Add QEMU debug support for SEV guests

[PATCH 00/11] Add QEMU debug support for SEV guests

Ashish Kalra posted 11 patches 3 years, 5 months ago

Download series mbox

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/cover.1605316268.git.ashish.kalra@amd.com

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Markus Armbruster <armbru@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, "Michael S. Tsirkin" <mst@redhat.com>, Eduardo Habkost <ehabkost@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>

accel/kvm/kvm-all.c       |  22 ++++
accel/kvm/sev-stub.c      |   8 ++
accel/stubs/kvm-stub.c    |   8 ++
hw/i386/pc.c              |   9 ++
hw/i386/pc_sysfw.c        |   6 +
include/exec/cpu-common.h |  18 +++
include/exec/memattrs.h   |   2 +
include/exec/memory.h     |  49 ++++++++
include/sysemu/kvm.h      |  15 +++
include/sysemu/sev.h      |  12 ++
monitor/misc.c            |   4 +-
softmmu/cpus.c            |   2 +-
softmmu/physmem.c         | 170 +++++++++++++++++++++++++-
target/i386/kvm.c         |   4 +
target/i386/monitor.c     | 124 +++++++++++--------
target/i386/sev.c         | 244 ++++++++++++++++++++++++++++++++++++++
target/i386/trace-events  |   1 +
17 files changed, 642 insertions(+), 56 deletions(-)

Expand all Fold all

[PATCH 00/11] Add QEMU debug support for SEV guests

Posted by Ashish Kalra 3 years, 5 months ago

From: Ashish Kalra <ashish.kalra@amd.com>

This patchset adds QEMU debug support for SEV guests. Debug requires access to the guest pages, which is encrypted when SEV is enabled.

KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are available to decrypt/encrypt the guest pages, if the guest policy allows for debugging.

Changes are made to the guest page table walker since SEV guest pte entries will have the C-bit set.

Also introduces new MemoryDebugOps which hook into guest virtual and physical memory debug interfaces such as cpu_memory_rw_debug,
to allow vendor specific assist/hooks for debugging and delegating accessing the guest memory.  This is used for example in case of
AMD SEV platform where the guest memory is encrypted and a SEV specific debug assist/hook will be required to access the guest memory.

The MemoryDebugOps are used by cpu_memory_rw_debug() and default to address_space_read and address_space_write_rom as described below.

typedef struct MemoryDebugOps {
    MemTxResult (*read)(AddressSpace *as, hwaddr phys_addr,
                        MemTxAttrs attrs, void *buf,
                        hwaddr len);
    MemTxResult (*write)(AddressSpace *as, hwaddr phys_addr,
                         MemTxAttrs attrs, const void *buf,
                         hwaddr len);
} MemoryDebugOps;

These ops would be used only by cpu_memory_rw_debug and would default to

static const MemoryDebugOps default_debug_ops = {
    .translate = cpu_get_phys_page_attrs_debug,
    .read = address_space_read,
    .write = address_space_write_rom
};

static const MemoryDebugOps *debug_ops = &default_debug_ops;

Ashish Kalra (3):
  exec: Add new MemoryDebugOps.
  exec: Add address_space_read and address_space_write debug helpers.
  sev/i386: add SEV specific MemoryDebugOps.

Brijesh Singh (8):
  memattrs: add debug attribute
  exec: add ram_debug_ops support
  exec: add debug version of physical memory read and write API
  monitor/i386: use debug APIs when accessing guest memory
  kvm: introduce debug memory encryption API
  sev/i386: add debug encrypt and decrypt commands
  hw/i386: set ram_debug_ops when memory encryption is enabled
  target/i386: clear C-bit when walking SEV guest page table

 accel/kvm/kvm-all.c       |  22 ++++
 accel/kvm/sev-stub.c      |   8 ++
 accel/stubs/kvm-stub.c    |   8 ++
 hw/i386/pc.c              |   9 ++
 hw/i386/pc_sysfw.c        |   6 +
 include/exec/cpu-common.h |  18 +++
 include/exec/memattrs.h   |   2 +
 include/exec/memory.h     |  49 ++++++++
 include/sysemu/kvm.h      |  15 +++
 include/sysemu/sev.h      |  12 ++
 monitor/misc.c            |   4 +-
 softmmu/cpus.c            |   2 +-
 softmmu/physmem.c         | 170 +++++++++++++++++++++++++-
 target/i386/kvm.c         |   4 +
 target/i386/monitor.c     | 124 +++++++++++--------
 target/i386/sev.c         | 244 ++++++++++++++++++++++++++++++++++++++
 target/i386/trace-events  |   1 +
 17 files changed, 642 insertions(+), 56 deletions(-)

-- 
2.17.1