From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933576AbdKAWKG (ORCPT ); Wed, 1 Nov 2017 18:10:06 -0400 Received: from mail-bn3nam01on0043.outbound.protection.outlook.com ([104.47.33.43]:12256 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933467AbdKAVQu (ORCPT ); Wed, 1 Nov 2017 17:16:50 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v7 07/38] KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl Date: Wed, 1 Nov 2017 16:15:52 -0500 Message-Id: <20171101211623.71496-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211623.71496-1-brijesh.singh@amd.com> References: <20171101211623.71496-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR06CA0064.namprd06.prod.outlook.com (2603:10b6:3:37::26) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bdb92e9a-ed39-47e1-74e5-08d5216dd85b X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199);SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;3:vPzrEK2ZjEnm3UuwOObltjcXgP7bjHOGvb8onohIZw1eN14JkcYDlKMy8reILeTnvtrJSCEVa7LrAExwvTJ2C4tXraURimKCGdLYb/RtAuAFy9RXbHJgeBuLuwUHpT8Nae8wlOQCYSqEm336ULBvyc1aHpYW3gvrLOjtM2nD8VpUo8DMebuiNqS7F7czQ/LiN1c0KIHBl3F0zcdV0jH9WOhFe/54MUhBZFiPWaO5A61a5Oqkb9Ch69nSq1WxX1on;25:wUlQ17JBWrWMos+ZKckwMRYrh/49QxS4Ea6O/ejCrW0rkQV7FSk6xV77SmCYWk/bYBlgVghaoQZ1ofIcARl6KduLKTPYZGP2yw6jgoR52MpEXDNJmdf8lR6B66zuyDXkPPI08sqexDmXB7f4wC/RVZxEZ1t7/RpRPXRE913EZC/XsBE7FotvxjbpqUxiT1g/KE76lRKTTGHTV3V789XV8w/lcT3cVFA/nU2Ivs6H6wDFv+fYWuxk40O2eYvNbVM60MfjGwiQlUSUn8a6WtPhWCbzMJQNkQJ5Qb1LJYVEaAWR4HY0ABwym13QpGwc18mrMt/QzFJ0Md+DERjvRodZmg==;31:1Fm3O60G/Sn47PMUhs/RF9ejOX0MFWWe36cVpaF1wemHXyAXHNsJfReZFucAbShegsOJbm4NzDM+rtmIRbhQsWvuqS9kSZuh+MxZzlF0oBk/OSwvoc7SReC6750oWUoBJQVcTU9svrAoKPqSfyjfWDP0mdbaOOE2znjEVpnk2logTGubVcZFliW5YJiXp3dYxAMsZmqTmKNz7iYi5EYK2/q2/JQv64T124xkQPVikwQ= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:nHBhMc6uP1nxEGHMPZ94VfTF/1yxl4IbBUSCWb/stl4tG+SY1J3/PM3cBzVWknkhRKHsNGk7QAyYErMf9VzDTc/HP77MNy3JvvaXPPd1WRl44dwbL048NQdi7o45CLzSrzI9OI9NN4CJF9ybZ4GnB6TbE1KRfWPNwaKP6zkEWLU202OmU4w9IEpnSLeeHGPAVKcGD7n+KEajkr7zvh8T5POI7otL+76/xy/NbUKdMeHrcgfzi50/bjEMD3h7cJpNhP1RyzCppEi+nL/uaL6EqcXHVFFOkg0MsqXwwyc7b849G0avxtuJLoDgv2ylKJvluEssVByYwJ6/7aZJjJm6kd3CKE5jRUs9N4T4rFwFnRb0YpxCtgFfK0Injcx6Ga1WvEfI+byadkwCL0nWYzPo12bmbsB5L0XXOrDAFiPziEHLpOrzQ2M5QsSGkdkmt2vWjk2zQiCXKi3rSP5nuUSofmVa64nAiDaKK6FnFTqe3CDrDX/LtVF39oUPWOX9H1jE;4:R1oehqOtEMArERrzGwMzz/nJdnlnUKZB9XyWlzuVkbdAz1kzOaGzitYpdWpRoR86wMVnm6L7mzPlgoO6F6rCUGcmfn+F36tPEpRikHetgse39qwEtCr29xAHxFX//7Vc1rG0rn6GzV+tMzrpXuzS1jRfxgX2sf24StciMPPqMuhhBtWHXzqoZ+bxjG6QBW5q0/l7CFbduN7uAmzmBMcg8DD29wzrrKFndmE9w1cz9cb4DdDKExnWEOtaYpaTVHLEZ7/8nqhlobr0+KCUjR6HrIZXfdPPcUPpIUHqERzVmUi4KBiIiuUOHTNGkW6lEK77Vu5w2oYnw8/COFLNAWEIYA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM2PR12MB0155;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(199003)(1076002)(6116002)(97736004)(66066001)(50466002)(3846002)(25786009)(4326008)(54906003)(316002)(8676002)(47776003)(36756003)(23676003)(50986999)(478600001)(7416002)(81156014)(81166006)(105586002)(53416004)(53936002)(189998001)(106356001)(2906002)(16526018)(2870700001)(76176999)(33646002)(305945005)(7736002)(86362001)(5660300001)(6486002)(101416001)(50226002)(68736007)(8936002)(2950100002)(6666003);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR12MB0155;H:wsp141597wss.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOjdUUlpCQWpPS0h3TEU3dzJqR0VnVEJWSElt?= =?utf-8?B?M2hjZjB6NFBQQ01yNGcxL00za3pHVEtaVGlYTk52NXd0MG5vZDBNRU1BWlow?= =?utf-8?B?YnRNbEkweGxVcGJXSWNXaGtwdVhrVkhianRQS2oweFBreXdLUEsvYlRmRnpK?= =?utf-8?B?ck1HdVZNSWNOZEx0MXFEb2p4Y0QvYkxJZzVrY2FSZkhCbmNEd0VKUDVrc01r?= =?utf-8?B?V3hBUCtvZjh1cHlBTlVYanIwcG0wcGIyZ2ZOaVBCQk5zMWFrRUZpTHRLVmhT?= =?utf-8?B?MjZnVzVPWUdZaW1OOU9HZXRPKzFCdnAzbGYyMGFQbUZzeG0wTTJvNVpSMGtS?= =?utf-8?B?VS9wbGV2dGsvUGdFb0pBeWw0R3pPTlZzVzB2NFR2SVR4QXl3cVRYNGEzdmR6?= =?utf-8?B?ak9IRyt4QTZGN0pkRkFyaFd1ZTgxNVRERk1NKzdrTTJNVnV3NlFady91WlFS?= =?utf-8?B?b0VzcEdRMmNFZHJ5Z3pDUnlOL0ZDV25na0k5blFBTFdXWm5hdWx6Y2c2bWhm?= =?utf-8?B?cWliNmZROEdmWVBoSnBFNVZ3V29KaWtUaVVaUy9Bdk90YUZiNVpJcFh3VTJD?= =?utf-8?B?dzc5eHJtelIwNkxFd0NZaXRMbjBCYTg5Tys5cmpIbG1WbnFOQ2E0Zlp6Mkdr?= =?utf-8?B?M2lKYUdLamtmVTI4bkV5MmdPSHdOSWl1Q0xYcnNYeHdoUCs0UXRCVFZZeVpx?= =?utf-8?B?UzR2Q3UvcDdhYWlORTAybHRhUFJMR2tQSkNPVVR0MitYbklrZTVOTmdBcklm?= =?utf-8?B?bjAyU3laRjNxU0tiWEFKclJ3ZnVzaVhhOUdnQWdDbkhVYktHNHlwOS9wSldO?= =?utf-8?B?ZzlwM1VnalNDcVpMRnlFN3VoOVkvNjJ1aW1hUzY5Y2k2NlZIYjR1ZmJURmNZ?= =?utf-8?B?UEpkb0RoSjB6SkNlZzV6MFJBWHlnTi91OTZzU05NTmVWUmJPM1NwRWF5ZGky?= =?utf-8?B?SmJGMFVHbVhKcnBwTzZwUk1IUXNUKzdqNDZUR2NYU1RTM0g4YU5rdnJhQkhH?= =?utf-8?B?bDJndGxKalYyTDJmQW5QeDR0WVFFSFBOL0FxNTdkS3BkRzArM0Jmbk0xbGFH?= =?utf-8?B?TG5Wbyt5SFVFR3M5clByeDhka0JpalVUZExQNGcxR1ptR3ZDUWpGWGxma1NE?= =?utf-8?B?T3JlcDhhYjJuc0ZJMkxweFZKNUJZUFY0NWFMSy9UZWVTSkN3bHF2Z2xZeVlj?= =?utf-8?B?YzFYZG14dDhiM0NkOFhkQVRQOUlpeDFVZXZZTjJ1S3Fhek55U0lDUjJSS2Ix?= =?utf-8?B?clhtS3p5ZVkxVXRsSTkwa3FLcERrcXlSSFpBL0dpV1lhc0F1U2dvSFlWMWNj?= =?utf-8?B?YjNsOU5QeXVrak5jWGVWVFBmVlFuUmtBYWdXT1NDWHQzOTlHb2t4Qy9wZGFi?= =?utf-8?B?YVFlOVNldys5a3RzMGJqdHI5ekNSRUZHcDlOTnB3VnExYlFORjBocVNpbWVt?= =?utf-8?Q?7SeYpgKh3dVCiSiN/ccdM5gr7KP?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;6:jI1uQWSIR5OW9wT/QMBgsZ3eMfPYE3YgvOR8nNh6Yju0R9I0IZ3LqM7xhENyOXrE11RBPUv0VpcB6/jl/9PwyD9yDghHerKMt887/YxJFPoDh9E1VYowWlK9qHh2YNxcgxoWFzqj2mSRN+1c8fu/z7Raouh8aUU+minbpwbuG2BNSxzSf5L6wpnbENYjTo+NpDbturLhstwFIBX49faMqdX7khKNhp+wEbMZICfK7FunpTppRMvJMrX+HhTRAUfQlv7k+IZBDdUQ57n2Ak1mIhkMBdq8RFs2ssezsE1ace3f8LkYSXue3m/9BHuW6U3C853Cs9MmE22RfR8TZ+viVfiW1CpkQsFMvz9mOw3ipPo=;5:1TMqST9GX/UVA93qLw697gODkVE2yj9zhNSu4S6MSfQV0AEa+zgGgYaYgRF6cOQojP70GSJetCkdMA1VMuk2717OGVNBXCI35XfLcaiWBIpKsTIXtIK1+M6HOallOr3PiFk6A7y2MiRIZRqkHEVgGOM2AE1bU6ml4O+v9jr6NfQ=;24:yIESdI7fXpopaJYBxj2DUhgd/ZFdzZ48DmWCzajHo3+ya8TM4GYfy7EJbzFIUlM26iVZ95MqY1ukeqJd0snBDzSVoGTdP/IaC6tPX6nSicY=;7:3F5ucBxWD9owu5Xx6VI7RxJ/hi9HEuMDhNVN5Lkaoixrey1NkOvH56HlgpEwPebfXEkmpBaVpoc+2Q8GLtkXO/mrevm8Qq6FEvqqN5Vqyv087pis2ZcNm6Ba8r+2+Hwmb//UqM/kxaUYRjVsFORCbt/8k0ukgbJRWHv8LdsF7bdsaKOn3gWdq6+VaFJxdQpcOc4Drt01IhhHEn1+0OagV2iw/b2s89tUsAIDOFvIEXy/N5BZrTw5C4RdD32fDidK SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:hzCtcEBTtr8KaIhs/x3yyezPrWg3JKdIrOpE6nZnnKDtgHNht7SEUVSyQk1A7jDFkjvO81A2hhS5ugkPWI582lGcsUQTFpUvNFR7XwBO0K8VALfKyP25dPAQZuRiLvVKeV9B+PcivHpAraRCrCAKXwh/aS8HM4k8m2s8qSbLj1/M9vRPIUFywx+6WBSIyOuSQimwBlVPx2FHPqDleMMvoIdXqIBrRGKalrQYGsh1OsKVY06bet67g0rxQed+MsTu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:16:40.4067 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bdb92e9a-ed39-47e1-74e5-08d5216dd85b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If the hardware supports memory encryption then the KVM_MEMORY_ENCRYPT_OP ioctl can be used by qemu to issue a platform specific memory encryption commands. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Paolo Bonzini Reviewed-by: Borislav Petkov --- Documentation/virtual/kvm/api.txt | 16 ++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/x86.c | 6 ++++++ include/uapi/linux/kvm.h | 2 ++ 4 files changed, 26 insertions(+) diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt index e63a35fafef0..fcafdae1739e 100644 --- a/Documentation/virtual/kvm/api.txt +++ b/Documentation/virtual/kvm/api.txt @@ -3390,6 +3390,22 @@ invalid, if invalid pages are written to (e.g. after the end of memory) or if no page table is present for the addresses (e.g. when using hugepages). +4.109 KVM_MEMORY_ENCRYPT_OP + +Capability: basic +Architectures: x86 +Type: system +Parameters: an opaque platform specific structure (in/out) +Returns: 0 on success; -1 on error + +If the platform supports creating encrypted VMs then this ioctl can be used +for issuing platform-specific memory encryption commands to manage those +encrypted VMs. + +Currently, this ioctl is used for issuing Secure Encrypted Virtualization +(SEV) commands on AMD Processors. The SEV commands are defined in +Documentation/virtual/kvm/amd-memory-encryption.txt. + 5. The kvm_run structure ------------------------ diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index c73e493adf07..48001ca48c14 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1061,6 +1061,8 @@ struct kvm_x86_ops { void (*cancel_hv_timer)(struct kvm_vcpu *vcpu); void (*setup_mce)(struct kvm_vcpu *vcpu); + + int (*mem_enc_op)(struct kvm *kvm, void __user *argp); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 03869eb7fcd6..4c365eb23080 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4270,6 +4270,12 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_vm_ioctl_enable_cap(kvm, &cap); break; } + case KVM_MEMORY_ENCRYPT_OP: { + r = -ENOTTY; + if (kvm_x86_ops->mem_enc_op) + r = kvm_x86_ops->mem_enc_op(kvm, argp); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 838887587411..4a39d99c5f99 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1356,6 +1356,8 @@ struct kvm_s390_ucas_mapping { /* Available with KVM_CAP_S390_CMMA_MIGRATION */ #define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmma_log) #define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log) +/* Memory Encryption Commands */ +#define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long) #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) -- 2.9.5