From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752612AbdLEBF5 (ORCPT ); Mon, 4 Dec 2017 20:05:57 -0500 Received: from mail-bn3nam01on0083.outbound.protection.outlook.com ([104.47.33.83]:27456 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752294AbdLEBFP (ORCPT ); Mon, 4 Dec 2017 20:05:15 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky Subject: [Part2 PATCH v9 07/38] KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl Date: Mon, 4 Dec 2017 19:04:07 -0600 Message-Id: <20171205010438.5773-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com> References: <20171205010438.5773-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d13811f1-9675-49fe-f90c-08d53b7c35de X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286);SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;3:wC2Cb0ysKvjK0yKW+nz7Iahq8a7tDvURx8QB9mpemyGDMj08qlOY6EuLszA5M0LeuNWeJDKMRESun4B17wbCJKSFrEaHAUtR+kMPP5PX8CeV6fr3rSfuIo2cPwQrLOsgAUNebZ+gWt3kKGnOhUL0a+9igJni1cDconvQTunAilr2005PxQ45ZijYQPi/E+WOk3FQKGo2jeQQrB0nHDzxKuHD7k1m0PZTrkL6oEf/6qaca1pg2zLEziSR5GV29cUK;25:FFhh2Y+3FFxYw6R/bYoFRnFojTRu8kruK/7dhSwRhztKNuRp8BkXEa24dL7RXajLk90iz+/DiaDhvymd5ycqGLAsTkDFzGdQazTobFVXj470Y6kyPw7vGyEa8PIwUauWikzsmMcsYnWDe3npqCz8kOPE3MHEzHez65Nd0LPOKdB+k81PJJgh26ND6WJY+TSl7xdsL7OvfCSokH+LC4diN5rXT99LFEpZtmplrgCedpfylHekMO7UmpDSJ9behQU9MIcDgwSxCir1E03uxeHs7CJav2nYNi63byfC/3ke3V1YmxmqoHes0Gr5FBhNtJfeC6OAesKn4XqQnistsfUqoA==;31:auZQALX8ZyMAoWr5JxYsQqPzMTwGd0ZeVrDK/L9rYmH825/imOMRTtb2NEliAOeftSvwm0dHtahhiJrmzEDSJL+9KnMts/yGb6RGfukHEK/HceSb5aX88N7M5ckA31T7+FYdbGfDa0RScpyzv8VOSzvLCw/3SiYVGyLbHFckvYGGifrRcRaxRtG7J3ySxJ6eHmWBEVPdG+7bDguMmupX/XnDIuHt548EN6IV4u35oh0= X-MS-TrafficTypeDiagnostic: CY1PR12MB0149: X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;20:GqZVnizlS8kaIAzJhP2krE6kHEGlNe/9yvEeYvShXO5siP4vh2EeoxYadFrFmiTB3nvLbdKHgBy/SO29/pHfZeWGkqlXTOWSKsk/HKN7yYHHMcDjhzUOjpQy1D8ZhT0sVfmWgVRzTZASEwAgpOZlkJZIzIKe3OKBpbv5Qld208f3pei1NOcf70NibmnbE+LJZrzVkCr8f9kPay6w0fLNtv4w6tPITXPPAnvKegiN8xAorLHIB+vjCnQTjpcmirfLXW9gyaj505pQtspEnCgUrimnm+wsMKldVWY/a1JlNSq1ed29QujIq0Sm1mHDsz9VIzdXd9B0BQ2Dqg8m0BWbdQ87vJ5TiKb7ejn5JcoSxPfv6TaKzFisBZYITOmTeUGwhPe6ea/pGgcDFQYC9vaks9+Y+DafEgWi8m0b5DEcGoywlbQj1pUWpybD1ndriqYBmJXKu5zqQfZZTsyJo6hm8ruzO90ArME+mmMLByETZGrITg5tLxXqJQjjP4DwdGYg;4:BqwDU94XwoNKkha1ZGMRYMNHhutVS1upLRz92hAlhhTHWWZenM4QMMdGS8RZlq6B4D6PRbd1qVg8ClZ6x7Cx1+H5L0iX/7IKPuFTHrMhe1pH9fmYggW8N0rTmiBAsxE72EJDqtpRkxkIIOH7/KVQvUxHYaHyzhVrlzcUTJ6dWUrH4yynw1833gvZgO65+8LlvAYeQRW6/OAMCw9oS8BpVUfkTcoI6Vwc0JkXkW8H5ON9q+M5StCOSyQJfDOiZjPjF4XnooV9cVgO+Zw9gxu3Dz9mUuBS6eumwQlWUv/bOdTmJ8lDghMIj7AFQ+CzjWnxfovfgtkbJkrBJr1z2NisUg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011);SRVR:CY1PR12MB0149;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:CY1PR12MB0149; X-Forefront-PRVS: 0512CC5201 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(7416002)(2870700001)(101416001)(23676004)(52116002)(97736004)(86362001)(575784001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(2950100002)(7736002)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003);DIR:OUT;SFP:1101;SCL:1;SRVR:CY1PR12MB0149;H:wsp141597wss.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOkxVd3VRblNXd1lURjRYNzNkU1JOSmlYemtL?= =?utf-8?B?b3RqU2swMjI0WmxDaEFyM2hZQXRKNzRXSkhUOXJPSkYrZzhqZUwrSUx0c2c5?= =?utf-8?B?UWhmVThtUTZwaTdMcFhHQkl6VEFKZ0hNNHh1NVRhczVxUFlPbTZxVDNyOXQy?= =?utf-8?B?b0hlajNhUStQUnkwclpCN3I4cUxmUkYwVnV1alMxd3FqUk5ZVUU1ZnAxRUhh?= =?utf-8?B?TjdMZFUxR1pZRlZ3NXNCS2hpYnhmRER2V2pwSEZia01QNktkSzZqRm9PdWNv?= =?utf-8?B?VnRIY3BTek91UHpGVlVlditPUEVmb01MaXhTSGQ4ci94UFVCOFJMbmptbWxw?= =?utf-8?B?TmovV20wcC9OdEpjRTEycWVMajROTTNhZDNCcUE3VkhGNjFWekszRlJOV3gv?= =?utf-8?B?MGZ0QkZEQUkrV1I2d2ErZEZ3bldpTGRrY1lpS1V3aURLb01qdHNXaTUvbkpm?= =?utf-8?B?U0tHRWVhWHYyaStXWE5LTnZPb09qbkhjRXlaMVBaRkJCeCt1UkIxTnp3eDZ1?= =?utf-8?B?R2YwOXFIYkcvZHV5WnNpOFhDUk1wOTVVS1IyYzNzR3YxUmVqODJINzcySEVy?= =?utf-8?B?QnV0bnRzbHdiQUFiTnF4WDBzY2hwYjRGUFVJU0pIMm9kODQzMUdtUXlJVHRH?= =?utf-8?B?YWdEZWR3RXNUcHIxTW1BUkRTcDhnNExnRmQ2VTVDeWl0TlRmNVUzbEdHMmFN?= =?utf-8?B?azNucHhHZW5KcXdrWmxkNXp2eUpmbFg2QVc0NDdLaHZSQjdXM0R6enpRZ2dm?= =?utf-8?B?YVVvTEQ0QXFqL1ZtVkR3UERwWE9CWER4VDdOZlA0ZFZ2dm9XRjBBTlppVHFH?= =?utf-8?B?b3RvT0ZqaG4xc2J0RWZhOCtuUklVdWVWbEdWaGNCcVdJdzdlQ0lac3dpZVY0?= =?utf-8?B?eHNhbFdTTWN1RGNJRVN0NHNpVE1tcWxXeDlSYkp0dnZ5N2FGNk45NURBNklH?= =?utf-8?B?YzNiZ0VsdzlCNVdyMHVtcGxFMTA2dUw4aHJiZ0tCMTh0OFc4NENqSVdwVmVN?= =?utf-8?B?blZCU1B3dXVldzNmZ1ZvbEVHODFMSWtXdTdINDl5TThLVHRNZ05HRnp6SjBK?= =?utf-8?B?N3RLV00vVUtBY3N2NkRzNnZpbVp6UDRNY1JmaVg4WGJUNnRCamg1WjR2RU9Q?= =?utf-8?B?T0FqWUNTczlFaGZQS2F4ME9NQllpL0dsSEM0SDNob3lsczVpajVwTzBUTFYv?= =?utf-8?B?WjQyUGdmUjY2QmhtbXBnUUplem12YTd4VlV3RG5lcDFLSG5qMElsRG03N0w4?= =?utf-8?B?aEo4c1lCT2UxZnYwblhJWUgzRFZ4S0Y5bnlMQkthWi8vTFo0ZnZJMmRhM1lI?= =?utf-8?B?L0RaQXFkTEl5QlNENnBoYUZ1L2JmR1JiOG5yeVVGV1cweEs2YkhjZ2QxK0Ja?= =?utf-8?B?d3haeWsrNGJ3ZlE1NlVNemZ6Vk5mWEZMaVl6eGtJc21mZ1dITWlJaHd3Z0E5?= =?utf-8?B?WkFkKy92WXR1eXJOTVFLMjVNYzBRU3ZhWW9vNzF6KzFsTmZEUzQyK2Q1NHk5?= =?utf-8?Q?kBSwos64b1GVab+FdboBq7gtY=3D?= X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;6:gzTIL7m8yE2bUk+XObfVWYsSzUFVgoEYPgxeGo4FCQvuFqjuVYoYmUVwMW4o88Rn7dkhq/NytFhZg2mhUKKe0AOj1saPcFWmW/h6QjbKzflhF2p+xhNPuv4fgNV+9AwYn+cbFfXdZ6vsnkW84Z4cwlUsvvOmsGsfDh2AXBQEGAnGnctaP3ckXQcu3Ukb0BWZ31jbylXVEr8fDgq/DtymoGDekt7mvnWtnaO7PUBHfxEIlbOblKWooSOPlunB3npzSHcSQxuMTyRnxIcOXndbPdhBv2s4rxrySN3JWCxP9rjUYwVagohgbT1/1Vj6++0ZVBlV6G7IMWdsHjDzanRlkXDLO0r2WDl8D/7hnnambYA=;5:1G3lCDY+1Maj2tl4m0cAy9eWDnn01nTobMKotHWYaZtzSOWVyXydNfGWkAY1KYhRl2ll/DSDRQ/FbpTRJq84lEfXswUjMdBV1a3B51+kazA6c6egB54q0c18JOYdBgQov1oQfuE58nVHx56gI1XH338dcCLuZLk6ViXwbh5B4VY=;24:SGtkluP6ol8ita1NhW3qmxVVzd8Sxt5M4pk5QHXzRo5K/JOE5R+Wie+wyO6Qvq6F4jocU7aPb+BchQ5+4Ar5KlG64sCqOy9xmjuHqjqF2Yw=;7:3JGyMkXV04QOEJmQVsBfe6t3oAjJi6FeOjtUyuVgLXVwa75rbkjlFde0kv3zUi8aNwgILtwghc6bcenKrr1jhN61iv38qjN4c4bA5z/I9AiBmqlNTk6B0jK6MpV37iElcveAXryGUTllMW9PwlQfz8A5RyIdqthT+qo4LvVYePP9AZ/cYi5Y16SpkIEc3LU+h+HgWWweyzU0N5AelDdrGR4E7OkLLDPjpM5QJYljaq4ZoaNzq8vOki7yBtRy75Ti SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;20:WoQ3EamGk6J6I8W1Vfr6b4CScv+N1dudkJpVHgp9B1jrWbpgTF0faiB6DfV08zR3Azvw37wWLPcybRl1OskIS2QxjHu7gn1T+TPcRYe+RTai0yMcMm2J7jsqd4zvd+28ugAXlB8MMZ6qWmHfEBVX4j+7pIbYONuq0CsWFqid9QSDq+GiMAt8PDwI8MCrh1KlNqzzt3I65JxU9W6V0r/zUN+YlAcAlHNwwL7sP0AnHnm0oVFY1KvyoJ3xzK/jiuQr X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:05:00.2644 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d13811f1-9675-49fe-f90c-08d53b7c35de X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If the hardware supports memory encryption then the KVM_MEMORY_ENCRYPT_OP ioctl can be used by qemu to issue a platform specific memory encryption commands. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Paolo Bonzini Reviewed-by: Borislav Petkov --- Documentation/virtual/kvm/api.txt | 16 ++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/x86.c | 6 ++++++ include/uapi/linux/kvm.h | 2 ++ 4 files changed, 26 insertions(+) diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt index f670e4b9e7f3..c8755be35543 100644 --- a/Documentation/virtual/kvm/api.txt +++ b/Documentation/virtual/kvm/api.txt @@ -3394,6 +3394,22 @@ invalid, if invalid pages are written to (e.g. after the end of memory) or if no page table is present for the addresses (e.g. when using hugepages). +4.109 KVM_MEMORY_ENCRYPT_OP + +Capability: basic +Architectures: x86 +Type: system +Parameters: an opaque platform specific structure (in/out) +Returns: 0 on success; -1 on error + +If the platform supports creating encrypted VMs then this ioctl can be used +for issuing platform-specific memory encryption commands to manage those +encrypted VMs. + +Currently, this ioctl is used for issuing Secure Encrypted Virtualization +(SEV) commands on AMD Processors. The SEV commands are defined in +Documentation/virtual/kvm/amd-memory-encryption.txt. + 5. The kvm_run structure ------------------------ diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 1bfb99770c34..c87e214d55df 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1066,6 +1066,8 @@ struct kvm_x86_ops { int (*pre_enter_smm)(struct kvm_vcpu *vcpu, char *smstate); int (*pre_leave_smm)(struct kvm_vcpu *vcpu, u64 smbase); int (*enable_smi_window)(struct kvm_vcpu *vcpu); + + int (*mem_enc_op)(struct kvm *kvm, void __user *argp); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 34c85aa2e2d1..7bbed0c0ba79 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4281,6 +4281,12 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_vm_ioctl_enable_cap(kvm, &cap); break; } + case KVM_MEMORY_ENCRYPT_OP: { + r = -ENOTTY; + if (kvm_x86_ops->mem_enc_op) + r = kvm_x86_ops->mem_enc_op(kvm, argp); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 282d7613fce8..addd0cf4445f 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1358,6 +1358,8 @@ struct kvm_s390_ucas_mapping { /* Available with KVM_CAP_S390_CMMA_MIGRATION */ #define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmma_log) #define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log) +/* Memory Encryption Commands */ +#define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long) #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) -- 2.9.5