qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Ashish Kalra <Ashish.Kalra@amd.com>
To: pbonzini@redhat.com
Cc: Thomas.Lendacky@amd.com, brijesh.singh@amd.com,
	ehabkost@redhat.com, kvm@vger.kernel.org, mst@redhat.com,
	mtosatti@redhat.com, ssg.sos.patches@amd.com, armbru@redhat.com,
	qemu-devel@nongnu.org, dgilbert@redhat.com, rth@twiddle.net
Subject: [PATCH 09/11] hw/i386: set ram_debug_ops when memory encryption is enabled
Date: Mon, 16 Nov 2020 18:52:29 +0000	[thread overview]
Message-ID: <0afaef32bcf868297eff2837e2462a3c5efd21ba.1605316268.git.ashish.kalra@amd.com> (raw)
In-Reply-To: <cover.1605316268.git.ashish.kalra@amd.com>

From: Brijesh Singh <brijesh.singh@amd.com>

When memory encryption is enabled, the guest RAM and boot flash ROM will
contain the encrypted data. By setting the debug ops allow us to invoke
encryption APIs when accessing the memory for the debug purposes.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
 hw/i386/pc.c       | 9 +++++++++
 hw/i386/pc_sysfw.c | 6 ++++++
 2 files changed, 15 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 5e6c0023e0..dfb63cd686 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -913,6 +913,15 @@ void pc_memory_init(PCMachineState *pcms,
         e820_add_entry(0x100000000ULL, x86ms->above_4g_mem_size, E820_RAM);
     }
 
+    /*
+     * When memory encryption is enabled, the guest RAM will be encrypted with
+     * a guest unique key. Set the debug ops so that any debug access to the
+     * guest RAM will go through the memory encryption APIs.
+     */
+    if (kvm_memcrypt_enabled()) {
+        kvm_memcrypt_set_debug_ops_memory_region(*ram_memory);
+    }
+
     if (!pcmc->has_reserved_memory &&
         (machine->ram_slots ||
          (machine->maxram_size > machine->ram_size))) {
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index b6c0822fe3..9f90c9d761 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -209,6 +209,12 @@ static void pc_system_flash_map(PCMachineState *pcms,
                     error_report("failed to encrypt pflash rom");
                     exit(1);
                 }
+
+                /*
+                 * The pflash ROM is encrypted, set the debug ops so that any
+                 * debug accesses will use memory encryption APIs.
+                 */
+                kvm_memcrypt_set_debug_ops_memory_region(flash_mem);
             }
         }
     }
-- 
2.17.1



  parent reply	other threads:[~2020-11-16 19:20 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-16 18:48 [PATCH 00/11] Add QEMU debug support for SEV guests Ashish Kalra
2020-11-16 18:48 ` [PATCH 01/11] memattrs: add debug attribute Ashish Kalra
2020-12-01 11:03   ` Dr. David Alan Gilbert
2020-12-01 11:43   ` Peter Maydell
2020-12-01 11:50     ` Dr. David Alan Gilbert
2020-12-01 11:56       ` Peter Maydell
2020-12-01 18:57         ` Dr. David Alan Gilbert
2020-11-16 18:49 ` [PATCH 02/11] exec: Add new MemoryDebugOps Ashish Kalra
2020-12-01 11:37   ` Dr. David Alan Gilbert
2020-12-01 11:48   ` Peter Maydell
2020-12-01 14:27     ` Ashish Kalra
2020-12-01 14:38       ` Peter Maydell
2020-12-01 14:49         ` Ashish Kalra
2020-11-16 18:49 ` [PATCH 03/11] exec: add ram_debug_ops support Ashish Kalra
2020-12-01 12:08   ` Peter Maydell
2020-12-01 14:43     ` Ashish Kalra
2020-11-16 18:50 ` [PATCH 04/11] exec: Add address_space_read and address_space_write debug helpers Ashish Kalra
2020-11-16 18:51 ` [PATCH 05/11] exec: add debug version of physical memory read and write API Ashish Kalra
2020-11-24  5:42   ` Dov Murik
2020-11-16 18:51 ` [PATCH 06/11] monitor/i386: use debug APIs when accessing guest memory Ashish Kalra
2020-12-01 11:54   ` Peter Maydell
2020-12-01 12:05   ` Peter Maydell
2020-11-16 18:51 ` [PATCH 07/11] kvm: introduce debug memory encryption API Ashish Kalra
2020-11-16 18:52 ` [PATCH 08/11] sev/i386: add debug encrypt and decrypt commands Ashish Kalra
2020-11-16 18:52 ` Ashish Kalra [this message]
2020-11-16 18:52 ` [PATCH 10/11] sev/i386: add SEV specific MemoryDebugOps Ashish Kalra
2020-11-16 18:53 ` [PATCH 11/11] target/i386: clear C-bit when walking SEV guest page table Ashish Kalra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0afaef32bcf868297eff2837e2462a3c5efd21ba.1605316268.git.ashish.kalra@amd.com \
    --to=ashish.kalra@amd.com \
    --cc=Thomas.Lendacky@amd.com \
    --cc=armbru@redhat.com \
    --cc=brijesh.singh@amd.com \
    --cc=dgilbert@redhat.com \
    --cc=ehabkost@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=mtosatti@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=rth@twiddle.net \
    --cc=ssg.sos.patches@amd.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).