From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078118; cv=pass; d=zohomail.com; s=zohoarc; b=ZkSjyF456M4Q8h0MmaMS+eflPfJ7IiFDiA/ShUFP4Ru4J40giz0h5mI+WQBmBGiegxql454QygsbQIasE0PCtXrfqpOFyiSNJt53I/wgCFp52xXQlUUVYXaazM4thXIpXWVRPYj8oZDp1v28BssI6J2isHBIduv/zpuEZ/rLDss= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078118; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Kl0EvZ8CasqpGL+S6YZkacvZmfF5LkwyRzvkkOi81V4=; b=WtavTohbrxx99YZcaHq8ACF+s667LJcH31FxXOyTnnDaR7HNd7d1nSAxKvJWQYcAlS1dCFs5ttorY2Z9WFJV1yMeTm0hMqjJSghua6DUuR26u4zhlSOsrXQVAFFlvAKvrEP2Dpkjll56b/4hLAnHTSCNHfRUIivva1NfTT5kH9k= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078118636529.0169399169613; Wed, 4 Aug 2021 04:55:18 -0700 (PDT) Received: from localhost ([::1]:35672 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFUS-00029U-RB for importer@patchew.org; Wed, 04 Aug 2021 07:55:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56650) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFTA-000190-B0 for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:53:56 -0400 Received: from mail-bn8nam11on2070.outbound.protection.outlook.com ([40.107.236.70]:36769 helo=NAM11-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFT8-0001Uq-4k for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:53:55 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2687.namprd12.prod.outlook.com (2603:10b6:805:73::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.25; Wed, 4 Aug 2021 11:53:18 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:53:18 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0701CA0025.namprd07.prod.outlook.com (2603:10b6:803:2d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18 via Frontend Transport; Wed, 4 Aug 2021 11:53:18 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mjq0/i/9XXGiSGoAlaAu9cRj4QtrfA4+tsj8MTtmRSwOl1zzSPSJo8NoUjMOXZNANXhpdMXVNdn4wPGyl2VKMbNK6zkQRb3DwEoNzLJ8PZb757nryrMTfMUVCPbnfUpUULnOLTzeEbhAje0yobFlhkIOwBwsl7rn83D2+YpP75RkNKlaYnsjXlWQ1YUAieyXiBfkFrDv44DBE2pA3xBy7CMmFrYuvyMk4iy/D/jzK18No0/89HMUvLtoNYFXGejE6hXwwNKdjpR35Az6h+YSXiRXRqW07+s2VRCS51t3tajgTzlLEHIYpFIh3579KuTj/nlPcVcmvWJAsh61KPnODg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kl0EvZ8CasqpGL+S6YZkacvZmfF5LkwyRzvkkOi81V4=; b=TeblgtpPFp/GY314LnVfKr9MTuds/5ax3kYbZNtT+sbhpubeUAUsSOC3sny7VsYGM/w1K88r1W2XDxFib8lSDw1mYpy82SeP4l8xYGhK97uo8KF/V0WWwPe8lwGucq7DN4ddCYc1yqr7cDJ6ZnZ/mur73EFqw1nhFPGKlD+HhFQkqFwbk7ttQ9dUdLSgP4GF4a1x0aSZGpaVP5vbEVq4v9I9sxz64rp1E7vxbvQ8nf+DLEwBVembe8rhl28OUaLS6rhapZectzY0up7EEbVL1VAoj9qA1tCaSmUnbxNBCAY5Xhr73AbypGadpCEllsxBPfVYixbTY60HJmCpvzri+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kl0EvZ8CasqpGL+S6YZkacvZmfF5LkwyRzvkkOi81V4=; b=l5r+1qcIl0zwjGnE/+hyS0QDWSYtvR9xcyjfD/ODQpHZJs93zNa2na9Yaa1JrHcwQk4uUQvowoRHzNxH0y3B8xK4mgObYFkb/KNQICPgh1MCs5A9JVbOdZ9nC+snI2Tbdnekh0nqcCZnJn6AjzZG/gjHFKQKJYGi0wrN/dWU/Ng= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 01/14] doc: update AMD SEV API spec web link Date: Wed, 4 Aug 2021 11:53:05 +0000 Message-Id: <3c88c509d6b96f8beaf5335b8c266714405cc09e.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0701CA0025.namprd07.prod.outlook.com (2603:10b6:803:2d::22) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5aec6553-5c55-4b81-93dc-08d9573e7350 X-MS-TrafficTypeDiagnostic: SN6PR12MB2687: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3044; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XKCcIXtPQSGQKTy/ICMn924uWDvxtaob6A7dfEbe1mOdKR1cym5wmTvZlUJfOSDBWft+986qzL7Cr0k/uk20+BtSAC5Gf1CT8UgGT2rWTXtnJjSOqPYiGXx62zHybcH92+xes9wHpoSzlSHVuyeWHwPHRG2s/D9SwS92pgBr9JSsM37wezlXgSwIsZs4rEmp7Da6sylOsZiRdTOmcgEmS5+In5WQC5m8ONzHElZR4Qra3S9q/l3OaUe+5X6VTwI0ri/aAjZDqIsp+8Gnx+t1VymeIqiPrTHc9ig9vVapjTxF9lNbnMtqjqbAWGwr3xCujORtcDPB0Gyt5o44PEJDOhzFhP4bB7wvfFyJq1rkeed5kcszd1XpMYgQL86NhjVtSLKal2FiPZ7FA94/I2eh+4K4MVPoYbW2CYxs24mOalmQN31ZGWIK2Ftmgchcgmryu8d4egszwzxO0VFRW7sy0ktqeVXoPHuaJBsqvB/zqGxU0vlsVSiyzqI8OqgyN8W6V7IgNLpV0B5ob/54TdNhyQDoC2ZVXCU1Zcb/G5Nfemqtj63blDN07KQymqen0K2UvxDz5c6fiNFH1Ed5bOho4JQk1rd9NYst3bKerhCbnsL9aD1yAUIdWZz0RHENIwUnlJ0JFMYlNSCO3ywj2o3iWMkdPN1PM7gxxBOzkrSLQhAEonTi2u1S85mrgOpt5USb+qx0SaI/3OQtrlPV22E9PA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(396003)(366004)(136003)(39860400002)(8676002)(186003)(316002)(8936002)(52116002)(6666004)(956004)(4744005)(83380400001)(2616005)(6486002)(5660300002)(6916009)(86362001)(478600001)(36756003)(4326008)(38350700002)(66946007)(66556008)(38100700002)(7696005)(26005)(2906002)(66476007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?9BU7oEkyZF6v2aNQtRJGB3N3EZXexqEFChnHkHgZdIW2k1/i/uzWT9/FzLJT?= =?us-ascii?Q?8Hfbt4+F1MvlPz8u9aEWurvX2kHP9Ns6tbjAoWjThNkyFl6m+qX8BMVh+sIT?= =?us-ascii?Q?x0eSfb6I5/cyQrEBs9HLwYJHmdsOvAT5LZFzz5vVzSpV9uXr36vsPVpRg6Mb?= =?us-ascii?Q?Q52Ned4esy5LP6tHK12/glBs3+q30aGno1q6JEnTNTLIrECHjoF/Rf7f5pAX?= =?us-ascii?Q?QiYCzD+7N3xwTxcEGGc/zoeDDiOio8VUVpTKfa/tjOx/uXuCSIXKGuGY1NsL?= =?us-ascii?Q?WNfXjSQV82ENobFMb7RxyObGjNw4/N9Hu34/jfm0YyJZ50i7W0pkuPl9j5K6?= =?us-ascii?Q?sEHVnSyhdFgK08yZxNaboq5mIsWtp4NpSLvpNRxyO74hIqU71NTgtLWOWxE0?= =?us-ascii?Q?UjzxtcAuv09X+0U9hS0cRbxBfVk3rBUHEi18+U6E+o337iSA3SDPx35sIRgN?= =?us-ascii?Q?ZkGHKCD8K0Scepa4qVL+JvvhJFkTTtlZPJCy8kgqRHXLUGksgos1eEtEjNSb?= =?us-ascii?Q?an++158a+uCq06d3IXwblLCJZa0y8j6Axup75Q65Vn9gEesFXj1KIRyIgIOm?= =?us-ascii?Q?kkAcYHW4KlFI47Q7D7GY9Ft8ITjNBFqa5++i7AmAJf+zeE45z84jODd8q4ja?= =?us-ascii?Q?9Rxh2fv/TI8wVjIKreou5+0y6DFvscanFZ8HdRSfh0aoV1XNX1j2oLGdXSux?= =?us-ascii?Q?i/B5GDUfF7rUMdfCRJ6qOgkFeuBMpm57ea1iCCR4cllO7tR5T0H/PV1i0Sx3?= =?us-ascii?Q?vLbtFDsfz1CAw8unNM24t3yx8QKIzKy4cIc7eoEx6URaXrNyAIKEp10QKO1t?= =?us-ascii?Q?ILqwu68vKVXNLMGFMnQgd851xjln/AMtwGJQo51QVy9pRx9uLJtJm8+l55+2?= =?us-ascii?Q?pXrNsc+5Eim9o69pntTkONWLFYuyn1jnV7sxW/Alvq7eL8vIq7wEZ/GibYZR?= =?us-ascii?Q?WGcv70TG3iAHeDiBuVtj5l0BXJY2YGiPABmH1V7l2K/vfSVKbNWUfb1e8TrC?= =?us-ascii?Q?CQIXF8G7E04XAsVz4uwTtW7/IwO+siA4vAD+XIaymXyyL9uJ9QQOlpq/n2QB?= =?us-ascii?Q?hsbxPQs/7y6uayxQbK69ZZi7K5eooqBZMORquP8FcYaI7jH58YQIB4FYpsXh?= =?us-ascii?Q?c6Mhxt4iUiFDUfZ0Q5mohgBc6ZXu7e1VwnaEcDC8rEIA+KE+XTIrW66XSrix?= =?us-ascii?Q?KlF8m7b3XHc20kkywN6ISbudlxoYk7jRofxb3vygeFMPYwIDXI+XOdvUqnZg?= =?us-ascii?Q?k0MXb4wS/vuTxqLp4AQSEhB7B99LpNuWEsLkl1xUdtzlHsMJwrk8fQmf1y4r?= =?us-ascii?Q?kViKuCXJD5vnrV8mbFBq+oJk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5aec6553-5c55-4b81-93dc-08d9573e7350 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:53:18.5314 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qsq/RBE5jXELaTbwR4weOUl4KrvBYVNGWgnAMCU5qXTVDp4etoRJzX89YDi9r6NROZsf96hcaqnoG3zopIc7Nw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2687 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.236.70; envelope-from=Ashish.Kalra@amd.com; helo=NAM11-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078121039100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- docs/amd-memory-encryption.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index ffca382b5f..12ca25180e 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -88,8 +88,8 @@ expects. LAUNCH_FINISH finalizes the guest launch and destroys the cryptographic context. =20 -See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the -complete flow chart. +See Secure Encrypted Virtualization Key Management API spec section +'Launching a guest' usage flow (Appendix A) for the complete flow chart. =20 To launch a SEV guest =20 --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078244; cv=pass; d=zohomail.com; s=zohoarc; b=CwjmpQ3GDlO10o66HEyPMGe1XlWm3kolRGxWLBGyh05pqgrsU9X20kkE7V3gX/tJn6Wl6TR4+rorEKqZPQ+miLFAMouc5pfJF9LfLC4ojTdqS8ypS2c/kQPLzxOgu2d2riP5DvkN7JN+PaGOC/GTj/zoVYmMRwHzroqONIyIbhc= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078244; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=w5CXFplllpM2+I9JXijiPVo/++k579H3w06uYwAsozQ=; b=JttxcaQeaFesedbRlOWWwI5x+RLAZvY5rFAd4lvwNTWziGlwNmJeNg/rH1D3m+rMgTL7UMvTb23p+CZAY+UWNmXhS4m1iO8TMJOSQu2wiNFdjx9cd3z05t8l/8zOPA0O2nWglL6X3aXs+f0QV1Il/uOxkeDKh9D8NTBFQ7MhKEs= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078244499325.1914535258202; Wed, 4 Aug 2021 04:57:24 -0700 (PDT) Received: from localhost ([::1]:43466 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFWV-0007T6-9a for importer@patchew.org; Wed, 04 Aug 2021 07:57:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56814) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFTn-00022P-P4 for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:54:37 -0400 Received: from mail-bn8nam11on2075.outbound.protection.outlook.com ([40.107.236.75]:21728 helo=NAM11-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFTm-0001j6-2m for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:54:35 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2687.namprd12.prod.outlook.com (2603:10b6:805:73::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.25; Wed, 4 Aug 2021 11:53:58 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:53:58 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR08CA0015.namprd08.prod.outlook.com (2603:10b6:805:66::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.16 via Frontend Transport; Wed, 4 Aug 2021 11:53:58 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iy9//rTb8qeMyUDjq949+J5U5fkx8GM6QYOoTOjy7x9W5kCr/TDR4d+LI7ZSzFqZcLG6ex6jjQ/gJ8vGDMM1hMSLK/my8q+2lenSCg56zBzVozAzuKQPLJRiSQZIhzLwwojeL/KMHL0GzzOvbj9ITzB8SB/AiIKe5iiAxf7Xg3ULw/av2l6Qcy+vkdPLj+kRkrWsNEXfDDbg3WqZDLkYA+dahqIwlZ88dueMQLH1FNlAtUdz6E8QAo7FVuT583LElu+9Hr6mnp1oj2ZlUgWq+G9WncE2zVnXgWTYudVaeN1QuaVd11w4N7l+CGU2ZjwMVM5dpf1zqzdMTU92/DA1PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w5CXFplllpM2+I9JXijiPVo/++k579H3w06uYwAsozQ=; b=BDVMj5oeZ4/btU/y/d5d+b0VZYME6gAdw50L4Jffpyw11Gp/qP55VvTRJHN/5fKHdsNewod0M+wF+TChN/iKpTxKLgshe5zq/1SSthFX2xkQE3PN9urUuNd/Wjv9sZ6bDNwLrDAHukqVkiwwjjPKFHXvCT/0ZJ0qISvdnkEWO8SoFtbOpNUe2oMjynycoA+w9/nt2SEKwXQlLAMCF2GYi1qdS4cxd0+m++ysTlLacvs1DEYKOcoCzysMmdj7JNogMzBxWbb26NlvXwIPqJPzdbcFg098pMEAuTDW1+g4xQoDmW9MFcu2/lJQvte8FRuy+Krv9g3lMw38goTjR9p85w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w5CXFplllpM2+I9JXijiPVo/++k579H3w06uYwAsozQ=; b=QjlDLgJ13EjTDgZJv8a8RvAC12rEqvXxXQgIJ9Af5rr+eAehAoBqofoxmcY9w8pfDQMdKy4dERy/Pol9xYw4BboSH6Ky0Y5CCiBWhSgbxYAp+6NMQvA2uPcoo7UXzIjTENZDE8wdjTuuWb1cXyBDokQ41+x0hvNDeoK4vSYiu0g= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow Date: Wed, 4 Aug 2021 11:53:47 +0000 Message-Id: <0e2b3d80e3d61b121ff4b508e5299e3c23f7b090.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN6PR08CA0015.namprd08.prod.outlook.com (2603:10b6:805:66::28) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6a4bc873-e8ce-4b15-d152-08d9573e8b2d X-MS-TrafficTypeDiagnostic: SN6PR12MB2687: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dG9S4hHa5NrITd7YIxCemktjOFbY3L3igqafXZBfFzQYoYuhzrkwwUkHsUOoG6t4KVSUkYKzNc1XtwMrEUp6g3YSf/1ZrEk3KaWNcixH9hShOWJYJIHnXbZxfPH1mO056tgBklkv9awACmBLDvObJxun0yGOfDKb/G7JfTwRqg6R8nolw9wlXmxGNwAeP/jOpdRaywSXm0H7/H0eZMPBX3Q7WGO3xC21L/NEPLvMeas4FK6AaUeX8SOW230aGdz/jTAlO3Zxm4IzWbje7K+Aa74pMpRwyJzN6DtGpke2EjtKPEu0Bb+6C5hztK9uoZ72+ptIFNhYtigH3xZfCeJ6ErbVRey1kBWPuwpuVeNrR9e05peXKvu6vh4QxkjzPoAw3lKXXNWcr8uQTzqIpdZoQVJBcrqVEFK02e8mTuKBJbOmDbfmP2Xq0UyIFFedqRuEiG8tXoY0Ln/XF5PvHoHw0BWnQaIrcK+rut7I4LXv9bJ+Zs32JlJagAyXB6DiLFYIlrHBXMB5G+doRBv7gmiKzZPbzeToIUjGrNThV3/lmPr1jC2tM02XTjsTrCj258cLqUggjGc8s9o+E/Lw94ExrgIeRRqga1ZdKZ3ew6hRRxaySSAtESplLeODrYN5tS/7RKGFoj5pKVGKp8UElBp+sRvfl/Sw4IjHT577Gz92hbYrpBfy+CZkdrS8PnUa+1hJvG/3zom8o7bZXonOGExcKg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(396003)(366004)(136003)(39860400002)(8676002)(186003)(316002)(8936002)(52116002)(6666004)(956004)(15650500001)(83380400001)(2616005)(6486002)(5660300002)(6916009)(86362001)(478600001)(36756003)(4326008)(38350700002)(66946007)(66556008)(38100700002)(7696005)(26005)(2906002)(66476007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?8DIDQwMm99yPRV1IyzVqtl4g+xq+L4Fyqr1BAsIlvSc/D1SHaIuQG4C6Fkng?= =?us-ascii?Q?lvvsAFqSNsrJrVlly3o8E1hF/J6Zq02SO2/Hr02SgEE55j62egCpuuYPbmSk?= =?us-ascii?Q?9o8VGlOnvWlNu2wDsyinewymwTKMZgktR6kgH8U2c1yQrQym1qq//OBYwd1H?= =?us-ascii?Q?YYfTnZR93AS6eBB1g77A4qV7Pq4UzXGdRkZzrw7czwUelxm6GemiSOvNt3Xr?= =?us-ascii?Q?8EMyxElvmZJKc4YxE4nVC6PJ+0YLQpIMDRjNrQU9HxTshuwRbrqoq+6M6yof?= =?us-ascii?Q?MR0ttTUCExLXPWAsmkaNgNZ6POqY70CoA8A2YpRSt0NYYjkwShufD0ps02Ag?= =?us-ascii?Q?lKzqmHS9JZyFrSMUR6LTgus05kuBzhFJQhE8lvk+8W145Yf2b8KJPHJ5fmwg?= =?us-ascii?Q?Z3DBa1ET20oumLPHJltOXNweg3/EN3VyU3CWCnlzD7CmQ+G0XdtpXlRHM3dv?= =?us-ascii?Q?HTOqqCEvUttNX+zG34VjX5dNEi1cdUW+04SaZXG6eHoIGMp4skmp4qpVr6T4?= =?us-ascii?Q?FT2NZPg4NXdc+d0+QKa2XrgGuvNS831Fu99eMkmOwS2xXPfdrc/BBHjN8WLE?= =?us-ascii?Q?I7zHkh8wylVxAxlGktREaVcsZdiFUnlh0mbyxIOpK9vlPNMwtt+S5Q/S5FdU?= =?us-ascii?Q?DbQkt7MTm3UJo6TkWRflDvXE7q+VAlHH1HeicZ/rBHXJjEG+jAFkIhPuWgpF?= =?us-ascii?Q?6KFiE76uFElTNSdJPA9eCSmX+1iaK43P1sqUknPn+BW+cIpLnD7ws7p0KXKc?= =?us-ascii?Q?vh+yBKAoImVcbykdTNkE2s7bIXDxgdecPLuS/VYh95m45rbLDXieZBUZppE4?= =?us-ascii?Q?bbA1E9RItub6WJDeuJxCzXGpG1qTv6aYuGI0/o7lWBes+dI23VXWsK/FiP+c?= =?us-ascii?Q?vUOHg4eG8WFfAZGq8ztP5yPh2FcwSG4EArjMmETVomx8S0YCrdIMGB6BQHns?= =?us-ascii?Q?DnLuCzu7lqr+DnfgBg+1TRX2JH44ublY5lQLyacxw8Ii96ITkpqbGDA7AzBz?= =?us-ascii?Q?m1cxEHT+RQ3mCpR2OWbWie4bboMSBCUhNAxsXh2AHoXJ79PLppYGD2L/2wkg?= =?us-ascii?Q?rKaxCoxBHjuLip6MvhaHTcnNx8sxM/L5MvGXVWFpjHuIvOWX2blTpYUa8xPW?= =?us-ascii?Q?SQnmwWmt9WekvIo78O+3icsX9nCra1K4BghS04A7iYD3TvA3cibhxf4FRS2h?= =?us-ascii?Q?WkipJCU+xZhLUYJjBhShyE9jcnyOV9aPDv7JzxzFBdasZbTYsTZZsoHTfqvU?= =?us-ascii?Q?V9O4W3k1/N1bKsK3DUyDRFuzk//kS4zeWUstzHxTgK6vaGNQsgSPwK54XuTo?= =?us-ascii?Q?RW3yoUyUTdyy5v37+OXYDnrg?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6a4bc873-e8ce-4b15-d152-08d9573e8b2d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:53:58.5749 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3HwoURe+jjWe3ajAwwyHEaDvjGZtiiDXYMAbLayXJNu3cwf2OX8X4UUXQ6Cd3yIvP+8/XFrEoU8u0EenUZh9pw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2687 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.236.75; envelope-from=Ashish.Kalra@amd.com; helo=NAM11-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078246272100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- docs/amd-memory-encryption.txt | 46 +++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index 12ca25180e..0d9184532a 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -126,7 +126,51 @@ TODO =20 Live Migration ---------------- -TODO +AMD SEV encrypts the memory of VMs and because a different key is used +in each VM, the hypervisor will be unable to simply copy the +ciphertext from one VM to another to migrate the VM. Instead the AMD SEV K= ey +Management API provides sets of function which the hypervisor can use +to package a guest page for migration, while maintaining the confidentiali= ty +provided by AMD SEV. + +SEV guest VMs have the concept of private and shared memory. The private +memory is encrypted with the guest-specific key, while shared memory may +be encrypted with the hypervisor key. The migration APIs provided by the +SEV API spec should be used for migrating the private pages. + +The KVM_HC_MAP_GPA_RANGE hypercall is used by the SEV guest to notify a +change in the page encryption status to the hypervisor. The hypercall +is invoked when the encryption attribute is changed from encrypted -> decr= ypted +and vice versa. By default all guest pages are considered encrypted. + +This hypercall exits to qemu via KVM_EXIT_HYPERCALL to manage the guest +shared regions and integrate with the qemu's migration code. The shared +region list can be used to check if the given guest page is private or sha= red. + +Before initiating the migration, we need to know the targets machine's pub= lic +Diffie-Hellman key (PDH) and certificate chain. It can be retrieved +with the 'query-sev-capabilities' QMP command or using the sev-tool. The +migrate-set-parameter can be used to pass the target machine's PDH and +certificate chain. + +During the migration flow, the SEND_START is called on the source hypervis= or +to create an outgoing encryption context. The SEV guest policy dictates wh= ether +the certificate passed through the migrate-sev-set-info command will be +validated. SEND_UPDATE_DATA is called to encrypt the guest private pages. +After migration is completed, SEND_FINISH is called to destroy the encrypt= ion +context and make the VM non-runnable to protect it against cloning. + +On the target machine, RECEIVE_START is called first to create an +incoming encryption context. The RECEIVE_UPDATE_DATA is called to copy +the received encrypted page into guest memory. After migration has +completed, RECEIVE_FINISH is called to make the VM runnable. + +For more information about the migration see SEV API Appendix A +Usage flow (Live migration section). + +NOTE: +To protect against the memory clone SEV APIs are designed to make the VM +unrunnable in case of the migration failure. =20 References ----------------- --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078200; cv=pass; d=zohomail.com; s=zohoarc; b=UYk6Yqwkw36UN69GEOmmEArpQQRSQRl9GKgEzA8tmzlPz08p7Y3cuypBSUVXsyDRgB/wKjjq7zkfokPIWhPR+KQP+XboKT3CdwAsspDxDFKT81m3OW2AGAZkWfbzamPkocVDFIRrJawJZhxCAtWWqMXbPNgb6dV9itmn3C+F8/U= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078200; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=fIRBBS2neT7f6cOKwwZEM563fZ7gbVmuQ2sr7H3ZONM=; b=ewhP0cVJUbu3j1RMpdOAah/eDHBbBIc3rkLGGit5WGMCGAMi1zT1V6XjKopeTjRkuSqEx99h6ejjro4Q+V3cSBeq0OILAsgrIOWA9uFuvIGgJCd4RPiGBKfCai+7Fh/JOfRNp8tg+JUkRULnycVM1MZfEYJYafieVzd/gUq3hp8= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078200022714.4809425743416; Wed, 4 Aug 2021 04:56:40 -0700 (PDT) Received: from localhost ([::1]:40088 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFVm-00057X-SZ for importer@patchew.org; Wed, 04 Aug 2021 07:56:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56898) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFUD-0002Uy-RX for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:55:01 -0400 Received: from mail-dm6nam10on2079.outbound.protection.outlook.com ([40.107.93.79]:38049 helo=NAM10-DM6-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFUB-0001tX-I0 for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:55:01 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4413.namprd12.prod.outlook.com (2603:10b6:806:9e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Wed, 4 Aug 2021 11:54:57 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:54:57 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9P223CA0011.NAMP223.PROD.OUTLOOK.COM (2603:10b6:806:26::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Wed, 4 Aug 2021 11:54:56 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AItZxgyMA+O664lHz0/r4Foa+NnYWsp4xs/ymXQwrv/pBDfsic8/hsRrIEfdVKs3wAsO3BVMrlFVkJA8mZlsn4MtX+2Cn0Imw/T+d0qQEHZ3TFTpxWmoA8AqBWAmiBlLmOyaOxa6Qd+++VKfpggO+StZn6/p1QOLf9oXzDFY/CdZ/l1t2pWzd4g6gcl07aY0FLD49ToL/0IpJgfgwBJyjiDbs9XztO2Jhu6uh9dse8FdqDXVvi0oh5y2nY4wFvYJnEf9wBgHDxC0gnTAL4wn1RLBLtXjROf0FrNbrz382U5reVkCRCdihF4Z1LEGSecX8yXV2jClhBXDh+f7E4MMBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fIRBBS2neT7f6cOKwwZEM563fZ7gbVmuQ2sr7H3ZONM=; b=JYbV3txiNm7fDzgQpBXHHS3g0RBhOVaMQH3ZabrO7BqT4JYALzigMhk4UydQhrPqiG9V6Y42zELcGygzucyd4gb5zYYVp/wB4XD8SDKkshB86W/nE7Jl0Q9MEAV8NpT8DzHSFvEl7zcxuCZFmPjBO3x7FGt3yq9GnrRKPlCRpqjm2Bv9YUp2/hqjRRb7Bj/JKuxgzWL7bGLtH1d3CoVMKpkgGWzme/YTcezRaKO9QBh3bwDqDRO1kAHSqxK0Qx+3QgcOi7/1L2lu+FgpkP3uVNZvReqk0f9QB6dDYAsOPhFYYAsS8FYClMAlTPCkRd2Vt1D+cwo0qR+nfy6FtrfW+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fIRBBS2neT7f6cOKwwZEM563fZ7gbVmuQ2sr7H3ZONM=; b=v6IIwQEe2RFgIgjDgKnBCxl1HgUUt10Re4tlx+fKIG40h8zCJBR3OohnVzdYapkVt4FoHWo5Y3MC2N7D57vd38a906Oo3FwiJXiEJTjcyt184djkL+dh2nrMRhOcYNOecsRrxu/VqUriXtvFTvuJSTtOHbd38Dkd9X8bMPGPvfA= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 03/14] migration.json: add AMD SEV specific migration parameters Date: Wed, 4 Aug 2021 11:54:43 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA9P223CA0011.NAMP223.PROD.OUTLOOK.COM (2603:10b6:806:26::16) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 88dd88e8-9b3c-4a77-2ea1-08d9573eae09 X-MS-TrafficTypeDiagnostic: SA0PR12MB4413: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:419; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ErlT9m1YSWpMAXzRm2hGaJ5fkXQ5S//u73NDHBla9SJz2PourAxmHlL3s36bJnkcKD8JEIHeBk5fbQlpcLk/Q3wjEsi5kn0VlUmTuiHASNGVRXTTylbF7rlvfnyHbCF26T2yKT2+IkJG9aT2Rgsr/nlSIFU5U2wyRbNLVEQ9mG7iL3DxcwFvc6PbZ9hY+0r2qmk1YwP7B5ZQDd/FKyzDNu8oGff4WuBReSgsy4CMHIwMjUzvqwP3rNGDbeE28fv1jGfK+m6p7IwH9+vIFu1eXlS8ihsildaPgNKKlv1Ul6twh81pGv0C0+Ict2j0kZnKiEu3kaBoNdc7rksIa8Yz/VqP4bWMSlSZXnmENn/YONcGAUhB8r4Apjl+4MPv3GK7P2z64gEpzLSoxkECiQeSov6CsQb4his11G1S6w+FFktNjweSqAraaULEiqz0ccsBrTzBeFETaqRXaJDWeP5G8uI68ob+70mzYDS2R6SokVQEyQojKMczv5F+6Qo35MK5M4hkHyqwZwvb78LjggHJtQdFmpnfBX0ydKW0cN3qZAglgYsCMxiItxyCi3JWI/lZ7I4zNC0HyzJif0QOyik0Re2YmRsDfHFmmgykHIte/TPx+d7Txhx28Fim+ubY4EG894kfLgeHnMxQpOJAZKaml7rn+eyIhzPY4oFDfpHJtgtMXf5mD2ghVJYAf/YDxTkiU8gwtzM3thcirGiiSFmxSg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(346002)(136003)(39850400004)(36756003)(38350700002)(2906002)(6486002)(8676002)(38100700002)(86362001)(5660300002)(478600001)(52116002)(7696005)(316002)(83380400001)(66946007)(2616005)(4326008)(186003)(6666004)(6916009)(26005)(66476007)(8936002)(66556008)(956004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?GV6KIKBw/aNJQR0BxqhdGXt8bY7b1WXVPAnXMnGRZ/CInkmaUK2q5kJ04jPy?= =?us-ascii?Q?YQsuhKEqJBzF0RancA5uRKepTZPp21tr7n2CDhimkF04+W8V89lEre/dpw+S?= =?us-ascii?Q?w/61p1Phbt0Ojs93PUFBCCUUPVUs8IXf8DdIiv4z2ZrQMRv2WBORFnjn0JFJ?= =?us-ascii?Q?dcShsXKB+9vW8ymPPNJKWAyV8juW37KSmsycWStpiPtEn1xiB7RSJnTV3H+3?= =?us-ascii?Q?vi2JucDkj0WpWI//b7tg3njZelkJ6DHcWTroAEErT3VRfYjzRVAUIEvweist?= =?us-ascii?Q?o8IsacbVz2UH6peLBqwPFypdt1aVih1nhuNJog5LsqNKfu0Lkw9sIq3KpsLA?= =?us-ascii?Q?bLjaj2gv8hSX2TVIis1qnNwliWa6Krp7pTPYgvackEK1t6KGyk8ybCbMaW2d?= =?us-ascii?Q?dvf15lKm6ANSv6of9vtp+VziiO4+f/9mp8FykVIPxakN/MAHLFSHAL++YMf/?= =?us-ascii?Q?4A8fcHak7MmcE27IC6z0wedUPpd8iaYVdE44wLw8dGetji0MVr4KbWCgboC3?= =?us-ascii?Q?KD/Gc7+xkuKpU2v7nbRPdEzw4VBCZsA785cA+F1pnNryPn1ZwHE8rDqPTQj2?= =?us-ascii?Q?Sl/HdsgyWj6RW3txEr0tWvv05IMw8eX+LwrwvTjsGWcx+2I+HTiY0ePAdVq4?= =?us-ascii?Q?yx/6aXxmP06sxu/qledVeCGXorc8PKJo0nGZ0Q16/26pN0SdXdsfmmpYER2l?= =?us-ascii?Q?AaYJgY4G7FTNsBrnP2SlFl/dQVKK0vUg6d3ImQs7EmH1IUOmdXj5SSgTTnU/?= =?us-ascii?Q?YXHZnJw+cY2RQb7C3bUpEpVvgkqGpW9P7WyEtLDtEv3WvKLSyuggPJOUubAt?= =?us-ascii?Q?CBqaVZxQBmbE6cf4YhxtKzwwLoq8EFJ9kJ9k8QuaL7BehYwH98lRMQKU/+Ex?= =?us-ascii?Q?BGeyBFeKzhr0fxaypgfouJ3pdZCZTaprn45D16qwUbJ28G2JKMawHs08r/iN?= =?us-ascii?Q?eSTe1d/RysNC3snzicxHNQd3/TOHSXdGzL1Z9559wRL6JeTVoY/88BGwY2P9?= =?us-ascii?Q?Qlgclsoh3fqN/fNwJAbH1QkxX7SJyGmXu9CgK8voQ/x4sVkq42QiXF1EgoMW?= =?us-ascii?Q?PwDi/krAA+efdXXLA8H5cWdt5wf7i4YLR7aWm0aAdp0ozDRn0mnmcVYrlT+1?= =?us-ascii?Q?4m9wyxRRh1nRfAP0v6VnF/kBHvnsSEhfQyf0ez93ktijVSgWPbxjRiZu33AI?= =?us-ascii?Q?/1th9U9HJfMCOSiZssjVFk29Ncn+3J8m89tog1yuucDj6osYpR0KD5G1siln?= =?us-ascii?Q?ewR2AQ1b1qGrJAXYro9yUNjs3Jw1eE1zR9ymecnS9qjv8aSjLzQCWlFHTA7k?= =?us-ascii?Q?5E2QIUX9vXHg4gU89psCO3/F?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 88dd88e8-9b3c-4a77-2ea1-08d9573eae09 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:54:57.0441 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IER4pg1wdKQywFFPWYcyQrkYKMYZAlZ5W5AS7ClasmlIqAFqmkhIGLuG54JiNj4BZpBIp+b8AYpge3QMxoFGbw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4413 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.93.79; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-DM6-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078200960100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh AMD SEV migration flow requires that target machine's public Diffie-Hellman key (PDH) and certificate chain must be passed before initiating the guest migration. User can use QMP 'migrate-set-parameters' to pass the certificate chain. The certificate chain will be used while creating the outgoing encryption context. Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- migration/migration.c | 61 +++++++++++++++++++++++++++++++++++++++++++ monitor/hmp-cmds.c | 18 +++++++++++++ qapi/migration.json | 40 +++++++++++++++++++++++++--- 3 files changed, 116 insertions(+), 3 deletions(-) diff --git a/migration/migration.c b/migration/migration.c index 041b8451a6..daea3ecd04 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -907,6 +907,12 @@ MigrationParameters *qmp_query_migrate_parameters(Erro= r **errp) params->announce_rounds =3D s->parameters.announce_rounds; params->has_announce_step =3D true; params->announce_step =3D s->parameters.announce_step; + params->has_sev_pdh =3D true; + params->sev_pdh =3D g_strdup(s->parameters.sev_pdh); + params->has_sev_plat_cert =3D true; + params->sev_plat_cert =3D g_strdup(s->parameters.sev_plat_cert); + params->has_sev_amd_cert =3D true; + params->sev_amd_cert =3D g_strdup(s->parameters.sev_amd_cert); =20 if (s->parameters.has_block_bitmap_mapping) { params->has_block_bitmap_mapping =3D true; @@ -1563,6 +1569,18 @@ static void migrate_params_test_apply(MigrateSetPara= meters *params, dest->has_block_bitmap_mapping =3D true; dest->block_bitmap_mapping =3D params->block_bitmap_mapping; } + if (params->has_sev_pdh) { + assert(params->sev_pdh->type =3D=3D QTYPE_QSTRING); + dest->sev_pdh =3D g_strdup(params->sev_pdh->u.s); + } + if (params->has_sev_plat_cert) { + assert(params->sev_plat_cert->type =3D=3D QTYPE_QSTRING); + dest->sev_plat_cert =3D g_strdup(params->sev_plat_cert->u.s); + } + if (params->has_sev_amd_cert) { + assert(params->sev_amd_cert->type =3D=3D QTYPE_QSTRING); + dest->sev_amd_cert =3D g_strdup(params->sev_amd_cert->u.s); + } } =20 static void migrate_params_apply(MigrateSetParameters *params, Error **err= p) @@ -1685,6 +1703,21 @@ static void migrate_params_apply(MigrateSetParameter= s *params, Error **errp) QAPI_CLONE(BitmapMigrationNodeAliasList, params->block_bitmap_mapping); } + if (params->has_sev_pdh) { + g_free(s->parameters.sev_pdh); + assert(params->sev_pdh->type =3D=3D QTYPE_QSTRING); + s->parameters.sev_pdh =3D g_strdup(params->sev_pdh->u.s); + } + if (params->has_sev_plat_cert) { + g_free(s->parameters.sev_plat_cert); + assert(params->sev_plat_cert->type =3D=3D QTYPE_QSTRING); + s->parameters.sev_plat_cert =3D g_strdup(params->sev_plat_cert->u.= s); + } + if (params->has_sev_amd_cert) { + g_free(s->parameters.sev_amd_cert); + assert(params->sev_amd_cert->type =3D=3D QTYPE_QSTRING); + s->parameters.sev_amd_cert =3D g_strdup(params->sev_amd_cert->u.s); + } } =20 void qmp_migrate_set_parameters(MigrateSetParameters *params, Error **errp) @@ -1705,6 +1738,27 @@ void qmp_migrate_set_parameters(MigrateSetParameters= *params, Error **errp) params->tls_hostname->type =3D QTYPE_QSTRING; params->tls_hostname->u.s =3D strdup(""); } + /* TODO Rewrite "" to null instead */ + if (params->has_sev_pdh + && params->sev_pdh->type =3D=3D QTYPE_QNULL) { + qobject_unref(params->sev_pdh->u.n); + params->sev_pdh->type =3D QTYPE_QSTRING; + params->sev_pdh->u.s =3D strdup(""); + } + /* TODO Rewrite "" to null instead */ + if (params->has_sev_plat_cert + && params->sev_plat_cert->type =3D=3D QTYPE_QNULL) { + qobject_unref(params->sev_plat_cert->u.n); + params->sev_plat_cert->type =3D QTYPE_QSTRING; + params->sev_plat_cert->u.s =3D strdup(""); + } + /* TODO Rewrite "" to null instead */ + if (params->has_sev_amd_cert + && params->sev_amd_cert->type =3D=3D QTYPE_QNULL) { + qobject_unref(params->sev_amd_cert->u.n); + params->sev_amd_cert->type =3D QTYPE_QSTRING; + params->sev_amd_cert->u.s =3D strdup(""); + } =20 migrate_params_test_apply(params, &tmp); =20 @@ -4233,6 +4287,9 @@ static void migration_instance_finalize(Object *obj) qemu_mutex_destroy(&ms->qemu_file_lock); g_free(params->tls_hostname); g_free(params->tls_creds); + g_free(params->sev_pdh); + g_free(params->sev_plat_cert); + g_free(params->sev_amd_cert); qemu_sem_destroy(&ms->wait_unplug_sem); qemu_sem_destroy(&ms->rate_limit_sem); qemu_sem_destroy(&ms->pause_sem); @@ -4280,6 +4337,10 @@ static void migration_instance_init(Object *obj) params->has_announce_rounds =3D true; params->has_announce_step =3D true; =20 + params->sev_pdh =3D g_strdup(""); + params->sev_plat_cert =3D g_strdup(""); + params->sev_amd_cert =3D g_strdup(""); + qemu_sem_init(&ms->postcopy_pause_sem, 0); qemu_sem_init(&ms->postcopy_pause_rp_sem, 0); qemu_sem_init(&ms->rp_state.rp_sem, 0); diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c index e00255f7ee..27ca2024bb 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -1399,6 +1399,24 @@ void hmp_migrate_set_parameter(Monitor *mon, const Q= Dict *qdict) error_setg(&err, "The block-bitmap-mapping parameter can only be s= et " "through QMP"); break; + case MIGRATION_PARAMETER_SEV_PDH: + p->has_sev_pdh =3D true; + p->sev_pdh =3D g_new0(StrOrNull, 1); + p->sev_pdh->type =3D QTYPE_QSTRING; + visit_type_str(v, param, &p->sev_pdh->u.s, &err); + break; + case MIGRATION_PARAMETER_SEV_PLAT_CERT: + p->has_sev_plat_cert =3D true; + p->sev_plat_cert =3D g_new0(StrOrNull, 1); + p->sev_plat_cert->type =3D QTYPE_QSTRING; + visit_type_str(v, param, &p->sev_plat_cert->u.s, &err); + break; + case MIGRATION_PARAMETER_SEV_AMD_CERT: + p->has_sev_amd_cert =3D true; + p->sev_amd_cert =3D g_new0(StrOrNull, 1); + p->sev_amd_cert->type =3D QTYPE_QSTRING; + visit_type_str(v, param, &p->sev_amd_cert->u.s, &err); + break; default: assert(0); } diff --git a/qapi/migration.json b/qapi/migration.json index 1124a2dda8..69c615ec4d 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -743,6 +743,15 @@ # block device name if there is one, and to their n= ode name # otherwise. (Since 5.2) # +# @sev-pdh: The target host platform diffie-hellman key encoded in base64 +# (Since 4.2) +# +# @sev-plat-cert: The target host platform certificate chain encoded in ba= se64 +# (Since 4.2) +# +# @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in +# base64 (Since 4.2) +# # Since: 2.4 ## { 'enum': 'MigrationParameter', @@ -758,7 +767,8 @@ 'xbzrle-cache-size', 'max-postcopy-bandwidth', 'max-cpu-throttle', 'multifd-compression', 'multifd-zlib-level' ,'multifd-zstd-level', - 'block-bitmap-mapping' ] } + 'block-bitmap-mapping', + 'sev-pdh', 'sev-plat-cert', 'sev-amd-cert' ] } =20 ## # @MigrateSetParameters: @@ -903,6 +913,15 @@ # block device name if there is one, and to their n= ode name # otherwise. (Since 5.2) # +# @sev-pdh: The target host platform diffie-hellman key encoded in base64 +# (Since 4.2) +# +# @sev-plat-cert: The target host platform certificate chain encoded in ba= se64 +# (Since 4.2) +# +# @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in +# base64 (Since 4.2) +# # Since: 2.4 ## # TODO either fuse back into MigrationParameters, or make @@ -934,7 +953,10 @@ '*multifd-compression': 'MultiFDCompression', '*multifd-zlib-level': 'uint8', '*multifd-zstd-level': 'uint8', - '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ] } } + '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ], + '*sev-pdh':'StrOrNull', + '*sev-plat-cert': 'StrOrNull', + '*sev-amd-cert' : 'StrOrNull' } } =20 ## # @migrate-set-parameters: @@ -1099,6 +1121,15 @@ # block device name if there is one, and to their n= ode name # otherwise. (Since 5.2) # +# @sev-pdh: The target host platform diffie-hellman key encoded in base64 +# (Since 4.2) +# +# @sev-plat-cert: The target host platform certificate chain encoded in ba= se64 +# (Since 4.2) +# +# @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in +# base64 (Since 4.2) +# # Since: 2.4 ## { 'struct': 'MigrationParameters', @@ -1128,7 +1159,10 @@ '*multifd-compression': 'MultiFDCompression', '*multifd-zlib-level': 'uint8', '*multifd-zstd-level': 'uint8', - '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ] } } + '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ], + '*sev-pdh':'str', + '*sev-plat-cert': 'str', + '*sev-amd-cert' : 'str'} } =20 ## # @query-migrate-parameters: --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078213; cv=pass; d=zohomail.com; s=zohoarc; b=i9Y2zSgTy9ctWcZThildmlploSd0muX2dVLGY2ZYO9fRgmvVKFDJpVAMHE4y30wO8izNEXwxF9387kBeqV0diX8Hm0cPFN5so8+V34RR0EjFnd5/E/v3XViWxsvYjajz37JwXp5JhpoV+QX5yHSyTO1kX0fTOsHheXS/auogNDg= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078213; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=wL6VfR5EJV3AY7eiJEnuBlnPI2KUTx/dhEy/4aqiQ6g=; b=k9Q62MVbNEfKp6XaYvcsKGq0TZXNqfwBaEzBgF6rSJkHcuRTV7PjWY0TGKkZeAX2v77qWouMG8Y1Cy7Q9em7W1vD6QNlR4qxJnbEZzONuAfVQIVL/8qOHuS7DUPKTBS0HDsDPqf9jFbrgw4tooroArUxOGIA5zfP0S+xIIS6hLI= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 16280782138541001.6557432983325; Wed, 4 Aug 2021 04:56:53 -0700 (PDT) Received: from localhost ([::1]:41202 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFW0-0005vX-PQ for importer@patchew.org; Wed, 04 Aug 2021 07:56:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56974) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFUc-00038k-LZ for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:55:26 -0400 Received: from mail-bn7nam10on2047.outbound.protection.outlook.com ([40.107.92.47]:30519 helo=NAM10-BN7-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFUa-00027A-Qn for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:55:26 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4413.namprd12.prod.outlook.com (2603:10b6:806:9e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Wed, 4 Aug 2021 11:55:22 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:55:22 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0501CA0123.namprd05.prod.outlook.com (2603:10b6:803:42::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.8 via Frontend Transport; Wed, 4 Aug 2021 11:55:21 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VfYHk+Pv/gEQhi/eQQzOk5xoAnd11TpZV2UAWyShIR6eRUc4gaJblWPvGwiJC1qUkLWp6reHspGw9E5jO3HdqUdqCppHLUWdTHaYfPjEADTywRxX/VgTenPf6oqyBiHdCfOrezGHvMfkkWiwtdI9Srg57xYWkAuLVDZmXs2YKffIm3FGfOGBSi8ikQVmussz38mS8wYDLh3oVErhabUs3GueqzhV+AUikKDqEetdzCNI8lRA1dOPujwx+moxVc5VpcCbypkiaWX9ThJKPs8UWu2vJrfaZd6CgPZYPCOR1rS/kwVZyHiEZErRVhux19EdMKoA9JX6hbrOT53m5GknwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wL6VfR5EJV3AY7eiJEnuBlnPI2KUTx/dhEy/4aqiQ6g=; b=i+cDoX0FAyCYyKvhtXRxtsBJWysBaz6wtvBkRXOBmeo8K6GuYvwp5yW0wiZc8z2+TUtcUacI9+EEojXW/X15YSknKHygPpuee2DY3LAveup3OkVb5iCqvID2iq9uKxx7cDwManeTn7Zu06DJhReOMN+Yk+RC79gK3xYcd/719eBanhCG4NT4/DKnIgUz3VTuTzJE2RZb7T5eEIWh9xWCuz/IRl232RdwVCSS2Q63DFPlpnHpG8T2/YbgtFeZKNCULWxzmzj96d66tFYGbUtOZNmqJiiLw3/iVUUzgXMp5aFf23Y6rCo/iPdFg0tD7jEA4T4lep26fIwIZObiV425Yg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wL6VfR5EJV3AY7eiJEnuBlnPI2KUTx/dhEy/4aqiQ6g=; b=a/uO/JWbvdDfH809o+zNGQTpRsabDS0yn0bHyZ9JN67ncsdDm0E2fEiLv9YzUKGAlZntIjLZyO2LbzLz2MgHoKYKHF5FTwzHfPmXi5CXIxgonLc4MU0qRVl1Wqe4eo0Xkxh7kZX7DS/7WkeUG8pX+0jumFCVvL0try/1fv5YUdg= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 04/14] confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs Date: Wed, 4 Aug 2021 11:55:11 +0000 Message-Id: <74fce7be9bd219ce902851c0b27192fdefbf9ef1.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0501CA0123.namprd05.prod.outlook.com (2603:10b6:803:42::40) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8959b166-6084-4360-94e5-08d9573ebcff X-MS-TrafficTypeDiagnostic: SA0PR12MB4413: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mnqnNSM9rQUFfroXDVovDygLjOX2guusvd+veuGMWNU2+7Xv3hP7t/VXGWrdyZXDpaAhO4RsoztiqmUA3PCdkSyom0N+D9Bf6YrUPFPnoJhM3Cy1Q4LBpEIl9QrN7byAYdAYy72l/6o8VK+J39nc1nU+sln96RTQ+OTwxxoWYfHgzB9BFbbv0kgIb3COL2MjjYhdBKGUTP4tbKmyJOGTOS9lDPBdurxzjtl05d0MOTmfzMOVvsKeFZ00A+mu23f5aq4zxjfEU6aVYXWiiHqUSZzKQfZHcLci54gQcoBZkw5HBRMTWW+Qd8KdISCZwVHVB+jkQgz07Tv29mXxwqas6YOeGoMEIF0O8Yt8JhVsT4bJJ1vxNdS9nKb2N/VdQTZcYaK3tWYUhbQ0DEsMIjgi3/wtr2U03cLoGApkLRn+hdoE5LloKMeiNnLy39XHdRAnZcVR+TbqmHZyUeHxn6QMnGsNsF5j3QyzEyzqT9wW/FQvpDLYnoogCQ1m6d7DPnvQ3wj/wE69Slk6ne4Pj3auub1MnSf8ch3TMVGdzMzHoLoEX2F6tOKPWNMt6pVU1k6zWqsAxKcZhAQ9eW5FO2L2s7mDgXfWtuDLQncFODJ7b20zdItnfVhsj1T8NSX7vKoB1azzdOfxaQjMTEFi8i+QHGnIHm/7P4KgEaUvyLxgsuhp+4o6uIZj1P4MB7bp0laSxZVunxc0wlnoV/Jzp4kqpMvqa75yHoxfx2LYSF4SDfs= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(39860400002)(346002)(136003)(36756003)(38350700002)(2906002)(6486002)(8676002)(38100700002)(86362001)(5660300002)(478600001)(52116002)(7696005)(316002)(66946007)(2616005)(4326008)(186003)(6666004)(6916009)(26005)(66476007)(8936002)(66556008)(956004)(213903007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?U2uc4vfuLyRkIAuPzHuqm1dZI3nnK5CcwWPHpzsBPCGlKx8G33LBjTRxBEQe?= =?us-ascii?Q?HxJWsRBDvmYY3VneleGGTOlNW1iVY10D24OC3GrZgvmGuGIcBgg66MjeFh52?= =?us-ascii?Q?/F9HAZvowrpNXbZbe33gdbsRamt09EOqqkZfFZJBxqei0rFvIlKq+vu7Liwj?= =?us-ascii?Q?ZoRglY2zO9vBzXPUPndvVHW6D2JDo7PQxXLh9urmjJkdBdpNqharL4uE67B3?= =?us-ascii?Q?ODH8CDO7nB2PM8mu3FXgU1qhJPbBPAiZbuwX8BsIzlhEXboOLZhJwyEmb06s?= =?us-ascii?Q?A5eXj56kjsssitnao2uSvF2d/2ByXfKjbQuALYPshe2VVlU31Fa5xreRFV9q?= =?us-ascii?Q?1Cyi9WMJS7MdKIF+SM3lsHkduJWDQtOaVWUQoErERyAk8S3sSrzBEPzSSgwe?= =?us-ascii?Q?+C+uIL9R5JCs51fzEzPRi69Cs0rDUaapbjymEgbBtlhi6pnwK2mNhRwAIXlc?= =?us-ascii?Q?ZPoQYfb2xLZB0JAWmsJ1BTZOkF8CYyFuqjFoT9PZp21WUdLF1OyM9Q6o/sIK?= =?us-ascii?Q?67Jg6hU318QLC97ddYQZprOl4qKpJS0cmQ+MJnxAq0eXN6lvBkM9UJc4ybag?= =?us-ascii?Q?hp+UyWYsHRg2Qag/k7CZ33IStysIkO45SCZQHlo4VawvkE+qDp5KD4QYzzJy?= =?us-ascii?Q?5zV1+TphV8+hk6Kntz67q1TRCHKhiW/4C2U4kkY6PnvYUgDnSp5lWC2j2/Zm?= =?us-ascii?Q?OULNtUuXISB7eVjuDD8NFrsSxJHVJwMK9tdVpxcEYCocRDxtOrJHRoPdDXqN?= =?us-ascii?Q?mAU3Q5Uj6YrTXW2ZfLyluR//8Z98fWS6YPy1xrA/ZobvfRbcFwxctl1fEKiz?= =?us-ascii?Q?fbRkq1DOCfd+LVf8hPKqSnDewMXyx/11c17RqOHRwxt3FH7OqPXkcaNya3br?= =?us-ascii?Q?QRYQfJmxX04LF/bIV/RD0IksXInIvWhKO+V2RkijnJHOqqd3spgPZ895X+l0?= =?us-ascii?Q?bbJ+Ary7rVETAjqx84O9194bllJG1rMq2O3WDVN5KrzV5daz82HJUJbK0FWR?= =?us-ascii?Q?B1/ItqOIPKCu9UwKMemsK5la7h6RM6Bl3CHkBsywRU4YncMfaVPGVP5k+yi7?= =?us-ascii?Q?7Nn1sURpU+tJhdTmBe3BDpFq7yvkf4Oe9MzwJXhOq3mF+JXvHmkjypp7CyGj?= =?us-ascii?Q?XVrTrIzd2r/H3qgQBvtyOqjsicd2G1ai6aBLQG+CHzK3vgbMc7Z1gFmfyP7V?= =?us-ascii?Q?Oi825Q+fFADUzEuNEK4HTNNuajAw7MfQgxWetrMD3PfARNDHAshdKfNPf7hf?= =?us-ascii?Q?GdpRcfv7NBvC+TskyGHeN9whrRk+GHfpUBsrjLhW26HmefLKpSjtsa2KF2Ij?= =?us-ascii?Q?Hg5ZQ22k2YnCvzJC4R6Ef4gN?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8959b166-6084-4360-94e5-08d9573ebcff X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:55:22.1410 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: LTWdhxlXCY6ucFj10t+0ocJUU3SD7SYDovUef/iEmdSnGkaV/lJ7zqs29yZkqx+MZ6BlMoYjl/qCOmkeXQGa/Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4413 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.92.47; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-BN7-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078214512100002 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When memory encryption is enabled in VM, the guest RAM will be encrypted with the guest-specific key, to protect the confidentiality of data while in transit we need to platform specific hooks to save or migrate the guest RAM. Introduce the new ConfidentialGuestMemoryEncryptionOps in this patch which will be later used by the encrypted guest for migration. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- include/exec/confidential-guest-support.h | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/include/exec/confidential-guest-support.h b/include/exec/confi= dential-guest-support.h index ba2dd4b5df..d8b4bd4c42 100644 --- a/include/exec/confidential-guest-support.h +++ b/include/exec/confidential-guest-support.h @@ -20,6 +20,7 @@ =20 #ifndef CONFIG_USER_ONLY =20 +#include #include "qom/object.h" =20 #define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support" @@ -53,8 +54,34 @@ struct ConfidentialGuestSupport { bool ready; }; =20 +/** + * The functions registers with ConfidentialGuestMemoryEncryptionOps will = be + * used during the encrypted guest migration. + */ +struct ConfidentialGuestMemoryEncryptionOps { + /* Initialize the platform specific state before starting the migratio= n */ + int (*save_setup)(MigrationParameters *p); + + /* Write the encrypted page and metadata associated with it */ + int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size, + uint64_t *bytes_sent); + + /* Load the incoming encrypted page into guest memory */ + int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr); + + /* Check if gfn is in shared/unencrypted region */ + bool (*is_gfn_in_unshared_region)(unsigned long gfn); + + /* Write the shared regions list */ + int (*save_outgoing_shared_regions_list)(QEMUFile *f); + + /* Load the shared regions list */ + int (*load_incoming_shared_regions_list)(QEMUFile *f); +}; + typedef struct ConfidentialGuestSupportClass { ObjectClass parent; + struct ConfidentialGuestMemoryEncryptionOps *memory_encryption_ops; } ConfidentialGuestSupportClass; =20 #endif /* !CONFIG_USER_ONLY */ --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078379; cv=pass; d=zohomail.com; s=zohoarc; b=Trww4OQ6yprp3mevvuaSiJznnHQ9JgYyguDzEOBFLYMkVr9qUD+XSScQUplDIYt+2f/ua7lttcVncD5Q8IaufZps9LEnOwnrrYY6HZ12l/vCB6PLHtbWiZk689DwzZpCPoK91O/jnWHG/nU/S+h3abVqqG8RJe77Nfd5zX9+xYs= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078379; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aWzb+h5UrK/mMQI+JkYKO0hDHrK6UaYweN+VHSPu6u8=; b=WIKfhtrm9aSYur2Qu8jDcnxszS5Mo1yHx0enjAXmGhg9Lcxah6wXqn2PJUZ7CXj88agCrQnfkSfDU7kbPfohD1dCSYrgbXdloJrGbK7YOWiRS5QV0Ksm/0pdiSGMt2//+F9Ye09Ax5nC2MfgEfFB8uAoBviJNq3O35G3VhgtfCY= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078379511471.96393217157356; Wed, 4 Aug 2021 04:59:39 -0700 (PDT) Received: from localhost ([::1]:52082 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFYg-0004l6-E3 for importer@patchew.org; Wed, 04 Aug 2021 07:59:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57192) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFVQ-0005Ub-TH for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:56:16 -0400 Received: from mail-bn7nam10on2086.outbound.protection.outlook.com ([40.107.92.86]:58849 helo=NAM10-BN7-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFVP-0002Vc-0a for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:56:16 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4413.namprd12.prod.outlook.com (2603:10b6:806:9e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Wed, 4 Aug 2021 11:56:13 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:56:13 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7P222CA0023.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.17 via Frontend Transport; Wed, 4 Aug 2021 11:56:12 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MrAP20NS6GdYQ59klwzu5YEbpdZN2bqDRgZ8LMBAKhC9VwbwvH4lj4kyo7QiCwyR8yDXjQDBGCCYO2qzEvpT/TglVLvOqkki+kH+c+3cc9g1TYZRqCT6rZXJtSiKRM4WLi9MIClLo/vTRNzNnKKN0xXhTGj2Mfyn8LCpMSKuQNDZSIYzcXpAPzx6FeVf8qCxj3WS8c5B7Fm7/7pMBoPxFL9RIVt8UIgwivy6PnqzytXx08ma8RZbFH3Og3gEGwmiOi/q8U++3eUEGMvPNoSI30lJkMAy2TGxHA9fsjGfPcI6356uRyf3mS/4HQNcYqlMr2NqTh62/tExxyDZ5IiJ3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aWzb+h5UrK/mMQI+JkYKO0hDHrK6UaYweN+VHSPu6u8=; b=MRlmSzzDsHPvHSOjR3PXau55t77qmrGUofwm4l1TLorSDCZRJVuqrC+/nEklyZ8PstqDU+pQEpsnx0A3y+vbkDZRxvxXGfCoz8isMNf0+p/pKWVf6FkSXNi+5BihHNsrl53HTzpiWUQUVU7mX4pLJlvod4vL39fwf4wlp0nIbdrhopjhBnbWsy4IWMbSz0hDkinPOmBZMhp7XsUQ1udlcTrSNJvk2XCjEjDT0OfcbNRp26GmRZpwQtNFy3+4MMVCH8agcsvMCBZ7twPt2gcLJ/kDnUsRIpENcZgt50BZYnCqU38kNtj8VTLjiHXfol9jerTCd/UhXMyy9kYkJbk+pA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aWzb+h5UrK/mMQI+JkYKO0hDHrK6UaYweN+VHSPu6u8=; b=1Hll1O4WbKlh2lLfxtUV563nsfDf4oGZfHVc951rO3o81NVLLhyEsKpvN8iwRfaDI0BOF2LQnhe/wiP795tE3RMyFLLovUFnFQgRNx58D8H9mm5oeFqWr4rPGqGBDyF+h/CG8DfOyvQS0pAWpJyh620MFw8kZryTw+Suf3V66oc= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context Date: Wed, 4 Aug 2021 11:56:01 +0000 Message-Id: <7521883afc073960728f6f0837dac9be1641dcb6.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN7P222CA0023.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::31) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0eca93c4-4cc9-4558-b932-08d9573edb1c X-MS-TrafficTypeDiagnostic: SA0PR12MB4413: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:250; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ge0QT1JSKGqb1O+Pk50wxjYlc2l0LAE+y39PgYW+qbYfNRxthZZPMOiasdMG5dudTdNnSDqybkarSsCBVdWcmWYOMvBFG21bnvtSGgizSmHEi8Oc7CLcfCHlUzCLS2TEic/bp8EWR4peBPFyT10InPBGk5qC9W4NylxmcDVs/xeSL4vBOgjepy3BS9euswePc+JGdZuSgYMEm+dTogSzLJYwc4RkMsi6nHiSvlfFcJJ998X+BGOwauVqE50upsVb0elr029WycgtIWQ6wuQopu3zuQaS+3AheJANEd/znG76fUM7ncGKG9ONx26LUXG86SaQFqJI1rqaiSQNQlFntzqrxupLvFBYLIt8qp80e5c9QrGCPAH6tUjbFMiTIC6o7oyv46zWCTsA9QwaHikzJ6Bt+GqKCfyXDnWayUU4+ed/VjGERT5wQdxmMQg4Z1STJg5Q7zvfYlvGpJrggtMgWhdA5JDWptk2S62l0N4GR/38kSFXvuLiWrMqKivrFiBpf+G8pTj3jAAUOUonePeGFjc6xvIo9kY1+7rxx/ec83PdmErJEvXPDrVN5MBwqC9Iniu3Xlq60UMWWBqvxuTgC8Nq+BysWpHdZCEh15z1AA+H8gip195BLZ3hIXshzp/Ga0p8WjcezQHDF/7DeVBvfriYRmMLdsNtvQRDZgvJRhguF/U7kC1tIZPa5WmXKP8nQlyWOwFQ8P7o6WXAT73f8w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(39860400002)(346002)(136003)(36756003)(38350700002)(2906002)(6486002)(8676002)(38100700002)(86362001)(5660300002)(478600001)(52116002)(7696005)(316002)(66946007)(2616005)(4326008)(186003)(6666004)(6916009)(26005)(66476007)(8936002)(66556008)(956004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?pGiOl/7pb8ySIAvpLVaK5F/y0X54KQjX2kQgi7+UgmwkcxlFnCZw8L2cW8X5?= =?us-ascii?Q?C2iTZ4wHN2NMWfMM1vn7qp6srTaUVddHYLmB3rceNvIEtqPJK69NEzDzTNa0?= =?us-ascii?Q?lh2fuXL5jEPMDh8Av5ScBlzEKh/UcEgE6kOcmm6WwEswYpsr1HOe9Ef3FNGW?= =?us-ascii?Q?VUXr3RMNp6irYbF7F31Qe6eHEu5VZTG8kRcIqWEbzrAI6V0ukRecCkpuQbXL?= =?us-ascii?Q?iWL51iIlxHK1UMj1f1Gu1HQqvTLM123E1MhZ1YLrBWWtmOYLmkLesXz2TlPg?= =?us-ascii?Q?iXBstMvwZPFwc6y/qZcGIVQw/xwpvho2t9Zpl+h9OljFlcOmlL2abjeEY0tB?= =?us-ascii?Q?W6yzI9b1wXfNh3qwKQ43Rf32GgWX61Q+qphcHN4OW4m7I/zNbV0bCVaTJw+2?= =?us-ascii?Q?bntWffxovkMLRgBQg5lARKfVBhI/NAQ4tSLuW5ScwJTaICCPuwcOBl0Q8tRI?= =?us-ascii?Q?TIj/ARayTlESDwhzcYJ6HDPPwDp2k4Izb3fNu8tW3PSaLFoG8A/qsHElVnwr?= =?us-ascii?Q?0lJR4YWgxEjPKNXD67DA4E23nutTlG9wlKjKP6GjQV03I/+imnXN0qF+FlDO?= =?us-ascii?Q?8WK7aMhrR+tpxCBjtiBN73rxV6W261vbcOEOyWY1kE1lMBsC7yEdi1XsByKL?= =?us-ascii?Q?hRHnMGlZe69zBq8OXND/q0g4WUUsOos8MYKqIJRzk9mhgPhTB/3p1jBkiPGP?= =?us-ascii?Q?/Nw4iJhys9xNPf3LA4DZAaxMynEL8aE8CY/6XX7nv/KP/MLgx9iIdjIXAaC9?= =?us-ascii?Q?+5WXvtqzzy0fthFMhAahDKzkAtM7A85gk1xKkGwBoJjf+87ur447/IrEjGMP?= =?us-ascii?Q?Aw7c1/CH/gdWww1tmuN/gpd5K/O3b3V29Dw0N6mS1yNRY1+TBLLzrEoleU9F?= =?us-ascii?Q?FenvAOHzoDaygRLI9/oitGxIqSS1fNt2T5LtpaLQNJNTCNvOvGaXxMdvyPvA?= =?us-ascii?Q?MNOPM0Vg3/iBDZSB316UWmq5NxdcijXBdtl9Ue6rlL69NL+v8eNNYEyxwVzw?= =?us-ascii?Q?s7qvMgjz2pW1BTSwhcVMsKPXUxQWRnlJ90CLIs7yo/6J2E5RraJtZYeMVRCN?= =?us-ascii?Q?LFq2P/EK06+mzW4mVqisUjXHql0CIox8mIoQ7SJOHrnXLnkqyJvG3x5jwJAs?= =?us-ascii?Q?OLEBnXEthk6c5Xe0u5Y+00RbmSnbjoFpkTefXwhOyPe8UJr2yVrqChOCYQ6Y?= =?us-ascii?Q?OTPtmLGdIrpOGaN85AM0pojgIZQ6mTrWZQbf9BuZhBcyGqXckuY5Dsz3eVPg?= =?us-ascii?Q?2phQlE+SOHakltqqhs/OR1e6aNiv0mKMMQUxRVFVsOLfQtNfdj1iKtWMy9oh?= =?us-ascii?Q?LLeW79/lMXlKdHp6cP48JlSz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0eca93c4-4cc9-4558-b932-08d9573edb1c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:56:12.6656 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9v5ajkZKZQDfwpwlIhGgZ12sQY6BXnLqI3bUQ68FQ+a6kbExxsUevuA1YOiJuxFriw6YZwP3Mq9dv2arZSHn4g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4413 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.92.86; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-BN7-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078380460100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The user provides the target machine's Platform Diffie-Hellman key (PDH) and certificate chain before starting the SEV guest migration. Cache the certificate chain as we need them while creating the outgoing context. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- include/sysemu/sev.h | 2 ++ target/i386/sev.c | 61 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 94d821d737..64fc88d3c5 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -14,11 +14,13 @@ #ifndef QEMU_SEV_H #define QEMU_SEV_H =20 +#include #include "sysemu/kvm.h" =20 bool sev_enabled(void); int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp); int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); +int sev_save_setup(MigrationParameters *p); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); =20 diff --git a/target/i386/sev.c b/target/i386/sev.c index 83df8c09f6..5e7c87764c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -24,6 +24,7 @@ #include "qemu/module.h" #include "qemu/uuid.h" #include "sysemu/kvm.h" +#include "sysemu/sev.h" #include "sev_i386.h" #include "sysemu/sysemu.h" #include "sysemu/runstate.h" @@ -68,6 +69,12 @@ struct SevGuestState { int sev_fd; SevState state; gchar *measurement; + guchar *remote_pdh; + size_t remote_pdh_len; + guchar *remote_plat_cert; + size_t remote_plat_cert_len; + guchar *amd_cert; + size_t amd_cert_len; =20 uint32_t reset_cs; uint32_t reset_ip; @@ -116,6 +123,12 @@ static const char *const sev_fw_errlist[] =3D { =20 #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) =20 +#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ + +static struct ConfidentialGuestMemoryEncryptionOps sev_memory_encryption_o= ps =3D { + .save_setup =3D sev_save_setup, +}; + static int sev_ioctl(int fd, int cmd, void *data, int *error) { @@ -772,6 +785,50 @@ sev_vm_state_change(void *opaque, bool running, RunSta= te state) } } =20 +static inline bool check_blob_length(size_t value) +{ + if (value > SEV_FW_BLOB_MAX_SIZE) { + error_report("invalid length max=3D%d got=3D%ld", + SEV_FW_BLOB_MAX_SIZE, value); + return false; + } + + return true; +} + +int sev_save_setup(MigrationParameters *p) +{ + SevGuestState *s =3D sev_guest; + const char *pdh =3D p->sev_pdh; + const char *plat_cert =3D p->sev_plat_cert; + const char *amd_cert =3D p->sev_amd_cert; + + s->remote_pdh =3D g_base64_decode(pdh, &s->remote_pdh_len); + if (!check_blob_length(s->remote_pdh_len)) { + goto error; + } + + s->remote_plat_cert =3D g_base64_decode(plat_cert, + &s->remote_plat_cert_len); + if (!check_blob_length(s->remote_plat_cert_len)) { + goto error; + } + + s->amd_cert =3D g_base64_decode(amd_cert, &s->amd_cert_len); + if (!check_blob_length(s->amd_cert_len)) { + goto error; + } + + return 0; + +error: + g_free(s->remote_pdh); + g_free(s->remote_plat_cert); + g_free(s->amd_cert); + + return 1; +} + int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { SevGuestState *sev @@ -781,6 +838,8 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error *= *errp) uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status =3D {}; + ConfidentialGuestSupportClass *cgs_class =3D + (ConfidentialGuestSupportClass *) object_get_class(OBJECT(cgs)); =20 if (!sev) { return 0; @@ -870,6 +929,8 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error *= *errp) qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev); =20 + cgs_class->memory_encryption_ops =3D &sev_memory_encryption_ops; + cgs->ready =3D true; =20 return 0; --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078309; cv=pass; d=zohomail.com; s=zohoarc; b=izxqBpDxwEhpuLb30+ZRbR5ZyOmism3JvKcy7hbr5ypWENk56h34OFa8jq6/qRIi3Yd3ES/hyORaSMQYUdJjk+Pve2VRA+7R2AMsCrJei11onXSX8ojrLvUz1sc2hSDEgEHrtruEAPIEp7rthgVnOyL6levjqRSJhSDd145TF3k= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078309; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Yp/6powOoQaPs30OV6TqYhbSnWIYY6+3PGvBh42wkSw=; b=YI5t94FYDMCynmW5vwt/+b2Uqi7RdJLCvMIL6W2pRduYZYcff75blyAAalLYycdBPcKY8XyMRcitZ4y0SP4xCq6/0RIzIguEiI86M1sb7OzszkKa8LjUIAgoQPPObQcolftVxCHCKpTAa51aMOUcsgNB38fZeoryqGtUXA2B98s= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078309740304.06867457941746; Wed, 4 Aug 2021 04:58:29 -0700 (PDT) Received: from localhost ([::1]:48786 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFXY-0002a6-5N for importer@patchew.org; Wed, 04 Aug 2021 07:58:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57206) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFVl-0006Rv-R5 for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:56:38 -0400 Received: from mail-bn7nam10on2051.outbound.protection.outlook.com ([40.107.92.51]:55585 helo=NAM10-BN7-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFVk-0002dC-5J for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:56:37 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4413.namprd12.prod.outlook.com (2603:10b6:806:9e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Wed, 4 Aug 2021 11:56:33 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:56:33 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7PR04CA0046.namprd04.prod.outlook.com (2603:10b6:806:120::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Wed, 4 Aug 2021 11:56:32 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d3BDedgNigYO42EDjEgWrIT0aEN3eQEM8UQt/34VISPFpqaDozrrJu6F/H7IoLq68hJd6nLmgGc06rzbe9KGxdnqXQ1zWL5xpr4M9J3Q7lc8EhsLtElI/rBjB76mxDO+FwiAlmmtXfGxrzZEmBPLH0eT0OSiy6dEGRWbxIqBWUa4orJSToUXWVMXEVlCk/pg/DFXILT/V+F4QFAK7GUqLXiWnKqZmVcZTVyU2szwBw0pijlvxguGCqILQxJ1c/54K/LiuV//q0QHC7fYJC4sLo8Z+pKfVyUoe6HoI3fbn5r8QT099lthd//X3J77H5a4CdNfKzIPMReJH2AMVNztwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Yp/6powOoQaPs30OV6TqYhbSnWIYY6+3PGvBh42wkSw=; b=MfFoJUVOgHPaZ31Vs2wzTOfJo4meSwPvaGADS0ZMyZc+v/NmvbgVcBwKn/J69Pl2QZK43DwikLGJpEC9py8du1Ufj9AXVJVa86VOGmM8AFt/aFz9gFSVhX4gGXI7hObxnv6A3Bwjmf1jwmAtItPrFboe5AQx5WOifzHkM9upaDOaQh5YrP8rR/l0Zmi5OMV9ESHIdOo+ZDBNbcsAgAaWEHGpYqtEkrUxJ11eo7cQzLgnfE5fEVQr6L5QPAaoCmW/XwkJPPkLgZgzvyueys8hX/KiBGG2/nGMviuCJrs6DKPKlHpIGeSuCSV5CxPYMoLIXDu6PfBkF43VRgcZ2r+2Fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Yp/6powOoQaPs30OV6TqYhbSnWIYY6+3PGvBh42wkSw=; b=USUYJc4Bj9UKol0zW9mgBWaQnNLxRvxSb5MKR+hgDERwNNty2+tSgsrRNXTuGiHt4R/FjGDotw2N8IJI4TMCk3hxLLUtVGIT1VNkgByi8gPGnjryuBYPIaIn5W/MsFF8rNUl0jX6zZIIK0KoJ4xFu3NErpONqwfCR4IIIXdv26E= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 06/14] target/i386: sev: do not create launch context for an incoming guest Date: Wed, 4 Aug 2021 11:56:22 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN7PR04CA0046.namprd04.prod.outlook.com (2603:10b6:806:120::21) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c3393ff7-eabf-4cfb-191d-08d9573ee76d X-MS-TrafficTypeDiagnostic: SA0PR12MB4413: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:595; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xglN/bX0ARdQGLi4BgLle8ImrJadqRv+5NTruE+2XlBsTbKz6PmJAGuw9fTDJyktsXVIDyP0mnp2ACZxPTlTcQvCqqj3iQzN6lIrKqspgcD+Q7Mv1N6EqZMTit3SdOtivWOOy+XUlq9Y5JhT2zDDD36POW6ldIRYiajbjMq0Hfr5e2XEWniGILCe2GFgRsWD6DroX4WmjTc8cgj7Rd2y2PNNu+H0p7DvpvsvS/Rux/sKvPLGGkUhKkKnhtJxgxrGfgBgPcNMfZ7Qdb2/YTc9Q4bDPvoZ/jAXZVrcrQUvoMMzZG49FB2iVB9xqxdhQhQxoUMr8PEfhl1pNvXAO/AK+K546Ke2A/WYRitHlpFaFP2WvKCkf9PoksBWCMvC/NIi+K+1ph8Fb3LW0Pco0rAA6QyMVgXr1UsywKLq9FaKoFBGNzx4QqoxjfO1vCOT7DBqe70d7PKOpY72BmpgSaRxtS9Cx1gLxs9fk/GwWGXWuJlLypjl7v9YRWzK9N9Y39RmUxE6N5zycBu8RX83qwOapuoVPpdj1h2DnhamAni00QfeL29L9QiHPQHVTJXb/Tzyuu/H2KPPNbaOWpaz8AbvBFd1KzTkKvvDVZqL6umBrU0itcPOTMFgj5NFqKTvqpglxgutoV14plm0xRYc2/X3hOh+f/QSfurqqYm2E8YNRpFurVnz1L1wpl/KTR0cX9TmieBCAWAz9cmU+TmM3um4oA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(39860400002)(346002)(136003)(36756003)(38350700002)(2906002)(6486002)(8676002)(38100700002)(86362001)(5660300002)(478600001)(52116002)(7696005)(316002)(83380400001)(66946007)(2616005)(4326008)(186003)(6666004)(6916009)(26005)(66476007)(8936002)(66556008)(956004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?bIWeJUvLqsTspDad5MNaR3/wLENmfhNieG/L1oaJ0M+7X2WQfGm5hz3Isa+k?= =?us-ascii?Q?X/VZ/nw/KEz0pGcSiKaVO06y1wemJ25AezxnRvaEMEphaVLFg+0AbrNQweUp?= =?us-ascii?Q?5JJ7/8PuTDnpseUHnbeXwE5dsgXNHtV9NZL1aKt2G2WGh3C20rKyCevla4bH?= =?us-ascii?Q?vi0GktVQfEvC1r9ULq/713x6+YtdLIrSKjftscU14/j5nx++RTWss1qe2RxA?= =?us-ascii?Q?pfdj5c2QspWkwHQO2stz/+uVwohgiimdHC+Tgrn9wOft+PfNQziEHF85Z7wn?= =?us-ascii?Q?OSEB4g4N/FwndDuyWk69YaNhmlQvMDntc0Gt91GaDW8iB06xpSzfKye0lgaA?= =?us-ascii?Q?zDISxRtMy2labKQgCHYiMfyCO3xeybhhpN90e7skVWgUe5bE2twZUTA8d00/?= =?us-ascii?Q?1l8Q2eX+1tB3fe/hhtzvKeVtrEojytW9OOKQCXlaeX9JO15/naYFnTK4ZjVj?= =?us-ascii?Q?2M+5l0muF/mRgR3qRidbe3tTY4ItrDRbIUTvFHS9GLCFntUaa9mqN0HB7iVA?= =?us-ascii?Q?gVmXYdAIb3+3iOq+Wd42E7MWBjyC9G6FCPrcmwJJadFynI4D8ZYiwM4X38MF?= =?us-ascii?Q?59/+8jQVs26JAqiuPyOtTyjO0SjL/4gAE0Q/NJ3PwomeEj9lcKevh/a4ROLu?= =?us-ascii?Q?RkwxAyywB8Y0TvqwSZY9/9LffZOS9OztRk2vdDSBl3px5kHb2T1MWQmrOSeW?= =?us-ascii?Q?IEcl3qh8Q1f6xVfyXKOueIqKVTP7apTAJynYmVSaARkXfx5AJObdlSjrLSns?= =?us-ascii?Q?wojmSqRLE6KCrfzDTJnr7+2Yk26jq9NqIr7729dMWB1SbC7TgCKJIqNe+MTE?= =?us-ascii?Q?+nR4IF3wvX7tYPaZvyPvmm2lzvzJqKqAZxDB5+kqnn1bfrjkj5fuld5kgCrW?= =?us-ascii?Q?lc44Q+S8nWq34dlJECCvaqshlmVG1LsxP7/Rx6kfb8ClkuPz77d1mbA1cpWh?= =?us-ascii?Q?eLNl7eIkzSyFV+XoSNmXOM+qkTto8K+Z2FpSxM9VUU5SjVyAId17q2pZ7OSb?= =?us-ascii?Q?YVPTdFkHzKU8NNVdZ8Y2JbrFaRwJTohVPHKYn1lYDyyPPACB46GrQelC9BLS?= =?us-ascii?Q?wE6r503LCFJV8exIixs7vWqsZQLC2tJYirQ24C7QGiUNYAlD0vRRc0jZwb6U?= =?us-ascii?Q?WESINrHu5Cqj8I4QirKYVuhFn2Hd5kLKckr8K0Wxmo1SwHq/9DmgQJUKtWBq?= =?us-ascii?Q?VLbBF1OfejIzC3DrK2W7WCBCYPyGB/s8spnGK2M84ZG9jswAfBREoDTyn+VR?= =?us-ascii?Q?b0flL9+o+uVzxUW3xX7KEhnuanq5q4fX7TxlZwSykApOjjkZF5ZxyZc+s99M?= =?us-ascii?Q?0Xgm0OyjZAvci0rIjjQhS9AD?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c3393ff7-eabf-4cfb-191d-08d9573ee76d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:56:33.3450 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jIDw5RUu3hJ2xXjje8stkt44UpEoP4vqouYvMCSzQN90PByD3WHrYMoez+U1CZhsqoi7MgWYCfAqAV/EeBSjMg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4413 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.92.51; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-BN7-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078311936100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The LAUNCH_START is used for creating an encryption context to encrypt newly created guest, for an incoming guest the RECEIVE_START should be used. Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- target/i386/sev.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 5e7c87764c..10038d3880 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -919,12 +919,17 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error= **errp) goto err; } =20 - ret =3D sev_launch_start(sev); - if (ret) { - error_setg(errp, "%s: failed to create encryption context", __func= __); - goto err; + /* + * The LAUNCH context is used for new guest, if its an incoming guest + * then RECEIVE context will be created after the connection is establ= ished. + */ + if (!runstate_check(RUN_STATE_INMIGRATE)) { + ret =3D sev_launch_start(sev); + if (ret) { + error_report("%s: failed to create encryption context", __func= __); + goto err; + } } - ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev); --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078502; cv=pass; d=zohomail.com; s=zohoarc; b=NhWaOGVbKAMvuH1Px//nbeHTFoMvh6fiyCHFUErFoekC4mDYX2TfMrqIzINxolywJJ9Aku6XL3HHLJlIw3Qy99jP45NgeSeMA/MvfrbX4KPHNWDcaha79C5azu8kf+lhO00BYnll59VrnkFlozrjCboWSf7Vpl3lrE1K7GJh5n8= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078502; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=IMRxtKOe886+8WHm5aBKQbBiUL49N7e4/8Vv+zZp4tc=; b=ZGo1hoaOjR2zzfOiCMxGbEX3x/hMRUiS5kMFha6LXazg15T/jJWl5gPB1gJmt8GK0/OIv4fG3RrgC4C8DRQUkJFAqtKRWw8YuMWtAOqvQ/uZXbyLhTJyTcriEmVNWdRBSlMiD6uW7BlmnByBCfX970uPUNpIjhGnL+7/bSvuMVg= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078502954783.88836370265; Wed, 4 Aug 2021 05:01:42 -0700 (PDT) Received: from localhost ([::1]:57318 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFaf-0008Il-Du for importer@patchew.org; Wed, 04 Aug 2021 08:01:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57318) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFW9-0007ji-Gj for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:57:01 -0400 Received: from mail-dm6nam10on2052.outbound.protection.outlook.com ([40.107.93.52]:54433 helo=NAM10-DM6-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFW6-0002lW-Oc for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:57:01 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4413.namprd12.prod.outlook.com (2603:10b6:806:9e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Wed, 4 Aug 2021 11:56:56 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:56:56 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0701CA0018.namprd07.prod.outlook.com (2603:10b6:803:28::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Wed, 4 Aug 2021 11:56:55 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kbJidx8oYeqaw0BHCOSj6I5Alj4HSqUcOGmnRR7n7LuTYUCLa5OI1WlGKqgx/01jMHAvujtWam2Fg+u7XUZY21zYL6TSdEm+Cl471YQHPypv0AMARPN+J7xK+RkU5gDiSvdUrq1Pjfe8741g5L8qqw1jxl602ZQP/n+CXJt0ECnSBHwI3HZoMBhzUXYIJ6aS1rrDmcNf66mGEH1I/hUvKjTsQz7YWljsUNCUcmI0Gh56zZM15aFdieMMfsDzOkJQ/oj2zSRF2SBWh2AqohX1/3SGHDwr/qWfl+v4bQTawYCVsBysKMTJOmUM2uexT8nQ9cB6ro5tVZi3fSufkIcRzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IMRxtKOe886+8WHm5aBKQbBiUL49N7e4/8Vv+zZp4tc=; b=MzmqS+SDH6Cd5ZR6ktzow6WASePGSkU9owbvKjD7nCxIXGYhzp7HNaHfbz37CbC1DaFfvgHc4RUp3jhPLaJ1/gR8CC1lMi/yyysIUbRs44GBkv0E1NPu559Oc1EF7SLFPoaEs+nJ9PAurWw3kkyZjZSk9nABt7e3Vp+wFv9z29oJcuKIQY+bJ1j6IcBtkp5l7S8M8AkMDefA2otzdJlGx2pYFW3s21Bhs6r9muY5s2MqLfJM9ILoSBOM1oArrB6v28L7Ia+RlbYNe7+m8p1098BypwUDDhK0fUUv7Kwb6xT2I0z6zMDpIYCvkIrziYsiXZVlhC21/13i2q+qNkWQzQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IMRxtKOe886+8WHm5aBKQbBiUL49N7e4/8Vv+zZp4tc=; b=JjN2ZheBShs9W376rbEENSQGFzV9nvzbibZwBW53itQeg4GWVGHUDRkuKARF0PB1m4yOVZcV87mdIsWuwUAN529H7kBStyy/1eYGNZ2aD/1+J6IRvZKEeNq/MtI1wRyv5iTbwCHo+7YpwoNGMTbrGSS3aceEwDJVL834qnG/1tc= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 07/14] target/i386: sev: add support to encrypt the outgoing page Date: Wed, 4 Aug 2021 11:56:44 +0000 Message-Id: <5187c6f86bd3e253be565f3773f85e92879c5391.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0701CA0018.namprd07.prod.outlook.com (2603:10b6:803:28::28) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7c9a5285-9a86-4bd0-03d9-08d9573ef500 X-MS-TrafficTypeDiagnostic: SA0PR12MB4413: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:214; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bj0lHDpJFhojrJxqmngggqYmt2lpzMcvf7rwBg43ydP+sBbDmaPQZeWZpNuzYLQof+RsJfH/v+1+bor9sGQXYbd/8nk3TANmRk5nAhpPACOAOFSQOSrZQqZyyQqHcI+g750scYEEmMMVJBQPydqvAScELsrlBC6Q73QglcknZjfp6gXqYMNVKKX+oWhESkbQTdcnHwaUQubOrJFhWYvhtK2ovVVxlJgn4nQPs2yljRARmgLXWPm0G/TS7v88diCrl3ox1kVNoD6X5seuhyJfAop1xTzDFAn7tGkrj2TFjll5q1v19egrSOT2dF6ZlpicG5KAhCqGUeB2MKHA8CpLXibTO71HU6liUEQHR/FNB/g1ReZCOq9PtA+dRDKIInm9pbRGtR0V4h125h6z2b4EVdu6AIs4ColAXrQ4YLcWxez5EB6G+MBEuiPZDau3UJ99pTk9Qi7jLg6s8dRQ/AZC8IDraPLAGYZY/tCLIQxsziGonBc78HOZhHliGRR7L5nd/5+WMdUOdaFfS0in1EyVAvTnn4hSRDVnHg7r8+NjIoZw6zbnLV3cI+3SDXX1/GakqkPvIo74emT1YMYoaZ4qu0S+91szEo1/Ugc/je3Pj3P8kfrnGhQOO2ium9gxXnJNvv17MyjJ+K3dbTfomDB7rYDABw28T0rSomoOmmsM+jc8PUgbfIaGv9xFTchBEIpjiXhAtGWGiuh83A26DeXvwg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(39860400002)(346002)(136003)(36756003)(38350700002)(2906002)(6486002)(8676002)(38100700002)(86362001)(5660300002)(478600001)(52116002)(7696005)(316002)(83380400001)(66946007)(2616005)(4326008)(186003)(6666004)(6916009)(26005)(66476007)(8936002)(66556008)(956004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?CUriFtIP8eY0cF8AqJuj38UlDiRhMAbn++EBWfs1TRpyzLZiI/txXj1xMiFM?= =?us-ascii?Q?NyxITH9cX6sdFzSssKbwnC8k6BKzXPYGW9btSLuMh6nnNo/clAvL3nV36v70?= =?us-ascii?Q?0ZiMPTZXwVQsbjavWEgIHkIuamCzgPe7jeEMvZ0VTNo71y4iqAOFPJvnl55u?= =?us-ascii?Q?OLtnP3yYIa2fvO5bgwOXdZH4K32MFH5poi+A5tuesC/B+48COMEYNS8xUVEa?= =?us-ascii?Q?1x9Pf40v6RN5ihwn8oITfQl8s1gEkQP2Eptj6BQphsNLMGM/L2OwY3+LUj32?= =?us-ascii?Q?DiWtd49+b463nwl2tPzTP6TGaNm1IjahverPqR+ZkauSF8VLPGmhP+eGpSzq?= =?us-ascii?Q?cKOzikgZF/tWDic0tbBD0L5et+tzUBE4ZaB4HC4gN1oSo8nHtmwMC01fZ1sd?= =?us-ascii?Q?AAgUMH8ZxqrJMNUg9DOUWyLSBUmQBXnr5yoZHaPQdAzb2vm5rg+wwYFgJzdm?= =?us-ascii?Q?wasLyHBoDUL5y0Y0YZA8adb9wNlLQLI0YHzJSvZvmOcKO7zOzQ339ahn5oOB?= =?us-ascii?Q?aFOT+MjD5JjgW7HfNUO+oFqLhs3lgs6CR0SjKUydBdX/fRli5W4f6GhC2Y4W?= =?us-ascii?Q?Ypc3vyRrtlavC0ddVr7xIwmmDiWQg6Sm9ODrs3EKhc3OECJ+LJ2b/s8EhnSs?= =?us-ascii?Q?GMSJyba6eDFLIG+g/Fp3vxM8wwajrVmFgiKw8ALFk+XTMDhxT397tnYNHHjt?= =?us-ascii?Q?CGnMZMHic+t0QqERoZIEK4dQ1oEcihvyJaxsk+PDx294yRrj/GTZ+bPtI9bG?= =?us-ascii?Q?3pVA6VnPnIMsxqWIxdUVNjTSC6v5dRY56y+ej2m2Zy8kRL3Npvls8VAfypBA?= =?us-ascii?Q?JEEimBVIxtYDAZgl7aiW6Nd2Fyjb0CRMw6MoYquoXI2uMLhMWBdzIET2YuTf?= =?us-ascii?Q?/Wy81vcrUA0w0rvaMt6nyxyXY2a1zmwWKSQDBKz8nZod94qw3Re0fyp8Zr63?= =?us-ascii?Q?K2WnYVPxd2VD/5dVUtTezCrj/BwW3Itueo6CV3E8kR5xRsfbHt7dfe3fkOLX?= =?us-ascii?Q?U52b3OvPuOuBSgQNiqISOqZZDQnyMmk6JNQZR0mp344Mj42JZMs499spTBFL?= =?us-ascii?Q?vqLJRbpDWUFN5M7Duejgbw0OkU7vvodOYE4i6IiWzSTBhxGXqYZTe/+LE65L?= =?us-ascii?Q?XB7zrwTsvBDdB1zw0YcK64M6kb0T+LgbD0CMlh6cOT3wllgxSrwypmkwvqb2?= =?us-ascii?Q?hgunXYjfK9MlX3lvG5m17hDvfc2lw+rzP9vShF4v2IbG5idTFFJ4ccmOx8w8?= =?us-ascii?Q?Ns8kuszVbVAmAGxGjL9qU6Q6pCn4kZNI15nAp+eZwdBolAmm6mpktrW9uEJi?= =?us-ascii?Q?mDPtjDEyuN8cXPJsim15lIKQ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c9a5285-9a86-4bd0-03d9-08d9573ef500 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:56:56.1072 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jCOj0QhitaTphLn91w0my0yFdXPUfr59FdvpS2CNUYzuD7g61Sfw1w5sLIHplM/3oJonJUF1Bn1h+5LYEycVBA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4413 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.93.52; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-DM6-obe.outbound.protection.outlook.com X-Spam_score_int: -1 X-Spam_score: -0.2 X-Spam_bar: / X-Spam_report: (-0.2 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078504204100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The sev_save_outgoing_page() provide the implementation to encrypt the guest private pages during the transit. The routines uses the SEND_START command to create the outgoing encryption context on the first call then uses the SEND_UPDATE_DATA command to encrypt the data before writing it to the socket. While encrypting the data SEND_UPDATE_DATA produces some metadata (e.g MAC, IV). The metadata is also sent to the target machine. After migration is completed, we issue the SEND_FINISH command to transition the SEV guest state from sending to unrunnable state. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- include/sysemu/sev.h | 2 + target/i386/sev.c | 221 +++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 3 + 3 files changed, 226 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 64fc88d3c5..aa6b91a53e 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -21,6 +21,8 @@ bool sev_enabled(void); int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp); int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); int sev_save_setup(MigrationParameters *p); +int sev_save_outgoing_page(QEMUFile *f, uint8_t *ptr, + uint32_t size, uint64_t *bytes_sent); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); =20 diff --git a/target/i386/sev.c b/target/i386/sev.c index 10038d3880..411bd657e8 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -30,6 +30,8 @@ #include "sysemu/runstate.h" #include "trace.h" #include "migration/blocker.h" +#include "migration/qemu-file.h" +#include "migration/misc.h" #include "qom/object.h" #include "monitor/monitor.h" #include "exec/confidential-guest-support.h" @@ -75,6 +77,8 @@ struct SevGuestState { size_t remote_plat_cert_len; guchar *amd_cert; size_t amd_cert_len; + gchar *send_packet_hdr; + size_t send_packet_hdr_len; =20 uint32_t reset_cs; uint32_t reset_ip; @@ -127,6 +131,7 @@ static const char *const sev_fw_errlist[] =3D { =20 static struct ConfidentialGuestMemoryEncryptionOps sev_memory_encryption_o= ps =3D { .save_setup =3D sev_save_setup, + .save_outgoing_page =3D sev_save_outgoing_page, }; =20 static int @@ -829,6 +834,40 @@ error: return 1; } =20 +static void +sev_send_finish(void) +{ + int ret, error; + + trace_kvm_sev_send_finish(); + ret =3D sev_ioctl(sev_guest->sev_fd, KVM_SEV_SEND_FINISH, 0, &error); + if (ret) { + error_report("%s: SEND_FINISH ret=3D%d fw_error=3D%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + } + + g_free(sev_guest->send_packet_hdr); + sev_set_guest_state(sev_guest, SEV_STATE_RUNNING); +} + +static void +sev_migration_state_notifier(Notifier *notifier, void *data) +{ + MigrationState *s =3D data; + + if (migration_has_finished(s) || + migration_in_postcopy_after_devices(s) || + migration_has_failed(s)) { + if (sev_check_state(sev_guest, SEV_STATE_SEND_UPDATE)) { + sev_send_finish(); + } + } +} + +static Notifier sev_migration_state_notify =3D { + .notify =3D sev_migration_state_notifier, +}; + int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { SevGuestState *sev @@ -933,6 +972,7 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error *= *errp) ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev); + add_migration_state_change_notifier(&sev_migration_state_notify); =20 cgs_class->memory_encryption_ops =3D &sev_memory_encryption_ops; =20 @@ -1143,6 +1183,187 @@ int sev_es_save_reset_vector(void *flash_ptr, uint6= 4_t flash_size) return 0; } =20 +static int +sev_get_send_session_length(void) +{ + int ret, fw_err =3D 0; + struct kvm_sev_send_start start =3D {}; + + ret =3D sev_ioctl(sev_guest->sev_fd, KVM_SEV_SEND_START, &start, &fw_e= rr); + if (fw_err !=3D SEV_RET_INVALID_LEN) { + ret =3D -1; + error_report("%s: failed to get session length ret=3D%d fw_error= =3D%d '%s'", + __func__, ret, fw_err, fw_error_to_str(fw_err)); + goto err; + } + + ret =3D start.session_len; +err: + return ret; +} + +static int +sev_send_start(SevGuestState *s, QEMUFile *f, uint64_t *bytes_sent) +{ + gsize pdh_len =3D 0, plat_cert_len; + int session_len, ret, fw_error; + struct kvm_sev_send_start start =3D { }; + guchar *pdh =3D NULL, *plat_cert =3D NULL, *session =3D NULL; + Error *local_err =3D NULL; + + if (!s->remote_pdh || !s->remote_plat_cert || !s->amd_cert_len) { + error_report("%s: missing remote PDH or PLAT_CERT", __func__); + return 1; + } + + start.pdh_cert_uaddr =3D (uintptr_t) s->remote_pdh; + start.pdh_cert_len =3D s->remote_pdh_len; + + start.plat_certs_uaddr =3D (uintptr_t)s->remote_plat_cert; + start.plat_certs_len =3D s->remote_plat_cert_len; + + start.amd_certs_uaddr =3D (uintptr_t)s->amd_cert; + start.amd_certs_len =3D s->amd_cert_len; + + /* get the session length */ + session_len =3D sev_get_send_session_length(); + if (session_len < 0) { + ret =3D 1; + goto err; + } + + session =3D g_new0(guchar, session_len); + start.session_uaddr =3D (unsigned long)session; + start.session_len =3D session_len; + + /* Get our PDH certificate */ + ret =3D sev_get_pdh_info(s->sev_fd, &pdh, &pdh_len, + &plat_cert, &plat_cert_len, &local_err); + if (ret) { + error_report("Failed to get our PDH cert"); + goto err; + } + + trace_kvm_sev_send_start(start.pdh_cert_uaddr, start.pdh_cert_len, + start.plat_certs_uaddr, start.plat_certs_len, + start.amd_certs_uaddr, start.amd_certs_len); + + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_SEND_START, &start, &fw_error); + if (ret < 0) { + error_report("%s: SEND_START ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + qemu_put_be32(f, start.policy); + qemu_put_be32(f, pdh_len); + qemu_put_buffer(f, (uint8_t *)pdh, pdh_len); + qemu_put_be32(f, start.session_len); + qemu_put_buffer(f, (uint8_t *)start.session_uaddr, start.session_len); + *bytes_sent =3D 12 + pdh_len + start.session_len; + + sev_set_guest_state(s, SEV_STATE_SEND_UPDATE); + +err: + g_free(pdh); + g_free(plat_cert); + return ret; +} + +static int +sev_send_get_packet_len(int *fw_err) +{ + int ret; + struct kvm_sev_send_update_data update =3D {}; + + ret =3D sev_ioctl(sev_guest->sev_fd, KVM_SEV_SEND_UPDATE_DATA, + &update, fw_err); + if (*fw_err !=3D SEV_RET_INVALID_LEN) { + ret =3D -1; + error_report("%s: failed to get session length ret=3D%d fw_error= =3D%d '%s'", + __func__, ret, *fw_err, fw_error_to_str(*fw_err)); + goto err; + } + + ret =3D update.hdr_len; + +err: + return ret; +} + +static int +sev_send_update_data(SevGuestState *s, QEMUFile *f, uint8_t *ptr, uint32_t= size, + uint64_t *bytes_sent) +{ + int ret, fw_error; + guchar *trans; + struct kvm_sev_send_update_data update =3D { }; + + /* + * If this is first call then query the packet header bytes and alloca= te + * the packet buffer. + */ + if (!s->send_packet_hdr) { + s->send_packet_hdr_len =3D sev_send_get_packet_len(&fw_error); + if (s->send_packet_hdr_len < 1) { + error_report("%s: SEND_UPDATE fw_error=3D%d '%s'", + __func__, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + s->send_packet_hdr =3D g_new(gchar, s->send_packet_hdr_len); + } + + /* allocate transport buffer */ + trans =3D g_new(guchar, size); + + update.hdr_uaddr =3D (uintptr_t)s->send_packet_hdr; + update.hdr_len =3D s->send_packet_hdr_len; + update.guest_uaddr =3D (uintptr_t)ptr; + update.guest_len =3D size; + update.trans_uaddr =3D (uintptr_t)trans; + update.trans_len =3D size; + + trace_kvm_sev_send_update_data(ptr, trans, size); + + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_SEND_UPDATE_DATA, &update, &fw_er= ror); + if (ret) { + error_report("%s: SEND_UPDATE_DATA ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + qemu_put_be32(f, update.hdr_len); + qemu_put_buffer(f, (uint8_t *)update.hdr_uaddr, update.hdr_len); + *bytes_sent =3D 4 + update.hdr_len; + + qemu_put_be32(f, update.trans_len); + qemu_put_buffer(f, (uint8_t *)update.trans_uaddr, update.trans_len); + *bytes_sent +=3D (4 + update.trans_len); + +err: + g_free(trans); + return ret; +} + +int sev_save_outgoing_page(QEMUFile *f, uint8_t *ptr, + uint32_t sz, uint64_t *bytes_sent) +{ + SevGuestState *s =3D sev_guest; + + /* + * If this is a first buffer then create outgoing encryption context + * and write our PDH, policy and session data. + */ + if (!sev_check_state(s, SEV_STATE_SEND_UPDATE) && + sev_send_start(s, f, bytes_sent)) { + error_report("Failed to create outgoing context"); + return 1; + } + + return sev_send_update_data(s, f, ptr, sz, bytes_sent); +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 2cd8726eeb..e8d4aec125 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -11,3 +11,6 @@ kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len= ) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %= s data %s" +kvm_sev_send_start(uint64_t pdh, int l1, uint64_t plat, int l2, uint64_t a= md, int l3) "pdh 0x%" PRIx64 " len %d plat 0x%" PRIx64 " len %d amd 0x%" PR= Ix64 " len %d" +kvm_sev_send_update_data(void *src, void *dst, int len) "guest %p trans %p= len %d" +kvm_sev_send_finish(void) "" --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078340; cv=pass; d=zohomail.com; s=zohoarc; b=Zjq2RfrQ1i541cyxZ1hqqU42zhn8X7HsDLZ7lqfsSqRjR3PMQ6qxj6NtDsINnEo10LZGVsx0TYcIy0fne9Gs7nrSoI8iaC2n2vvFNKkTCNOfdB3j1bc1w7ktjnPHDebmY/sSpSHr6XSjcaBsH7uX48NXRwl1XefhfRDkxv/rw28= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078340; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=gi4qn0S1RFoNRfhGi9z8DVODTZoHmTp8KpSpF7oPNLk=; b=Av+jg/uezwpPCvcXj4JA4w3u4ID7XnrW7DAP0XhysofyGZjJwSZurTfPWUUWeOfuFFn67WcJK9UVrD74t46wID3YuysoS2Mrlx5LJlO/Yt9QmVir037p/O9bykehLzVzYra4/G54BOTJhf0TlUW+Ue0PDZUTZq2Gx6krSZZ0OfE= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078340495258.3554764564245; Wed, 4 Aug 2021 04:59:00 -0700 (PDT) Received: from localhost ([::1]:50108 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFY3-0003Rc-Bg for importer@patchew.org; Wed, 04 Aug 2021 07:58:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57434) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFWb-0000eV-96 for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:57:29 -0400 Received: from mail-dm6nam10on2060.outbound.protection.outlook.com ([40.107.93.60]:13249 helo=NAM10-DM6-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFWZ-0002wB-0K for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:57:28 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2542.namprd12.prod.outlook.com (2603:10b6:802:26::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 11:57:21 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:57:21 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0018.namprd11.prod.outlook.com (2603:10b6:806:d3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Wed, 4 Aug 2021 11:57:21 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fAyqvijwYU/bliZCCqC2nnyuBpltuzWx6wTG7LI9ZKGgctM8Napw1dHUIZeDpukRgIgdafqAbcdUzLY9lhb5Wu1Ygp0tVi9fZGXVTFnJmpVL0WXot4g8YKqd9YMAZ9G4awWYLwfGd5eroHxvHBkaDtPEijASwcWbf6meN6JdiiNkParfoONpYHc20ypg8Dpq4FLgIFP/+Eait8+pU+vem7VtjrQEGdQWtrm0b/7Csct49a67LIevn2h4qArAgFW2CPs+67ZfnS5p6m/0HsgOCFhkqRkdnN02hDUaTVf9Oj+NRwhLNvqrrhg2dBMxqXF1SKjid9eXFu01O/fglO0iVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gi4qn0S1RFoNRfhGi9z8DVODTZoHmTp8KpSpF7oPNLk=; b=KZurtxWVGMsjcj3Yr/JJeMnnCiahc7H9FheinPLGP2j2zSg21fgUvd0ujxlcKLdVyqsQltmZzrn1qj1tmQw02T1MqtHSbjdjkM1KqOI1qVmvaq2HeWgPhpyEaSaijyDAU+K+6jr5lmkOd1xnAgSU6RiTTfDvlCqtYzK6Vj1kJorRHdHR91yt02o+y9Up1XVXZ9qzeFx1zvmZgSZgxrUfxA+Fd1nyw1tRdPiX0pQICyAHSyCvmdARxad29F43i/tSGpDYb3lNga7jl5FgVQ0Zq/J5tRDsMc1R8nuiIIsrjDo0EBtlnazGG5iZXHLRtwVG4f5VdKrhoqByt0+CA5mEGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gi4qn0S1RFoNRfhGi9z8DVODTZoHmTp8KpSpF7oPNLk=; b=uBs7oaigooyp06XBzC+a2j3ocxtlF8JXrD+yOwXg6KvFuz00BHECHzfy8OJv6sTJUCpYX/wx2XHTMS2WJEh2IKuCyxOVoEFASkUg+h/KCB5Xr3q8eV9S/4Kjx49yCr3oTukrGqrK/SCG3Q5qdHOzGYWcX4CnhY2VoxLrMRRNkhM= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 08/14] target/i386: sev: add support to load incoming encrypted page Date: Wed, 4 Aug 2021 11:57:10 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA0PR11CA0018.namprd11.prod.outlook.com (2603:10b6:806:d3::23) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c99adf0f-a265-4645-b87e-08d9573f0433 X-MS-TrafficTypeDiagnostic: SN1PR12MB2542: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1186; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ybxzwcccssDLtYwpAifWMxmHyITVXha0D9Er2If8ulU4EdreH9VSnOZ4ZuBJjpmuzCCc9RArjGVldRNtDAqu/fFsY4VJFqlGh+HVIU5gYvkbLo/daqiwjjihiZmFigm4jYW1S/qhu7aX9OE+e0jFceL2ZEwWNsXDQwE9V9/zo+IJnJSDWiTVPDTGGz/kxYHLm5KjqovxEJFM5ia2iIa7ElSq9SXa41uJ5szy1su6SjaDhop9DEzQJjcSsLqvGJv4oBpzxzHY4qQKWxJe/6r+Ig7hoJ4G6H570/0qjc4XkBo1T/CecaCZZVA/nhQ0AEiIIKl9IbBeVWYYZ3+wimbrngzkZmomLsnLY++xHXyxc0zS6CRYjV7R5t5Xam0iW5jEApUVwQrAnf9Mxg2mAAErViy/HlVvuk5EJtegkeUVYfQOyAzK0IrmuIp1lzYRhdry1fUr+YiXJ4AGiSyWSIKfZ52u8O5ClPgnOmpaGZ03uQ8xHe1ypplMAC7s+KP27nGO+VPC/jX3afpCjVG8TtDmkwJOXXflCmDIwAox3Z/NkDWl6p1WqhEY3h3LnfRGzPFOKSMQoIrbF2wlarRje6rNd9uJevetvHMxJThuJGR0Uxdi5somFYlQUTKCNe5F/f0mtA5ARpEsIZ8ULC+ZxJebwp/Tz8IgcWPDXWahtaJ64ygo8Ks0Ob0ENPRXDR/WvCWbrFn2s51a+KB1saE3Pkcdrw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(39850400004)(366004)(4326008)(83380400001)(66946007)(316002)(2906002)(2616005)(956004)(36756003)(86362001)(6666004)(8936002)(38350700002)(26005)(6916009)(38100700002)(478600001)(5660300002)(8676002)(6486002)(66476007)(66556008)(186003)(7696005)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?WPlYSXCRFu4Lx0xz/QH19ZkiZ3bz5kvrrCrEuIfntv8lhWIzr3xtd7iMxsgI?= =?us-ascii?Q?zV0G85QoAZf50iUTCqD2jf8YB2pbcA4qJYYKxAn4oJa8blTcLyen/dtV4HSs?= =?us-ascii?Q?HDbpkd9CNz2iy2ImFkr2u5aaa/woJEwBVo2g480Q9vWxTgkVmopHVmPQYXPh?= =?us-ascii?Q?rypPXOF3Szy5TayGERdmEZ1GW7Rj3rtAsDuyTCATrdy1dZavgqLO3sB1MOSP?= =?us-ascii?Q?MChEYxDQ7tTkOn9NrW4Yrek5E0OnHGzqxswQ+FH+RC5s3Pe45YilOYjY8gbM?= =?us-ascii?Q?Zx8iFWW+JjHSfxuonIqJAcOlPt03MCBjQWjaFg4fw0ygKnYy+MBedytJ17hy?= =?us-ascii?Q?CK1RHrdrFpN3d40ok0EU3OrYq6rll3wxXYudOAoDUHaaWxtrX3azQQiA1FUA?= =?us-ascii?Q?931+f5MRjGyh4Q+olhNaMHZmIlodq7mD9XNSdhJTGovIkI6fHU/H3nRRtoYf?= =?us-ascii?Q?lFoXSbVWKUiAj1VKn2ZqWzpGMftSfsgDm0ziuRfHA+0bGsY9aul3setB+e6+?= =?us-ascii?Q?XoViUQ5KwIkJd6zjHf7AsaK+kcaNGngZL+/VcFbvKn37gkraD6rJIY9vDW1C?= =?us-ascii?Q?VFsX2JlVMFIynxupc/vKTNHg46Beuuk6xKylfW4Wy8dm4a2PrkGZnMh26eod?= =?us-ascii?Q?9zEFia/uKxyA9/If2x0zVQ9PgbPMv+OnpunqGSPiZMFrQ9kb3RXmAxiz4ERd?= =?us-ascii?Q?sveLej1IDw6MRL6yCWxlaBVSIhqON1AZzXDRVsoxbrxuIoJ/8QmrZsoIeBvH?= =?us-ascii?Q?rVtr2bvr9/5w/TlCFKBFpohflRIteoRESLYi8x8skMzBWOVRkoQleEadU57n?= =?us-ascii?Q?5P5DEZqUtaZawx7HEr6a95qQ3+K7sh5x0QML186jR9fUR4/XV7ADSbVM2TA7?= =?us-ascii?Q?q1qSwuMA3lBRSboPGLv+69YVXm3YNWxQkxA+KYhLBScROw81f+t2DFow6t1Q?= =?us-ascii?Q?iTNbCqfi9grH6pvYhbhVcb/9/h7vdYzhWhhf79BFtICvH2cKLVKiFkqRrk/j?= =?us-ascii?Q?v3wOyjL65aSrLp9gFEv+2pR24RA1E4jrz16Ogqu3UWd9zswWN7rspv30Sp9i?= =?us-ascii?Q?kCiW6LbMuPYGckgCtspBI721+ub+mrZJXJWbmdLZNFc+l9bMnQhbkxZezacl?= =?us-ascii?Q?lYtlXC5ylDd+Cp4jqSl82CFGHBeSadoXnB/EizHWXXT8KsnDa4T4lN0l4eHX?= =?us-ascii?Q?gg1P1trkVwvdc39XHifHiP1s5TGR445DNWAug8fBBhRhHnyLiQ/uK5onIgRX?= =?us-ascii?Q?csmWHtPQOJ+nRqODtxcSg+mPOWtqDYW3srqCPI3BHmAs2dAmBEk5AomFgHSY?= =?us-ascii?Q?msjAt0v1pZs+/YNwh40KWEBc?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c99adf0f-a265-4645-b87e-08d9573f0433 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:57:21.6209 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Mzv0KeU3YQ7uFWM5QXDsZfvqYjvMRsW4VgSsSa9h5Ve9ZuwO3or4Aw0psd/3zGfycnOMIxldh6csffKBXyG3WA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2542 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.93.60; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-DM6-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078342452100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh The sev_load_incoming_page() provide the implementation to read the incoming guest private pages from the socket and load it into the guest memory. The routines uses the RECEIVE_START command to create the incoming encryption context on the first call then uses the RECEIEVE_UPDATE_DATA command to load the encrypted pages into the guest memory. After migration is completed, we issue the RECEIVE_FINISH command to transition the SEV guest to the runnable state so that it can be executed. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- include/sysemu/sev.h | 1 + target/i386/sev.c | 137 ++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 3 + 3 files changed, 140 insertions(+), 1 deletion(-) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index aa6b91a53e..faa02bdd3d 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -23,6 +23,7 @@ int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error *= *errp); int sev_save_setup(MigrationParameters *p); int sev_save_outgoing_page(QEMUFile *f, uint8_t *ptr, uint32_t size, uint64_t *bytes_sent); +int sev_load_incoming_page(QEMUFile *f, uint8_t *ptr); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); =20 diff --git a/target/i386/sev.c b/target/i386/sev.c index 411bd657e8..1901c9ade4 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -132,6 +132,7 @@ static const char *const sev_fw_errlist[] =3D { static struct ConfidentialGuestMemoryEncryptionOps sev_memory_encryption_o= ps =3D { .save_setup =3D sev_save_setup, .save_outgoing_page =3D sev_save_outgoing_page, + .load_incoming_page =3D sev_load_incoming_page, }; =20 static int @@ -778,13 +779,33 @@ sev_launch_finish(SevGuestState *sev) } } =20 +static int +sev_receive_finish(SevGuestState *s) +{ + int error, ret =3D 1; + + trace_kvm_sev_receive_finish(); + ret =3D sev_ioctl(s->sev_fd, KVM_SEV_RECEIVE_FINISH, 0, &error); + if (ret) { + error_report("%s: RECEIVE_FINISH ret=3D%d fw_error=3D%d '%s'", + __func__, ret, error, fw_error_to_str(error)); + goto err; + } + + sev_set_guest_state(s, SEV_STATE_RUNNING); +err: + return ret; +} + static void sev_vm_state_change(void *opaque, bool running, RunState state) { SevGuestState *sev =3D opaque; =20 if (running) { - if (!sev_check_state(sev, SEV_STATE_RUNNING)) { + if (sev_check_state(sev, SEV_STATE_RECEIVE_UPDATE)) { + sev_receive_finish(sev); + } else if (!sev_check_state(sev, SEV_STATE_RUNNING)) { sev_launch_finish(sev); } } @@ -1364,6 +1385,120 @@ int sev_save_outgoing_page(QEMUFile *f, uint8_t *pt= r, return sev_send_update_data(s, f, ptr, sz, bytes_sent); } =20 +static int +sev_receive_start(SevGuestState *sev, QEMUFile *f) +{ + int ret =3D 1; + int fw_error; + struct kvm_sev_receive_start start =3D { }; + gchar *session =3D NULL, *pdh_cert =3D NULL; + + /* get SEV guest handle */ + start.handle =3D object_property_get_int(OBJECT(sev), "handle", + &error_abort); + + /* get the source policy */ + start.policy =3D qemu_get_be32(f); + + /* get source PDH key */ + start.pdh_len =3D qemu_get_be32(f); + if (!check_blob_length(start.pdh_len)) { + return 1; + } + + pdh_cert =3D g_new(gchar, start.pdh_len); + qemu_get_buffer(f, (uint8_t *)pdh_cert, start.pdh_len); + start.pdh_uaddr =3D (uintptr_t)pdh_cert; + + /* get source session data */ + start.session_len =3D qemu_get_be32(f); + if (!check_blob_length(start.session_len)) { + return 1; + } + session =3D g_new(gchar, start.session_len); + qemu_get_buffer(f, (uint8_t *)session, start.session_len); + start.session_uaddr =3D (uintptr_t)session; + + trace_kvm_sev_receive_start(start.policy, session, pdh_cert); + + ret =3D sev_ioctl(sev_guest->sev_fd, KVM_SEV_RECEIVE_START, + &start, &fw_error); + if (ret < 0) { + error_report("Error RECEIVE_START ret=3D%d fw_error=3D%d '%s'", + ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } + + object_property_set_int(OBJECT(sev), "handle", start.handle, &error_ab= ort); + sev_set_guest_state(sev, SEV_STATE_RECEIVE_UPDATE); +err: + g_free(session); + g_free(pdh_cert); + + return ret; +} + +static int sev_receive_update_data(QEMUFile *f, uint8_t *ptr) +{ + int ret =3D 1, fw_error =3D 0; + gchar *hdr =3D NULL, *trans =3D NULL; + struct kvm_sev_receive_update_data update =3D {}; + + /* get packet header */ + update.hdr_len =3D qemu_get_be32(f); + if (!check_blob_length(update.hdr_len)) { + return 1; + } + + hdr =3D g_new(gchar, update.hdr_len); + qemu_get_buffer(f, (uint8_t *)hdr, update.hdr_len); + update.hdr_uaddr =3D (uintptr_t)hdr; + + /* get transport buffer */ + update.trans_len =3D qemu_get_be32(f); + if (!check_blob_length(update.trans_len)) { + goto err; + } + + trans =3D g_new(gchar, update.trans_len); + update.trans_uaddr =3D (uintptr_t)trans; + qemu_get_buffer(f, (uint8_t *)update.trans_uaddr, update.trans_len); + + update.guest_uaddr =3D (uintptr_t) ptr; + update.guest_len =3D update.trans_len; + + trace_kvm_sev_receive_update_data(trans, ptr, update.guest_len, + hdr, update.hdr_len); + + ret =3D sev_ioctl(sev_guest->sev_fd, KVM_SEV_RECEIVE_UPDATE_DATA, + &update, &fw_error); + if (ret) { + error_report("Error RECEIVE_UPDATE_DATA ret=3D%d fw_error=3D%d '%s= '", + ret, fw_error, fw_error_to_str(fw_error)); + goto err; + } +err: + g_free(trans); + g_free(hdr); + return ret; +} + +int sev_load_incoming_page(QEMUFile *f, uint8_t *ptr) +{ + SevGuestState *s =3D sev_guest; + + /* + * If this is first buffer and SEV is not in recieiving state then + * use RECEIVE_START command to create a encryption context. + */ + if (!sev_check_state(s, SEV_STATE_RECEIVE_UPDATE) && + sev_receive_start(s, f)) { + return 1; + } + + return sev_receive_update_data(f, ptr); +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index e8d4aec125..475de65ad4 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -14,3 +14,6 @@ kvm_sev_attestation_report(const char *mnonce, const char= *data) "mnonce %s data kvm_sev_send_start(uint64_t pdh, int l1, uint64_t plat, int l2, uint64_t a= md, int l3) "pdh 0x%" PRIx64 " len %d plat 0x%" PRIx64 " len %d amd 0x%" PR= Ix64 " len %d" kvm_sev_send_update_data(void *src, void *dst, int len) "guest %p trans %p= len %d" kvm_sev_send_finish(void) "" +kvm_sev_receive_start(int policy, void *session, void *pdh) "policy 0x%x s= ession %p pdh %p" +kvm_sev_receive_update_data(void *src, void *dst, int len, void *hdr, int = hdr_len) "guest %p trans %p len %d hdr %p hdr_len %d" +kvm_sev_receive_finish(void) "" --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078652; cv=pass; d=zohomail.com; s=zohoarc; b=YUr5deJnMgV+BtzNa2hsoMEH2wH5KlYZKLL3gLVNkLim1Igc9fR4tF/veHcTxIkTxCSOJ/KJh7qomIsKOe+ufvRmfkOG6e5h4O9iNJzOzi7jYEdeC/AlLPdS/dVkGt05ahm/TrZryZp5iKBkbT1ZkYi034mYstRl6vb51FW9JVY= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078652; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=JBLqTZkt7c/MBZ5ZZHPHBil2PPFjkRkDTTwbAfQFEVU=; b=X04AZRg0eICYWWstdawgaf0gjy8NDfWnpdVIzCf6eTBp9El1n6M/HFbeWWpppo/35xbM5Ls3q/VrVFIGfGKM65dYxRCM1lNLm+h/lBxFG+YVki701768bPtirbCEPp953kGSt30B7eeA/B4j13Y9SPZHpTaXWZcdmzyajHOfXt4= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 162807865200341.82772056949159; Wed, 4 Aug 2021 05:04:12 -0700 (PDT) Received: from localhost ([::1]:36522 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFd4-0004yp-NF for importer@patchew.org; Wed, 04 Aug 2021 08:04:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57598) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFWv-0001rV-OA for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:57:49 -0400 Received: from mail-bn1nam07on2081.outbound.protection.outlook.com ([40.107.212.81]:10990 helo=NAM02-BN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFWt-00036X-8V for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:57:49 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2542.namprd12.prod.outlook.com (2603:10b6:802:26::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 11:57:44 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:57:44 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0163.namprd11.prod.outlook.com (2603:10b6:806:1bb::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.16 via Frontend Transport; Wed, 4 Aug 2021 11:57:43 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XQYxUPlb6jqGs4zQxiOK1LB6btNHsqoTwH3bjmJCAUOnJaQDhPVDpAmUlsuwo7DjAFocjKE1rc4AjnYkvPVoCqjTx52aPmfrOh8wOY+BEthqgHgaZy1q2XCfjbWinFtAUQQWc2TB2TzUugTuXxx/bLQO7I4RiP3AJMvuVv9ejeaItxL2AB6Z9hzGK+xWyfHRES8Bcip4CHkICzbAulund+jeufwmbnFCQdsjJn9hx2oLuZQrqe9Ok0oLlPEX9dOybhmQs4ngj72LL8AyzpY1bWT7QiOAe2J/LeeFNX4JKbkZw1OYqq6Rgqr2dy1vFkWqwOByAF7Os7SG8OCO/Kb8bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JBLqTZkt7c/MBZ5ZZHPHBil2PPFjkRkDTTwbAfQFEVU=; b=JT1ZStGAJ6GDCHVKIxPsLTuxcsON1vSdYi8v3FIbxofgt/MSUh1hSjD6kVCg5GPWe+PcYhvaWPXXJZe4gbggVM2G26ZnCPPE4SE9Ihb4vdtMLrFVxXvge9d59N/XkAnEkgkidUT6aqOFGwM24pTfzESR/yTTc0sn8uEBlnrojmYaLJsD0ds2dqz8TakFzMNCxR5cwpk/gDyGFxom1h1JZrQbTfjPM4jIpkIBkqoU2jPUz+Vq63p85htOAgFl6SZULX8qPMpEg4cjb3cGcL9idSkkiiHro/fh0fRgFon44mkpcYi33wXVEyPgvf379b/3RXnFElHOcitFZI8FxJ7CVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JBLqTZkt7c/MBZ5ZZHPHBil2PPFjkRkDTTwbAfQFEVU=; b=O1m3QSbDqXvGvd5YVUZT+XZnaKoIAeRXsZWG/hdypWdRhtTaE9LDOv99CTO600VqcRXKuaAytj6dVjSgszZ811kAYne8bqIAOyrxcNmLpI3GROYIhLNC5EzDWxjtMSY+UVpH83FHkAUgRRTtia6JKQIrNlwS2cp4bCoQ8SShhR8= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 09/14] kvm: Add support for SEV shared regions list and KVM_EXIT_HYPERCALL. Date: Wed, 4 Aug 2021 11:57:33 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA0PR11CA0163.namprd11.prod.outlook.com (2603:10b6:806:1bb::18) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f06b766e-959e-445e-6aeb-08d9573f11c5 X-MS-TrafficTypeDiagnostic: SN1PR12MB2542: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1265; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fZAmBnr3rdTSNxE4OqT9ozQ2o0xm4zp4RD+ubN9t8giAmUYPEkucOS6P9OwzfQbynMRwrQ9gGROdjrGxBrBqO35Xl9Db6n4Kb27GF5cS++LbSuMiIgs9AsJZO111mc4Es3CzgtMYTPvv9auCdlw2DeFSvYogA6YZ6kqsPBrnSYoeMFogsXXYFs7O+AB0uVrBxQOHB6SRjOwbvvh+Nacv5RKvND1eaRZfhX3PCRGYYyCsYWHlT4tzTtD5gaeCYc8KuWjlaauuLspVdPsdBHeUb0511XO8lMMTAVLXFfucVLmgY3PUysIHhOxylb5B8cHmQMb28j361QlY9456oQ2UknLvh376GKZnAKGKc0NnuJKi676Oh5q+KOuiHcIl6U8mpzdZWXSJaWEER0ulMfH3kVRDY534b9jtTLgZiIb6pgZdFvXnqOAW+7sDvY9LaXEDXdCo2eGv0zGgs3l1P+jWkAiqqvaoKT4XdXSVK1B8tYQSaimgMmlVV4gyCrCoNoqSXX7n/446uzaKxItIfaZVcMXrIDq3sHCuOMGTKaHVOCtHlc8BcFnLIsSCQAAMqndE4KRxBuiI13d8PM/QAVOS0NMInr/isaF41VIiKrueZf2Bv5I0e3SEAYjoYvnjkYe57yFrojtST75UwOYfF0Lo2fAsFSYGiGlQyUMD6fwt8+aCcIqc90yPUu/qBWyo7Orylr56hfkEqXGIA1ufC+1fIw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(39850400004)(366004)(4326008)(83380400001)(66946007)(316002)(2906002)(2616005)(956004)(36756003)(86362001)(6666004)(8936002)(38350700002)(26005)(6916009)(38100700002)(478600001)(5660300002)(8676002)(6486002)(66476007)(66556008)(186003)(7696005)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?TxbB6qoohgjAb6vnlGMjn8CE7k5HPGdEYdhfUi23NM36jlyTZdkN5bdPgwme?= =?us-ascii?Q?/gACK1CBRyF6qjPbiBvIoCfMTyfNgsMu0RarmhqiE0Dx73vhjDCD7D82tPj7?= =?us-ascii?Q?4Ixo3VwJtiwFtMIpDNPqAgaxwiJ5AbvQQRy1sWveJqa1TCqFioSwCVznE++B?= =?us-ascii?Q?XlL13+t4o2oqs1f6J+w02b+ZDwCkijmts6VV2h5OA1Sb3/5XdEPDU/0jsyYB?= =?us-ascii?Q?4j7oJivCuhk/JuF0hYYhoTc08I1x1LKaRjcaJjJRXz5fIiAUIx9YmYCOG850?= =?us-ascii?Q?vBYNGdZuiOCJULSEaiQcG9sBzH+zS9RLCM1poaJlLheAdv5s82wKN07WBC42?= =?us-ascii?Q?xlfGL4lpgO2Rkf4IwOBWxflmc1hkMroaDG4IZrZyzphv+Goz/uYxzU9ayvTZ?= =?us-ascii?Q?5dJIkqekuxHA43DtVLHqt0LV/cM5eLUfIcZgnYEV0xuECnO+9o52UBJAfzk+?= =?us-ascii?Q?SQuZm/oaA08D3dTOFaxg9w/Qx+7WzloEGYImZMhuwpuM70oDMzQVLXYu/8kJ?= =?us-ascii?Q?zVtnwC9xwLlxYctBls2LSrVwvhKRlL8txpLEIpzQLuCIEO8aYahocmTIZruf?= =?us-ascii?Q?xIZmW5bZ/WAbIkr38jVPkDap9DPZwXASxpSdXM/MiXd4x/6U2PY4ycWecSiN?= =?us-ascii?Q?rRQo1ep4rWNpgXtpoPprvnAG8lf4ZLaYZZpxbHYcaY0lQow8OPC4adLln9+X?= =?us-ascii?Q?gnY8SIUJt1Bj8WnozmdmKUfaGsbwXsYfCjT/8Exj7j1C4PvlewAKCMPyMzPl?= =?us-ascii?Q?O01I+PrSItD6v7SDrTRWgZiyiZEfOJGzHFqaS/vLB7jHz3StyVTwKsOJq0vB?= =?us-ascii?Q?bjFrOXHiRUodyvT7jl1AcDR+VD21bldjP7e0lU2vTYvKCnv8aeGBheeclObm?= =?us-ascii?Q?nmzBwROFtkq3LsMt84BZMmf9aQ8I7mz7DnkRuzZnuK33NKs0n68uECRg7iku?= =?us-ascii?Q?R8/Wxp49yahZECgeJQGqcShFqws5YdJtSq51j1uDVQTzCFvm41xbyPgU3ImA?= =?us-ascii?Q?flaHLsB/z9d+Metu2J/bCS3BuYutvRUPuBGCFMspR8tUYCoZY2PhiRaOPvDI?= =?us-ascii?Q?OmwtVLj+k3C6V8f99wpHyhfARpqx2RVpz0lK+ykE0SXfNBzPctnSDs7rIB89?= =?us-ascii?Q?BZglUNZisSqZeFEMsBUC7p4vJQhC6trCxn1A4hGWCqf1dFicA3hBskglpAgO?= =?us-ascii?Q?F/C04a1M/h/u+smpCzzkVHkEoqFS/CTD43rE5wuaYOXm2aEF6ISd6EFi+AiL?= =?us-ascii?Q?0QwF02VPNnyVptxH8Ek7+bKYoqDQXA/ImLPBby6NjMjlPQTeDo0pZOjaOwGV?= =?us-ascii?Q?OO5VhPpzhSz+pk4xEDAkXBfk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f06b766e-959e-445e-6aeb-08d9573f11c5 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:57:44.3661 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ELTrp7KBriLSqq7fH3m/e1buUMZdz4ENJZ0EPl1sv+RebE0CYiqIg1A9j6Ccz1ZHaWRj8drUrNwWRlZDfGkiYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2542 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.212.81; envelope-from=Ashish.Kalra@amd.com; helo=NAM02-BN1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078652491100003 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra KVM_HC_MAP_GPA_RANGE hypercall is used by the SEV guest to notify a change in the page encryption status to the hypervisor. The hypercall should be invoked only when the encryption attribute is changed from encrypted -> decrypted and vice versa. By default all guest pages are considered encrypted. The hypercall exits to userspace with KVM_EXIT_HYPERCALL exit code, currently this is used only by SEV guests for guest page encryptiion status tracking. Add support to handle this exit and invoke SEV shared regions list handlers. Add support for SEV guest shared regions and implementation of the SEV shared regions list. Signed-off-by: Ashish Kalra --- include/sysemu/sev.h | 3 ++ linux-headers/linux/kvm.h | 3 ++ target/i386/kvm/kvm.c | 46 +++++++++++++++++ target/i386/sev.c | 105 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 157 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index faa02bdd3d..3b913518c0 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -29,5 +29,8 @@ int sev_inject_launch_secret(const char *hdr, const char = *secret, =20 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); void sev_es_set_reset_vector(CPUState *cpu); +int sev_remove_shared_regions_list(unsigned long gfn_start, + unsigned long gfn_end); +int sev_add_shared_regions_list(unsigned long gfn_start, unsigned long gfn= _end); =20 #endif diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index bcaf66cc4d..78874f4d43 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -343,6 +343,7 @@ struct kvm_run { } mmio; /* KVM_EXIT_HYPERCALL */ struct { +#define KVM_HC_MAP_GPA_RANGE 12 __u64 nr; __u64 args[6]; __u64 ret; @@ -1113,6 +1114,8 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_EXIT_ON_EMULATION_FAILURE 204 #define KVM_CAP_ARM_MTE 205 =20 +#define KVM_EXIT_HYPERCALL_VALID_MASK (1 << KVM_HC_MAP_GPA_RANGE) + #ifdef KVM_CAP_IRQ_ROUTING =20 struct kvm_irq_routing_irqchip { diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index e69abe48e3..303722e06f 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -125,6 +125,7 @@ static int has_xsave; static int has_xcrs; static int has_pit_state2; static int has_exception_payload; +static int has_map_gpa_range; =20 static bool has_msr_mcg_ext_ctl; =20 @@ -1916,6 +1917,15 @@ int kvm_arch_init_vcpu(CPUState *cs) c->eax =3D MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10); } =20 + if (sev_enabled()) { + c =3D cpuid_find_entry(&cpuid_data.cpuid, + KVM_CPUID_FEATURES | kvm_base, 0); + c->eax |=3D (1 << KVM_FEATURE_MIGRATION_CONTROL); + if (has_map_gpa_range) { + c->eax |=3D (1 << KVM_FEATURE_HC_MAP_GPA_RANGE); + } + } + cpuid_data.cpuid.nent =3D cpuid_i; =20 cpuid_data.cpuid.padding =3D 0; @@ -2277,6 +2287,17 @@ int kvm_arch_init(MachineState *ms, KVMState *s) } } =20 + has_map_gpa_range =3D kvm_check_extension(s, KVM_CAP_EXIT_HYPERCALL); + if (has_map_gpa_range) { + ret =3D kvm_vm_enable_cap(s, KVM_CAP_EXIT_HYPERCALL, 0, + KVM_EXIT_HYPERCALL_VALID_MASK); + if (ret < 0) { + error_report("kvm: Failed to enable MAP_GPA_RANGE cap: %s", + strerror(-ret)); + return ret; + } + } + ret =3D kvm_get_supported_msrs(s); if (ret < 0) { return ret; @@ -4429,6 +4450,28 @@ static int kvm_handle_tpr_access(X86CPU *cpu) return 1; } =20 +static int kvm_handle_exit_hypercall(X86CPU *cpu, struct kvm_run *run) +{ + /* + * Currently this exit is only used by SEV guests for + * guest page encryption status tracking. + */ + if (run->hypercall.nr =3D=3D KVM_HC_MAP_GPA_RANGE) { + unsigned long enc =3D run->hypercall.args[2]; + unsigned long gpa =3D run->hypercall.args[0]; + unsigned long npages =3D run->hypercall.args[1]; + unsigned long gfn_start =3D gpa >> TARGET_PAGE_BITS; + unsigned long gfn_end =3D gfn_start + npages; + + if (enc) { + sev_remove_shared_regions_list(gfn_start, gfn_end); + } else { + sev_add_shared_regions_list(gfn_start, gfn_end); + } + } + return 0; +} + int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *= bp) { static const uint8_t int3 =3D 0xcc; @@ -4690,6 +4733,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run= *run) /* already handled in kvm_arch_post_run */ ret =3D 0; break; + case KVM_EXIT_HYPERCALL: + ret =3D kvm_handle_exit_hypercall(cpu, run); + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret =3D -1; diff --git a/target/i386/sev.c b/target/i386/sev.c index 1901c9ade4..6d44b7ad21 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -40,6 +40,10 @@ #define TYPE_SEV_GUEST "sev-guest" OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) =20 +struct shared_region { + unsigned long gfn_start, gfn_end; + QTAILQ_ENTRY(shared_region) list; +}; =20 /** * SevGuestState: @@ -83,6 +87,8 @@ struct SevGuestState { uint32_t reset_cs; uint32_t reset_ip; bool reset_data_valid; + + QTAILQ_HEAD(, shared_region) shared_regions_list; }; =20 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ @@ -996,6 +1002,7 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error = **errp) add_migration_state_change_notifier(&sev_migration_state_notify); =20 cgs_class->memory_encryption_ops =3D &sev_memory_encryption_ops; + QTAILQ_INIT(&sev->shared_regions_list); =20 cgs->ready =3D true; =20 @@ -1499,6 +1506,104 @@ int sev_load_incoming_page(QEMUFile *f, uint8_t *pt= r) return sev_receive_update_data(f, ptr); } =20 +int sev_remove_shared_regions_list(unsigned long start, unsigned long end) +{ + SevGuestState *s =3D sev_guest; + struct shared_region *pos; + + QTAILQ_FOREACH(pos, &s->shared_regions_list, list) { + unsigned long l, r; + unsigned long curr_gfn_end =3D pos->gfn_end; + + /* + * Find if any intersection exists ? + * left bound for intersecting segment + */ + l =3D MAX(start, pos->gfn_start); + /* right bound for intersecting segment */ + r =3D MIN(end, pos->gfn_end); + if (l <=3D r) { + if (pos->gfn_start =3D=3D l && pos->gfn_end =3D=3D r) { + QTAILQ_REMOVE(&s->shared_regions_list, pos, list); + } else if (l =3D=3D pos->gfn_start) { + pos->gfn_start =3D r; + } else if (r =3D=3D pos->gfn_end) { + pos->gfn_end =3D l; + } else { + /* Do a de-merge -- split linked list nodes */ + struct shared_region *shrd_region; + + pos->gfn_end =3D l; + shrd_region =3D g_malloc0(sizeof(*shrd_region)); + if (!shrd_region) { + return 0; + } + shrd_region->gfn_start =3D r; + shrd_region->gfn_end =3D curr_gfn_end; + QTAILQ_INSERT_AFTER(&s->shared_regions_list, pos, + shrd_region, list); + } + } + if (end <=3D curr_gfn_end) { + break; + } + } + return 0; +} + +int sev_add_shared_regions_list(unsigned long start, unsigned long end) +{ + struct shared_region *shrd_region; + struct shared_region *pos; + SevGuestState *s =3D sev_guest; + + if (QTAILQ_EMPTY(&s->shared_regions_list)) { + shrd_region =3D g_malloc0(sizeof(*shrd_region)); + if (!shrd_region) { + return -1; + } + shrd_region->gfn_start =3D start; + shrd_region->gfn_end =3D end; + QTAILQ_INSERT_TAIL(&s->shared_regions_list, shrd_region, list); + return 0; + } + + /* + * shared regions list is a sorted list in ascending order + * of guest PA's and also merges consecutive range of guest PA's + */ + QTAILQ_FOREACH(pos, &s->shared_regions_list, list) { + /* handle duplicate overlapping regions */ + if (start >=3D pos->gfn_start && end <=3D pos->gfn_end) { + return 0; + } + if (pos->gfn_end < start) { + continue; + } + /* merge consecutive guest PA(s) -- forward merge */ + if (pos->gfn_start <=3D start && pos->gfn_end >=3D start) { + pos->gfn_end =3D end; + return 0; + } + break; + } + /* + * Add a new node + */ + shrd_region =3D g_malloc0(sizeof(*shrd_region)); + if (!shrd_region) { + return -1; + } + shrd_region->gfn_start =3D start; + shrd_region->gfn_end =3D end; + if (pos) { + QTAILQ_INSERT_BEFORE(pos, shrd_region, list); + } else { + QTAILQ_INSERT_TAIL(&s->shared_regions_list, shrd_region, list); + } + return 1; +} + static void sev_register_types(void) { --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078608; cv=pass; d=zohomail.com; s=zohoarc; b=EoKie97WjMWd6dip4LJpXQUpshrxaN5FFkkFjCWZo4upZ21kcIN9eemLtmh33ImRTuXcBChh5+P61InThWkDSyjF4KNBdMticwAt3Cq60/Y/siFNvBSD7rD5IU/zraHXBeYJRs+yi9PdkNvnE7MzM5C6fdXwa3cLJY/5QABN79E= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078608; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=cQkXQR33rvAkPOce5W2DQeDRhjdlYpZtX+cCtep9zmU=; b=mvce00eGn4eTqOvLqUH2YfFR1Mi1gykwrkaW2JvHyUw59hYEkNSuHeGIngP03+wmuD9yA0zJ6uYRiLNiQA1PPBu8JkOvX2ek77a9YMSO7wbSjOPgbqOfbyoOYUp3NUnkwVglTKSTv5KFOD1sTcEaqRsw/j6/A2PFes3uuhN9iWc= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078608141810.4150417435776; Wed, 4 Aug 2021 05:03:28 -0700 (PDT) Received: from localhost ([::1]:34636 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFcM-0003hp-Et for importer@patchew.org; Wed, 04 Aug 2021 08:03:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57680) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFXH-0002oU-FJ for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:58:11 -0400 Received: from mail-bn1nam07on2088.outbound.protection.outlook.com ([40.107.212.88]:25757 helo=NAM02-BN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFXF-0003IL-If for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:58:11 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2542.namprd12.prod.outlook.com (2603:10b6:802:26::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 11:58:06 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:58:06 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0160.namprd13.prod.outlook.com (2603:10b6:806:28::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.8 via Frontend Transport; Wed, 4 Aug 2021 11:58:05 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VuuW3ITzyghFynVIgUaDHol9jzuM6yRCLkX5nmJWMOFVDI8RYSowdHLxxNQoN3H87heTS+yb8d25wfPdbSozNRd1JkiM5C9uZYarTFgrI8cAv8g8unqYqwo1aEDhHRUdNJwNCoYvjmDpTclGYM058qMOzpIv0wK/ZmtsIXDiweJzUAtGvtPKQ49DxLDzL54hlFK9eHAc62HQHBoC1nplBXS94cM1FinAEh16VzxdLfAv7YM1wcW87GFtEJ8zERK6t1XaA3CDHWnSjcZs/qSn8uMwa9hN0QuOQlF0bbkvaZLwRDT8itLXLtlfHtcmJObxxgVeRu+afEkhuqSrVWrheg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cQkXQR33rvAkPOce5W2DQeDRhjdlYpZtX+cCtep9zmU=; b=cQcldLTI5UWXpcwVj+UT+jaT+CnuoAsfBzlcVYVbMdw1IJB7Izvda2Cg7sfPoHooPM+tP4eRpqKFca3qx+EDyZHXDIBUPQ/S0DaslKh1dyntX+70gQ73sZkHz9IzbN5SVid2WdQj4EpAt7syi8z3sUBtz59FieSsfMgg+O1aBPfF9W+fo0HsBEZw23ALZz2hDexKFM5AgJgoOeF1CLwMDaeHTr1ukw2yVKvex/Rl8Msvcp7VgADbUlQ/f23vg8JOiRewRduttH0oJRAjcN4wdr7ML8E2lKUELqRp+2mcqtPON4NhS0kCBylXUJ3QqLW9gqAWamACcfgPKLsZtpEE9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cQkXQR33rvAkPOce5W2DQeDRhjdlYpZtX+cCtep9zmU=; b=S1wSGeHzEjyo2N4XeINTriJHiUMFwTkEg7X6qs87b53JJ7RbdRjuuHazd/C3iF9eFHYXZGVVoEWX8BSqxZXZMM8YY1ef1SEdIz3MAvQiZ9LsHpIFXUdj79K21KbV1+YcLGX3fh6icXm9YCADbgC7aTjUC/NmYVGJJnvBfUL/fZc= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 10/14] migration: add support to migrate shared regions list Date: Wed, 4 Aug 2021 11:57:55 +0000 Message-Id: <9236f522e48b67fe7136de7620276f7dc193be37.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA9PR13CA0160.namprd13.prod.outlook.com (2603:10b6:806:28::15) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b3ff111b-16ad-412e-6e8d-08d9573f1ea7 X-MS-TrafficTypeDiagnostic: SN1PR12MB2542: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:972; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /KwNUuftsnHBZQcIsp8fMFglWdmj+3S6YPCyrUegIAB1gQHuJ7JSHPWAq+joLowfFc2CXtDATQQepGvpNLVuaYIfLgusLNfYyOyrRV3diy89Uz4sEFBWYdAYhWLpEppY5/J6dtOe0F3khBHXOxlEu/YHsaUFg5wpyU1OUHXTiRtU/pfUO+OoDweH8C7WzBA8rYCzQ6KYt/RwGF1aEoz5h5xWrg5yI99mftMZlMARcsMhplxMPwTdUYWmKEs9P6FOFUuPv2fc/Wg5ErAAX0XQYTl5B1v2rIypYec8jQIffpXhmEKySwxLumNnCsO3B/gzJnHwNGBhCIXhqUvmjJ1gFsZNm106VQ393BdqBZgHmn9R1izMu/i0c8yIVVqAdZwekU/CDOQRpj0C8cgeqin2QyWisssuOk2ZY2aWIR4WW3VaExssaN3k2uMCWFk8lDwthXM0GxknR/eAq5nF9csRdDdVU9CwI8jiLCucJiCfeykCxDvPRh+XH9K4Xbquhkrclk5qng7OnG5ixUYs26kyzMN4rMAk0/0sI9TGBaV4x6XNPsxuYW1DznI4ApXpR37CJvnzH5ipqAnjAeKIBlCF/sA/xiOCpnl4j0G/iGh7r/kcei6cqBuEestMnRRuKDBtQhWoVtgzCZDzys2KnKCV4j5HQDm4nQa0XX5DI+xDI9XJl+CX73xFS5oocUZKVhGhnI2CBhsW1QOu42Z7EA6yRg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(39850400004)(366004)(4326008)(66946007)(316002)(2906002)(2616005)(956004)(36756003)(86362001)(6666004)(8936002)(38350700002)(26005)(6916009)(38100700002)(478600001)(5660300002)(8676002)(6486002)(66476007)(66556008)(186003)(7696005)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Ue+nvJeNcsAjtwQmSDzvwCCwEqzwqFQFLgTfHLv165Ai9QsDBWzEcU3FhheV?= =?us-ascii?Q?QSmjRCpasqaejTSj6jO8snjGrl6R5WUM8Xd0db/Q8upW1EsDEyPSnnFfLYGc?= =?us-ascii?Q?JANS/Ao9YU81Ks+y1SD1quq2LMreAINwCKYc6FsHtn48U7BoFhNUPc3kMkiq?= =?us-ascii?Q?c62P5cbv/vSJ2Mm3dZM3nOiIKd3YM+ATv4yuonOPyA7K8Hf4D4kmNAjPQDs8?= =?us-ascii?Q?XHZz6+1OkMIaHKUjVfObLEw/0wDChEaKD5wYCvaldSIyFLce8XW0/6k/TdY4?= =?us-ascii?Q?lqUO5uKWXRnuVtQmmZNiUczNF4ukvTGPP5NQUQVLh/wkNOANr5OHCXzhY72+?= =?us-ascii?Q?lxwwG2ZsGDZ+FWnPy8ly+QB4EPEDoCNrtKZYcddAjIzLaANsvOu4Lh2V0301?= =?us-ascii?Q?jQJz2ftiIn9NfLr8gUgAfGAZpcn5pMrfuIL7Qv/FUnTu0gdQ/vdxnOQvdp5j?= =?us-ascii?Q?IPEs2YlKXf/h7gWd/iMGehi2wksuhNdv3lHbUciOIywgYC4ouVPEQDDEt2Bj?= =?us-ascii?Q?fWgbVyFNLZIZahAoeepJNU94tRjq+pd/5CZtCio0H1vgyxzg8giTw51fnJxN?= =?us-ascii?Q?9dYfL3wmJd4TQgu230s0HW0DYAn7e+R6LfYUjXYgwRP5Gr7NL5+C98sZWd7O?= =?us-ascii?Q?Oyi/o7ImmQc/BSFhCm/bh8RMT/r/9r4eu+qv+1j2djnwDLTpSIKyMv1eq/K9?= =?us-ascii?Q?oP5LN+IX5ww4RjCg2WZDsxpHsY9ZwNznxuXsxmUcqMJupM8ihlh4GwrtxAdU?= =?us-ascii?Q?gW++igZel5WnAOoCw71UCzjGLoXft1KOScH0Yb1TWwEPCARgKSTTZ50i2586?= =?us-ascii?Q?2BLb1VJ/pctqxHsABljO/8YYItKXdGb3Z5FFq098YqvjrwQzmn9OzViDbuN4?= =?us-ascii?Q?EOZgvZ3kkbsaMClP+c3I9VOVVUpH4zziWwRux0FPfTxS7CVQNd+8sazGJgwh?= =?us-ascii?Q?FMFwA2YkWAdUBzAOtu/sJVwukIPh3fy8KibJnOExJn/T+BJm+52qI2ajKHVl?= =?us-ascii?Q?Ff2uWkrnshTZLtTXF//iojF+L9Ue4nwkKRvWXyErNEPUF7nMz611DWomjfrv?= =?us-ascii?Q?JxcagR1CCYjqXLusZqwzXN68sPR0NrU3d3U7UoXyXPqujRodmiuJ/eFvvEbp?= =?us-ascii?Q?mjtPATtYkvF71oi5VeMfOed4inrVyEHKt58jq3IbpWwkB3vIjTI95wWl67fd?= =?us-ascii?Q?Kmm1IRnug0HEIZeakAf4KstkJzwZOEwjn4Fp2/hPMJj9pByHiPfDrINHQgD2?= =?us-ascii?Q?EnaILtkLvlDhokQs7gmjdXZc2LpoTBCUZWLsKCJY9dVcEzoGVF0gPIKGrW/B?= =?us-ascii?Q?ej5k9egkFqC2R9YoYrU44lfy?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b3ff111b-16ad-412e-6e8d-08d9573f1ea7 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:58:06.2319 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MINr8RdS4k2hdim26eT/zHyJenVi329Gy1WHYgJzXIeYIrk6xL8X6ZN8c17Udun4cm4He1+TYsOHFeLbvj+P4A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2542 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.212.88; envelope-from=Ashish.Kalra@amd.com; helo=NAM02-BN1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078610247100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When memory encryption is enabled, the hypervisor maintains a shared regions list which is referred by hypervisor during migration to check if page is private or shared. This list is built during the VM bootup and must be migrated to the target host so that hypervisor on target host can use it for future migration. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- include/sysemu/sev.h | 2 ++ target/i386/sev.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 3b913518c0..118ee66406 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -32,5 +32,7 @@ void sev_es_set_reset_vector(CPUState *cpu); int sev_remove_shared_regions_list(unsigned long gfn_start, unsigned long gfn_end); int sev_add_shared_regions_list(unsigned long gfn_start, unsigned long gfn= _end); +int sev_save_outgoing_shared_regions_list(QEMUFile *f); +int sev_load_incoming_shared_regions_list(QEMUFile *f); =20 #endif diff --git a/target/i386/sev.c b/target/i386/sev.c index 6d44b7ad21..789051f7b4 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -135,10 +135,15 @@ static const char *const sev_fw_errlist[] =3D { =20 #define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ =20 +#define SHARED_REGION_LIST_CONT 0x1 +#define SHARED_REGION_LIST_END 0x2 + static struct ConfidentialGuestMemoryEncryptionOps sev_memory_encryption_o= ps =3D { .save_setup =3D sev_save_setup, .save_outgoing_page =3D sev_save_outgoing_page, .load_incoming_page =3D sev_load_incoming_page, + .save_outgoing_shared_regions_list =3D sev_save_outgoing_shared_region= s_list, + .load_incoming_shared_regions_list =3D sev_load_incoming_shared_region= s_list, }; =20 static int @@ -1604,6 +1609,44 @@ int sev_add_shared_regions_list(unsigned long start,= unsigned long end) return 1; } =20 +int sev_save_outgoing_shared_regions_list(QEMUFile *f) +{ + SevGuestState *s =3D sev_guest; + struct shared_region *pos; + + QTAILQ_FOREACH(pos, &s->shared_regions_list, list) { + qemu_put_be32(f, SHARED_REGION_LIST_CONT); + qemu_put_be32(f, pos->gfn_start); + qemu_put_be32(f, pos->gfn_end); + } + + qemu_put_be32(f, SHARED_REGION_LIST_END); + return 0; +} + +int sev_load_incoming_shared_regions_list(QEMUFile *f) +{ + SevGuestState *s =3D sev_guest; + struct shared_region *shrd_region; + int status; + + status =3D qemu_get_be32(f); + while (status =3D=3D SHARED_REGION_LIST_CONT) { + + shrd_region =3D g_malloc0(sizeof(*shrd_region)); + if (!shrd_region) { + return 0; + } + shrd_region->gfn_start =3D qemu_get_be32(f); + shrd_region->gfn_end =3D qemu_get_be32(f); + + QTAILQ_INSERT_TAIL(&s->shared_regions_list, shrd_region, list); + + status =3D qemu_get_be32(f); + } + return 0; +} + static void sev_register_types(void) { --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078537; cv=pass; d=zohomail.com; s=zohoarc; b=kvcoZVMImuh/SJ+mSdAGT1k6RV9cESp54z0KoZ17i37RVyfxyIf7Y2j7gOTyDRyKiYaSGUQbmaLvuO20rQaHX2sS5PwoFH44EBkoepjdCiJ38KA6PDTxbXvtzSILDqxRjLp6MeFec8D0AuVBxiawirD9pvc1mjsYMWclPD/TVos= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078537; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=UxDCB2rRUBfd8nCDsOF4pkvfIWxf6Q+Hl5ENg9xHpL8=; b=Jd/yUBbQXzAET5UmkncXODx7pfBCD9wjH9Q4xKzmIzZpGMYbKeZwjkpd5t94T3g3RdXYrt4CssNFHKXbcDZEMyvTIHkysbJwuANEBtlWNXrGdhKcNrU8XHlRcSUjEvQBMwcjel93HfTE/Qf95bP2qAFgJsvN6Fm9JGL8YARBuSA= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078537121450.4789977092296; Wed, 4 Aug 2021 05:02:17 -0700 (PDT) Received: from localhost ([::1]:58726 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFbE-0000tr-1L for importer@patchew.org; Wed, 04 Aug 2021 08:02:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57902) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFXu-0004Sp-My for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:58:50 -0400 Received: from mail-dm6nam10on2077.outbound.protection.outlook.com ([40.107.93.77]:53472 helo=NAM10-DM6-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFXs-0003WR-2f for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:58:50 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2542.namprd12.prod.outlook.com (2603:10b6:802:26::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 11:58:44 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:58:44 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0144.namprd13.prod.outlook.com (2603:10b6:806:27::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.11 via Frontend Transport; Wed, 4 Aug 2021 11:58:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i9aJYBxVSj/oQ3tfnXNV/s0BHY3wRtt+H+/FsUZCNtvyyxiJXv/GkyyS+B9u1wllUDt/MGPQkJ9GgYt4EAw0Q2JVPCPTR6r7YNCGZmPQLWfj81LDJJfP+n5kXpSv53872c5beFNb80NLv9C88qO5Dm4W2sKTELwEVxAuaV+IagNgjSpygMRrTPtw/AXghZE/MxRTra83EojUcL1UMkkEHAq25ETb4U3wKC2BDLYWjzh87yd5NRFnJtwdaQc4DipTcSiuJNfwytbXmKb7fGI7cNMGWIiLVgD+aarT4A1N5NKosTg2VktUScYuLadbFEKXwj+7Q1EF1VI82EcjacRFHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UxDCB2rRUBfd8nCDsOF4pkvfIWxf6Q+Hl5ENg9xHpL8=; b=Duiu2iXJ/JdBei0J5gThGeYXN/Q7OqYKSnkpD21ek+ffZkXn5zYZ+w2R+b/Any4E5byW85j+ffDCFsvH5JAAJZZfcg0wyt4uOOYz2EfFlvge+IPaEWLkuGGKX56M3Vt6zJIuwzcgqtl/ubxN6+kOZaNQl4MnFUzF4DHykx++8nxEClJylqIRAFKLF2d1ncQgthV1mkTOaNzSduF7qRP2+NcuE2DBIE3sw4cK0oVlwnCCkYwtCr/fnS+5NeDS4Qe5XxMTtQq4QHyUnc4y7JlP+O5QizfYbSYno5hdnaVXeWE9x+Mo3m+eTCxRX88qUmsykD6VuI43iAFzpkHiWhO7oA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UxDCB2rRUBfd8nCDsOF4pkvfIWxf6Q+Hl5ENg9xHpL8=; b=YkAWy0btEbxaZdo+WFm6RXLCL3CtCGy2xM7FWJLgSLyK0ltmcgG+1E20aj1fBPG5bFHIz/1QRP7hC3uOfzVLgONiIne/GPRWbmWBThheVH17b3iyOZsS9hfnYkd6vLtBYIhc9lUlCZO4kjDxEhKEdvACmUJZTWA4IdDU/DIJqR4= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 11/14] migration/ram: add support to send encrypted pages Date: Wed, 4 Aug 2021 11:58:33 +0000 Message-Id: <2d6bda0d4cf3202b22d23f3eebf743588f6e506a.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA9PR13CA0144.namprd13.prod.outlook.com (2603:10b6:806:27::29) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7db01a1c-4af2-4cc5-c676-08d9573f35c1 X-MS-TrafficTypeDiagnostic: SN1PR12MB2542: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:972; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: G5C9qqD10oxvM1EW47G5WAvSW7HibO6eQleuMaf0rzyqZT8XrG2s9idVLXczzUjLNDFDt2Y8Mb8+TQsxF9wp4Qtvdy+wLJGhKyNQEITt8QGmUvJGlHfu1O8g6U2IHY4WJprPOU9XoDvVrFeohxHHzE+N9xdnnubWe4fdFpUB6pteUUbLbJlmcLvEZye85PmwpnYmuervRGkEGKR6VmpI71BFtSZ00k9VTngfEqBtCy/LdKTSrTi2D2r3Si1KuV/BJJXF2WAQUJpiaJZtavFMrUZ6gLA5Xd2ZN3tS/q6LKQSWkPVRuaRjKgN3Qhn3N+026KuWnb7AoDK9WvmCOM69AoVWmEXpA4Opj7bdrs2rzKdXNXKOUZWF/ku1UNbHkdqeOJ7AdIsxteZxVhyHVpNlB3WqL02lePoy8zoOpmVGSQHUICV+Qf4DJZZ9OxgfJGuyo1w56AfJOh1cVRPLE4jDXCoPxpHb2/K2a3LIrKjqT1x2Y4EhYUNBUoHuxoprlesn0+cFi4fV0edBsmZKW8EYbVvHRlX3YwfFRlZqasXV2VcXTaL6oXh7BgtPzzNzh0IuN3hncM8atgjlXXjkFJ53/6xIzTTrW9LNwO7wmzq1yeg1pvLuuQSUhXhyn9tGchGGiNJs6vKkskzaTKjA/t5nKqHLSWn6ghkp99vttrLGWc/naNAWnKZKPmYooo6683V/H5JNXnA349D4myfRKMkJQA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(39850400004)(366004)(4326008)(83380400001)(66946007)(316002)(2906002)(2616005)(956004)(36756003)(86362001)(6666004)(8936002)(38350700002)(30864003)(26005)(6916009)(38100700002)(478600001)(5660300002)(8676002)(6486002)(66476007)(66556008)(186003)(7696005)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?6idJrEYuH9HogJyuPkJU1i8jJcb3aoPFFOyPErc1oflUNp+Wr5AD5GWpX8Il?= =?us-ascii?Q?xklFvwPcw8mxc0Ho5XegNHQhqkyj/xv6rp4su1BtJFYc2T0btKjYfHWiHVZS?= =?us-ascii?Q?h6AVMzvud8np2YgV0x9GIEXm/vJZGWxRUn6G+VIvBjA6Qxzf72U1XOnQrfiv?= =?us-ascii?Q?zGOHv+F7VeM/Oj4BFZs2XfTGPyGDaYKZa15ul/BGYEfwnseQLP0yVV5keOWe?= =?us-ascii?Q?rUpgCPAxT+YPkk7jfFU30j8eiM/xhzd/SOTf306OUrv6nMmskeHtu0221Ain?= =?us-ascii?Q?4UiPG/Il7kjq+CsXghCvlXxJjs4axh+KYjJ95K4J/lpRBytxuWuUmdgllzhA?= =?us-ascii?Q?lYv45A/CtQ6aN0WXApb8rF2QlznvAvZwladyKFBkU2jkqXPze8Xnnox57tUC?= =?us-ascii?Q?N7SBLU1v/q5bcWBFH24oKhBlMqrH73noM5kVRWK9HDVySBogtmG1Fy6vESTa?= =?us-ascii?Q?pSnFTnz1v5YmhKANvFfKF6ydaVy16FpGIGNvISZEIepFHrF51BO3yVatKX+W?= =?us-ascii?Q?xiLPbcuoxO4Dmq9iCKyqrXA0gN2Qb/N6MDCrN8VgexiwFk5KO1p+NytqVGXN?= =?us-ascii?Q?qRO2UxTAxGr/0XneRRAfsqMLwuEJU3f+z/6WG9rqLWt/CHIIp7My/gAhy4tx?= =?us-ascii?Q?yvOX+27L3gd6rrZbmttOYBrr/Vi2KnAaF5eutpvICcPf51KZObzY1QSt0qXL?= =?us-ascii?Q?hDDszEBwGsbtdkt6uvKz9AzqMlY4OckAM0gpw62c7Qmp/iAVCSIO2K6mfA7h?= =?us-ascii?Q?+y/YpdnYjlMb+69FnAMSQNkhaTKr7BT8L/5sXD3SJshEaN13ywtKofEtsNAc?= =?us-ascii?Q?jh7w/eKE/5MfaGoPps6fUHfJR/gcKUlsompCf/nWSnhk6pQTwVK827BXA2Zo?= =?us-ascii?Q?0qOfO1HR1tkp7mBGZezxAiDQ4LsZiYnvB6UHTopVjrVzqk2GHyAwmE2sG0K1?= =?us-ascii?Q?YGiERhLHfqUeKeEpZPMdRzGBMBIHECL7+3n5Xj0aEdTra4/sx/S0MX6zX2z7?= =?us-ascii?Q?iLItSNGHThmy728Fs+0lz0zbO0JNChlgcHmFyg2b58CXezTv/Ret5uUiiQqL?= =?us-ascii?Q?Nxtu8CMSz5cM6U4lsE/WQ/uISZAFOAFvG7UALKaz79+UgYm7R+aEBjX1J1is?= =?us-ascii?Q?kELxEAavpeJp6209IfAlyPtql3bQ3hpecp86gd6c/FYPcxvnTg0kPHzjITXR?= =?us-ascii?Q?ODXJaz+e2OuEiV9N/hlqqfwNkoV9vgXUjpgXstpRR+ucapzzoJUjqiSMolqx?= =?us-ascii?Q?V1R2Z3VUcOSyJhf5HHeH64EX5Yg0J+ks8TqVfTHXoFjXTgmwLLRzJ/oW7qh4?= =?us-ascii?Q?Rnaj37KG+7s233jUWXJOmkG6?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7db01a1c-4af2-4cc5-c676-08d9573f35c1 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:58:44.7672 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lbbkOfLwVdrXEd9kreYVSnFizwy8PJ+nYrQ3WF4BF3JKzEPknIPT6dBQdHZcEqoW8JnKcSPPtr+Rw6YSdr0G8A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2542 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.93.77; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-DM6-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078539295100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When memory encryption is enabled, the guest memory will be encrypted with the guest specific key. The patch introduces RAM_SAVE_FLAG_ENCRYPTED_PAGE flag to distinguish the encrypted data from plaintext. Encrypted pages may need special handling. The sev_save_outgoing_page() is used by the sender to write the encrypted pages onto the socket, similarly the sev_load_incoming_page() is used by the target to read the encrypted pages from the socket and load into the guest memory. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- include/sysemu/sev.h | 4 ++ migration/migration.h | 1 + migration/ram.c | 162 +++++++++++++++++++++++++++++++++++++++++- target/i386/sev.c | 14 ++++ 4 files changed, 180 insertions(+), 1 deletion(-) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 118ee66406..023e694ac4 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -17,6 +17,9 @@ #include #include "sysemu/kvm.h" =20 +#define RAM_SAVE_ENCRYPTED_PAGE 0x1 +#define RAM_SAVE_SHARED_REGIONS_LIST 0x2 + bool sev_enabled(void); int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp); int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); @@ -34,5 +37,6 @@ int sev_remove_shared_regions_list(unsigned long gfn_star= t, int sev_add_shared_regions_list(unsigned long gfn_start, unsigned long gfn= _end); int sev_save_outgoing_shared_regions_list(QEMUFile *f); int sev_load_incoming_shared_regions_list(QEMUFile *f); +bool sev_is_gfn_in_unshared_region(unsigned long gfn); =20 #endif diff --git a/migration/migration.h b/migration/migration.h index 7a5aa8c2fd..eda07e214d 100644 --- a/migration/migration.h +++ b/migration/migration.h @@ -391,5 +391,6 @@ bool migration_rate_limit(void); void migration_cancel(void); =20 void populate_vfio_info(MigrationInfo *info); +bool memcrypt_enabled(void); =20 #endif diff --git a/migration/ram.c b/migration/ram.c index 7a43bfd7af..1cb8d57a89 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -55,6 +55,11 @@ #include "qemu/iov.h" #include "multifd.h" #include "sysemu/runstate.h" +#include "hw/boards.h" +#include "exec/confidential-guest-support.h" + +/* Defines RAM_SAVE_ENCRYPTED_PAGE and RAM_SAVE_SHARED_REGION_LIST */ +#include "sysemu/sev.h" =20 #if defined(__linux__) #include "qemu/userfaultfd.h" @@ -78,12 +83,20 @@ #define RAM_SAVE_FLAG_XBZRLE 0x40 /* 0x80 is reserved in migration.h start with 0x100 next */ #define RAM_SAVE_FLAG_COMPRESS_PAGE 0x100 +#define RAM_SAVE_FLAG_ENCRYPTED_DATA 0x200 =20 static inline bool is_zero_range(uint8_t *p, uint64_t size) { return buffer_is_zero(p, size); } =20 +bool memcrypt_enabled(void) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + + return ms->cgs->ready; +} + XBZRLECacheStats xbzrle_counters; =20 /* struct contains XBZRLE cache and a static page @@ -449,6 +462,8 @@ static QemuCond decomp_done_cond; =20 static bool do_compress_ram_page(QEMUFile *f, z_stream *stream, RAMBlock *= block, ram_addr_t offset, uint8_t *source_buf); +static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss, + bool last_stage); =20 static void *do_data_compress(void *opaque) { @@ -1165,6 +1180,80 @@ static int save_normal_page(RAMState *rs, RAMBlock *= block, ram_addr_t offset, return 1; } =20 +/** + * ram_save_encrypted_page - send the given encrypted page to the stream + */ +static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss, + bool last_stage) +{ + int ret; + uint8_t *p; + RAMBlock *block =3D pss->block; + ram_addr_t offset =3D pss->page << TARGET_PAGE_BITS; + uint64_t bytes_xmit; + MachineState *ms =3D MACHINE(qdev_get_machine()); + ConfidentialGuestSupportClass *cgs_class =3D + (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs)= ); + struct ConfidentialGuestMemoryEncryptionOps *ops =3D + cgs_class->memory_encryption_ops; + + p =3D block->host + offset; + + ram_counters.transferred +=3D + save_page_header(rs, rs->f, block, + offset | RAM_SAVE_FLAG_ENCRYPTED_DATA); + + qemu_put_be32(rs->f, RAM_SAVE_ENCRYPTED_PAGE); + ret =3D ops->save_outgoing_page(rs->f, p, TARGET_PAGE_SIZE, &bytes_xmi= t); + if (ret) { + return -1; + } + + ram_counters.transferred +=3D bytes_xmit; + ram_counters.normal++; + + return 1; +} + +/** + * ram_save_shared_region_list: send the shared region list + */ +static int ram_save_shared_region_list(RAMState *rs, QEMUFile *f) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + ConfidentialGuestSupportClass *cgs_class =3D + (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs)= ); + struct ConfidentialGuestMemoryEncryptionOps *ops =3D + cgs_class->memory_encryption_ops; + + save_page_header(rs, rs->f, rs->last_seen_block, + RAM_SAVE_FLAG_ENCRYPTED_DATA); + qemu_put_be32(rs->f, RAM_SAVE_SHARED_REGIONS_LIST); + return ops->save_outgoing_shared_regions_list(rs->f); +} + +static int load_encrypted_data(QEMUFile *f, uint8_t *ptr) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + ConfidentialGuestSupportClass *cgs_class =3D + (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs)= ); + struct ConfidentialGuestMemoryEncryptionOps *ops =3D + cgs_class->memory_encryption_ops; + + int flag; + + flag =3D qemu_get_be32(f); + + if (flag =3D=3D RAM_SAVE_ENCRYPTED_PAGE) { + return ops->load_incoming_page(f, ptr); + } else if (flag =3D=3D RAM_SAVE_SHARED_REGIONS_LIST) { + return ops->load_incoming_shared_regions_list(f); + } else { + error_report("unknown encrypted flag %x", flag); + return 1; + } +} + /** * ram_save_page: send the given page to the stream * @@ -1965,6 +2054,35 @@ static bool save_compress_page(RAMState *rs, RAMBloc= k *block, ram_addr_t offset) return false; } =20 +/** + * encrypted_test_list: check if the page is encrypted + * + * Returns a bool indicating whether the page is encrypted. + */ +static bool encrypted_test_list(RAMState *rs, RAMBlock *block, + unsigned long page) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + ConfidentialGuestSupportClass *cgs_class =3D + (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs)= ); + struct ConfidentialGuestMemoryEncryptionOps *ops =3D + cgs_class->memory_encryption_ops; + unsigned long gfn; + + /* ROM devices contains the unencrypted data */ + if (memory_region_is_rom(block->mr)) { + return false; + } + + /* + * Translate page in ram_addr_t address space to GPA address + * space using memory region. + */ + gfn =3D page + (block->mr->addr >> TARGET_PAGE_BITS); + + return ops->is_gfn_in_unshared_region(gfn); +} + /** * ram_save_target_page: save one target page * @@ -1985,6 +2103,17 @@ static int ram_save_target_page(RAMState *rs, PageSe= archStatus *pss, return res; } =20 + /* + * If memory encryption is enabled then use memory encryption APIs + * to write the outgoing buffer to the wire. The encryption APIs + * will take care of accessing the guest memory and re-encrypt it + * for the transport purposes. + */ + if (memcrypt_enabled() && + encrypted_test_list(rs, pss->block, pss->page)) { + return ram_save_encrypted_page(rs, pss, last_stage); + } + if (save_compress_page(rs, block, offset)) { return 1; } @@ -2786,6 +2915,18 @@ void qemu_guest_free_page_hint(void *addr, size_t le= n) } } =20 +static int ram_encrypted_save_setup(void) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + ConfidentialGuestSupportClass *cgs_class =3D + (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs)= ); + struct ConfidentialGuestMemoryEncryptionOps *ops =3D + cgs_class->memory_encryption_ops; + MigrationParameters *p =3D &migrate_get_current()->parameters; + + return ops->save_setup(p); +} + /* * Each of ram_save_setup, ram_save_iterate and ram_save_complete has * long-running RCU critical section. When rcu-reclaims in the code @@ -2820,6 +2961,13 @@ static int ram_save_setup(QEMUFile *f, void *opaque) (*rsp)->f =3D f; =20 WITH_RCU_READ_LOCK_GUARD() { + + if (memcrypt_enabled()) { + if (ram_encrypted_save_setup()) { + return -1; + } + } + qemu_put_be64(f, ram_bytes_total_common(true) | RAM_SAVE_FLAG_MEM_= SIZE); =20 RAMBLOCK_FOREACH_MIGRATABLE(block) { @@ -3004,6 +3152,11 @@ static int ram_save_complete(QEMUFile *f, void *opaq= ue) =20 flush_compressed_data(rs); ram_control_after_iterate(f, RAM_CONTROL_FINISH); + + /* send the shared regions list */ + if (memcrypt_enabled()) { + ret =3D ram_save_shared_region_list(rs, f); + } } =20 if (ret >=3D 0) { @@ -3808,7 +3961,8 @@ static int ram_load_precopy(QEMUFile *f) } =20 if (flags & (RAM_SAVE_FLAG_ZERO | RAM_SAVE_FLAG_PAGE | - RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE)) { + RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE | + RAM_SAVE_FLAG_ENCRYPTED_DATA)) { RAMBlock *block =3D ram_block_from_stream(f, flags); =20 host =3D host_from_ram_block_offset(block, addr); @@ -3937,6 +4091,12 @@ static int ram_load_precopy(QEMUFile *f) break; } break; + case RAM_SAVE_FLAG_ENCRYPTED_DATA: + if (load_encrypted_data(f, host)) { + error_report("Failed to load encrypted data"); + ret =3D -EINVAL; + } + break; case RAM_SAVE_FLAG_EOS: /* normal exit */ multifd_recv_sync_main(); diff --git a/target/i386/sev.c b/target/i386/sev.c index 789051f7b4..d22f2ef6dc 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -142,6 +142,7 @@ static struct ConfidentialGuestMemoryEncryptionOps sev_= memory_encryption_ops =3D { .save_setup =3D sev_save_setup, .save_outgoing_page =3D sev_save_outgoing_page, .load_incoming_page =3D sev_load_incoming_page, + .is_gfn_in_unshared_region =3D sev_is_gfn_in_unshared_region, .save_outgoing_shared_regions_list =3D sev_save_outgoing_shared_region= s_list, .load_incoming_shared_regions_list =3D sev_load_incoming_shared_region= s_list, }; @@ -1647,6 +1648,19 @@ int sev_load_incoming_shared_regions_list(QEMUFile *= f) return 0; } =20 +bool sev_is_gfn_in_unshared_region(unsigned long gfn) +{ + SevGuestState *s =3D sev_guest; + struct shared_region *pos; + + QTAILQ_FOREACH(pos, &s->shared_regions_list, list) { + if (gfn >=3D pos->gfn_start && gfn < pos->gfn_end) { + return false; + } + } + return true; +} + static void sev_register_types(void) { --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078769; cv=pass; d=zohomail.com; s=zohoarc; b=LoRFl+rW6C6jwBc0hJiaHXUYui8jdHPBk/AFvsp+WlUsT+aMHc1lymdr9S+0lHR8yV3rEhzKd5dtmAW2dzoIf1W6PXTW8kCZe3msFcOpffMHS7GrWMfYfu/QMj21jA4K66f7xuZfKkSs7db1ubGrvoCNr+nEx1F7wYKywlM4U3M= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078769; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=uOGpuMi48HiTkW/yWG4ZM9K6PccyJKwpksBwxNUWYW8=; b=PcE7pHed+jaEvCujT+4sqf/pC5nawd8XXeNR1O6CrGLGHc98QR3T01xFZ6CcQXGryaUWje1wJNU76wwrub9oE1gOwVugOIj+gDZVaJ6ws8cDZTGo9rcopGyjPoMP27QH/+d0ihvIkzGw23VypNnNDTuQ7mBWAyrx9yZpJPcsel4= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078769158101.59874042452077; Wed, 4 Aug 2021 05:06:09 -0700 (PDT) Received: from localhost ([::1]:40918 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFex-0007vm-Bt for importer@patchew.org; Wed, 04 Aug 2021 08:06:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57978) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFYX-0005Tg-7L for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:59:29 -0400 Received: from mail-bn1nam07on2062.outbound.protection.outlook.com ([40.107.212.62]:12332 helo=NAM02-BN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFYU-0003lt-EL for qemu-devel@nongnu.org; Wed, 04 Aug 2021 07:59:28 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2542.namprd12.prod.outlook.com (2603:10b6:802:26::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 11:59:21 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:59:21 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0110.namprd13.prod.outlook.com (2603:10b6:806:24::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.4 via Frontend Transport; Wed, 4 Aug 2021 11:59:20 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QPNyDjM0gJ7JRddX7iS9A3lNBR6fksSXUtAODcjE4ARXHRMKIIF9C3EVaQmJtnomk+dUBeqQizy35I0oriAxlI0NAeFoll6XABxQZyaRCbhrMEJCARASMmgrTUV6WcCan+mNcL6w3j6ik5NjewLD4zjYpcJlYQS/DM9Pkl6VbI9q2wirYZj+hb0C7x/rMdf6J84q/cn09UU6pMVrz6iFEv7XCRsA/2o5oVSKuBCVgg4yN0RVCXTLvBMjguAxcszDBJoqSPPwH27sX9qhKZeQZ1Mc/OAvChPwABOl/ZFixkG1aZ9uVW2ilMZdvtu/w6wWuC24HRFiDA53s4FXqiQuSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uOGpuMi48HiTkW/yWG4ZM9K6PccyJKwpksBwxNUWYW8=; b=knH9dYCaS+53VyA1udkwYBwU9LyHVDq3b8NBL9RC6eHXogdyDJlCwMwEUUM9Rv4e9Jp/sqbapZyPwTixEYFqFJB0ON1M1zfYaHa6T4r0xRsKyPvYAWGGK7Vn5GHBRpUxJutNoW+2aalR58w0os1oH1A2tJEMLbtUCCjIUA4fGLFgn5USYNgRGpViApACHlscA/M3EIa1BxftJNeAuXDshTSmwPL8vsH4/5ioN3ucqyrgns66Vhf+WcDZxRMhXQ9VIAaSiq9cSIHD7aeXppMN1rk/SRI2rS4F9C9Q55Xl/eWQmgQ1sq6JDzfDIkC8kJ1Pi2OqhtNlNVKST887tX2JYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uOGpuMi48HiTkW/yWG4ZM9K6PccyJKwpksBwxNUWYW8=; b=WYoWZ+p0Qf3S+3bdE2Ty+gXrw+lHie4AfDsrVfrps9+JhBsV+W65QLLVnJbeNhTrnu4zONCJ6jXjEuG3M0/k/ZVPK4PLp878BUk8N3qLbO2oHf2VI12SGA4dXxNeWYHuhmEDIO+LzHaYSjKbkOwe/gxxDrDldXm3aeUo4bdsmS4= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 12/14] migration/ram: Force encrypted status for flash0 & flash1 devices. Date: Wed, 4 Aug 2021 11:59:11 +0000 Message-Id: <803d6a4c8d497bdd191d3789469f7cfb6533a472.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA9PR13CA0110.namprd13.prod.outlook.com (2603:10b6:806:24::25) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1cc7a302-1c87-4425-a6a0-08d9573f4b7f X-MS-TrafficTypeDiagnostic: SN1PR12MB2542: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iXiflcPifWn9mszIoptQVEGYVmAo33Ck9/42pr/6Pvxytq9Ye13e2KspJ/8ta629Rj6eZ9xZAaH/tc3FI4FWHhOYtJT+0A/os96wGcg1+ZPq6CMnm8cxkNQBGCd1JW03DOrkcwlexqZVlbWlp8Zz6GquCGJXlSNew1hH8N0vGFDJhRBDKOdKjY7SC72Tca93Z5BgGBK+km/mjHWhv94wV2hh6oAkGRWUBN+eOUct+jAoUpt/hn1FLN7AY2x62+GC3mZWXWCs3toN+b3U/8NGLLOdf9ZYYZd+3e39kCw66sN49sC49W2iSYeK2/nImYPNcA0ckSN/k/VeKwd2gzeF82dapWA207fXRv/vxZEjpPM0ZzHViYoddri45jHjpf3f0YR3avwbK/WRIa2vFLPOReQF+0MJcAIfHLzSEfx5w9cVD4D0gz98eeVazGmrkBL1hkYWieU4O38j1Ns1XbBXdAeJ/NxC17Tw4gHyzMjwrAJZisjoz681bTVdrUtXQAIEzKfYmC7sNEEyzuw4Xt1AhGwlCoMeGsi47RtJt4M5DQ27WVXgVQalUCowzRCypi+ajF0zNPCOoz423DxCAzG+vUd2z77dd70EXeNd330/OTEkWD+9CiWp8RzW001TOlPTaK1l5BSAWx/vcG/zJ0tYna182986nUMPtKziraEIe4SL1PEr0qDeRtprfjL2OR09qgBxkH69At65LtN8BIZ8Cg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(39850400004)(366004)(4326008)(83380400001)(66946007)(316002)(2906002)(2616005)(956004)(36756003)(86362001)(6666004)(8936002)(38350700002)(26005)(6916009)(38100700002)(478600001)(5660300002)(8676002)(6486002)(66476007)(66556008)(186003)(7696005)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?YgEtZPpcuTbswyJCg69XSjEvwAmebqo6KREB8bg5qfuAv9tXxkoRpTSC6bLj?= =?us-ascii?Q?sMV0IXs3zYTxfN99RklDGMXM5LxVruU/9pXucdctkzaplj0d2QrTBvY5LeKe?= =?us-ascii?Q?uSeznUkiMamDJux6gCAyKjfU2RTYpXfqQdgFufy3IxoHTf/Tfz8bHFQ9cSU2?= =?us-ascii?Q?+Xx8gX+yFqSRlIb63yaJaNaxUjwmuKvqu7I+AZNJQkUeiLjwGicxweNrtnLP?= =?us-ascii?Q?Ss34eC8QLYyaqx2Kyzs+c/zsqox16472fporuOzBCJz6Pg0h0qHV26TXwbHF?= =?us-ascii?Q?pCOCBDTsgWAaItirq+XPhQLBhczr9Ne5Gr/gS+yd7xN/o1ZfuuEQvY7G6L5A?= =?us-ascii?Q?tBhXEFG6UP6jpJkutGXTAVmvmgGe4racshjPtGFDm8s6iWz7Hurcy/idhf1K?= =?us-ascii?Q?HfcBg6+Lb2Y7xjOtineeV2yK0XL4JL9lTVFthSr0Cl3b/zRsUo0gPqVgqnRf?= =?us-ascii?Q?BQUlaE10EqDmjxVGALUxB0DpdLXhOVcBMqFGUYyvdzEBuCDC/5m9iosyuyLR?= =?us-ascii?Q?NAXYNQtOusouJErAVAtrbneKz1amRiTCT/4d4GzpqWbJ8Dy4zqWhQ/ZBjTnG?= =?us-ascii?Q?cyoEiMWAMcQNYMgVatLi+64P+lSldexE2HdKH0lLesPJy4+rJNUVSzvv2INz?= =?us-ascii?Q?WEBl/2k9Xja9JshxczdcLnUM/V0u2WjmX5IDS9te+9HkuHLMBKlukvx3fBsM?= =?us-ascii?Q?TulbaS3MhHs55qadJaRTM7MruUEFvWwnNKmYrW8dB/RPycdpQyjsAJM/vBv0?= =?us-ascii?Q?qj9eSurvQhSajTZmZfGy8Aft0onHHlW6WZHZCcfntH5Jmkv7CxDa5cZ0xf6o?= =?us-ascii?Q?ccF+Ca1oPXk+y2leLxP37jmNHQ9mBat9YEpOCGeyMbb3n/tweO3r0m5HG6fc?= =?us-ascii?Q?ugHx8q3+RNHM0eZVn0hOYlF7gdUD/E74U1cdl5K8aZ6E2eSJ3zFw0Q4hg+JJ?= =?us-ascii?Q?GV2hyd4Qui0j/ytokplUL6536fTwB1yA3zZTesRDl3kBANvAygrvWRTyn+hy?= =?us-ascii?Q?fwCrnfmDAnv1h0GNmJLS1/2TfJS+JGUKFA5pAmS3B02MhTNyzoX4QovJWR53?= =?us-ascii?Q?OcDHBn265EoVD7xxNfTg2WoCKXLEZGTuC78boAAxjq+HEZH+CbfXpw7grfTs?= =?us-ascii?Q?DYJ6tcCtRi57jzRJ10+RJRNVANhPpWH9hIMokwoO1L1fW7F9ypHxuV1b7YWg?= =?us-ascii?Q?33DhqpCwl2+nUFbQTvMbQEecClFIji5ICvBVHl4FQfKHCqPO+m/+fhSHpYL8?= =?us-ascii?Q?Hq081yAe29zZrNjPxOMZbAAW7LCkTJBkLEz7DHnxD7PjWfLZv6evaMf/57nr?= =?us-ascii?Q?rc5kS6BsgEosTa7tGWOQca6X?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1cc7a302-1c87-4425-a6a0-08d9573f4b7f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:59:21.2068 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9LwxLcU2BDtgaE/TvG5WM2V5Hhh31TOxJTyis8Ys6O9w4rDkmBQBj0gRdY1nyvH4BF9Jo9LrdZOzcm79bwxn9Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2542 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.212.62; envelope-from=Ashish.Kalra@amd.com; helo=NAM02-BN1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078770087100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Currently OVMF clears the C-bit and marks NonExistent memory space as decrypted in the page encryption bitmap. By marking the NonExistent memory space as decrypted it gurantees any future MMIO adds will work correctly, but this marks flash0 device space as decrypted. At reset the SEV core will be in forced encrypted state, so this decrypted marking of flash0 device space will cause VCPU reset to fail as flash0 device pages will be migrated incorrectly. Signed-off-by: Ashish Kalra --- migration/ram.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/migration/ram.c b/migration/ram.c index 1cb8d57a89..4eca90cceb 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -2074,6 +2074,14 @@ static bool encrypted_test_list(RAMState *rs, RAMBlo= ck *block, return false; } =20 + if (!strcmp(memory_region_name(block->mr), "system.flash0")) { + return true; + } + + if (!strcmp(memory_region_name(block->mr), "system.flash1")) { + return false; + } + /* * Translate page in ram_addr_t address space to GPA address * space using memory region. --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078906; cv=pass; d=zohomail.com; s=zohoarc; b=J46PK/itHJYgiE8pxWSD0JlsUd/SCwSe2JT/MF4tdIVoq4qlsMjrR1rNL91aiwUSUXF4NB7VT0o99Vx/FlfBVj5iLgTa5APTYz4s/bb1iapRhO6S1qXG7Piq/Rn7LO+uzZRGi6yvVeYmqUhx0MzBfwHtiMQeduudxerUevZDgO0= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078906; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CqqYcYCa5N3WYcVTKTqhAtWPJRM3ziCL7YLYm6ABvRI=; b=hvE27YgYzHWqGfKCsIC2N0uU0jmnJPM2eDDcLKbW6QUhRGGhr9tKgKe8i9pyh5SC1+F2g05ji2zWgMkrP3UqpEBlDDv2QpL+gkFHuSvSOk8oh1iBJ1wRfgIAusBKaz4KGoIJ+ayYax3S1oTleCWNwK1MKR9w160R6A9WKcQiBhU= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1628078906374221.05238120311435; Wed, 4 Aug 2021 05:08:26 -0700 (PDT) Received: from localhost ([::1]:44774 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFhB-0002Gg-8G for importer@patchew.org; Wed, 04 Aug 2021 08:08:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58128) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFZ8-0007H4-2B for qemu-devel@nongnu.org; Wed, 04 Aug 2021 08:00:06 -0400 Received: from mail-bn1nam07on2040.outbound.protection.outlook.com ([40.107.212.40]:54148 helo=NAM02-BN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFZ6-00042X-AF for qemu-devel@nongnu.org; Wed, 04 Aug 2021 08:00:05 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2542.namprd12.prod.outlook.com (2603:10b6:802:26::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 12:00:00 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 11:59:59 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9P221CA0028.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Wed, 4 Aug 2021 11:59:58 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AsCCFqDCmomHju/yDprsF2dDa8wd/UwFyJedwc4ucsMYotYDUqazSd2++wG9I7ck9iqq9v/EZ1Q6uL/6yOexENFWtqcryxYgfWcSaKsysOgMM5DuawPwaT4jekuLLfcPyUu82lMz6IPvbj/1rK7uJxR921xt+1H0iFRHougCVNGeeWYzac0rvamT4rmxEPC+J0ChSP0g5IrKRZU1VDayYIizzMj7/oD8+6TK5/FFSrMJ2BHvgUdjIOibtZKtrnC63E7zUwwy6ZqJwkSUrwZhUe9nAaDO7wvcbMNku9C9Z9bckmQJdYj8AHZYK7bvNIfbb8w6a4vESVJFjuncSZEJ2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CqqYcYCa5N3WYcVTKTqhAtWPJRM3ziCL7YLYm6ABvRI=; b=A/6fAOZe2zg87Xa0N/OxjKUnIq4FhPkVgnzy+ADfAtFlARJ5g3ucbH+M/KmmjRBQatAx57kucsNefk+d0dCn+vqH83LTwbyFAiS5xiBxQ+1Q6TuR7ZkbDtdlVR6vmvxR4pAV4WXfUMKC983eIJLmIhHqyo5nQAAo9mPTlNwdrgOpaheIA8EWQ72/FMZVqM25zm+6OCZW3QJMzSdm0gwBWY6eANM+aUbZUTWqhJWQ6AmZCa9PwYYpFCBrkrXRvUtgrKQ7yIfFsNRX1/f79XxTO7NzPDiplkmEJR/kDDExmnPH8bWo97NvDBIRB7SOybmy7rkTXLaxQsGjUPSMrqTltQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CqqYcYCa5N3WYcVTKTqhAtWPJRM3ziCL7YLYm6ABvRI=; b=3ioZrQ+DAbPQfDnVJxwCZK2Lu8QPXl1okfBSv+va/yDl/S5jezT5Q3e/nta7iqdU1TtOpxDaqZtEw7CNujh5UYGbJFYoaEdOn+IV2bWn6zhSZWWs7etEFlr/QG3On7DcwgCek8ahqtZ23UpJDqXObBszU4WUKDfmx9w7K7u71do= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 13/14] migration: for SEV live migration bump downtime limit to 1s. Date: Wed, 4 Aug 2021 11:59:47 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA9P221CA0028.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::33) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 95035378-fcb4-4a94-9eb1-08d9573f621e X-MS-TrafficTypeDiagnostic: SN1PR12MB2542: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:519; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: X3y3TenavqHDoxFUMuuv8VqtheTepx3DmnC5iHooRjHINeeDPabsxdgRAgMa/SV38i9ec+DBw4kKWwXSPdUMRodsm+RDqSNJB9LxnT8p/sf6JDohQWapGXI7fS4rB+mF227///gEdZeS7SsUkYpHu85+JkucITc8AiReKlHT8P/kkMnZyXsTfzcRWs/8ZO/cnoV1Lci3hK35A3Ph3G33+IRgfEFnU2s6Tpu0jGsk2wNtYu37lb5kweZK66s+GYwVtKZcozEV+qtzELHMMcYEVWuLEJuupy9Nyr/FUgJc8GR9FXWRvufQIb1VSFbN2zey7XR+BdjgD6xGuo61mPQIp2eoRU386xikJRxxDwEXuljVkIjjlcA0BDSsyjAsZFxD9QughnFYbQnyc5UJOUoOjr9I26ok9PdZglfmvHgepYLLonFaKHmuObG/45SSo4KZjrrl7CdKhoO5q7np42pNzTS4f48pjnrHMfOx3hyjHdAshkT0NUfN1PtSwi112hQbstpL94QjjbAW6UHhMj5j8BJABAN+ZiPmCW5iX9j+4SmBCNQ+nYB6hPRpbZosue0LYWSMsMwI4PvIJiPPgz9ht6V+65ig2EAhXLG0hbBIpMOWSiUo1WOJly7YIxllf4/M2RrH2i9gGc/tfwVC1i41FA5ddqxXzXYsF1pykynYSRcDKv4l5/n5JwAdIXYC/jAhWd9CT9P+5bj6usSC3lfeAQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(39850400004)(366004)(4326008)(83380400001)(66946007)(316002)(2906002)(2616005)(956004)(36756003)(86362001)(6666004)(8936002)(38350700002)(26005)(6916009)(38100700002)(478600001)(5660300002)(8676002)(6486002)(66476007)(66556008)(186003)(7696005)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?W+cPx40PZvvp0xDtd/3E3OeZdJawgwK2/PSG0pMY6bRJ7IqIrlthACkkeXg/?= =?us-ascii?Q?S5gVvZL30jReZ2w7yJEiO4E5EQVvzIyRCMCkqj6nHwXQ7jmrTRn2+3/7iCg+?= =?us-ascii?Q?sEOfdcY+9B415hdgu/crcgwS6Wi7x/oyCLPUFrRM6c46nkVIB6eBDaIcyDwn?= =?us-ascii?Q?8YqT1VZZBfZLY1zQsiZo6/lX+HY5nnFVTwIVUTYvJ/ThXgC00FUANlTP+EFn?= =?us-ascii?Q?5p4CDfrGLEUMUv9TGEKo8VX7G/SZes3xR4QHozMi0RnNoVv45yKg9bAmhcXo?= =?us-ascii?Q?uznw1kr57ymb8wEqn1wg4rJg1+WPM89Hf+P1NJoRoMz1wjEDAhzfQ8SsVANr?= =?us-ascii?Q?E+tYif/Xi9LDosFpgBpI/oO0gUPvRBO61XIZHmk9dQzKKHjSx2EPIb1wPWj/?= =?us-ascii?Q?w3YBEIACHmn8UK4b5r8hcF8CfafrwQF18lFP9T+CmlnEgc4CXmTFJ+0wr0qy?= =?us-ascii?Q?feeUZom2lxI0XQsoUkrN4yRYUUaQznQiWVUIT8mWa1fwNf4BnwOQOLZQX6OM?= =?us-ascii?Q?EZuPltuKCJhKOKBLcEyhpzmXuJmwYmguP2Q9iSMEIN5zOxlm+jJy1OVVgXge?= =?us-ascii?Q?jurnraztvtMOmVmZQNskWefQcFx/sIlsVyCCrFXyJ+g/SUP1LqmIUuxjsc9v?= =?us-ascii?Q?AL1BcvEQT54ES4iZEUuVAcTTcneu8XtN/HdX9NHgIJTEBPdngCaXFl2+CdDF?= =?us-ascii?Q?qPeT42CBroimZN0WLa/obAXqqneGQrUQxZTiWbemVIFLZSXVQvT3YHn51L/+?= =?us-ascii?Q?A7j1A6OT6W8g3xwJqu/tnmnGgM66uMUZ8G0TutpDG8EGPTjq6QwvtYZaxmB1?= =?us-ascii?Q?XufTB0hCDbxJWO2jfJXBSNr1n4w6v0p5K3iqB80bgLRn4oxsuo+8teoyBWMw?= =?us-ascii?Q?voWPom+pDxfXpTrXbT5//pfvVOooDBZ+IWwAQDLKLl5T4QOpnriISZQ+gDAh?= =?us-ascii?Q?wiufk76SJAREk0TeSdtj+tE3E/DBsdWeDgYgKHyRjx8tpV9J74IqsH0YeXqo?= =?us-ascii?Q?ex24Pf2OwrGTfvy/vJ9vZNSMkK2AMlaHxwIdkS3r3HfvF9suQNFIo+POffRN?= =?us-ascii?Q?HVY41GCbBVSZt4R6twG9M207Jp42DZFHZqfRC7jdja4VPzJkGL6/uVfB463e?= =?us-ascii?Q?eXh3/zDD7JovBsNjelsCEUz2B9XSWKeeDAwD3PJDcRCTC3NrcnSRt26yUSSx?= =?us-ascii?Q?FqoWeU7w0qrHp1g35UhJrZDDBLXOI0KYDFqsqeHkWEspMPwLxjN0DkSKIgN8?= =?us-ascii?Q?qKGnn9K+gMd90ksUKLMUwtM4360JAAepAEuj7KT3kWHmMWsWzVA81kvMoVOZ?= =?us-ascii?Q?f00xwTDFwM9DVH+n6evitJcw?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 95035378-fcb4-4a94-9eb1-08d9573f621e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 11:59:59.2354 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QVOITPplZ5tMXg9iG5Lopg6UIjzBXBJwuooW2ssUaS7amu/S6eP4kzp3MgRgFbfCHjemrDsI0DcfEHVedJ8QVA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2542 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.212.40; envelope-from=Ashish.Kalra@amd.com; helo=NAM02-BN1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078908300100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Now, qemu has a default expected downtime of 300 ms and SEV Live migration has a page-per-second bandwidth of 350-450 pages ( SEV Live migration being generally slow due to guest RAM pages being migrated after encryption using the security processor ). With this expected downtime of 300ms and 350-450 pps bandwith, the threshold size =3D <1/3 of the PPS bandwidth =3D ~100 pages. Now, this threshold size is the maximum pages/bytes that can be sent in the final completion phase of Live migration (where the source VM is stopped) with the expected downtime. Therefore, with the threshold size computed above, the migration completion phase which halts the source VM and then transfers the leftover dirty pages, is only reached in SEV live migration case when # of dirty pages are ~100. The dirty-pages-rate with larger guest RAM configuration like 4G, 8G, etc. is much higher, typically in the range of 300-400+ pages, hence, we always remain in the "dirty-sync" phase of migration and never reach the migration completion phase with above guest RAM configs. To summarize, with larger guest RAM configs, the dirty-pages-rate > threshold_size (with the default qemu expected downt= ime of 300ms). So, the fix is to increase qemu's expected downtime. This is a tweakable parameter which can be set using "migrate_set_downtime". With a downtime of 1 second, we get a threshold size of ~350-450 pages, which will handle the "dirty-pages-rate" of 300+ pages and complete the migration process, so we bump the default downtime to 1s in case of SEV live migration being active. Signed-off-by: Ashish Kalra --- migration/migration.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/migration/migration.c b/migration/migration.c index daea3ecd04..c9bc33fb10 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -3568,6 +3568,10 @@ static void migration_update_counters(MigrationState= *s, transferred =3D current_bytes - s->iteration_initial_bytes; time_spent =3D current_time - s->iteration_start_time; bandwidth =3D (double)transferred / time_spent; + if (memcrypt_enabled() && + s->parameters.downtime_limit < 1000) { + s->parameters.downtime_limit =3D 1000; + } s->threshold_size =3D bandwidth * s->parameters.downtime_limit; =20 s->mbps =3D (((double) transferred * 8.0) / --=20 2.17.1 From nobody Sun May 12 13:15:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1628078668; cv=pass; d=zohomail.com; s=zohoarc; b=PBnQsKBkmp45BEo6y/Scwd3KPpUY8W7vMcxHOQKlKBzBu5e53lLeyir6QnCF6j2NqQO97ahmsJflIXDn52BeMDfcqDa2iYdWH/GKLmFEoxJA6p3WV14gr3ZAGptn9tIw2PTDKsuckfEo6ZrHJQPCufUv65JRAQfxmkB2KcCdxuk= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628078668; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=3FhzpYyrzegUpjgCW9d4+L7qa6nSmo3kUjXt0GibAbY=; b=ev+nSsMwAFKvrPNokwlicTCGzMzkmfUhoAYGgCA7v+uUB6YWW4/vyTfw6c50ls5TrYP3XEIVlGPSTxUoi7YAQuz37DxOMmpEWrvv07e8FgYit/N4y/eTbLngzkIkPhrjEvg2HsgtmqmVt/+RAL94klaLqbce7YuryazMnxo+6bA= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 162807866876185.68520736448716; Wed, 4 Aug 2021 05:04:28 -0700 (PDT) Received: from localhost ([::1]:37544 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBFdL-0005e1-Nf for importer@patchew.org; Wed, 04 Aug 2021 08:04:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58260) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFZZ-0007uY-TH for qemu-devel@nongnu.org; Wed, 04 Aug 2021 08:00:34 -0400 Received: from mail-dm6nam10on2062.outbound.protection.outlook.com ([40.107.93.62]:57078 helo=NAM10-DM6-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBFZU-0004GH-Dc for qemu-devel@nongnu.org; Wed, 04 Aug 2021 08:00:33 -0400 Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2542.namprd12.prod.outlook.com (2603:10b6:802:26::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 12:00:24 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4373.026; Wed, 4 Aug 2021 12:00:24 +0000 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR2101CA0027.namprd21.prod.outlook.com (2603:10b6:805:106::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.1 via Frontend Transport; Wed, 4 Aug 2021 12:00:23 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jOKyiyWcHEtkAQbRliO+8tBNR/ZfZMR5sZdQe31QeW5IRmsl+hY+/ZtivBIZ0F/7EQB2IRi6Aq0yWNGk2vAZ6bqlmD5WrpRihsNh3DSIod+Y89unNOXGmlMjdZwlj54Xkhn+Uc2lar50Ak2qFWb9mn6g/5/frf5O1wq83Yq8tInmo7SCRptT86c1QxAueZ48J8Rb+MMcmWl2iLOVYv0MTiL9AabELTrtyWl4rCWTlAw6lqMcep0CU9k/391/6X4sunxuTKJCKatmYTaPakxyoaxzKJvc3ArnqwS1fqJFC/d7pMyFmMyOZ/PIKE85ZGxKY92E5QUQ3b4r2Tbmj7C+lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3FhzpYyrzegUpjgCW9d4+L7qa6nSmo3kUjXt0GibAbY=; b=YEFsW3KGY2nSZlpuEZuCWja9hH4Fniq2YzmhSu08s9kEioHo0/RDGdv4vEAKrb387y+vRx8z1oL0AkfqGS7Pu1v1Q+CRAKKWPxaYY48deW+9ZqqvO34DcOHbUqD8FZtV8B48tkDTXxQs1zWAXtZuyG2n7eE58dWDFLL+dWW+qjwf9ELuCe1wEGrQnU018anUOEnILPQmnkl7Wi/IMUfaLPekAtHQnHy9NLk6M2Rda2Av2PL79PDSU9NQVIih2TYrCjgMVt67t3WNVkP4PbZJ9PQi8hHz9G85fHyqAqParY0dDz38Tz21ZqiTDOTOQeZpBAZh35PAWOzn+mqUkuzSFw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3FhzpYyrzegUpjgCW9d4+L7qa6nSmo3kUjXt0GibAbY=; b=vpgha8ucgg5iBzLVGcJjqqTkTUql6VrIocjNYpNMT4d8FzhrMtQ4LFHt8QssWeJPxgLEj3764pBN4oW0P74E4XaohGoK0zKMa7NsibPhbpRUz9Vhb5JWMyEH957zLGsA6rkCHZTa2T2O9tNGbex0b+DBpMu2Zoa3Te4vzre3Ar4= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; From: Ashish Kalra To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Thomas.Lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, ehabkost@redhat.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com Subject: [PATCH v4 14/14] kvm: Add support for userspace MSR filtering and handling of MSR_KVM_MIGRATION_CONTROL. Date: Wed, 4 Aug 2021 12:00:11 +0000 Message-Id: <67935c3fd5f29a2ba9d67a91255276d3b9ccc99b.1628076205.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN6PR2101CA0027.namprd21.prod.outlook.com (2603:10b6:805:106::37) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6eb14aec-945d-45a9-973c-08d9573f70ee X-MS-TrafficTypeDiagnostic: SN1PR12MB2542: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2089; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7U5qhhBj4A6LamR9U219+qZHMKoQJI7zcui0AVsHMrFiu/8jCh5tmITWy7iSOVgKxJl7AM2h5cNj/jsJwZnLcDtnNSX326utj8stnyOu6UZfGNpO6+9BGcRIZPi1U/taKe4LG3T2BOuAXGHGTT3ibB72s6StXj62rRGzEek6ryo+zehzeVkIdsrfuyI3LUTpHLutcGGAxtDUmp2Ky7Q286U5brgweDsAxhLjlaPmePbf7ndF/yrKXOwzs0n31nu2Mh4p86Svv5A/bdyc765Y9tMPX+mx+v//pz2/LZK5rdkbonRvducJkZmKM0DUCMrO0ZgpLU1aZkGknpz7+HLP/BkhShAKNRv7YrUCZZ/goqOpnA7EdL3DQo/gOvWAIJcgO80MuS0tIIQnRlET/2Loc6qydT98L2s1DmAMltomxtnyywUNbfMEnDbvuKdi0h9xJE7vkD6nJuO7MqT6x4MWt0cdrxwvMbUT+dW2c4WLas0ih1jJP/GDOGeQ+oNF3xZrq/+6iqLaL8Ij/UdOlvbdutl0Edfs8Q1wwbnslGH+yhZSvW/fAwffe8hyIkfW4/vSFLPMscvwvhLdGZnXLeE2F7kvScdOSS4idVYF8JF4PTvSYtZNT1uMg9iPqPjIYcR7kt5LGa1bbitQNwJ1tG+ifwNkLsCbIVS8kuEQig/4IlEU8kksSC0suxTeRVeGnFoBVx1z/alW0a4YqHVRYU9zOg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR12MB2767.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(39850400004)(366004)(4326008)(83380400001)(66946007)(316002)(2906002)(2616005)(956004)(36756003)(86362001)(6666004)(8936002)(38350700002)(26005)(6916009)(38100700002)(478600001)(5660300002)(8676002)(6486002)(66476007)(66556008)(186003)(7696005)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?xT9Eo6OfOO4W0XAwmzYkj1DVKk3SeRl81M7eUcrIogeShgFkQDoEmPmrjkIU?= =?us-ascii?Q?m0/KPzBgZFA2bydsEw/PwLswAfZ2ysSJwdiTacZhiP+IfLSTnYgyBxCWT2re?= =?us-ascii?Q?8LQKrUw7SbLwdIB9GCepkSpsDZmi5/6+HLho1UVJAsKkQh/mzXSFiDr6AiqI?= =?us-ascii?Q?R01KHcYNeKnZvBrPh6I7uzpAxjrALvkbVy5GBsH45u6PtRnRAYHkjMNVSZpi?= =?us-ascii?Q?NsXoKSKLd6NTH43ZrUuwg4fQtMNjCvXDU1NkrYbB3zsAbWVCuxdSrDVGNrFu?= =?us-ascii?Q?nizJwLwJTNWv3Ug06NHmMGh4PREszZ9D1ZFCrkhXMklzpXpL0KIk5oX5Ei5G?= =?us-ascii?Q?8xAwrZq+9TQPeuKEfEP4g2cz+Z1W+MOK8lwo5KsMHjxrfT1CwffzeAOo+cKT?= =?us-ascii?Q?r63u9C84y7RpvBprrQNWEswMlxMcS9MDorEz+5qJtAamNsZAINMCLQhrincJ?= =?us-ascii?Q?x/EnAnfP/dbTRyISLNn9FSMqpnrvfCek2yqHAkzJXpc+zSDYSTDuWdTDrnRp?= =?us-ascii?Q?PMCyZCPgURbZXQXfrZiDIQirLrEeWxDsphyI1uyEB/HuxTvRAzYvz84Jmc3N?= =?us-ascii?Q?yNtAr4D67wuhFUdDbFDlZf8gVGDDlX6S8NBVgcUHAui9PnKzQpN7az+dTCbC?= =?us-ascii?Q?u4nPM7fH2kRoJ1OCpJGb2U0RhzB9EyqXC/rLOCo+DH5z9pM/OJ2AwJbUT3GP?= =?us-ascii?Q?c0Ls49cqKqaVI5vvAi+c7G1bqngn0oAa5f3fg9TskptQ/XBdl+Ffl3qk+JWg?= =?us-ascii?Q?gmwcot+XQxHayb5/kRsZxPLbVNKC776cupxgjrWZM68r4AKkXSuB6pij8wpH?= =?us-ascii?Q?nAZ8lGz+THQxrCWDljX0ErlFQ0c8oYj8/+gZQPDKHNyPkceW8lUrIwxXbHFJ?= =?us-ascii?Q?SMU1ovkAmGfDRKYh1VpoNep/UGfyCezY1b2lGqPY+JTJavTJtIJsBise/wxF?= =?us-ascii?Q?E/p1fz5FEC2gDdHMwyqabry7UwHOuBFJegN04036zpQNZ+K3R17rK2J2vZse?= =?us-ascii?Q?zxN9Ysdu8msFMrzrcInl6eTotfS/PMCJD/sXlHF43/cDAHRxjwLr8dPDelDt?= =?us-ascii?Q?380zgxExiv4zuyTIenIFFM6hurY44EkwbVXPkTJWkkZPdCQZfRLWsSSen9X8?= =?us-ascii?Q?fQoKVH8VV2hPzeD6+KTsm3c2MU1ZsUPKeu7kIPFprgCnRxUTgWKhE6GOcOSv?= =?us-ascii?Q?eRGsx5QudHoW1hmlXSJmwvWMH4jv31HPMhhaYZ22/BuhBaAC7lZVy9npkAYx?= =?us-ascii?Q?l+j2m0CQeQcfBdYvq9LT3vppCJVBLyBRfyCJNFZ0M0KoEWcehITB7JgG5Q1y?= =?us-ascii?Q?QPSl7tGEZjVjhgppFxJGucEW?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6eb14aec-945d-45a9-973c-08d9573f70ee X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2021 12:00:24.0945 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: axJKYEqIVI+pZPjB051TcpUgv/JBrqNmvWtxASlMG+CJOb3u9qx4SKgXT0yySh0rMUiCKDQCXeUQxSjdz4WnAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2542 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: softfail client-ip=40.107.93.62; envelope-from=Ashish.Kalra@amd.com; helo=NAM10-DM6-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1628078670395100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Add support for userspace MSR filtering using KVM_X86_SET_MSR_FILTER ioctl and handling of MSRs in userspace. Currently this is only used for SEV guests which use MSR_KVM_MIGRATION_CONTROL to indicate if the guest is enabled and ready for migration. KVM arch code calls into SEV guest specific code to delete the SEV migrate blocker which has been setup at SEV_LAUNCH_FINISH. Signed-off-by: Ashish Kalra --- include/sysemu/sev.h | 1 + target/i386/kvm/kvm.c | 61 +++++++++++++++++++++++++++++++++++++++++++ target/i386/sev.c | 6 +++++ 3 files changed, 68 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 023e694ac4..d04890113c 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -38,5 +38,6 @@ int sev_add_shared_regions_list(unsigned long gfn_start, = unsigned long gfn_end); int sev_save_outgoing_shared_regions_list(QEMUFile *f); int sev_load_incoming_shared_regions_list(QEMUFile *f); bool sev_is_gfn_in_unshared_region(unsigned long gfn); +void sev_del_migrate_blocker(void); =20 #endif diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 303722e06f..785b8fae6b 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -2240,6 +2240,19 @@ static void register_smram_listener(Notifier *n, voi= d *unused) &smram_address_space, 1); } =20 +static __u64 bitmap; +struct kvm_msr_filter msr_filter_allow =3D { + .flags =3D KVM_MSR_FILTER_DEFAULT_ALLOW, + .ranges =3D { + { + .flags =3D KVM_MSR_FILTER_READ | KVM_MSR_FILTER_WRITE, + .nmsrs =3D 1, + .base =3D MSR_KVM_MIGRATION_CONTROL, + .bitmap =3D (uint8_t *)&bitmap, + } + } +}; + int kvm_arch_init(MachineState *ms, KVMState *s) { uint64_t identity_base =3D 0xfffbc000; @@ -2298,6 +2311,21 @@ int kvm_arch_init(MachineState *ms, KVMState *s) } } =20 + ret =3D kvm_check_extension(s, KVM_CAP_X86_USER_SPACE_MSR) ? + kvm_check_extension(s, KVM_CAP_X86_MSR_FILTER) : + -ENOTSUP; + if (ret > 0) { + ret =3D kvm_vm_enable_cap(s, KVM_CAP_X86_USER_SPACE_MSR, + 0, KVM_MSR_EXIT_REASON_FILTER); + if (ret =3D=3D 0) { + ret =3D kvm_vm_ioctl(s, KVM_X86_SET_MSR_FILTER, &msr_filter_al= low); + if (ret < 0) { + error_report("kvm: KVM_X86_SET_MSR_FILTER failed : %s", + strerror(-ret)); + } + } + } + ret =3D kvm_get_supported_msrs(s); if (ret < 0) { return ret; @@ -4472,6 +4500,35 @@ static int kvm_handle_exit_hypercall(X86CPU *cpu, st= ruct kvm_run *run) return 0; } =20 +/* + * Currently this exit is only used by SEV guests for + * MSR_KVM_MIGRATION_CONTROL to indicate if the guest + * is ready for migration. + */ +static int kvm_handle_x86_msr(X86CPU *cpu, struct kvm_run *run) +{ + static uint64_t msr_kvm_migration_control; + + if (run->msr.index !=3D MSR_KVM_MIGRATION_CONTROL) { + run->msr.error =3D -EINVAL; + return -1; + } + + switch (run->exit_reason) { + case KVM_EXIT_X86_RDMSR: + run->msr.error =3D 0; + run->msr.data =3D msr_kvm_migration_control; + break; + case KVM_EXIT_X86_WRMSR: + msr_kvm_migration_control =3D run->msr.data; + if (run->msr.data =3D=3D KVM_MIGRATION_READY) { + sev_del_migrate_blocker(); + } + run->msr.error =3D 0; + } + return 0; +} + int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *= bp) { static const uint8_t int3 =3D 0xcc; @@ -4736,6 +4793,10 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_ru= n *run) case KVM_EXIT_HYPERCALL: ret =3D kvm_handle_exit_hypercall(cpu, run); break; + case KVM_EXIT_X86_RDMSR: + case KVM_EXIT_X86_WRMSR: + ret =3D kvm_handle_x86_msr(cpu, run); + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret =3D -1; diff --git a/target/i386/sev.c b/target/i386/sev.c index d22f2ef6dc..58f74db0e3 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -791,6 +791,12 @@ sev_launch_finish(SevGuestState *sev) } } =20 +void +sev_del_migrate_blocker(void) +{ + migrate_del_blocker(sev_mig_blocker); +} + static int sev_receive_finish(SevGuestState *s) { --=20 2.17.1