From nobody Tue Nov 18 11:49:30 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1610427515; cv=none; d=zohomail.com; s=zohoarc; b=VjW/LYLdpHTNVTl7Iyv4pzzsE9vdqOGBXnuEBKvQvWrj8pxwaX6yZn2NAJ4oQKPllhhovJ7GXD9R3s4O2cf+tSlHBzeqIRZrB+bMzin7QEmStwtu6fhWr4MrRjHEhOmsZlflVslNrikMKRb5/AAlt+OZ53JeMVfjPYr/sjj2jvU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1610427515; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=slpO58dbgjxZkyvV7ZZwLdm1PGRBvqWCcMXL8hQdi1s=; b=D+HgOnVgyDA3hqS/z8zSafORqYDXutUnXNbIduvAzDgdlslZKLhF7YeICQt4eIN0Flx9a+WfvbCP0xiwwbpKEYNMEN5d2JqeGix32m/7t7VQtTh5mEmYcL7kXNdztR26aDGHrwwrWvbZ0Qc8/dURfe+78iqVrq/4VdJx1ti/nfM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1610427515485768.0936406906649; Mon, 11 Jan 2021 20:58:35 -0800 (PST) Received: from localhost ([::1]:44066 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kzBlJ-0008Qn-Vn for importer@patchew.org; Mon, 11 Jan 2021 23:58:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50488) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kzBYf-0002J8-GH; Mon, 11 Jan 2021 23:45:32 -0500 Received: from bilbo.ozlabs.org ([2401:3900:2:1::2]:41517 helo=ozlabs.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kzBYb-0007zd-Hr; Mon, 11 Jan 2021 23:45:28 -0500 Received: by ozlabs.org (Postfix, from userid 1007) id 4DFJ0R4lGLz9snk; Tue, 12 Jan 2021 15:45:11 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gibson.dropbear.id.au; s=201602; t=1610426711; bh=/TaupRr7DejjmcQJS2zy6M9urUycDyOcYDNlO26VZsk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MYx3iwaAyydMsB2e3LLf4kBYGe0z4sSf4dbmDROHoCqeiBzRQ0dKFKJPOCs3uUHvM cECweS3457QeV1rKxZTf38BjLLTrhttUuZ0q2cVCP9qEpVt9gYjH84/wxJg0gJllHF N3lC572pw8yE+LN7MarRJpwd9jVwHNacXIdjsZ7Y= From: David Gibson To: pasic@linux.ibm.com, brijesh.singh@amd.com, pair@us.ibm.com, dgilbert@redhat.com, qemu-devel@nongnu.org Subject: [PATCH v6 05/13] confidential guest support: Rework the "memory-encryption" property Date: Tue, 12 Jan 2021 15:45:00 +1100 Message-Id: <20210112044508.427338-6-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210112044508.427338-1-david@gibson.dropbear.id.au> References: <20210112044508.427338-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2401:3900:2:1::2; envelope-from=dgibson@ozlabs.org; helo=ozlabs.org X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Cornelia Huck , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , frankja@linux.ibm.com, kvm@vger.kernel.org, david@redhat.com, jun.nakajima@intel.com, mst@redhat.com, Marcelo Tosatti , richard.henderson@linaro.org, Greg Kurz , Eduardo Habkost , mdroth@linux.vnet.ibm.com, Christian Borntraeger , qemu-s390x@nongnu.org, qemu-ppc@nongnu.org, pragyansri.pathi@intel.com, andi.kleen@intel.com, Paolo Bonzini , David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Currently the "memory-encryption" property is only looked at once we get to kvm_init(). Although protection of guest memory from the hypervisor isn't something that could really ever work with TCG, it's not conceptually tied to the KVM accelerator. In addition, the way the string property is resolved to an object is almost identical to how a QOM link property is handled. So, create a new "confidential-guest-support" link property which sets this QOM interface link directly in the machine. For compatibility we keep the "memory-encryption" property, but now implemented in terms of the new property. Signed-off-by: David Gibson Reviewed-by: Greg Kurz --- accel/kvm/kvm-all.c | 5 +++-- accel/kvm/sev-stub.c | 5 +++-- hw/core/machine.c | 43 +++++++++++++++++++++++++++++++++++++------ include/hw/boards.h | 2 +- include/sysemu/sev.h | 2 +- target/i386/sev.c | 32 ++------------------------------ 6 files changed, 47 insertions(+), 42 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 260ed73ffe..28ab126f70 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2181,8 +2181,9 @@ static int kvm_init(MachineState *ms) * if memory encryption object is specified then initialize the memory * encryption context. */ - if (ms->memory_encryption) { - ret =3D sev_guest_init(ms->memory_encryption); + if (ms->cgs) { + /* FIXME handle mechanisms other than SEV */ + ret =3D sev_kvm_init(ms->cgs); if (ret < 0) { goto err; } diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c index 5db9ab8f00..3d4787ae4a 100644 --- a/accel/kvm/sev-stub.c +++ b/accel/kvm/sev-stub.c @@ -15,7 +15,8 @@ #include "qemu-common.h" #include "sysemu/sev.h" =20 -int sev_guest_init(const char *id) +int sev_kvm_init(ConfidentialGuestSupport *cgs) { - return -1; + /* SEV can't be selected if it's not compiled */ + g_assert_not_reached(); } diff --git a/hw/core/machine.c b/hw/core/machine.c index 8909117d80..94194ab82d 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -32,6 +32,7 @@ #include "hw/mem/nvdimm.h" #include "migration/global_state.h" #include "migration/vmstate.h" +#include "exec/confidential-guest-support.h" =20 GlobalProperty hw_compat_5_2[] =3D {}; const size_t hw_compat_5_2_len =3D G_N_ELEMENTS(hw_compat_5_2); @@ -427,16 +428,37 @@ static char *machine_get_memory_encryption(Object *ob= j, Error **errp) { MachineState *ms =3D MACHINE(obj); =20 - return g_strdup(ms->memory_encryption); + if (ms->cgs) { + return g_strdup(object_get_canonical_path_component(OBJECT(ms->cgs= ))); + } + + return NULL; } =20 static void machine_set_memory_encryption(Object *obj, const char *value, Error **errp) { - MachineState *ms =3D MACHINE(obj); + Object *cgs =3D + object_resolve_path_component(object_get_objects_root(), value); + + if (!cgs) { + error_setg(errp, "No such memory encryption object '%s'", value); + return; + } =20 - g_free(ms->memory_encryption); - ms->memory_encryption =3D g_strdup(value); + object_property_set_link(obj, "confidential-guest-support", cgs, errp); +} + +static void machine_check_confidential_guest_support(const Object *obj, + const char *name, + Object *new_target, + Error **errp) +{ + /* + * So far the only constraint is that the target has the + * TYPE_CONFIDENTIAL_GUEST_SUPPORT interface, and that's checked + * by the QOM core + */ } =20 static bool machine_get_nvdimm(Object *obj, Error **errp) @@ -836,6 +858,15 @@ static void machine_class_init(ObjectClass *oc, void *= data) object_class_property_set_description(oc, "suppress-vmdesc", "Set on to disable self-describing migration"); =20 + object_class_property_add_link(oc, "confidential-guest-support", + TYPE_CONFIDENTIAL_GUEST_SUPPORT, + offsetof(MachineState, cgs), + machine_check_confidential_guest_suppor= t, + OBJ_PROP_LINK_STRONG); + object_class_property_set_description(oc, "confidential-guest-support", + "Set confidential guest scheme t= o support"); + + /* For compatibility */ object_class_property_add_str(oc, "memory-encryption", machine_get_memory_encryption, machine_set_memory_encryption); object_class_property_set_description(oc, "memory-encryption", @@ -1158,9 +1189,9 @@ void machine_run_board_init(MachineState *machine) cc->deprecation_note); } =20 - if (machine->memory_encryption) { + if (machine->cgs) { /* - * With memory encryption, the host can't see the real + * With confidential guests, the host can't see the real * contents of RAM, so there's no point in it trying to merge * areas. */ diff --git a/include/hw/boards.h b/include/hw/boards.h index 17b1f3f0b9..1acd662fa5 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -270,7 +270,7 @@ struct MachineState { bool iommu; bool suppress_vmdesc; bool enable_graphics; - char *memory_encryption; + ConfidentialGuestSupport *cgs; char *ram_memdev_id; /* * convenience alias to ram_memdev_id backend memory region diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 7335e59867..3b5b1aacf1 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -16,7 +16,7 @@ =20 #include "sysemu/kvm.h" =20 -int sev_guest_init(const char *id); +int sev_kvm_init(ConfidentialGuestSupport *cgs); int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); diff --git a/target/i386/sev.c b/target/i386/sev.c index 2a4b2187d6..5399a136ad 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -335,26 +335,6 @@ static const TypeInfo sev_guest_info =3D { } }; =20 -static SevGuestState * -lookup_sev_guest_info(const char *id) -{ - Object *obj; - SevGuestState *info; - - obj =3D object_resolve_path_component(object_get_objects_root(), id); - if (!obj) { - return NULL; - } - - info =3D (SevGuestState *) - object_dynamic_cast(obj, TYPE_SEV_GUEST); - if (!info) { - return NULL; - } - - return info; -} - bool sev_enabled(void) { @@ -682,10 +662,9 @@ sev_vm_state_change(void *opaque, int running, RunStat= e state) } } =20 -int -sev_guest_init(const char *id) +int sev_kvm_init(ConfidentialGuestSupport *cgs) { - SevGuestState *sev; + SevGuestState *sev =3D SEV_GUEST(cgs); char *devname; int ret, fw_error; uint32_t ebx; @@ -698,13 +677,6 @@ sev_guest_init(const char *id) return -1; } =20 - sev =3D lookup_sev_guest_info(id); - if (!sev) { - error_report("%s: '%s' is not a valid '%s' object", - __func__, id, TYPE_SEV_GUEST); - goto err; - } - sev_guest =3D sev; sev->state =3D SEV_STATE_UNINIT; =20 --=20 2.29.2