From nobody Tue Nov 18 02:50:36 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1607061279; cv=none; d=zohomail.com; s=zohoarc; b=QVK+i9R01hYlRJWTB5ZDEjyBk+9O47V9EPYK/oVdoX/lg1/YuVyjERFDvyaxlhQvim9eKgjZsfqexg+9Jgis1L88CzX200zTs7BS/r+4Cii9RZERQMUKdwLVStoRMvxOfwtS6pxjJs2gqxf7ZEKKoEFfU7dk5W3SfQJRK0nbnjo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1607061279; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=XeXQ3JgbE/QhlOJ9oHamgIzvcpukKZTVvdu2Ouy5oxs=; b=Lmt5XQWO4aE1ApPUmcaYTcY6KEPXG31WqZ8p96I5wTiTVt087usTCe9ir59LKDFfg5mv835UiO11Q5A/7WSal1VcAWrDvp2PVKjsfjh/LMV+Mg3ffW6shBAk+7RFn5V9r1kyGKanCxD3HGNTyXYmtfJ09i9Bjbon1OcfReN6UWA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1607061279467181.61079632130281; Thu, 3 Dec 2020 21:54:39 -0800 (PST) Received: from localhost ([::1]:34050 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kl43C-0001ma-FB for importer@patchew.org; Fri, 04 Dec 2020 00:54:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:56868) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kl3tY-0004G2-Bm; Fri, 04 Dec 2020 00:44:40 -0500 Received: from ozlabs.org ([2401:3900:2:1::2]:59799) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kl3tW-00005X-7M; Fri, 04 Dec 2020 00:44:40 -0500 Received: by ozlabs.org (Postfix, from userid 1007) id 4CnM8g4ZGpz9sVS; Fri, 4 Dec 2020 16:44:19 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gibson.dropbear.id.au; s=201602; t=1607060659; bh=kdYvFLKM63q+FlqswmpyvW9PA1nGgs8gSeZCixeRoWI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eClbQXzs/c6c4HuFl4LzxegJDpJf85x/cwcWPj7nAcbbTTwime4OvFGJdL59mXx54 HzPQyeK1ID37Co+Q5w5bCkPtImzoohOtJ0eSYvB9wy64nv5h6iREEOuTuqrlF5eU4w qf3PSN6hhUcXPo0Eqc8idtr4Yme6Llsrzjm4xKlc= From: David Gibson To: pair@us.ibm.com, pbonzini@redhat.com, frankja@linux.ibm.com, brijesh.singh@amd.com, dgilbert@redhat.com, qemu-devel@nongnu.org Subject: [for-6.0 v5 05/13] securable guest memory: Rework the "memory-encryption" property Date: Fri, 4 Dec 2020 16:44:07 +1100 Message-Id: <20201204054415.579042-6-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201204054415.579042-1-david@gibson.dropbear.id.au> References: <20201204054415.579042-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2401:3900:2:1::2; envelope-from=dgibson@ozlabs.org; helo=ozlabs.org X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, cohuck@redhat.com, berrange@redhat.com, Eduardo Habkost , kvm@vger.kernel.org, "Michael S. Tsirkin" , Richard Henderson , Marcelo Tosatti , david@redhat.com, mdroth@linux.vnet.ibm.com, pasic@linux.ibm.com, borntraeger@de.ibm.com, qemu-s390x@nongnu.org, qemu-ppc@nongnu.org, David Gibson , rth@twiddle.net Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Currently the "memory-encryption" property is only looked at once we get to kvm_init(). Although protection of guest memory from the hypervisor isn't something that could really ever work with TCG, it's not conceptually tied to the KVM accelerator. In addition, the way the string property is resolved to an object is almost identical to how a QOM link property is handled. So, create a new "securable-guest-memory" link property which sets this QOM interface link directly in the machine. For compatibility we keep the "memory-encryption" property, but now implemented in terms of the new property. Signed-off-by: David Gibson Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- accel/kvm/kvm-all.c | 22 ++++++---------------- hw/core/machine.c | 43 +++++++++++++++++++++++++++++++++++++------ include/hw/boards.h | 2 +- 3 files changed, 44 insertions(+), 23 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 9e7cea64d6..92a49b328a 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2207,24 +2207,14 @@ static int kvm_init(MachineState *ms) * if memory encryption object is specified then initialize the memory * encryption context. */ - if (ms->memory_encryption) { - Object *obj =3D object_resolve_path_component(object_get_objects_r= oot(), - ms->memory_encryption); - - if (object_dynamic_cast(obj, TYPE_SECURABLE_GUEST_MEMORY)) { - SecurableGuestMemory *sgm =3D SECURABLE_GUEST_MEMORY(obj); - - /* FIXME handle mechanisms other than SEV */ - ret =3D sev_kvm_init(sgm); - if (ret < 0) { - goto err; - } - - kvm_state->sgm =3D sgm; - } else { - ret =3D -1; + if (ms->sgm) { + /* FIXME handle mechanisms other than SEV */ + ret =3D sev_kvm_init(ms->sgm); + if (ret < 0) { goto err; } + + kvm_state->sgm =3D ms->sgm; } =20 ret =3D kvm_arch_init(ms, s); diff --git a/hw/core/machine.c b/hw/core/machine.c index cb0711508d..816ea3ae3e 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -27,6 +27,7 @@ #include "hw/pci/pci.h" #include "hw/mem/nvdimm.h" #include "migration/vmstate.h" +#include "exec/securable-guest-memory.h" =20 GlobalProperty hw_compat_5_1[] =3D { { "vhost-scsi", "num_queues", "1"}, @@ -417,16 +418,37 @@ static char *machine_get_memory_encryption(Object *ob= j, Error **errp) { MachineState *ms =3D MACHINE(obj); =20 - return g_strdup(ms->memory_encryption); + if (ms->sgm) { + return g_strdup(object_get_canonical_path_component(OBJECT(ms->sgm= ))); + } + + return NULL; } =20 static void machine_set_memory_encryption(Object *obj, const char *value, Error **errp) { - MachineState *ms =3D MACHINE(obj); + Object *sgm =3D + object_resolve_path_component(object_get_objects_root(), value); + + if (!sgm) { + error_setg(errp, "No such memory encryption object '%s'", value); + return; + } =20 - g_free(ms->memory_encryption); - ms->memory_encryption =3D g_strdup(value); + object_property_set_link(obj, "securable-guest-memory", sgm, errp); +} + +static void machine_check_securable_guest_memory(const Object *obj, + const char *name, + Object *new_target, + Error **errp) +{ + /* + * So far the only constraint is that the target has the + * TYPE_SECURABLE_GUEST_MEMORY interface, and that's checked by + * the QOM core + */ } =20 static bool machine_get_nvdimm(Object *obj, Error **errp) @@ -833,6 +855,15 @@ static void machine_class_init(ObjectClass *oc, void *= data) object_class_property_set_description(oc, "suppress-vmdesc", "Set on to disable self-describing migration"); =20 + object_class_property_add_link(oc, "securable-guest-memory", + TYPE_SECURABLE_GUEST_MEMORY, + offsetof(MachineState, sgm), + machine_check_securable_guest_memory, + OBJ_PROP_LINK_STRONG); + object_class_property_set_description(oc, "securable-guest-memory", + "Set securable guest memory scheme to use"); + + /* For compatibility */ object_class_property_add_str(oc, "memory-encryption", machine_get_memory_encryption, machine_set_memory_encryption); object_class_property_set_description(oc, "memory-encryption", @@ -1123,9 +1154,9 @@ void machine_run_board_init(MachineState *machine) cc->deprecation_note); } =20 - if (machine->memory_encryption) { + if (machine->sgm) { /* - * With memory encryption, the host can't see the real + * With securable guest memory, the host can't see the real * contents of RAM, so there's no point in it trying to merge * areas. */ diff --git a/include/hw/boards.h b/include/hw/boards.h index a49e3a6b44..2ea9790183 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -269,7 +269,7 @@ struct MachineState { bool iommu; bool suppress_vmdesc; bool enable_graphics; - char *memory_encryption; + SecurableGuestMemory *sgm; char *ram_memdev_id; /* * convenience alias to ram_memdev_id backend memory region --=20 2.28.0