4izIRMq1nHfe74JtfJtz/xPoPEgZ4BQdYuLH8=; b=YI2KJq6D+iuI45YR96Xu4Mt4ViSfEZBiI5NVkj38gAUlGeoSkPoAudJQUJls4pyB8pOZljE+KIs2EznWFWv7bfrYEROpkSkdBtjpPtXdrI0OLN1o50CR6W3EOUl4KrTqsTKS8ONc7bJ3lliX/R39KxRlyLYCAgcwzL9fMfWcPos= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 03/14] migration.json: add AMD SEV specific migration parameters Thread-Index: AQHVTHeogJaMsuQ2A0iis34XZsrCEw== Date: Tue, 6 Aug 2019 16:54:48 +0000 Message-ID: <20190806165429.19327-4-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0891bee3-2d8d-46f2-9f09-08d71a8eca86 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2512; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(14444005)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: MBBICxNqJE8AD+fGPVsnhvcX1tRoX0q17gLri9TvessKulVE8B09Koy1JSMvjpxrIbya5R/hkbC2IkF/GUUkOxEYtpLyh+QJ6/SZhd01Uq9j1fHc4JhQo2l6CqdBCk1I2mot6uAnplEelm2h0uE75OweYo645qqvZngpJQXNcRbhPdDNE+mcndcIOF6jkCuv7r+BKpZ4zZEqQhpio0nz2jIRtlWG/BovxwtPHuWkxErbNh/Cc16DCPtE/2Rh0wp73+S/pIboVTuxJW9xaGGSb+3v9kJaIE/+rbCHIh3klMnPcUyReeAMoTZFQe17PY30jl3CdPHzu6Il3EGW3pVeTihu9tkb0OvKn4MHPMFfJ90iOLTEkq4XGi502WwK51CH8E9dPmny0zBJG6gOIK4pX9MK7WfXqfsVr4EyTsFzEGo= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0891bee3-2d8d-46f2-9f09-08d71a8eca86 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:48.4791 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 03/14] migration.json: add AMD SEV specific migration parameters X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" AMD SEV migration flow requires that target machine's public Diffie-Hellman key (PDH) and certificate chain must be passed before initiating the guest migration. User can use QMP 'migrate-set-parameters' to pass the certificate chain. The certificate chain will be used while creating the outgoing encryption context. Signed-off-by: Brijesh Singh --- I was able to pass the certificate chain through the HMP but somehow QMP socket interface is not working for me. If anyone has any tips on what I am missing in the patch then please let me know. In meantime, I will also continue my investigation on why its not working for me. migration/migration.c | 61 +++++++++++++++++++++++++++++++++++++++++++ monitor/hmp-cmds.c | 18 +++++++++++++ qapi/migration.json | 41 ++++++++++++++++++++++++++--- 3 files changed, 116 insertions(+), 4 deletions(-) diff --git a/migration/migration.c b/migration/migration.c index 8a607fe1e2..de66a0eb7e 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -783,6 +783,12 @@ MigrationParameters *qmp_query_migrate_parameters(Erro= r **errp) params->announce_rounds =3D s->parameters.announce_rounds; params->has_announce_step =3D true; params->announce_step =3D s->parameters.announce_step; + params->has_sev_pdh =3D true; + params->sev_pdh =3D g_strdup(s->parameters.sev_pdh); + params->has_sev_plat_cert =3D true; + params->sev_plat_cert =3D g_strdup(s->parameters.sev_plat_cert); + params->has_sev_amd_cert =3D true; + params->sev_amd_cert =3D g_strdup(s->parameters.sev_amd_cert); =20 return params; } @@ -1289,6 +1295,18 @@ static void migrate_params_test_apply(MigrateSetPara= meters *params, if (params->has_announce_step) { dest->announce_step =3D params->announce_step; } + if (params->has_sev_pdh) { + assert(params->sev_pdh->type =3D=3D QTYPE_QSTRING); + dest->sev_pdh =3D g_strdup(params->sev_pdh->u.s); + } + if (params->has_sev_plat_cert) { + assert(params->sev_plat_cert->type =3D=3D QTYPE_QSTRING); + dest->sev_plat_cert =3D g_strdup(params->sev_plat_cert->u.s); + } + if (params->has_sev_amd_cert) { + assert(params->sev_amd_cert->type =3D=3D QTYPE_QSTRING); + dest->sev_amd_cert =3D g_strdup(params->sev_amd_cert->u.s); + } } =20 static void migrate_params_apply(MigrateSetParameters *params, Error **err= p) @@ -1390,6 +1408,21 @@ static void migrate_params_apply(MigrateSetParameter= s *params, Error **errp) if (params->has_announce_step) { s->parameters.announce_step =3D params->announce_step; } + if (params->has_sev_pdh) { + g_free(s->parameters.sev_pdh); + assert(params->sev_pdh->type =3D=3D QTYPE_QSTRING); + s->parameters.sev_pdh =3D g_strdup(params->sev_pdh->u.s); + } + if (params->has_sev_plat_cert) { + g_free(s->parameters.sev_plat_cert); + assert(params->sev_plat_cert->type =3D=3D QTYPE_QSTRING); + s->parameters.sev_plat_cert =3D g_strdup(params->sev_plat_cert->u.= s); + } + if (params->has_sev_amd_cert) { + g_free(s->parameters.sev_amd_cert); + assert(params->sev_amd_cert->type =3D=3D QTYPE_QSTRING); + s->parameters.sev_amd_cert =3D g_strdup(params->sev_amd_cert->u.s); + } } =20 void qmp_migrate_set_parameters(MigrateSetParameters *params, Error **errp) @@ -1410,6 +1443,27 @@ void qmp_migrate_set_parameters(MigrateSetParameters= *params, Error **errp) params->tls_hostname->type =3D QTYPE_QSTRING; params->tls_hostname->u.s =3D strdup(""); } + /* TODO Rewrite "" to null instead */ + if (params->has_sev_pdh + && params->sev_pdh->type =3D=3D QTYPE_QNULL) { + qobject_unref(params->sev_pdh->u.n); + params->sev_pdh->type =3D QTYPE_QSTRING; + params->sev_pdh->u.s =3D strdup(""); + } + /* TODO Rewrite "" to null instead */ + if (params->has_sev_plat_cert + && params->sev_plat_cert->type =3D=3D QTYPE_QNULL) { + qobject_unref(params->sev_plat_cert->u.n); + params->sev_plat_cert->type =3D QTYPE_QSTRING; + params->sev_plat_cert->u.s =3D strdup(""); + } + /* TODO Rewrite "" to null instead */ + if (params->has_sev_amd_cert + && params->sev_amd_cert->type =3D=3D QTYPE_QNULL) { + qobject_unref(params->sev_amd_cert->u.n); + params->sev_amd_cert->type =3D QTYPE_QSTRING; + params->sev_amd_cert->u.s =3D strdup(""); + } =20 migrate_params_test_apply(params, &tmp); =20 @@ -3466,6 +3520,9 @@ static void migration_instance_finalize(Object *obj) qemu_mutex_destroy(&ms->qemu_file_lock); g_free(params->tls_hostname); g_free(params->tls_creds); + g_free(params->sev_pdh); + g_free(params->sev_plat_cert); + g_free(params->sev_amd_cert); qemu_sem_destroy(&ms->rate_limit_sem); qemu_sem_destroy(&ms->pause_sem); qemu_sem_destroy(&ms->postcopy_pause_sem); @@ -3507,6 +3564,10 @@ static void migration_instance_init(Object *obj) params->has_announce_rounds =3D true; params->has_announce_step =3D true; =20 + params->sev_pdh =3D g_strdup(""); + params->sev_plat_cert =3D g_strdup(""); + params->sev_amd_cert =3D g_strdup(""); + qemu_sem_init(&ms->postcopy_pause_sem, 0); qemu_sem_init(&ms->postcopy_pause_rp_sem, 0); qemu_sem_init(&ms->rp_state.rp_sem, 0); diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c index 5ca3ebe942..354219f27a 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -1872,6 +1872,24 @@ void hmp_migrate_set_parameter(Monitor *mon, const Q= Dict *qdict) p->has_announce_step =3D true; visit_type_size(v, param, &p->announce_step, &err); break; + case MIGRATION_PARAMETER_SEV_PDH: + p->has_sev_pdh =3D true; + p->sev_pdh =3D g_new0(StrOrNull, 1); + p->sev_pdh->type =3D QTYPE_QSTRING; + visit_type_str(v, param, &p->sev_pdh->u.s, &err); + break; + case MIGRATION_PARAMETER_SEV_PLAT_CERT: + p->has_sev_plat_cert =3D true; + p->sev_plat_cert =3D g_new0(StrOrNull, 1); + p->sev_plat_cert->type =3D QTYPE_QSTRING; + visit_type_str(v, param, &p->sev_plat_cert->u.s, &err); + break; + case MIGRATION_PARAMETER_SEV_AMD_CERT: + p->has_sev_amd_cert =3D true; + p->sev_amd_cert =3D g_new0(StrOrNull, 1); + p->sev_amd_cert->type =3D QTYPE_QSTRING; + visit_type_str(v, param, &p->sev_amd_cert->u.s, &err); + break; default: assert(0); } diff --git a/qapi/migration.json b/qapi/migration.json index 9cfbaf8c6c..bb07995d2c 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -580,6 +580,15 @@ # @max-cpu-throttle: maximum cpu throttle percentage. # Defaults to 99. (Since 3.1) # +# @sev-pdh: The target host platform diffie-hellman key encoded in base64 +# (Since 4.2) +# +# @sev-plat-cert: The target host platform certificate chain encoded in ba= se64 +# (Since 4.2) +# +# @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in +# base64 (Since 4.2) +# # Since: 2.4 ## { 'enum': 'MigrationParameter', @@ -592,7 +601,7 @@ 'downtime-limit', 'x-checkpoint-delay', 'block-incremental', 'multifd-channels', 'xbzrle-cache-size', 'max-postcopy-bandwidth', - 'max-cpu-throttle' ] } + 'max-cpu-throttle', 'sev-pdh', 'sev-plat-cert', 'sev-amd-cert' = ] } =20 ## # @MigrateSetParameters: @@ -682,6 +691,15 @@ # @max-cpu-throttle: maximum cpu throttle percentage. # The default value is 99. (Since 3.1) # +# @sev-pdh: The target host platform diffie-hellman key encoded in base64 +# (Since 4.2) +# +# @sev-plat-cert: The target host platform certificate chain encoded in ba= se64 +# (Since 4.2) +# +# @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in +# base64 (Since 4.2) +# # Since: 2.4 ## # TODO either fuse back into MigrationParameters, or make @@ -707,7 +725,10 @@ '*multifd-channels': 'int', '*xbzrle-cache-size': 'size', '*max-postcopy-bandwidth': 'size', - '*max-cpu-throttle': 'int' } } + '*max-cpu-throttle': 'int', + '*sev-pdh':'StrOrNull', + '*sev-plat-cert': 'StrOrNull', + '*sev-amd-cert' : 'StrOrNull' } } =20 ## # @migrate-set-parameters: @@ -817,6 +838,15 @@ # Defaults to 99. # (Since 3.1) # +# @sev-pdh: The target host platform diffie-hellman key encoded in base64 +# (Since 4.2) +# +# @sev-plat-cert: The target host platform certificate chain encoded in ba= se64 +# (Since 4.2) +# +# @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in +# base64 (Since 4.2) +# # Since: 2.4 ## { 'struct': 'MigrationParameters', @@ -839,8 +869,11 @@ '*block-incremental': 'bool' , '*multifd-channels': 'uint8', '*xbzrle-cache-size': 'size', - '*max-postcopy-bandwidth': 'size', - '*max-cpu-throttle':'uint8'} } + '*max-postcopy-bandwidth': 'size', + '*max-cpu-throttle':'uint8', + '*sev-pdh':'str', + '*sev-plat-cert': 'str', + '*sev-amd-cert' : 'str'} } =20 ## # @query-migrate-parameters: --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110653620884.6642093507245; Tue, 6 Aug 2019 09:57:33 -0700 (PDT) Received: from localhost ([::1]:35080 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2mC-0000jH-MV for importer@patchew.org; Tue, 06 Aug 2019 12:57:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50893) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2je-0003zg-3E for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jc-0003if-S3 for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:54 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jc-0003ei-Ky for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:52 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:50 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:49 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JsJtafZd9oB4TG7madxuOxuOnO45GLrYPyuz9eDNt+qvAxu0skQtwuqt4QxhJLN4IOJUl18umLB1vuoMaOMQI31w6fKnjAA6Z9xhJkE37QInwGjDp5GL2tOefCiWIH6D8fzDPLn3RfrWqB1OI+3V6BYyVemSDRsHoFvy93eSElckh0MjEUYrOqte3NcCrDoL/mjj0EERv2PJXIsiXUB9HGiWb6tOcrbLIrgpY84q/09GmcIu1u3v/nvEFdBnRMuh51q1XFOaNrG0ir7ycVbUdVvE9mWILG1PCQNCiBKbXoaVaIFIhFBjU3ECYaQyt/qBzPnyBnPM5xXIAMOmlzGXdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z4FQhedDI2J/9O6at+OtRsW2z1M94UnOeJHXHRF+rtw=; b=j3sYTXtm3bT/D+zSjHMk3God3GdLQjnehIVsgGpEj/P7r++PGKOqxHrQ37LktPBjckipA3zy5g8n2WZOOAr9bx6zHyJ9ZERYV13/2Lr7VZG9qvhm2dI2DR9IGnZXVNXDLFD99h87os8CoO9AI0EcUtx37LCFLvVsIiWwBQuj68VCjnvsHwgMeA81/z/9vXR8pHQxWqx3XJYIdtN3d+VakocvecEswBrFdzhnkw45TYq9Kkr8+O5QyFZoz/82xaOud3etj1+AdcNfUwCULogyB3FcU4FNaACM9DFswuEhz2AlDzJimN4otl8XRXVsAcMunn8Nnj0b05E8gJ1ArP4sXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z4FQhedDI2J/9O6at+OtRsW2z1M94UnOeJHXHRF+rtw=; b=C1a7rcIk1dnjSlpiOZxK1x8IXtzDsSEiuDwaDnFNHdbuBl/7OS1bY1eUNJEmsjNQO9NOH25UYvkm9U6C3epbWwvNvw7kMB+BAhVt62xOmVn9VDXenxkpPunSPeHyx4xyJTcfDRfZTBneBp3lGQTFrKfV8BlC31VNEDW5gFT5ydQ= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 04/14] linux-headers: update kernel header to include SEV migration commands Thread-Index: AQHVTHeobj2aRBtSo0WJ01dEZyjOUQ== Date: Tue, 6 Aug 2019 16:54:49 +0000 Message-ID: <20190806165429.19327-5-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a2eca161-c491-475d-d164-08d71a8ecb1e x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:21; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(14444005)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: cGz7hYDWaNGjremTW6IEStEOOxNEeA3J3q/GHUQ9dF5Ps1WZ3+55Ec5VUwKR8Jedsf4H7erTifKqFXIPsMfjmx2H77lWJ2OAdShUOAUtYYE6YZD7e+JbVs54EteohgbP4U/Qb4H/PWhQ0qzmMwx7QybHzC1IRnD6W3Z1SRxnODxI/MyXTUt923YBgAOFIH6VXwXuHc74M+GaCYFlNzLeh1K62uRRngVvM8vABoQSH+2Nn+UTsbmM9REEktfQhXynecGBgIeBPLvPt0qtrLh79HffMKL9y9rfQGPi/q08dAA5rNVz2VffoNSJckUTbMwds2d2JTmYsQcYA/wsoH7gxniwJ5AamOThgEOLLVEOVqvs01HwGNc1oBDRQbAiiRh7qYfMUicgEP7BKGHYyIYyjCmgBeluaKWlvZZ6u3V7qmo= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a2eca161-c491-475d-d164-08d71a8ecb1e X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:49.5115 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 04/14] linux-headers: update kernel header to include SEV migration commands X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Signed-off-by: Brijesh Singh --- linux-headers/linux/kvm.h | 53 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index c8423e760c..2b0a2a97b8 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -492,6 +492,16 @@ struct kvm_dirty_log { }; }; =20 +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + /* for KVM_CLEAR_DIRTY_LOG */ struct kvm_clear_dirty_log { __u32 slot; @@ -1451,6 +1461,9 @@ struct kvm_enc_region { /* Available with KVM_CAP_ARM_SVE */ #define KVM_ARM_VCPU_FINALIZE _IOW(KVMIO, 0xc2, int) =20 +#define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_b= itmap) +#define KVM_SET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc3, struct kvm_page_enc_b= itmap) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ @@ -1531,6 +1544,46 @@ struct kvm_sev_dbg { __u32 len; }; =20 +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_cert_uaddr; + __u32 plat_cert_len; + __u64 amd_cert_uaddr; + __u32 amd_cert_len; + __u64 session_uaddr; + __u32 session_len; +}; + +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u64 session_uaddr; + __u32 session_len; +}; + +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110557778612.1958667314824; Tue, 6 Aug 2019 09:55:57 -0700 (PDT) Received: from localhost ([::1]:35058 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2kc-0005ls-Rr for importer@patchew.org; Tue, 06 Aug 2019 12:55:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50914) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2je-0003zm-Pn for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jd-0003jK-Fz for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:54 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jd-0003ei-8m for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:53 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:51 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:51 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L173UNSmQf66xqIbcb5/2SwghOcN//5TW9azIzKopXgT/f5QzbW93NTYhJy4s3uZbvmsUcaCjDPx7HCwh7EFS5u9lh2eHBqeuiU+Hv/GFDUAR5/YMkEPxfQt3ApDsKAceoUmnY0Ick5pff/JrOAsb8YuOsfQqoQUKjr5Yc9wQqICiUcbCsXirXeri2fPhEbXcqAr4fotaboa7q9SWvTr9D4KPPMp2RhAh3H+QuwLaYd6H6OK1V8n3Cvm8WQnvr5UMLt9pcjHW1I25LVEbqyTQaaZ6MPKfeiIapg74MTnVPR7sUevME03wpMfH5TloYFUF6NCwUDWWKn8v9yhy4j0OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6soHEA5gB8MdOevNrVmlDVZlyMRavhxxrbrgoJuGuRc=; b=L/TJeZOtQ1ujR9K4ZO5cBdC2plZPkldbRX7d3A0YXW1/OK8+aSlWPYwEm8NKXj30Ab0PTrn6ocmGDgUdsxzzBZU+zXb526byrxRk1+O+3V1ZUhZyTuj1SBscfNZsyTdwbwohz3Vnv9oYBTaSlAosmZamcdSMx5wOBx9pCQ4+tAEM0s/t+7xpfLcwIv6VcsVxQETM1LQmAIjAcvwMJ0ft3cAEdGrExXusXSh7g0AFlQWqTe1O0aiL2YUL8TywomsPy453K1XoIY2TzQBgE2/QrOU8zF1tvR6azFfFU5vksGynShyuga51/peibiQ742d7XuZDJbLXBin3t4Rse9mNIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6soHEA5gB8MdOevNrVmlDVZlyMRavhxxrbrgoJuGuRc=; b=RUpJviFnZNISLFykaYVQd3FavLXgaAOggNKJbLyJbhS2oQqWHaSTGB0FJNjkEAoKLTOsmrhjg20B3GPdRy+5Lj0Z4ILocB+S9gHVFctri5Kp6IT3bw78hQfsOu4GTa1pAhJVKpPnogPa0aGCqq14VAA+cqNopLUU+5nLE1htJsQ= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 05/14] hw/machine: add helper to query the memory encryption state Thread-Index: AQHVTHepbE/4ZRGpG0qc0vVAe0/C4g== Date: Tue, 6 Aug 2019 16:54:50 +0000 Message-ID: <20190806165429.19327-6-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8974d773-adde-493a-5653-08d71a8ecbb5 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ZzNfX3lhTBIKSpUkSNAK5Dp4OMYPvO0+3pd8I+pi9IM0uFkZ7Rb06VrTMqloR3gG8tusAgSmbzHsrkQMM4rK/g9FEhd7ErG97OHlTjTMKIYkA09c8jR6JxA0BYW1F4R3/aTkHbuHvEBfD3y2diWOHAfQnnqHnrYkvGAD4c9heM45HSDFE/5iChRTWXSvgl+nOuIcwk1IfVOU8zne/mMD2EJ7UYZ8zVCKxFXfVSYF7K+4IggZdanKa9NgM1AQGyooWA89sEzkg1KwmE6D0UY+1OHs63WWGEPiQ9p2HiyhWGfK+E1xt5JcbI09FyzA0m5R3QBZh7Sf7vYxuKcBVP2rDi3CyfL20CbKfuRnFkgQYHWepI0K4laOhu3Yp0557TFeTA8UXJX3O/VJzzhBMJEvvpDYcyi0Y148S7bto7SI/es= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8974d773-adde-493a-5653-08d71a8ecbb5 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:50.4320 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 05/14] hw/machine: add helper to query the memory encryption state X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" To enable a memory encryption inside a VM, user must pass the object name used for the encryption in command line parameter as shown below. # $(QEMU) \ -machine memory-encryption=3D Add a helper machine_memory_encryption_enabled() which will return a bool indicating whether the encryption object has been specified in the command line parameter. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- hw/core/machine.c | 5 +++++ include/hw/boards.h | 1 + 2 files changed, 6 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index c58a8e594e..f1e1b3661f 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -1031,6 +1031,11 @@ bool machine_mem_merge(MachineState *machine) return machine->mem_merge; } =20 +bool machine_memory_encryption_enabled(MachineState *machine) +{ + return machine->memory_encryption ? true : false; +} + static char *cpu_slot_to_string(const CPUArchId *cpu) { GString *s =3D g_string_new(NULL); diff --git a/include/hw/boards.h b/include/hw/boards.h index a71d1a53a5..c5446a39cf 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -76,6 +76,7 @@ void machine_set_cpu_numa_node(MachineState *machine, Error **errp); =20 void machine_class_allow_dynamic_sysbus_dev(MachineClass *mc, const char *= type); +bool machine_memory_encryption_enabled(MachineState *machine); =20 =20 /** --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110843122532.0548958358168; Tue, 6 Aug 2019 10:00:43 -0700 (PDT) Received: from localhost ([::1]:35122 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2pF-0006I7-Tk for importer@patchew.org; Tue, 06 Aug 2019 13:00:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50921) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jf-000405-32 for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jd-0003ky-WA for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:55 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jd-0003ei-Oy for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:53 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:52 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:52 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DyQhMhvYkv72Y8JXGmcuCFqlY1whjV8A7ZyvKOK3PR/5JeZ9lqHdnXYzJNe4O6hs6miyN2xB4kG6KNKC7JJE71/kWFTfq1D96ocQE20GA6pLqmftfjEkEfPm+FlUqT2Ls+fhKRnR5l5U2BS4iAKA73I6UPt1wJGuljazIWDQYtjta7fO68HJ7eGsZOtOp1PlaHmSAIFXseDN4JXLBUCVZi5raLcsNkhktTLct3UqYpBAjrbgycjByJz6iAadIBMm3CVI9Rd8Swz15d86VEYopBhja0x3YmzoXhW8f+1OP8qZ+qbhMm9cxNpfDMUUkkts/vodVgvcB0l04kVzAHt2fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCl+XzLEh3Xu/noBwM3zUeVk8Df9M4mxrPQD/esT0vo=; b=ZQK7iVJoNQ3ZYirJKhlGKZKYI59vxYYYdAHcWC5FP76i6oa7ytyZi2tbW9mPvwntVMAWG0PkzNHH5390hmKTulVt7HvHdDkYZa15b6LZM9LOS9djmYf5NeMLD/A3L7Apg/pVjZEElxfVoxJy7HRnAPebddb0rsuYrbp0RrV5IORdHuojktPVU+YZ6T2paq8TIbPchmTwolf4bQSacT5V34F03AojzEoxBN4C4sthQ+zRV1hfZ+MdmLb+HfvaHc0qbFW4f3tel92OLv0f30R9XnmVE/n/+LCvqVHBE2g8Aeudng4ygn4rch5s23HSWMuEUThTLPUL1pYi1JyLnY6Tbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCl+XzLEh3Xu/noBwM3zUeVk8Df9M4mxrPQD/esT0vo=; b=j+Vzo0LjBUPVNrmOU+icAfPjfwIbjf4Kg/6JAJftS4t3TCSvKvdaqX0G1LEGa/ek9zCKGBd9qs9D7kQAaTsAesI3lCQWizCciZ1i7sKZVqLBPfi2dARrMi/bvuPB5iKEokIIvTZBXjIwM+7kvL3QIXY78M4ViZ2y6SNl66avDb8= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs Thread-Index: AQHVTHepBg1HCJ7gekK1RIXJjcG4zQ== Date: Tue, 6 Aug 2019 16:54:51 +0000 Message-ID: <20190806165429.19327-7-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4b4821e3-4d05-4c09-5a88-08d71a8ecc36 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: rFb32e/ZTzPovpxzFDDoY3/wPQkcH8NksjZBF7Ba2Xur2BNQa9ox2+8iUZpu8MTAophXPcPwAG0NtpZnQT0c/AIltlyJPisVKCOL7F0KyerIoJaV8f8PEsoeO4pxmNg1zG34PSIYVZ76wm+mtPabvSyQtxvpOZlcWpbGfXnHSp8DsBCzPYLqdmc7di95jrqTjOqbGcuRMSYz9ojrVD7AMAppolt4/mP3nTbk94EGXu4IT3KeQtHmTDKWsxlzGQWRPdmv8oWGyR9S1NQy3o5ehOYHE192Ll8KNwFcGHfgvoVCfmJ5B9YLycPeyzHpNtIjM8kxNdI1Gz4lxcScRXPM274UlWBT1RvQCyaLgPZ/8mCA4SXW9oTppBzNCTbPpux4wG66PjW5xydb820sW2wutTwLLaSFQgV9AACMuWsVLOw= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4b4821e3-4d05-4c09-5a88-08d71a8ecc36 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:51.3125 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" When memory encryption is enabled in VM, the guest RAM will be encrypted with the guest-specific key, to protect the confidentiality of data while in transit we need to platform specific hooks to save or migrate the guest RAM. The MemoryEncryptionOps introduced in this patch will be later used by the migration. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- include/hw/boards.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/include/hw/boards.h b/include/hw/boards.h index c5446a39cf..ba80c236fe 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -105,6 +105,29 @@ typedef struct { CPUArchId cpus[0]; } CPUArchIdList; =20 +/** + * The functions registers with MachineMemoryEncryptionOps will be used du= ring + * the encrypted guest migration. + */ +struct MachineMemoryEncryptionOps { + /* Initialize the platform specific state before starting the migratio= n */ + int (*save_setup)(const char *pdh, const char *plat_cert, + const char *amd_cert); + + /* Write the encrypted page and metadata associated with it */ + int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size, + uint64_t *bytes_sent); + + /* Load the incoming encrypted page into guest memory */ + int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr); + + /* Write the page encryption state bitmap */ + int (*save_outgoing_bitmap)(QEMUFile *f); + + /* Load the incoming page encryption bitmap */ + int (*load_incoming_bitmap)(QEMUFile *f); +}; + /** * MachineClass: * @deprecation_reason: If set, the machine is marked as deprecated. The @@ -228,6 +251,7 @@ struct MachineClass { unsigned cpu_inde= x); const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine); int64_t (*get_default_cpu_node_id)(const MachineState *ms, int idx); + struct MachineMemoryEncryptionOps *memory_encryption_ops; }; =20 /** --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110656722528.6771815248932; Tue, 6 Aug 2019 09:57:36 -0700 (PDT) Received: from localhost ([::1]:35084 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2mF-0000tF-Q5 for importer@patchew.org; Tue, 06 Aug 2019 12:57:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50944) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jf-00041C-Tf for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2je-0003m3-Gp for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:55 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2je-0003ei-9B for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:54 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:52 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:52 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oFGPXQGfZL2e7uZGaQjApzdH4hZX8GvdRiTf8MIekqkiHAM1ySLwQzLBKLWGmWh+RKLtjkhRgRmNNWjfH4zAPhKaEdazlgnBGZ5FQTSyrP+ikxv/nVFmtzGfhU3/8XxWwW42kk8mnqgXuabSWuuoCDdUpT/+DpMB8vg7g5jlHQAYNov/cEbhInNmj6Fe8X/P3XUE2ERInqueK/Vlr/j72oVT/3OiGtmKCleakNhL8mY/6NbOPkmgiS/OWxZQiizJyK6/iicHGy5V12PZXIdCZV1NE9N/PIA8MR/IHEbZSd0/DWjXLElj7F02kGi4IXDm6ActzUxDkyXoY+zTAj8K/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+4iMyP9C0DkhedLgJ7krOSFlo9/EBZuc2PeihQVh+lo=; b=j4VeYJ2+UyuimPenWrzGdECiN3kS6NoIZcnlBK5wb5JmtNp0tTBZLoUC8O4y1ZaGvfJ1JPzEJC46jYAi+fpvUIzgGOHlJAgp/dWWGEKyX2sL1ElRjniWza/IowsH9Vt+38s93EyFbJdZxxU+inZAHbY9hpEIE4X1BSR2GAb5x4CUe6Zhp/cissgPgwhfhug8niq8hlPDYPHwRggeMX7ZVwMDa7Iy2E5LA+HTp/3WmC+sYJZJnkUqcW5Q0ShugszHDORtN9mZ3aMj5JQkUAnwfE6Mu9Qwoqmfj8g1pBx1rv6uZUkwOkxHZAmfcFboTL9Y9CQ57GzbsL9hFQQn8yABlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+4iMyP9C0DkhedLgJ7krOSFlo9/EBZuc2PeihQVh+lo=; b=mqu4/2TEPHrPCtiG9ssRPxd0YbzSKleEhqwxpy9EHhN4CtPSM8L9to6CqoCCLAKJOx0AL1pqlcLM65DEL8VHUJy0GG+UMbt85OrMOfAtS6vYLq4Z5wSh7rbY6phGxkUlPxyuwJCTzso9R48G8nQpMOgSA86e9jHj4sQVk8MD5uU= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 07/14] target/i386: sev: provide callback to setup outgoing context Thread-Index: AQHVTHeqAFYxQ7DhSEOaBG3TErDUzw== Date: Tue, 6 Aug 2019 16:54:52 +0000 Message-ID: <20190806165429.19327-8-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 99c15282-3b08-40cb-9b8a-08d71a8eccb6 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:250; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: mU5xV0CSKlKUa6RoJLW9KEBdN8wttYkWlHTT7cFpuQ8Pui6AQHPscSn3lJtSUAlJpMuzRhDB26yADFM4D9I4mhahFF+6WB5AOdDmh1dgKXoL9k0+cLYuFitKy3oJZNfvZ140dA0Y4vfbxAHsv4DvtqFh19ADsznAqeUXm5L2FDrd7r1t8uPu03CfMjOzvlAPbGcAGxzSUPMqhX3cNuGb1NK4aB+XFL0imOcyYZQZ65YyvKy/CxSlRXxKiEe+oS5JfhtvOF75rS33WmOw2KnLNLqc+GAXUnufa/Ih8KHPBWqTaHrfMpxT9kNUWeiQgUGVBgSO7fNdPyjwAn4uZAQKPntS4xAPegjgLMoBDK5tUEG9lwiZDcCJu5QK50CnCLi8y1I6sIYVPuMRBtyS/jZqhcm1ZeefL0GLvrMCf9X1UBo= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 99c15282-3b08-40cb-9b8a-08d71a8eccb6 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:52.1580 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 07/14] target/i386: sev: provide callback to setup outgoing context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The user provides the target machine's Platform Diffie-Hellman key (PDH) and certificate chain before starting the SEV guest migration. Cache the certificate chain as we need them while creating the outgoing context. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 12 +++++++++++ accel/kvm/sev-stub.c | 6 ++++++ include/sysemu/sev.h | 2 ++ target/i386/sev.c | 45 ++++++++++++++++++++++++++++++++++++++++++ target/i386/sev_i386.h | 6 ++++++ 5 files changed, 71 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index f450f25295..d0304c6947 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -165,6 +165,17 @@ bool kvm_memcrypt_enabled(void) return false; } =20 +static int kvm_memcrypt_save_setup(const char *pdh, const char *plat_cert, + const char *amd_cert) +{ + return sev_save_setup(kvm_state->memcrypt_handle, pdh, + plat_cert, amd_cert); +} + +static struct MachineMemoryEncryptionOps sev_memory_encryption_ops =3D { + .save_setup =3D kvm_memcrypt_save_setup, +}; + int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) { if (kvm_state->memcrypt_handle && @@ -1968,6 +1979,7 @@ static int kvm_init(MachineState *ms) } =20 kvm_state->memcrypt_encrypt_data =3D sev_encrypt_data; + mc->memory_encryption_ops =3D &sev_memory_encryption_ops; } =20 ret =3D kvm_arch_init(ms, s); diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index 4f97452585..528f8cf7f1 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -24,3 +24,9 @@ void *sev_guest_init(const char *id) { return NULL; } + +int sev_save_setup(void *handle, const char *pdh, const char *plat_cert, + const char *amd_cert) +{ + return 1; +} diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 98c1ec8d38..d5123d4fa3 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -18,4 +18,6 @@ =20 void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); +int sev_save_setup(void *handle, const char *pdh, const char *plat_cert, + const char *amd_cert); #endif diff --git a/target/i386/sev.c b/target/i386/sev.c index f1423cb0c0..70e9d86815 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -27,6 +27,7 @@ #include "sysemu/sysemu.h" #include "trace.h" #include "migration/blocker.h" +#include "migration/qemu-file.h" =20 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -62,6 +63,8 @@ static const char *const sev_fw_errlist[] =3D { =20 #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) =20 +#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ + static int sev_ioctl(int fd, int cmd, void *data, int *error) { @@ -729,6 +732,48 @@ sev_vm_state_change(void *opaque, int running, RunStat= e state) } } =20 +static inline bool check_blob_length(size_t value) +{ + if (value > SEV_FW_BLOB_MAX_SIZE) { + error_report("invalid length max=3D%ld got=3D%d", + value, SEV_FW_BLOB_MAX_SIZE); + return false; + } + + return true; +} + +int sev_save_setup(void *handle, const char *pdh, const char *plat_cert, + const char *amd_cert) +{ + SEVState *s =3D (SEVState *)handle; + + s->remote_pdh =3D g_base64_decode(pdh, &s->remote_pdh_len); + if (!check_blob_length(s->remote_pdh_len)) { + goto error; + } + + s->remote_plat_cert =3D g_base64_decode(plat_cert, + &s->remote_plat_cert_len); + if (!check_blob_length(s->remote_plat_cert_len)) { + goto error; + } + + s->amd_cert =3D g_base64_decode(amd_cert, &s->amd_cert_len); + if (!check_blob_length(s->amd_cert_len)) { + goto error; + } + + return 0; + +error: + g_free(s->remote_pdh); + g_free(s->remote_plat_cert); + g_free(s->amd_cert); + + return 1; +} + void * sev_guest_init(const char *id) { diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 55313441ae..32906de998 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -81,6 +81,12 @@ struct SEVState { int sev_fd; SevState state; gchar *measurement; + guchar *remote_pdh; + size_t remote_pdh_len; + guchar *remote_plat_cert; + size_t remote_plat_cert_len; + guchar *amd_cert; + size_t amd_cert_len; }; =20 typedef struct SEVState SEVState; --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110655042387.9348331605531; Tue, 6 Aug 2019 09:57:35 -0700 (PDT) Received: from localhost ([::1]:35082 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2mE-0000m2-38 for importer@patchew.org; Tue, 06 Aug 2019 12:57:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50946) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jg-00041T-2c for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jf-0003mm-0k for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:55 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2je-0003ei-Px for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:54 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:53 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:53 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M07u1m4uTEBTdYMi2xgw0ii7Dj4Vvd3imNr4L4uAxbV9mq7qdOMFG6U6AyKIvpxSso3zLDLKcFAag39xZmYVE8rzwkJ1HqiCbte60C4VJK2fJsvI7uRPHBRugsnj4VAPpTU/58fBZTIERk4gq48cXecdJBp5PbR+OCUVq3/x9d3bs8bnfccMh7U2x2Zlr5Mn+Lx1PNpVahKL1B3H63toziGoLn/t8nRMIczWmoNH5UrA4cd66ssZ1OkaCZX4X3MUkbnXGvnrh+4Sa9vi6WZId5cK9uUXxkKof3ZDgO53vheGAUJhChhcoIs9rNKveswwf71G/4SS776sUmn4eWrjMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VuSI/7smXWk0I/nQKJgMek432S8GtICVq+9mezI6wE0=; b=jfNqGJ1WeHWtjxzw3CfgeqV2Xnix0tUICQpRsm/4GEjkVnFMuwERUGGQBoIOkznzV6xjKmY7n1E+d3mv2xOUwkMu7EJdLgcPiOSbsgbE37aTj4cqvIO5CLLGldU5sFM7OqQKSRZU2rgGlHmzFXXhakkiGhMzGk2vWd14RCg9NPFxX+pHnuYNHUm37AkSKuodHox7oJkMNwBGAZkGdKl4wZQyVOmWg6+oNpwfDsl6lbgEOfwyEWU3EpUmfCT537j/ViOLrjQhl3Y3Igap4zWA2mJ/WrDW3rV0ntBkBrxBMfB02Sfb7sBMKV9k5mf5m/ayBL2wvQq6Yy1ZEz8EIVZkeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VuSI/7smXWk0I/nQKJgMek432S8GtICVq+9mezI6wE0=; b=jDCUln6CwniuaivITR3b7fKQVYJFrHHI2vpOyR5yaPTVulUGWo0zwMKMTNfAQG207wy6cydU+hHj6TMXAhRAie/B0H1moGJOkwTkEb3crRjavFtuSDoscdynb6PX674U2z80+PtXCiQItP6QvGatKaH0LsY6hc/2maLFjMPV2bA= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 08/14] target/i386: sev: do not create launch context for an incoming guest Thread-Index: AQHVTHeq+wGULWg76E2AvASsinjoSg== Date: Tue, 6 Aug 2019 16:54:52 +0000 Message-ID: <20190806165429.19327-9-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 83791dbd-5db6-411b-51a9-08d71a8ecd37 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:595; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: W9BYqXic6ZOshleqGns1imlKwOxuj8DI2++TNtkPBgqsM936Zu91dMN8/+5HMWn8OGOOjh9tmFTpzr+EW3FJvI03M0Rb3Sm07GfKvVhid7owbKtNPpXsh81MofWQbqslf3vfwKaMv5MDILSSmbXLn6Drauie0cR8aujsoVU9q5yVGMAi6badx3wswH+UxFXaGD8P9Yg+XaWgkhlQ3oldjF/pAiW1f1m2t13PuyA0ieW/JvO7LQOwfnTumMUb5G+nrTzPdIDMWDURzfEzXP8785YJS0iYiucEypX6WHJqjOtsuPYr2ViTSqNUEi7kX2TLU8s04Phq64VLy3Dpevj+hm74gCwPrAZcpnQrFbqSvqN2QbOfHlHiCmJQliVs6Bm4UreEVnHwNWs0UtXaCnmePBcjPeVd3+WQGTrb7HBQKSY= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 83791dbd-5db6-411b-51a9-08d71a8ecd37 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:52.9365 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 08/14] target/i386: sev: do not create launch context for an incoming guest X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The LAUNCH_START is used for creating an encryption context to encrypt newly created guest, for an incoming guest the RECEIVE_START should be used. Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Brijesh Singh --- target/i386/sev.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 70e9d86815..483d9bb0fa 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -845,10 +845,16 @@ sev_guest_init(const char *id) goto err; } =20 - ret =3D sev_launch_start(s); - if (ret) { - error_report("%s: failed to create encryption context", __func__); - goto err; + /* + * The LAUNCH context is used for new guest, if its an incoming guest + * then RECEIVE context will be created after the connection is establ= ished. + */ + if (!runstate_check(RUN_STATE_INMIGRATE)) { + ret =3D sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func= __); + goto err; + } } =20 ram_block_notifier_add(&sev_ram_notifier); --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110739895914.8235950259558; Tue, 6 Aug 2019 09:58:59 -0700 (PDT) Received: from localhost ([::1]:35108 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2na-0003og-T8 for importer@patchew.org; Tue, 06 Aug 2019 12:58:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50965) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jh-00044p-Dn for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jf-0003oG-Hh for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:57 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jf-0003ei-AA for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:55 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:53 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:53 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=auP7pdnlBSQX0Mh/s5yoH658JSYrbJ+20u/BccIJeju3iUJLCddpp53vrPFOCFkI8bXdB8e5jh0tfYBhq6eWQG4iTVvuTm8SjjtfJwAQMpT9sg57Bp0fOtXm79o0tdvGpn+au+GQmOWTeX4TC1PSb5pnRSwJRg63y/pdzuWS3N71E5lWUfQBR/RH6ugX3TA2RZgNDNBBOjrzo0IF6gCQSpBTvLbhB/QOB5bNBCFZnlJrhcgnQR9pHL57v6kdvldfCMztGfnZSWqp359LhOnnyYjm4ZFhw3vZL4DdYGzSNG5mbe9f6OOH9lNZshCWyqqHJJVRgZbQJj9aH4v8yv0Dgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4A6lImf7rAfGPsVC1yJhfOyQ4Pad0Dem3q6S3V93tek=; b=L/i3DvhzhwrFd+IEavJ85eguijFdiZcqT06lpKpxYh8v16XWwi++jDgsrZhJskibD2/qPLcTvzfbN8/UspLQoOwAVBiCJryq5YyXfqxpqzNTtSXHfpap1iXP4pOKoNNtJ+8LWm+GrklLwMM3t7VocLGjI7iA7imYuO7HWLex1+wTyNd7UIi9195zhjYzvd0384+bB6wd1fZZPd9qRPAsoyIxN+VUvgoKn2zty/parSqLovIxbOh7VUJPZpPnh3TEtR6oWGdqrdgilPYlrzlHTixT14/x566W1O+yoaBva/8UzQYNQ5YIg8YiOQ6jccKU8DcAyq7ASVWmJsQF5cE/bg== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4A6lImf7rAfGPsVC1yJhfOyQ4Pad0Dem3q6S3V93tek=; b=UQ8CyvxnBDJlE6JBbbkUZ3U1lODBl/5u+n07vu/LGBu5owmY/NTfqrwDuGu5VwDdpa1RLFethMj2VLo92EFlgc9ZSHZo55bWtojICJdztyW+7c2eQKjrUe5rXClh5x38yHrn0AWAJuYst8UzGcHy5HQEfIZCXO9AS/FKBrQWjSg= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 09/14] target/i386: sev: add support to encrypt the outgoing page Thread-Index: AQHVTHerf1yW7BLbT0K/ygBstlBEBA== Date: Tue, 6 Aug 2019 16:54:53 +0000 Message-ID: <20190806165429.19327-10-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1a7eba99-9c8b-47e5-be31-08d71a8ecdb5 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:214; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(14444005)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: vVFmLRx392ElD44OKelqSgFLofCPaYAvS0lJofamh1kgTxekgcL+epm+Lhx8j3Jz7mH0D3f9wDzqtt64Y6Pbvj/1Wn7kfzGSu+r/krLYENliVqfnXpzV0YTageQL+8vjMeZip+jRpfb7+NFNvAu3o6GlZZRKhJh5kFwK4CqKauipjRXv8AMdDG1RNYqF2hUUDWxt4OybGqvCdRlNCunETDfgFUKc4MnYKuJXXUovjRv/egY1gJ6WIbtXti16vszk1okwBtN7Qm1reosCnbtsKLC38CJyBuN3nRNxj+6sZ2PQmKc5h1iXyiiDX8Q8Ib03fL9XdnmmnzIJXcYSiOuldbuPhRUJevbXr4O6oT+2WknKfekUl6C6aG8Y42oKINfVgG8S+tp11wzknj2SQwcj0OjzCEtihvwX2fIk3BtlwiU= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a7eba99-9c8b-47e5-be31-08d71a8ecdb5 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:53.8400 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 09/14] target/i386: sev: add support to encrypt the outgoing page X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The sev_save_outgoing_page() provide the implementation to encrypt the guest private pages during the transit. The routines uses the SEND_START command to create the outgoing encryption context on the first call then uses the SEND_UPDATE_DATA command to encrypt the data before writing it to the socket. While encrypting the data SEND_UPDATE_DATA produces some metadata (e.g MAC, IV). The metadata is also sent to the target machine. After migration is completed, we issue the SEND_FINISH command to transition the SEV guest state from sending to unrunnable state. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- accel/kvm/kvm-all.c | 9 ++ accel/kvm/sev-stub.c | 6 ++ include/sysemu/sev.h | 2 + target/i386/sev.c | 216 +++++++++++++++++++++++++++++++++++++++ target/i386/sev_i386.h | 2 + target/i386/trace-events | 3 + 6 files changed, 238 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index d0304c6947..a5b0ae9363 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -172,8 +172,17 @@ static int kvm_memcrypt_save_setup(const char *pdh, co= nst char *plat_cert, plat_cert, amd_cert); } =20 +static int kvm_memcrypt_save_outgoing_page(QEMUFile *f, uint8_t *ptr, + uint32_t size, + uint64_t *bytes_sent) +{ + return sev_save_outgoing_page(kvm_state->memcrypt_handle, f, ptr, size, + bytes_sent); +} + static struct MachineMemoryEncryptionOps sev_memory_encryption_ops =3D { .save_setup =3D kvm_memcrypt_save_setup, + .save_outgoing_page =3D kvm_memcrypt_save_outgoing_page, }; =20 int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index 528f8cf7f1..51b17b8141 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -30,3 +30,9 @@ int sev_save_setup(void *handle, const char *pdh, const c= har *plat_cert, { return 1; } + +int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, + uint32_t size, uint64_t *bytes_sent) +{ + return 1; +} diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index d5123d4fa3..f06fd203cd 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -20,4 +20,6 @@ void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); int sev_save_setup(void *handle, const char *pdh, const char *plat_cert, const char *amd_cert); +int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, + uint32_t size, uint64_t *bytes_sent); #endif diff --git a/target/i386/sev.c b/target/i386/sev.c index 483d9bb0fa..1820c62a71 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -28,6 +28,7 @@ #include "trace.h" #include "migration/blocker.h" #include "migration/qemu-file.h" +#include "migration/misc.h" =20 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -774,6 +775,40 @@ error: return 1; } =20 +static void +sev_send_finish(void) +{ + int ret, error; + + trace_kvm_sev_send_finish(); + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_SEND_FINISH, 0, &error); + if (ret) { + error_report("%s: SEND_FINISH ret=3D%d fw_error=3D%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + } + + g_free(sev_state->send_packet_hdr); + sev_set_guest_state(SEV_STATE_RUNNING); +} + +static void +sev_migration_state_notifier(Notifier *notifier, void *data) +{ + MigrationState *s =3D data; + + if (migration_has_finished(s) || + migration_in_postcopy_after_devices(s) || + migration_has_failed(s)) { + if (sev_check_state(SEV_STATE_SEND_UPDATE)) { + sev_send_finish(); + } + } +} + +static Notifier sev_migration_state_notify =3D { + .notify =3D sev_migration_state_notifier, +}; + void * sev_guest_init(const char *id) { @@ -860,6 +895,7 @@ sev_guest_init(const char *id) ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, s); + add_migration_state_change_notifier(&sev_migration_state_notify); =20 return s; err: @@ -881,6 +917,186 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t= len) return 0; } =20 +static int +sev_get_send_session_length(void) +{ + int ret, fw_err =3D 0; + struct kvm_sev_send_start start =3D {}; + + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_SEND_START, &start, &fw_e= rr); + if (fw_err !=3D SEV_RET_INVALID_LEN) { + ret =3D -1; + error_report("%s: failed to get session length ret=3D%d fw_error= =3D%d '%s'", + __func__, ret, fw_err, fw_error_to_str(fw_err)); + goto err; + } + + ret =3D start.session_len; +err: + return ret; +} + +static int +sev_send_start(SEVState *s, QEMUFile *f, uint64_t *bytes_sent) +{ + gsize pdh_len =3D 0, plat_cert_len; + int session_len, ret, fw_error; + struct kvm_sev_send_start start =3D { }; + guchar *pdh =3D NULL, *plat_cert =3D NULL, *session =3D NULL; + + if (!s->remote_pdh || !s->remote_plat_cert || !s->amd_cert_len) { + error_report("%s: missing remote PDH or PLAT_CERT", __func__); + return 1; + } + + start.pdh_cert_uaddr =3D (uintptr_t) s->remote_pdh; + start.pdh_cert_len =3D s->remote_pdh_len; + + start.plat_cert_uaddr =3D (uintptr_t)s->remote_plat_cert; + start.plat_cert_len =3D s->remote_plat_cert_len; + + start.amd_cert_uaddr =3D (uintptr_t)s->amd_cert; + start.amd_cert_len =3D s->amd_cert_len; + + /* get the session length */ + session_len =3D sev_get_send_session_length(); + if (session_len < 0) { + ret =3D 1; + goto err; + } + + session =3D g_new0(guchar, session_len); + start.session_uaddr =3D (unsigned long)session; + start.session_len =3D session_len; + + /* Get our PDH certificate */ + ret =3D sev_get_pdh_info(s->sev_fd, &pdh, &pdh_len, + &plat_cert, &plat_cert_len); + if (ret) { + error_report("Failed to get our PDH cert"); + goto err; + } + + trace_kvm_sev_send_start(start.pdh_cert_uaddr, start.pdh_cert_len, + start.plat_cert_uaddr, start.plat_cert_len, + start.amd_cert_uaddr, start.amd_cert_len); + + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_SEND_START, &start, &fw_error); + if (ret < 0) { + error_report("%s: SEND_START ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + qemu_put_be32(f, start.policy); + qemu_put_be32(f, pdh_len); + qemu_put_buffer(f, (uint8_t *)pdh, pdh_len); + qemu_put_be32(f, start.session_len); + qemu_put_buffer(f, (uint8_t *)start.session_uaddr, start.session_len); + *bytes_sent =3D 12 + pdh_len + start.session_len; + + sev_set_guest_state(SEV_STATE_SEND_UPDATE); + +err: + g_free(pdh); + g_free(plat_cert); + return ret; +} + +static int +sev_send_get_packet_len(int *fw_err) +{ + int ret; + struct kvm_sev_send_update_data update =3D {}; + + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_SEND_UPDATE_DATA, + &update, fw_err); + if (*fw_err !=3D SEV_RET_INVALID_LEN) { + ret =3D -1; + error_report("%s: failed to get session length ret=3D%d fw_error= =3D%d '%s'", + __func__, ret, *fw_err, fw_error_to_str(*fw_err)); + goto err; + } + + ret =3D update.hdr_len; + +err: + return ret; +} + +static int +sev_send_update_data(SEVState *s, QEMUFile *f, uint8_t *ptr, uint32_t size, + uint64_t *bytes_sent) +{ + int ret, fw_error; + guchar *trans; + struct kvm_sev_send_update_data update =3D { }; + + /* + * If this is first call then query the packet header bytes and alloca= te + * the packet buffer. + */ + if (!s->send_packet_hdr) { + s->send_packet_hdr_len =3D sev_send_get_packet_len(&fw_error); + if (s->send_packet_hdr_len < 1) { + error_report("%s: SEND_UPDATE fw_error=3D%d '%s'", + __func__, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + s->send_packet_hdr =3D g_new(gchar, s->send_packet_hdr_len); + } + + /* allocate transport buffer */ + trans =3D g_new(guchar, size); + + update.hdr_uaddr =3D (uintptr_t)s->send_packet_hdr; + update.hdr_len =3D s->send_packet_hdr_len; + update.guest_uaddr =3D (uintptr_t)ptr; + update.guest_len =3D size; + update.trans_uaddr =3D (uintptr_t)trans; + update.trans_len =3D size; + + trace_kvm_sev_send_update_data(ptr, trans, size); + + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_SEND_UPDATE_DATA, &update, &fw_er= ror); + if (ret) { + error_report("%s: SEND_UPDATE_DATA ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + qemu_put_be32(f, update.hdr_len); + qemu_put_buffer(f, (uint8_t *)update.hdr_uaddr, update.hdr_len); + *bytes_sent =3D 4 + update.hdr_len; + + qemu_put_be32(f, update.trans_len); + qemu_put_buffer(f, (uint8_t *)update.trans_uaddr, update.trans_len); + *bytes_sent +=3D (4 + update.trans_len); + +err: + g_free(trans); + return ret; +} + +int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, + uint32_t sz, uint64_t *bytes_sent) +{ + SEVState *s =3D sev_state; + + /* + * If this is a first buffer then create outgoing encryption context + * and write our PDH, policy and session data. + */ + if (!sev_check_state(SEV_STATE_SEND_UPDATE) && + sev_send_start(s, f, bytes_sent)) { + error_report("Failed to create outgoing context"); + return 1; + } + + return sev_send_update_data(s, f, ptr, sz, bytes_sent); +} + static void sev_register_types(void) { diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 32906de998..e475304f5f 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -87,6 +87,8 @@ struct SEVState { size_t remote_plat_cert_len; guchar *amd_cert; size_t amd_cert_len; + gchar *send_packet_hdr; + size_t send_packet_hdr_len; }; =20 typedef struct SEVState SEVState; diff --git a/target/i386/trace-events b/target/i386/trace-events index 789c700d4a..b41516cf9f 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -15,3 +15,6 @@ kvm_sev_launch_start(int policy, void *session, void *pdh= ) "policy 0x%x session kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRI= u64 kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" +kvm_sev_send_start(uint64_t pdh, int l1, uint64_t plat, int l2, uint64_t a= md, int l3) "pdh 0x%" PRIx64 " len %d plat 0x%" PRIx64 " len %d amd 0x%" PR= Ix64 " len %d" +kvm_sev_send_update_data(void *src, void *dst, int len) "guest %p trans %p= len %d" +kvm_sev_send_finish(void) "" --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110650095303.85663881883795; Tue, 6 Aug 2019 09:57:30 -0700 (PDT) Received: from localhost ([::1]:35078 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2m9-0000ZU-3b for importer@patchew.org; Tue, 06 Aug 2019 12:57:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50968) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jh-00045k-PQ for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jg-0003oz-30 for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:57 -0400 Received: from mail-eopbgr710055.outbound.protection.outlook.com ([40.107.71.55]:41284 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jf-0003ei-Qr for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:56 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:54 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:54 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jjdVH0qubqWc80vM498BnCJFgwMqO32yp9lcLa+vvkAa18wtWN57fqoaczSNIIzhMatCmWdIiZYfSBLToB+m1WFgXe3HJzZJQ9RIfkk9FvY8ESSJ7LeLA+Ofw0TKR/oqajWPnOr2LCqua4BV+nkHgl6ZtWfasQZ5tPHkUMRxLkS80PG1Zind1pT7czBymUxE8JI1vWNBLRtcltZ1mU4x8ZlTS3p8LsdXmGprMhIrY1IHwFETauvc3Ln3eK4pD1emqsiVmnGPn/3Axu2/1yEDpeTJoN0kUw1szIMK4CFNDGPJQ+Q5g//uDzh5FddukMwOUi7Qo2fCE7FY0dglxkByzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hx9PpGjRU9HHoKEIUk8RlESJNI29I8Clvug+palw2lU=; b=PokxLPeXDTFzpb8MEhXniTPpGlYQiU/+nNkVr0JbFPqwpnORNWyBSsf8a1BHkqqzxpsCYWTd1AUjtQn0uHRu3cqP6OOslzgzlcEm3CmpVMwCP8jbwi6Y5yagaeuxMoEpvgCwgyklPqgC0fykMMLgBt+1hqBvdG2i4NKLgFIBm+J/RlYKsqQPDH//Kd7W5XBBCddE0CK3v1VyrJ7/BC5+8vejz8vi0AcXJEI5s3/F67GVtaVKuYugE6uY9Z9oD2I0phDkhQb0cs4GTMqOgpcp0Njznz8+3lqX0dTDSM4fl+FJ4McmJEObRpgVf0UOjgotZaUTqPLJe9OFViT6UOO8fQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hx9PpGjRU9HHoKEIUk8RlESJNI29I8Clvug+palw2lU=; b=Q9Sjp6Ru7QDHprGNqYHUrArbSe50cH8eErfRMaSQi5pNovGy9S/5Pfl6WjKj+F/2DfitXGrYUnPQGTL0cibsQOt5922Da3z7vNcZ+kmfNuyoSeNqLbnn5t0gR8rYUW+wtTLZiB0/JBDkMspFQ0cbZBIHO5KWYzj9BmzNMcoG2Jk= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 10/14] target/i386: sev: add support to load incoming encrypted page Thread-Index: AQHVTHer33/SYHKbD0CO/5n13cENHA== Date: Tue, 6 Aug 2019 16:54:54 +0000 Message-ID: <20190806165429.19327-11-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: eb208243-9f56-4c54-acaa-08d71a8ece37 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1186; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(14444005)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: i4YlR3HIlyxNXiME6LNdDYpcipKIIhRzWl7kB0BDN8cE2yqYZS+sGeiQGcTL0wD4u/gEwPP06eEqbULJKCKA4ux5tQQVSYPUyoFnMygWLoO932MxObB/ykI6aInK79KF0T6V+wSrZKUZTtw72A0GJwIlv/1HsOkV+5MQmCNt6592jUF3pGdLOQhhjfvWMp/yVh7w+cme8AUvzO0c3qyljcmDsEY/dFsegFhdWafzQ8Jci+/KEs+dQTfHieoisHfcWbT6Yfk63XZqwtN0/aKY2fT/fMrfID37IEK5AM2JGBPSh4+btl7p7LNSK3ZJOECBPQh2GFzglESbebcqBfGjL5j6yg9+p/1lcoGdk7eE4E8T5OFdzigJEtkgDsu6Dz3GrMC826FmEo1caX89s/YO2qP3G0YKB6X/l2xmC0hGbBQ= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: eb208243-9f56-4c54-acaa-08d71a8ece37 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:54.6006 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.55 Subject: [Qemu-devel] [PATCH v3 10/14] target/i386: sev: add support to load incoming encrypted page X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The sev_load_incoming_page() provide the implementation to read the incoming guest private pages from the socket and load it into the guest memory. The routines uses the RECEIVE_START command to create the incoming encryption context on the first call then uses the RECEIEVE_UPDATE_DATA command to load the encrypted pages into the guest memory. After migration is completed, we issue the RECEIVE_FINISH command to transition the SEV guest to the runnable state so that it can be executed. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- accel/kvm/kvm-all.c | 6 ++ accel/kvm/sev-stub.c | 5 ++ include/sysemu/sev.h | 1 + target/i386/sev.c | 137 ++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 3 + 5 files changed, 151 insertions(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a5b0ae9363..ba0e7fa2be 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -180,9 +180,15 @@ static int kvm_memcrypt_save_outgoing_page(QEMUFile *f= , uint8_t *ptr, bytes_sent); } =20 +static int kvm_memcrypt_load_incoming_page(QEMUFile *f, uint8_t *ptr) +{ + return sev_load_incoming_page(kvm_state->memcrypt_handle, f, ptr); +} + static struct MachineMemoryEncryptionOps sev_memory_encryption_ops =3D { .save_setup =3D kvm_memcrypt_save_setup, .save_outgoing_page =3D kvm_memcrypt_save_outgoing_page, + .load_incoming_page =3D kvm_memcrypt_load_incoming_page, }; =20 int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index 51b17b8141..1b6773ef72 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -36,3 +36,8 @@ int sev_save_outgoing_page(void *handle, QEMUFile *f, uin= t8_t *ptr, { return 1; } + +int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr) +{ + return 1; +} diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index f06fd203cd..e9371bd2dd 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -22,4 +22,5 @@ int sev_save_setup(void *handle, const char *pdh, const c= har *plat_cert, const char *amd_cert); int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, uint32_t size, uint64_t *bytes_sent); +int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr); #endif diff --git a/target/i386/sev.c b/target/i386/sev.c index 1820c62a71..a689011991 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -721,13 +721,34 @@ sev_launch_finish(SEVState *s) } } =20 +static int +sev_receive_finish(SEVState *s) +{ + int error, ret =3D 1; + + trace_kvm_sev_receive_finish(); + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_RECEIVE_FINISH, 0, &error); + if (ret) { + error_report("%s: RECEIVE_FINISH ret=3D%d fw_error=3D%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + goto err; + } + + sev_set_guest_state(SEV_STATE_RUNNING); +err: + return ret; +} + + static void sev_vm_state_change(void *opaque, int running, RunState state) { SEVState *s =3D opaque; =20 if (running) { - if (!sev_check_state(SEV_STATE_RUNNING)) { + if (sev_check_state(SEV_STATE_RECEIVE_UPDATE)) { + sev_receive_finish(s); + } else if (!sev_check_state(SEV_STATE_RUNNING)) { sev_launch_finish(s); } } @@ -1097,6 +1118,120 @@ int sev_save_outgoing_page(void *handle, QEMUFile *= f, uint8_t *ptr, return sev_send_update_data(s, f, ptr, sz, bytes_sent); } =20 +static int +sev_receive_start(QSevGuestInfo *sev, QEMUFile *f) +{ + int ret =3D 1; + int fw_error; + struct kvm_sev_receive_start start =3D { }; + gchar *session =3D NULL, *pdh_cert =3D NULL; + + /* get SEV guest handle */ + start.handle =3D object_property_get_int(OBJECT(sev), "handle", + &error_abort); + + /* get the source policy */ + start.policy =3D qemu_get_be32(f); + + /* get source PDH key */ + start.pdh_len =3D qemu_get_be32(f); + if (!check_blob_length(start.pdh_len)) { + return 1; + } + + pdh_cert =3D g_new(gchar, start.pdh_len); + qemu_get_buffer(f, (uint8_t *)pdh_cert, start.pdh_len); + start.pdh_uaddr =3D (uintptr_t)pdh_cert; + + /* get source session data */ + start.session_len =3D qemu_get_be32(f); + if (!check_blob_length(start.session_len)) { + return 1; + } + session =3D g_new(gchar, start.session_len); + qemu_get_buffer(f, (uint8_t *)session, start.session_len); + start.session_uaddr =3D (uintptr_t)session; + + trace_kvm_sev_receive_start(start.policy, session, pdh_cert); + + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_RECEIVE_START, + &start, &fw_error); + if (ret < 0) { + error_report("Error RECEIVE_START ret=3D%d fw_error=3D%d '%s'", + ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + object_property_set_int(OBJECT(sev), start.handle, "handle", &error_ab= ort); + sev_set_guest_state(SEV_STATE_RECEIVE_UPDATE); +err: + g_free(session); + g_free(pdh_cert); + + return ret; +} + +static int sev_receive_update_data(QEMUFile *f, uint8_t *ptr) +{ + int ret =3D 1, fw_error =3D 0; + gchar *hdr =3D NULL, *trans =3D NULL; + struct kvm_sev_receive_update_data update =3D {}; + + /* get packet header */ + update.hdr_len =3D qemu_get_be32(f); + if (!check_blob_length(update.hdr_len)) { + return 1; + } + + hdr =3D g_new(gchar, update.hdr_len); + qemu_get_buffer(f, (uint8_t *)hdr, update.hdr_len); + update.hdr_uaddr =3D (uintptr_t)hdr; + + /* get transport buffer */ + update.trans_len =3D qemu_get_be32(f); + if (!check_blob_length(update.trans_len)) { + goto err; + } + + trans =3D g_new(gchar, update.trans_len); + update.trans_uaddr =3D (uintptr_t)trans; + qemu_get_buffer(f, (uint8_t *)update.trans_uaddr, update.trans_len); + + update.guest_uaddr =3D (uintptr_t) ptr; + update.guest_len =3D update.trans_len; + + trace_kvm_sev_receive_update_data(trans, ptr, update.guest_len, + hdr, update.hdr_len); + + ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_RECEIVE_UPDATE_DATA, + &update, &fw_error); + if (ret) { + error_report("Error RECEIVE_UPDATE_DATA ret=3D%d fw_error=3D%d '%s= '", + ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } +err: + g_free(trans); + g_free(hdr); + return ret; +} + +int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr) +{ + SEVState *s =3D (SEVState *)handle; + + /* + * If this is first buffer and SEV is not in recieiving state then + * use RECEIVE_START command to create a encryption context. + */ + if (!sev_check_state(SEV_STATE_RECEIVE_UPDATE) && + sev_receive_start(s->sev_info, f)) { + return 1; + } + + return sev_receive_update_data(f, ptr); +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index b41516cf9f..609752cca7 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -18,3 +18,6 @@ kvm_sev_launch_finish(void) "" kvm_sev_send_start(uint64_t pdh, int l1, uint64_t plat, int l2, uint64_t a= md, int l3) "pdh 0x%" PRIx64 " len %d plat 0x%" PRIx64 " len %d amd 0x%" PR= Ix64 " len %d" kvm_sev_send_update_data(void *src, void *dst, int len) "guest %p trans %p= len %d" kvm_sev_send_finish(void) "" +kvm_sev_receive_start(int policy, void *session, void *pdh) "policy 0x%x s= ession %p pdh %p" +kvm_sev_receive_update_data(void *src, void *dst, int len, void *hdr, int = hdr_len) "guest %p trans %p len %d hdr %p hdr_len %d" +kvm_sev_receive_finish(void) "" --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110738316479.7071223690823; Tue, 6 Aug 2019 09:58:58 -0700 (PDT) Received: from localhost ([::1]:35106 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2nZ-0003kl-AR for importer@patchew.org; Tue, 06 Aug 2019 12:58:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50999) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jj-0004BL-H8 for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:55:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jh-0003tl-TL for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:59 -0400 Received: from mail-eopbgr810057.outbound.protection.outlook.com ([40.107.81.57]:52144 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jh-0003qo-KG for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:57 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB2891.namprd12.prod.outlook.com (20.179.71.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.16; Tue, 6 Aug 2019 16:54:55 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:55 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KjNPovtETtqlyI6bj9sarSD1ukIZO72FQjjHCziQiXfzGsTls6tq1I38YoyzvwKSrzq2kfapUWof7S1qnDZ8m7D8xOrQxBgvdYFOzahN9uQeB2lk4vPZM3LGqHB+yLQn2LX0UYUgDyk24legVHkhA6RsFCX5ZYrUO1C35HauxHCRp4yASA+FTnr0bRDaXgnfPwxMFx6nYxOE81tPu6X7uqbObw7vdPUtnGwRDug1A+l7zyVN9cTzEAIo2cUSZGJqiMZ5MXIpeDMCqm6Z/ryw6VrHKQKTe6ybevcjfakuL7yjN61sCZ2uqihXXwR4uVCooyX83AyPbizlZm4EFJgvgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LX3Ec+pkZ67tVh+VH8XBXnTG63RCePAYrknKVcjoimI=; b=JvjCojtdXZsdnwL3ubQZ50GEohNXubn4Hv+xS4E6guwQLDF31F7MuNr0aUHfFi2P1v9QuCXTgxwENqAI9AAWf6kAvf9xmxwvKQnPkIszSo3OTMdb+/28ZswE2fHz6pUERU7aKw/SiCPkX0+AMx1jHpYUSVi+3ucmaQgVtLxraogSnbX79Js93TH11dzKgCX6yZPg4di11XDVc01KikA/OeT/asJXly1ent5jY+GX3ho2i+pwXhCmfKSBn4tD77tO1GwYl7h65T/ez+7EH0ncf0giaTtP4URO+y7/Dq3k/BCnd6QB0V796pT34/KzdYcfIeYrJZocPsWtRHRQJXzMow== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LX3Ec+pkZ67tVh+VH8XBXnTG63RCePAYrknKVcjoimI=; b=oL71u85Oj21qvWN+JENyQymX3OJJnlOZu17zw/fIiLqmCyCkFU+C7j3/CPzKH+nvzR+0tpDN84cZMqWrtO7SeYCoDZjNdtkW9XdqhxQLSROljh3wDThK9VbnT9BqgNBnM6RChcm6kxNMi2pTFyjw99GGJbkOT9r/rft9PjaTiII= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 11/14] migration: add support to migrate page encryption bitmap Thread-Index: AQHVTHesETFK0p52pU+09bo5KhPqgw== Date: Tue, 6 Aug 2019 16:54:55 +0000 Message-ID: <20190806165429.19327-12-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 83131def-4fe8-494b-c741-08d71a8eceae x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2891; x-ms-traffictypediagnostic: DM6PR12MB2891: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:466; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(136003)(396003)(376002)(346002)(189003)(199004)(6116002)(3846002)(2906002)(6436002)(50226002)(54906003)(316002)(8676002)(81156014)(86362001)(81166006)(5640700003)(99286004)(76176011)(52116002)(6486002)(386003)(102836004)(71200400001)(71190400001)(2616005)(2501003)(476003)(8936002)(14444005)(11346002)(26005)(66066001)(256004)(6506007)(2351001)(446003)(186003)(486006)(6512007)(66556008)(478600001)(66476007)(64756008)(66946007)(7736002)(53936002)(1076003)(66446008)(6916009)(5660300002)(36756003)(68736007)(25786009)(4326008)(305945005)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2891; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: nAO/Fx/GH2if+2U8JqSV+EAfQdznLfKkRdwYBPWga9KyXykP8NzSwJfnUhjpUll3ZOmOl34SJFCdmLCnvzBBC8j+306Cexmkyh7URXIVNYlchEHmVw2gofsm1jEYyq//kY0TfjFR4BOsiSMFuX7vT1BYKHqbPjuTYwduPno2dJrVjYb/Fb1sdXTVGFrNaVYt+3AFNQEVOV4xjHabteZUAn5YGyvtbByFuU2rmCy6sRX+bBGIj7v4OLJfw0ycej69irG1d5CIyMKi1MKTHrpgCv6ZlAFrrySF9fV4T8TD66fooejfDAdBzSZFrvOE+wcD2au7F0TeON4vQybpEQUFl8irLXX32Arbd5L907ytTyNx9XHBfOLVadnxHia49tuo2DwZTCH44A5E972pVBmnzwA3d3W+8oyeQx/0mr3jLBw= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 83131def-4fe8-494b-c741-08d71a8eceae X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:55.3612 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2891 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.57 Subject: [Qemu-devel] [PATCH v3 11/14] migration: add support to migrate page encryption bitmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" When memory encryption is enabled, the hypervisor maintains a page encryption bitmap which is referred by hypervisor during migratoin to check if page is private or shared. The bitmap is built during the VM bootup and must be migrated to the target host so that hypervisor on target host can use it for future migration. The KVM_{SET,GET}_PAGE_ENC_BITMAP can be used to get and set the bitmap for a given gfn range. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- accel/kvm/kvm-all.c | 27 ++++++++++++ accel/kvm/sev-stub.c | 11 +++++ include/sysemu/sev.h | 6 +++ target/i386/sev.c | 93 ++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 + 5 files changed, 139 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index ba0e7fa2be..f4d136b022 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -185,10 +185,37 @@ static int kvm_memcrypt_load_incoming_page(QEMUFile *= f, uint8_t *ptr) return sev_load_incoming_page(kvm_state->memcrypt_handle, f, ptr); } =20 +static int kvm_memcrypt_save_outgoing_bitmap(QEMUFile *f) +{ + KVMMemoryListener *kml =3D &kvm_state->memory_listener; + KVMState *s =3D kvm_state; + int ret =3D 1, i; + + /* iterate through all the registered slots and send the bitmap */ + for (i =3D 0; i < s->nr_slots; i++) { + KVMSlot *mem =3D &kml->slots[i]; + ret =3D sev_save_outgoing_bitmap(s->memcrypt_handle, f, mem->start= _addr, + mem->memory_size, + (i + 1) =3D=3D s->nr_slots); + if (ret) { + return 1; + } + } + + return ret; +} + +static int kvm_memcrypt_load_incoming_bitmap(QEMUFile *f) +{ + return sev_load_incoming_bitmap(kvm_state->memcrypt_handle, f); +} + static struct MachineMemoryEncryptionOps sev_memory_encryption_ops =3D { .save_setup =3D kvm_memcrypt_save_setup, .save_outgoing_page =3D kvm_memcrypt_save_outgoing_page, .load_incoming_page =3D kvm_memcrypt_load_incoming_page, + .save_outgoing_bitmap =3D kvm_memcrypt_save_outgoing_bitmap, + .load_incoming_bitmap =3D kvm_memcrypt_load_incoming_bitmap, }; =20 int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index 1b6773ef72..fa96225abc 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -41,3 +41,14 @@ int sev_load_incoming_page(void *handle, QEMUFile *f, ui= nt8_t *ptr) { return 1; } + +int sev_save_outgoing_bitmap(void *handle, QEMUFile *f, + unsigned long start, uint64_t length, bool la= st) +{ + return 1; +} + +int sev_load_incoming_bitmap(void *handle, QEMUFile *f) +{ + return 1; +} diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index e9371bd2dd..f777083c94 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -16,6 +16,9 @@ =20 #include "sysemu/kvm.h" =20 +#define RAM_SAVE_ENCRYPTED_PAGE 0x1 +#define RAM_SAVE_ENCRYPTED_BITMAP 0x2 + void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); int sev_save_setup(void *handle, const char *pdh, const char *plat_cert, @@ -23,4 +26,7 @@ int sev_save_setup(void *handle, const char *pdh, const c= har *plat_cert, int sev_save_outgoing_page(void *handle, QEMUFile *f, uint8_t *ptr, uint32_t size, uint64_t *bytes_sent); int sev_load_incoming_page(void *handle, QEMUFile *f, uint8_t *ptr); +int sev_load_incoming_bitmap(void *handle, QEMUFile *f); +int sev_save_outgoing_bitmap(void *handle, QEMUFile *f, unsigned long star= t, + uint64_t length, bool last); #endif diff --git a/target/i386/sev.c b/target/i386/sev.c index a689011991..9d643e720c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -65,6 +65,8 @@ static const char *const sev_fw_errlist[] =3D { #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) =20 #define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ +#define ENCRYPTED_BITMAP_CONTINUE 0x1 +#define ENCRYPTED_BITMAP_END 0x2 =20 static int sev_ioctl(int fd, int cmd, void *data, int *error) @@ -1232,6 +1234,97 @@ int sev_load_incoming_page(void *handle, QEMUFile *f= , uint8_t *ptr) return sev_receive_update_data(f, ptr); } =20 +#define ALIGN(x, y) (((x) + (y) - 1) & ~((y) - 1)) + +int sev_load_incoming_bitmap(void *handle, QEMUFile *f) +{ + void *bmap; + unsigned long bmap_size, base_gpa; + unsigned long npages, expected_size, length; + struct kvm_page_enc_bitmap e =3D {}; + int status; + + status =3D qemu_get_be32(f); + + while (status !=3D ENCRYPTED_BITMAP_END) { + base_gpa =3D qemu_get_be64(f); + npages =3D qemu_get_be64(f); + bmap_size =3D qemu_get_be64(f); + + /* + * Before allocating the bitmap buffer, lets do some bound check to + * ensure that we are not dealing with corrupted stream. + */ + length =3D npages << TARGET_PAGE_BITS; + expected_size =3D ALIGN((length >> TARGET_PAGE_BITS), 64) / 8; + if (expected_size !=3D bmap_size) { + error_report("corrupted bitmap expected size %ld got %ld", + expected_size, bmap_size); + return 1; + } + + bmap =3D g_malloc0(bmap_size); + qemu_get_buffer(f, (uint8_t *)bmap, bmap_size); + + trace_kvm_sev_load_bitmap(base_gpa, npages << TARGET_PAGE_BITS); + + e.start_gfn =3D base_gpa >> TARGET_PAGE_BITS; + e.num_pages =3D npages; + e.enc_bitmap =3D bmap; + if (kvm_vm_ioctl(kvm_state, KVM_SET_PAGE_ENC_BITMAP, &e) =3D=3D -1= ) { + error_report("KVM_SET_PAGE_ENC_BITMAP ioctl failed %d", errno); + g_free(bmap); + return 1; + } + + g_free(bmap); + + status =3D qemu_get_be32(f); + } + + return 0; +} + +int sev_save_outgoing_bitmap(void *handle, QEMUFile *f, + unsigned long start, uint64_t length, bool la= st) +{ + uint64_t size; + struct kvm_page_enc_bitmap e =3D {}; + + if (!length) { + /* nothing to send */ + goto done; + } + + size =3D ALIGN((length >> TARGET_PAGE_BITS), 64) / 8; + e.enc_bitmap =3D g_malloc0(size); + e.start_gfn =3D start >> TARGET_PAGE_BITS; + e.num_pages =3D length >> TARGET_PAGE_BITS; + + trace_kvm_sev_save_bitmap(start, length); + + if (kvm_vm_ioctl(kvm_state, KVM_GET_PAGE_ENC_BITMAP, &e) =3D=3D -1) { + error_report("%s: KVM_GET_PAGE_ENC_BITMAP ioctl failed %d", + __func__, errno); + g_free(e.enc_bitmap); + return 1; + } + + qemu_put_be32(f, ENCRYPTED_BITMAP_CONTINUE); + qemu_put_be64(f, start); + qemu_put_be64(f, e.num_pages); + qemu_put_be64(f, size); + qemu_put_buffer(f, (uint8_t *)e.enc_bitmap, size); + + g_free(e.enc_bitmap); + +done: + if (last) { + qemu_put_be32(f, ENCRYPTED_BITMAP_END); + } + return 0; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 609752cca7..853a3870ab 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -21,3 +21,5 @@ kvm_sev_send_finish(void) "" kvm_sev_receive_start(int policy, void *session, void *pdh) "policy 0x%x s= ession %p pdh %p" kvm_sev_receive_update_data(void *src, void *dst, int len, void *hdr, int = hdr_len) "guest %p trans %p len %d hdr %p hdr_len %d" kvm_sev_receive_finish(void) "" +kvm_sev_save_bitmap(uint64_t start, uint64_t len) "start 0x%" PRIx64 " len= 0x%" PRIx64 +kvm_sev_load_bitmap(uint64_t start, uint64_t len) "start 0x%" PRIx64 " len= 0x%" PRIx64 --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565111109629437.5168231853413; Tue, 6 Aug 2019 10:05:09 -0700 (PDT) Received: from localhost ([::1]:35194 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2tY-0004Dj-Lp for importer@patchew.org; Tue, 06 Aug 2019 13:05:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51022) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jk-0004E2-7f for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:55:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2ji-0003uT-Et for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:55:00 -0400 Received: from mail-eopbgr810057.outbound.protection.outlook.com ([40.107.81.57]:52144 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2ji-0003qo-6L for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:58 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB2891.namprd12.prod.outlook.com (20.179.71.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.16; Tue, 6 Aug 2019 16:54:56 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:56 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kbh0I40dpwQta0NVyed+/ZJZYZFFj+3ST/La7IrTJENe9N0RO5pSEZiyHs6lSauNbSsPJonxCqbPCtHEDr7HRTlzw/mRfZ8DvMIbX8VWW6x+J6RiCFUgw0hQ9gr7N5yzKffu2ieAF5eZcgIj+2NmLHKW7Ilm8nDcvBPSbF/0sIqhHIu6oOkBYxHrsZyCofnUZWtEBVzRdypg4gpzSEIjfmdaZJzdmd+tj9p+3HtHXRAY9dSeiM5fY/9mVAvAYlCy6mSrc7RakJRJzOcUUtsAEabK+v9S4PrR8S1mQUJit1bfjpZbfTQK+slC2zgdsaxhgx10dLbfjsGyzYT1WUnBIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p67RJbxFBdSqvDR3K9CPuHWJSkf7t4l7WBDZwvN1B6Q=; b=b/dyNBJmqThaJnLwJOoLPQBSkFRGfoiXkL0n3XuKTeLzQGaj963ASly3KU0rcw5gK4DSwnch2szpUH7VU0DJW0McRBHcmprvBcsXZW8Xwjedd9o4bgHDI8qJjv8FHNJxSfcUu0QXrI8Me3uRAiNUgMGWgp9QeOLUKtxEWDc294RcghU1tAU5VTy9g//bb1uX7DR4viPNRmUztWasyE6GKFcS3o5bxz2eXqZP0SYrEP81LqgHINDZXN8WZfSstCB2h8m1Z3rCSA+CQEv4b4j/hhG1Gx4qqmlwk+sPRossqyyWmGgGfsrFwBUx4/0AexoIh8cjnQdbN3Nu9l8/lnM0gA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p67RJbxFBdSqvDR3K9CPuHWJSkf7t4l7WBDZwvN1B6Q=; b=DZzu+CVjJC86D5NMV52sumYW5nBIcmv5HKopLQeQkVlU1gyFqmXFNpNp2bzR2z9i1XNVCjqTJEOcYsPaB2iajkiyX8GM8dER3i0digFxcxKMGL4qADuJw1o0Imd3ebYmXJ+ZE8PczzOzWLd9IigL8XSpPecP76O9tNHRNRer+9U= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 12/14] kvm: add support to sync the page encryption state bitmap Thread-Index: AQHVTHesgM1MTpxCT0yv0eSIWJm4aw== Date: Tue, 6 Aug 2019 16:54:56 +0000 Message-ID: <20190806165429.19327-13-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 27f6b8a8-5a54-41b4-c3bb-08d71a8ecf21 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2891; x-ms-traffictypediagnostic: DM6PR12MB2891: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:628; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(136003)(396003)(376002)(346002)(189003)(199004)(6116002)(3846002)(2906002)(6436002)(50226002)(54906003)(316002)(8676002)(81156014)(86362001)(81166006)(5640700003)(99286004)(76176011)(52116002)(6486002)(386003)(102836004)(71200400001)(71190400001)(2616005)(2501003)(476003)(8936002)(14444005)(11346002)(26005)(66066001)(256004)(6506007)(2351001)(446003)(186003)(486006)(6512007)(66556008)(478600001)(30864003)(66476007)(64756008)(66946007)(7736002)(53936002)(1076003)(66446008)(6916009)(5660300002)(36756003)(68736007)(25786009)(4326008)(305945005)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2891; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: f4X/rAaRCwPNqqKcZmi3aGAuwL/Cw/H92imCdr4tG0Osjq7KfqIF5lLUpO2Ulaqa0+ikpz3yjbFpPmJybPPiUYnI9qvGObmR2EmMJRNUKQrqFBE34qrROc2Udtbu9uLMB5WMDngiMB1nxW/aMpFO9n2zPzA5w4Z0BhZmmcbzWCv33OO8z9lGmEeKe84HnVRbrer2bf/FdutLEKEtPJ0iT1CVjRA6Q9sL1WI7BlW1R4i6HOx5vhj08UTr/9ezZQHB4z8QYOhifrscbTfb3AnXxeTUGDp5I8hbgwqRHIltS4PfZqaGE1zcVipsrVXjo1bmtEP4HjFg6MY5iDYCttnpR9MQ1IfDYRK2rRARmCwt6v6ATzLnq4ei68ZbqkMLDZQOlauf5IdkSzrTghSUH+Tf4gGBS04vqkbD/7jtfa69Jew= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 27f6b8a8-5a54-41b4-c3bb-08d71a8ecf21 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:56.1637 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2891 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.57 Subject: [Qemu-devel] [PATCH v3 12/14] kvm: add support to sync the page encryption state bitmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The SEV VMs have concept of private and shared memory. The private memory is encrypted with guest-specific key, while shared memory may be encrypted with hyperivosr key. The KVM_GET_PAGE_ENC_BITMAP can be used to get a bitmap indicating whether the guest page is private or shared. A private page must be transmitted using the SEV migration commands. Add a cpu_physical_memory_sync_encrypted_bitmap() which can be used to get the page encryption bitmap for a given memory region. The page encryption bitmap is not exactly same as dirty bitmap. The page encryption bitmap is a purely a matter of state about the page is encrypted or not. To avoid some confusion we clone few functions for clarity. Signed-off-by: Brijesh Singh --- accel/kvm/kvm-all.c | 37 ++++++++ include/exec/ram_addr.h | 199 ++++++++++++++++++++++++++++++++++++++++ include/exec/ramlist.h | 3 +- migration/ram.c | 17 ++++ 4 files changed, 255 insertions(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index f4d136b022..d942e10896 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -560,6 +560,36 @@ static int kvm_get_dirty_pages_log_range(MemoryRegionS= ection *section, =20 #define ALIGN(x, y) (((x)+(y)-1) & ~((y)-1)) =20 +/* sync page_enc bitmap */ +static int kvm_sync_page_enc_bitmap(KVMMemoryListener *kml, + MemoryRegionSection *section, + KVMSlot *mem) +{ + unsigned long size; + KVMState *s =3D kvm_state; + struct kvm_page_enc_bitmap e =3D {}; + ram_addr_t pages =3D int128_get64(section->size) / getpagesize(); + ram_addr_t start =3D section->offset_within_region + + memory_region_get_ram_addr(section->mr); + + size =3D ALIGN(((mem->memory_size) >> TARGET_PAGE_BITS), 64) / 8; + e.enc_bitmap =3D g_malloc0(size); + e.start_gfn =3D mem->start_addr >> TARGET_PAGE_BITS; + e.num_pages =3D pages; + if (kvm_vm_ioctl(s, KVM_GET_PAGE_ENC_BITMAP, &e) =3D=3D -1) { + DPRINTF("KVM_GET_PAGE_ENC_BITMAP ioctl failed %d\n", errno); + g_free(e.enc_bitmap); + return 1; + } + + cpu_physical_memory_set_encrypted_lebitmap(e.enc_bitmap, + start, pages); + + g_free(e.enc_bitmap); + + return 0; +} + /** * kvm_physical_sync_dirty_bitmap - Sync dirty bitmap from kernel space * @@ -616,6 +646,13 @@ static int kvm_physical_sync_dirty_bitmap(KVMMemoryLis= tener *kml, } =20 kvm_get_dirty_pages_log_range(section, d.dirty_bitmap); + + if (kvm_memcrypt_enabled() && + kvm_sync_page_enc_bitmap(kml, section, mem)) { + g_free(d.dirty_bitmap); + return -1; + } + } out: return ret; diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h index b7b2e60ff6..6dbeac6567 100644 --- a/include/exec/ram_addr.h +++ b/include/exec/ram_addr.h @@ -67,6 +67,8 @@ struct RAMBlock { */ unsigned long *clear_bmap; uint8_t clear_bmap_shift; + /* bitmap of page encryption state for an encrypted guest */ + unsigned long *encbmap; }; =20 /** @@ -323,6 +325,60 @@ static inline void cpu_physical_memory_set_dirty_flag(= ram_addr_t addr, rcu_read_unlock(); } =20 +static inline void cpu_physical_memory_set_encrypted_range(ram_addr_t star= t, + ram_addr_t leng= th, + unsigned long v= al) +{ + unsigned long page; + unsigned long * const *src; + + page =3D start >> TARGET_PAGE_BITS; + + rcu_read_lock(); + + src =3D atomic_rcu_read( + &ram_list.dirty_memory[DIRTY_MEMORY_ENCRYPTED])->blocks; + + if (length) { + unsigned long idx =3D page / DIRTY_MEMORY_BLOCK_SIZE; + unsigned long offset =3D page % DIRTY_MEMORY_BLOCK_SIZE; + int m =3D (start) & (BITS_PER_LONG - 1); + int n =3D MIN(length, BITS_PER_LONG - m); + unsigned long old_val =3D atomic_read(&src[idx][BIT_WORD(offset)]); + unsigned long mask; + + mask =3D (~0UL >> n); + mask =3D mask << m; + + old_val &=3D ~mask; + val &=3D mask; + + atomic_xchg(&src[idx][BIT_WORD(offset)], old_val | val); + page +=3D n; + length -=3D n; + } + + /* remaining bits */ + if (length) { + unsigned long idx =3D page / DIRTY_MEMORY_BLOCK_SIZE; + unsigned long offset =3D page % DIRTY_MEMORY_BLOCK_SIZE; + int m =3D (start) & (BITS_PER_LONG - 1); + int n =3D MIN(length, BITS_PER_LONG - m); + unsigned long old_val =3D atomic_read(&src[idx][BIT_WORD(offset)]); + unsigned long mask; + + mask =3D (~0UL >> n); + mask =3D mask << m; + + old_val &=3D ~mask; + val &=3D mask; + + atomic_xchg(&src[idx][BIT_WORD(offset)], old_val | val); + } + + rcu_read_unlock(); +} + static inline void cpu_physical_memory_set_dirty_range(ram_addr_t start, ram_addr_t length, uint8_t mask) @@ -376,6 +432,62 @@ static inline void cpu_physical_memory_set_dirty_range= (ram_addr_t start, } =20 #if !defined(_WIN32) +static inline void cpu_physical_memory_set_encrypted_lebitmap( + unsigned long *bit= map, + ram_addr_t start, + ram_addr_t pages) +{ + unsigned long i; + unsigned long hpratio =3D getpagesize() / TARGET_PAGE_SIZE; + unsigned long page =3D BIT_WORD(start >> TARGET_PAGE_BITS); + + /* start address is aligned at the start of a word? */ + if ((((page * BITS_PER_LONG) << TARGET_PAGE_BITS) =3D=3D start) && + (hpratio =3D=3D 1)) { + unsigned long **blocks[DIRTY_MEMORY_NUM]; + unsigned long idx; + unsigned long offset; + long k; + long nr =3D BITS_TO_LONGS(pages); + + idx =3D (start >> TARGET_PAGE_BITS) / DIRTY_MEMORY_BLOCK_SIZE; + offset =3D BIT_WORD((start >> TARGET_PAGE_BITS) % + DIRTY_MEMORY_BLOCK_SIZE); + + rcu_read_lock(); + + for (i =3D 0; i < DIRTY_MEMORY_NUM; i++) { + blocks[i] =3D atomic_rcu_read(&ram_list.dirty_memory[i])->bloc= ks; + } + + for (k =3D 0; k < nr; k++) { + if (bitmap[k]) { + unsigned long temp =3D leul_to_cpu(bitmap[k]); + + atomic_xchg(&blocks[DIRTY_MEMORY_ENCRYPTED][idx][offset], = temp); + } + + if (++offset >=3D BITS_TO_LONGS(DIRTY_MEMORY_BLOCK_SIZE)) { + offset =3D 0; + idx++; + } + } + + rcu_read_unlock(); + } else { + i =3D 0; + while (pages > 0) { + unsigned long len =3D MIN(pages, BITS_PER_LONG); + + cpu_physical_memory_set_encrypted_range(start, len, + leul_to_cpu(bitmap[i])); + start +=3D len; + i++; + pages -=3D len; + } + } +} + static inline void cpu_physical_memory_set_dirty_lebitmap(unsigned long *b= itmap, ram_addr_t start, ram_addr_t pages) @@ -478,6 +590,8 @@ static inline void cpu_physical_memory_clear_dirty_rang= e(ram_addr_t start, cpu_physical_memory_test_and_clear_dirty(start, length, DIRTY_MEMORY_M= IGRATION); cpu_physical_memory_test_and_clear_dirty(start, length, DIRTY_MEMORY_V= GA); cpu_physical_memory_test_and_clear_dirty(start, length, DIRTY_MEMORY_C= ODE); + cpu_physical_memory_test_and_clear_dirty(start, length, + DIRTY_MEMORY_ENCRYPTED); } =20 =20 @@ -556,5 +670,90 @@ uint64_t cpu_physical_memory_sync_dirty_bitmap(RAMBloc= k *rb, =20 return num_dirty; } + +static inline bool cpu_physical_memory_test_encrypted(ram_addr_t start, + ram_addr_t length) +{ + unsigned long end, page; + bool enc =3D false; + unsigned long * const *src; + + if (length =3D=3D 0) { + return enc; + } + + end =3D TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS; + page =3D start >> TARGET_PAGE_BITS; + + rcu_read_lock(); + + src =3D atomic_rcu_read( + &ram_list.dirty_memory[DIRTY_MEMORY_ENCRYPTED])->blocks; + + while (page < end) { + unsigned long idx =3D page / DIRTY_MEMORY_BLOCK_SIZE; + unsigned long offset =3D page % DIRTY_MEMORY_BLOCK_SIZE; + unsigned long num =3D MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - of= fset); + + enc |=3D atomic_read(&src[idx][BIT_WORD(offset)]); + page +=3D num; + } + + rcu_read_unlock(); + + return enc; +} + +static inline +void cpu_physical_memory_sync_encrypted_bitmap(RAMBlock *rb, + ram_addr_t start, + ram_addr_t length) +{ + ram_addr_t addr; + unsigned long word =3D BIT_WORD((start + rb->offset) >> TARGET_PAGE_BI= TS); + unsigned long *dest =3D rb->encbmap; + + /* start address and length is aligned at the start of a word? */ + if (((word * BITS_PER_LONG) << TARGET_PAGE_BITS) =3D=3D + (start + rb->offset) && + !(length & ((BITS_PER_LONG << TARGET_PAGE_BITS) - 1))) { + int k; + int nr =3D BITS_TO_LONGS(length >> TARGET_PAGE_BITS); + unsigned long * const *src; + unsigned long idx =3D (word * BITS_PER_LONG) / DIRTY_MEMORY_BLOCK_= SIZE; + unsigned long offset =3D BIT_WORD((word * BITS_PER_LONG) % + DIRTY_MEMORY_BLOCK_SIZE); + unsigned long page =3D BIT_WORD(start >> TARGET_PAGE_BITS); + + rcu_read_lock(); + + src =3D atomic_rcu_read( + &ram_list.dirty_memory[DIRTY_MEMORY_ENCRYPTED])->blocks; + + for (k =3D page; k < page + nr; k++) { + unsigned long bits =3D atomic_read(&src[idx][offset]); + dest[k] =3D bits; + + if (++offset >=3D BITS_TO_LONGS(DIRTY_MEMORY_BLOCK_SIZE)) { + offset =3D 0; + idx++; + } + } + + rcu_read_unlock(); + } else { + ram_addr_t offset =3D rb->offset; + + for (addr =3D 0; addr < length; addr +=3D TARGET_PAGE_SIZE) { + long k =3D (start + addr) >> TARGET_PAGE_BITS; + if (cpu_physical_memory_test_encrypted(start + addr + offset, + TARGET_PAGE_SIZE)) { + set_bit(k, dest); + } else { + clear_bit(k, dest); + } + } + } +} #endif #endif diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h index bc4faa1b00..2a5eab8b11 100644 --- a/include/exec/ramlist.h +++ b/include/exec/ramlist.h @@ -11,7 +11,8 @@ typedef struct RAMBlockNotifier RAMBlockNotifier; #define DIRTY_MEMORY_VGA 0 #define DIRTY_MEMORY_CODE 1 #define DIRTY_MEMORY_MIGRATION 2 -#define DIRTY_MEMORY_NUM 3 /* num of dirty bits */ +#define DIRTY_MEMORY_ENCRYPTED 3 +#define DIRTY_MEMORY_NUM 4 /* num of dirty bits */ =20 /* The dirty memory bitmap is split into fixed-size blocks to allow growth * under RCU. The bitmap for a block can be accessed as follows: diff --git a/migration/ram.c b/migration/ram.c index 889148dd84..57c707525b 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -57,6 +57,7 @@ #include "qemu/uuid.h" #include "savevm.h" #include "qemu/iov.h" +#include "hw/boards.h" =20 /***********************************************************/ /* ram save/restore */ @@ -700,6 +701,13 @@ typedef struct { QemuSemaphore sem_sync; } MultiFDRecvParams; =20 +static inline bool memcrypt_enabled(void) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + + return machine_memory_encryption_enabled(ms); +} + static int multifd_send_initial_packet(MultiFDSendParams *p, Error **errp) { MultiFDInit_t msg; @@ -1754,6 +1762,9 @@ static void migration_bitmap_sync_range(RAMState *rs,= RAMBlock *rb, rs->migration_dirty_pages +=3D cpu_physical_memory_sync_dirty_bitmap(rb, 0, length, &rs->num_dirty_pages_period); + if (memcrypt_enabled()) { + cpu_physical_memory_sync_encrypted_bitmap(rb, 0, length); + } } =20 /** @@ -2768,6 +2779,8 @@ static void ram_save_cleanup(void *opaque) block->bmap =3D NULL; g_free(block->unsentmap); block->unsentmap =3D NULL; + g_free(block->encbmap); + block->encbmap =3D NULL; } =20 xbzrle_cleanup(); @@ -3310,6 +3323,10 @@ static void ram_list_init_bitmaps(void) block->unsentmap =3D bitmap_new(pages); bitmap_set(block->unsentmap, 0, pages); } + if (memcrypt_enabled()) { + block->encbmap =3D bitmap_new(pages); + bitmap_set(block->encbmap, 0, pages); + } } } } --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565110878333369.4075308726814; Tue, 6 Aug 2019 10:01:18 -0700 (PDT) Received: from localhost ([::1]:35132 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2pc-0006Qw-An for importer@patchew.org; Tue, 06 Aug 2019 13:01:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51027) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jk-0004Et-ET for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:55:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2ji-0003vd-Ua for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:55:00 -0400 Received: from mail-eopbgr810057.outbound.protection.outlook.com ([40.107.81.57]:52144 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2ji-0003qo-Nz for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:58 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB2891.namprd12.prod.outlook.com (20.179.71.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.16; Tue, 6 Aug 2019 16:54:57 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:57 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WnH9YSLXIR8vfz+OIHnLDdieXWENAlxnSlbjVr1Nu/evWFCNs39BoVf7Wsg7Ewg0S/Pyjh1P1dMDfjyVQFy6eTA1hOpTQ3xO0q5wg34EiBUZHeeF63fun3RGJjQRBTFqAz+ue2pqHNXfUlzarjyWDsOKkcZQOiF18YLGgPAlzohnQ/y62kvmBUQxTQEaG9f51udaCUdGW7QLxbon+86wxBr/Dx3joTixasqZtQVZhYDFd66+GncI28wGc4xgCiLwLQN2GkBmHytXsUPojg2szdovKjvs4k1zLySesgr+8bFQWMfhMa09wYPISRutIpmsmAms3VJR19m2uDoKSeemQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OJIY46v9TBblbS9x1cgn+Bsbo1uFuY7GAe9HXDBAAA4=; b=M/NSmTQDyS6UgVfVYhkf1i/poOw7MRxw9zbgSxarKvn4K5ZfLU1f7sbLVAtb4DL5KleNECT7gGMiJyzyrSou8v8RaBPs7jBHLJqvzKVVk3JsRz9m7hqDguZzDI7KoDT1tptyQa3VS/oGNIx7Yi7jwIDYZYIJoY4/eGT5H5MU5bNGFTPXx9Hys95l3pLSNYAkPAr809Jp0RhCHtXUnnGYNU2/1mtIHf+jf6mf1Gt95f6tUr5m8csl7LjGdYKCACNW6HlhWmd0LQRmsmZpSkeUwIphG5csFdrz0wFaFYrW9+KAgxmFis8EeeIy2ByaQ+kknyYeMXiX9I8u23W13xzVNQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OJIY46v9TBblbS9x1cgn+Bsbo1uFuY7GAe9HXDBAAA4=; b=gFMVqPwKRchhnIhtyY4DOAG4Yq2Pq+HUrkyx7WqxYRu2DxlmACFHYYZ1NVTW4SlrYBNiT3w3+4f+ry0VoKcOFUvuqhLKbwAgD00ooFlX1tH59PHscl6DgBCrBvx9/thyzBWBgub6pTX+tKvk4pmFfPlAFYbDnGE6b+f271KqDtU= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 13/14] migration/ram: add support to send encrypted pages Thread-Index: AQHVTHetRSrN3wcZoUOui2rEdXwQuQ== Date: Tue, 6 Aug 2019 16:54:56 +0000 Message-ID: <20190806165429.19327-14-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d8e57f1f-b0fb-4461-bf00-08d71a8ecfa6 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2891; x-ms-traffictypediagnostic: DM6PR12MB2891: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4502; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(136003)(396003)(376002)(346002)(189003)(199004)(43544003)(6116002)(3846002)(2906002)(6436002)(50226002)(54906003)(316002)(8676002)(81156014)(86362001)(81166006)(5640700003)(99286004)(76176011)(52116002)(6486002)(386003)(102836004)(71200400001)(71190400001)(2616005)(2501003)(476003)(8936002)(14444005)(11346002)(26005)(66066001)(256004)(6506007)(2351001)(446003)(186003)(486006)(6512007)(66556008)(478600001)(66476007)(64756008)(66946007)(7736002)(53936002)(1076003)(66446008)(6916009)(5660300002)(36756003)(68736007)(25786009)(4326008)(305945005)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2891; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: iwr9R34Xl071rELSjI3oRcJTv6rk2iOXmaFkVKGTDji5I7LK8LbCKNPQwG3bsKSlwygE8SsACArdJvuig6YNJz4p8s0AzwiVPjQ4Hs6+oLYwxIyvu1k+RQ8lbF23GYcNZh8sIh/SaBMB8vkdezZRVmmuyVeZic537t8xUfWjRgKuNLoIxV3Kdo5kFKaCiWmTFCyS6ZpUNZN/2Pk1yttUmix48Fl31t/uQPhskkm0EJHqYyVYhIsKyOEXXQfmUiBN2QtL6ItJPPsDpXAjhitSYR02oCjH3yYGtirQPF7zhCLCdcvc7Yq0Fr+Q7im36qEp1weI7QUDExWymMXiJLEwUYNyIzjoiXneBswKVdfFOVEG4hjjZHXiJFgznsgVFGTUUTnjkXkvhCqi2xARdQ4kzQ2qeYQTOHA1l+IARUHL8LY= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d8e57f1f-b0fb-4461-bf00-08d71a8ecfa6 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:56.9803 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2891 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.57 Subject: [Qemu-devel] [PATCH v3 13/14] migration/ram: add support to send encrypted pages X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" When memory encryption is enabled, the guest memory will be encrypted with the guest specific key. The patch introduces RAM_SAVE_FLAG_ENCRYPTED_PAGE flag to distinguish the encrypted data from plaintext. Encrypted pages may need special handling. The kvm_memcrypt_save_outgoing_page() is used by the sender to write the encrypted pages onto the socket, similarly the kvm_memcrypt_load_incoming_page() is used by the target to read the encrypted pages from the socket and load into the guest memory. Signed-off-by: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert --- migration/ram.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 130 insertions(+), 1 deletion(-) diff --git a/migration/ram.c b/migration/ram.c index 57c707525b..100a5a10cd 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -59,6 +59,9 @@ #include "qemu/iov.h" #include "hw/boards.h" =20 +/* Defines RAM_SAVE_ENCRYPTED_PAGE and RAM_SAVE_ENCRYPTED_BITMAP */ +#include "sysemu/sev.h" + /***********************************************************/ /* ram save/restore */ =20 @@ -77,6 +80,7 @@ #define RAM_SAVE_FLAG_XBZRLE 0x40 /* 0x80 is reserved in migration.h start with 0x100 next */ #define RAM_SAVE_FLAG_COMPRESS_PAGE 0x100 +#define RAM_SAVE_FLAG_ENCRYPTED_DATA 0x200 =20 static inline bool is_zero_range(uint8_t *p, uint64_t size) { @@ -460,6 +464,9 @@ static QemuCond decomp_done_cond; =20 static bool do_compress_ram_page(QEMUFile *f, z_stream *stream, RAMBlock *= block, ram_addr_t offset, uint8_t *source_buf); +static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss, + bool last_stage); + =20 static void *do_data_compress(void *opaque) { @@ -2039,6 +2046,73 @@ static int save_normal_page(RAMState *rs, RAMBlock *= block, ram_addr_t offset, return 1; } =20 +/** + * ram_save_encrypted_page - send the given encrypted page to the stream + */ +static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss, + bool last_stage) +{ + int ret; + uint8_t *p; + RAMBlock *block =3D pss->block; + ram_addr_t offset =3D pss->page << TARGET_PAGE_BITS; + uint64_t bytes_xmit; + MachineState *ms =3D MACHINE(qdev_get_machine()); + MachineClass *mc =3D MACHINE_GET_CLASS(ms); + struct MachineMemoryEncryptionOps *ops =3D mc->memory_encryption_ops; + + p =3D block->host + offset; + + ram_counters.transferred +=3D + save_page_header(rs, rs->f, block, + offset | RAM_SAVE_FLAG_ENCRYPTED_DATA); + + qemu_put_be32(rs->f, RAM_SAVE_ENCRYPTED_PAGE); + ret =3D ops->save_outgoing_page(rs->f, p, TARGET_PAGE_SIZE, &bytes_xmi= t); + if (ret) { + return -1; + } + + ram_counters.transferred +=3D bytes_xmit; + ram_counters.normal++; + + return 1; +} + +/** + * ram_save_encrypted_bitmap: send the encrypted page state bitmap + */ +static int ram_save_encrypted_bitmap(RAMState *rs, QEMUFile *f) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + MachineClass *mc =3D MACHINE_GET_CLASS(ms); + struct MachineMemoryEncryptionOps *ops =3D mc->memory_encryption_ops; + + save_page_header(rs, rs->f, rs->last_seen_block, + RAM_SAVE_FLAG_ENCRYPTED_DATA); + qemu_put_be32(rs->f, RAM_SAVE_ENCRYPTED_BITMAP); + return ops->save_outgoing_bitmap(rs->f); +} + +static int load_encrypted_data(QEMUFile *f, uint8_t *ptr) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + MachineClass *mc =3D MACHINE_GET_CLASS(ms); + struct MachineMemoryEncryptionOps *ops =3D mc->memory_encryption_ops; + int flag; + + flag =3D qemu_get_be32(f); + + if (flag =3D=3D RAM_SAVE_ENCRYPTED_PAGE) { + return ops->load_incoming_page(f, ptr); + } else if (flag =3D=3D RAM_SAVE_ENCRYPTED_BITMAP) { + return ops->load_incoming_bitmap(f); + } else { + error_report("unknown encrypted flag %x", flag); + return 1; + } +} + /** * ram_save_page: send the given page to the stream * @@ -2528,6 +2602,22 @@ static bool save_compress_page(RAMState *rs, RAMBloc= k *block, ram_addr_t offset) return false; } =20 +/** + * encrypted_test_bitmap: check if the page is encrypted + * + * Returns a bool indicating whether the page is encrypted. + */ +static bool encrypted_test_bitmap(RAMState *rs, RAMBlock *block, + unsigned long page) +{ + /* ROM devices contains the unencrypted data */ + if (memory_region_is_rom(block->mr)) { + return false; + } + + return test_bit(page, block->encbmap); +} + /** * ram_save_target_page: save one target page * @@ -2548,6 +2638,17 @@ static int ram_save_target_page(RAMState *rs, PageSe= archStatus *pss, return res; } =20 + /* + * If memory encryption is enabled then use memory encryption APIs + * to write the outgoing buffer to the wire. The encryption APIs + * will take care of accessing the guest memory and re-encrypt it + * for the transport purposes. + */ + if (memcrypt_enabled() && + encrypted_test_bitmap(rs, pss->block, pss->page)) { + return ram_save_encrypted_page(rs, pss, last_stage); + } + if (save_compress_page(rs, block, offset)) { return 1; } @@ -3445,6 +3546,16 @@ void qemu_guest_free_page_hint(void *addr, size_t le= n) } } =20 +static int ram_encrypted_save_setup(void) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + MachineClass *mc =3D MACHINE_GET_CLASS(ms); + MigrationParameters *p =3D &migrate_get_current()->parameters; + struct MachineMemoryEncryptionOps *ops =3D mc->memory_encryption_ops; + + return ops->save_setup(p->sev_pdh, p->sev_plat_cert, p->sev_amd_cert); +} + /* * Each of ram_save_setup, ram_save_iterate and ram_save_complete has * long-running RCU critical section. When rcu-reclaims in the code @@ -3480,6 +3591,12 @@ static int ram_save_setup(QEMUFile *f, void *opaque) =20 rcu_read_lock(); =20 + if (memcrypt_enabled()) { + if (ram_encrypted_save_setup()) { + return -1; + } + } + qemu_put_be64(f, ram_bytes_total_common(true) | RAM_SAVE_FLAG_MEM_SIZE= ); =20 RAMBLOCK_FOREACH_MIGRATABLE(block) { @@ -3644,6 +3761,11 @@ static int ram_save_complete(QEMUFile *f, void *opaq= ue) flush_compressed_data(rs); ram_control_after_iterate(f, RAM_CONTROL_FINISH); =20 + /* send the page encryption state bitmap */ + if (memcrypt_enabled()) { + ret =3D ram_save_encrypted_bitmap(rs, f); + } + rcu_read_unlock(); =20 multifd_send_sync_main(); @@ -4391,7 +4513,8 @@ static int ram_load(QEMUFile *f, void *opaque, int ve= rsion_id) } =20 if (flags & (RAM_SAVE_FLAG_ZERO | RAM_SAVE_FLAG_PAGE | - RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE)) { + RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE | + RAM_SAVE_FLAG_ENCRYPTED_DATA)) { RAMBlock *block =3D ram_block_from_stream(f, flags); =20 /* @@ -4505,6 +4628,12 @@ static int ram_load(QEMUFile *f, void *opaque, int v= ersion_id) break; } break; + case RAM_SAVE_FLAG_ENCRYPTED_DATA: + if (load_encrypted_data(f, host)) { + error_report("Failed to load encrypted data"); + ret =3D -EINVAL; + } + break; case RAM_SAVE_FLAG_EOS: /* normal exit */ multifd_recv_sync_main(); --=20 2.17.1 From nobody Sat Apr 27 18:28:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=fail (Bad Signature) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1565111052048577.0115028418321; Tue, 6 Aug 2019 10:04:12 -0700 (PDT) Received: from localhost ([::1]:35168 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2sd-0002Bh-2w for importer@patchew.org; Tue, 06 Aug 2019 13:04:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51021) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv2jk-0004E0-7T for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:55:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv2jj-0003vq-8g for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:55:00 -0400 Received: from mail-eopbgr680056.outbound.protection.outlook.com ([40.107.68.56]:9534 helo=NAM04-BN3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv2jj-0003vH-45 for qemu-devel@nongnu.org; Tue, 06 Aug 2019 12:54:59 -0400 Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.118.13) by DM6PR12MB4233.namprd12.prod.outlook.com (10.141.184.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Tue, 6 Aug 2019 16:54:57 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::7439:ea87:cc5d:71%7]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 16:54:57 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gWxTuDNS2cPhZpgWLpNPH5xZPA/qMsG9h1TwiE1uNM40850YyHEY49d9Uwd+81AWWQPzBzsKll/6bN9VEkvrccqST8agj2eGFQ6CEj22nIgbRBSEQ39eaCdhs7Jw1pUPA1D63FXI+9y7zLCwZ4vSyJgRWz6Bf/qdBiD9bzObUX5fZ0Y7kRMQrz4M58Y2gH0gI8NGP7N/ob2SkMrZfORmsJdGpdsapFEn9fu+pd6oV0Z5SKe6uPxhdP6GZa6HiaJG2mynTMbkFG9zrukMWuFadGPIeyn2CZoKiHaRmZJmsDbcdfcgfAWAsuO77foPtmWfUjeiSaVTovZ+Q1iqB99Amw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uejz4+svlRVi0qnndRC3NfpS5tl1lPdx+mY80R7ZbaQ=; b=GhLW/QhI9GiysSE9YoVVF9/DLcIztA8qveC2cxLRpAD5V4pQuDfC/AGTwKCyg8kNRoipqsQy3+ttX8pWtxjwYxFNWHFxx0pVp/jjdu/x7x7gs7cmXZfoXIxXr7/2SOnX0hiYO5DDRS22DZTA0D01gQuDrzDtMWRggldPjBPCcfC+acZnmHGwEdtdCo+avcjgTQgxQfWkk+ybISL3z/fObO/rMKUrEcmnXB8vuzjpj6yTvR7LMjr7iT2wXBGEjNtJlu8X97nqGz0GXGJtPIs+2fG2HXE8h3jEs1FZXW+4nOKcch6gwFoC+Srl/+GYTGJH7rcc/RrKHULE5IzdLZG1Ug== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=amd.com;dmarc=pass action=none header.from=amd.com;dkim=pass header.d=amd.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uejz4+svlRVi0qnndRC3NfpS5tl1lPdx+mY80R7ZbaQ=; b=jSS2GYUECDXc2gpWnQPHPoZhk3jjA0PRLKz6X7pvp22l7XNbPADoJIm0h7ZOC2g5PCQ5Gq1jKsSTscAG3xLM6/SyUGFVz9TnDSxse1w7z89gWcg/qO7w8JAyRQGQKbZzWql/+6G+d+vgdl+TH5ayJPgbbawWdEkpq08rgsZDHUU= From: "Singh, Brijesh" To: "qemu-devel@nongnu.org" Thread-Topic: [PATCH v3 14/14] target/i386: sev: remove migration blocker Thread-Index: AQHVTHetdKLSX/Auc027lh3NqFxWjw== Date: Tue, 6 Aug 2019 16:54:57 +0000 Message-ID: <20190806165429.19327-15-brijesh.singh@amd.com> References: <20190806165429.19327-1-brijesh.singh@amd.com> In-Reply-To: <20190806165429.19327-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:42::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1c00ec95-1542-4fb5-6470-08d71a8ed01d x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB4233; x-ms-traffictypediagnostic: DM6PR12MB4233: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:124; x-forefront-prvs: 0121F24F22 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(2501003)(71200400001)(36756003)(81166006)(71190400001)(81156014)(54906003)(5660300002)(1076003)(25786009)(7736002)(6116002)(305945005)(8676002)(76176011)(6916009)(68736007)(3846002)(8936002)(2351001)(99286004)(478600001)(102836004)(64756008)(66946007)(66446008)(66476007)(386003)(6506007)(66556008)(26005)(4326008)(50226002)(2616005)(186003)(476003)(6512007)(6486002)(486006)(86362001)(5640700003)(53936002)(66066001)(316002)(14454004)(11346002)(2906002)(446003)(256004)(6436002)(52116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4233; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: QvqWYXZznhIuc5Uk+AeCP8Ho7o1z4oiB7Wm78uITghOoFdZfm+dcZmMrN5vFOOO27bvq29G0DWrbSlumiv4JgZsM7Th2TPBrWHTEqcjOX8x4pCmx6zCA18y9aD0RS/KAVK5QEnQDqPIrWx+iXdf9eN0RU+mSAx4qLvBQpfGJ+3bHn8jrdMpN4l20SrJ5NyEgcFMOcIiE/sCVGCpb6ju4LYlGJpwuEZpiY0ndeOc2r75swgBAIGYCNj31CC9DOnXUsyDr6/tUJ72grxQzzHpzwNjiYYPpMFgqhP6nmHRMQLHA5bQdG+CY0jDswJBIkVeZHgxo0RAuFLbv8pBtJ7GC6SLtqKuoTJgkplnkFwHJslzX/PcWypYiYd8rMMbWvaPHfjmkI1z2cpDICwNE/jjrgR4br/6c3XaS4knDvrWO5Z8= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1c00ec95-1542-4fb5-6470-08d71a8ed01d X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 16:54:57.8038 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4233 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.68.56 Subject: [Qemu-devel] [PATCH v3 14/14] target/i386: sev: remove migration blocker X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "Lendacky, Thomas" , "Singh, Brijesh" , "dgilbert@redhat.com" , "ehabkost@redhat.com" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Brijesh Singh --- target/i386/sev.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 9d643e720c..72b841a458 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -34,7 +34,6 @@ #define DEFAULT_SEV_DEVICE "/dev/sev" =20 static SEVState *sev_state; -static Error *sev_mig_blocker; =20 static const char *const sev_fw_errlist[] =3D { "", @@ -700,7 +699,6 @@ static void sev_launch_finish(SEVState *s) { int ret, error; - Error *local_err =3D NULL; =20 trace_kvm_sev_launch_finish(); ret =3D sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); @@ -711,16 +709,6 @@ sev_launch_finish(SEVState *s) } =20 sev_set_guest_state(SEV_STATE_RUNNING); - - /* add migration blocker */ - error_setg(&sev_mig_blocker, - "SEV: Migration is not implemented"); - ret =3D migrate_add_blocker(sev_mig_blocker, &local_err); - if (local_err) { - error_report_err(local_err); - error_free(sev_mig_blocker); - exit(1); - } } =20 static int --=20 2.17.1