[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 07/11] kvm: introduce debug memory encryption API
From: |
Ashish Kalra |
Subject: |
[PATCH 07/11] kvm: introduce debug memory encryption API |
Date: |
Mon, 16 Nov 2020 18:51:54 +0000 |
From: Brijesh Singh <brijesh.singh@amd.com>
In order to support debugging with Secure Encrypted Virtualization (SEV),
add a high-level memory encryption API.
Also add a new API interface to override any CPU class specific callbacks
for supporting debugging with SEV, for example, overriding the guest MMU/
page-table walker callback.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
accel/kvm/kvm-all.c | 19 +++++++++++++++++++
accel/stubs/kvm-stub.c | 8 ++++++++
include/sysemu/kvm.h | 15 +++++++++++++++
3 files changed, 42 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 9ef5daf4c5..ae85f53e7d 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -123,6 +123,8 @@ struct KVMState
/* memory encryption */
void *memcrypt_handle;
int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len);
+ void (*memcrypt_debug_ops_memory_region)(void *handle, MemoryRegion *mr);
+ void (*memcrypt_debug_ops_cpu_state)(void *handle, CPUState *cpu);
/* For "info mtree -f" to tell if an MR is registered in KVM */
int nr_as;
@@ -222,6 +224,23 @@ int kvm_get_max_memslots(void)
return s->nr_slots;
}
+void kvm_memcrypt_set_debug_ops_memory_region(MemoryRegion *mr)
+{
+ if (kvm_state->memcrypt_handle &&
+ kvm_state->memcrypt_debug_ops_memory_region) {
+ kvm_state->memcrypt_debug_ops_memory_region(kvm_state->memcrypt_handle,
+ mr);
+ }
+}
+
+void kvm_memcrypt_set_debug_ops_cpu_state(CPUState *cs)
+{
+ if (kvm_state->memcrypt_handle &&
+ kvm_state->memcrypt_debug_ops_cpu_state) {
+ kvm_state->memcrypt_debug_ops_cpu_state(kvm_state->memcrypt_handle,
cs);
+ }
+}
+
bool kvm_memcrypt_enabled(void)
{
if (kvm_state && kvm_state->memcrypt_handle) {
diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
index 680e099463..bf93431e46 100644
--- a/accel/stubs/kvm-stub.c
+++ b/accel/stubs/kvm-stub.c
@@ -91,6 +91,14 @@ int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len)
return 1;
}
+void kvm_memcrypt_set_debug_ops_memory_region(MemoryRegion *mr)
+{
+}
+
+void kvm_memcrypt_set_debug_ops_cpu_state(CPUState *cs)
+{
+}
+
#ifndef CONFIG_USER_ONLY
int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev)
{
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index bb5d5cf497..1bde2e3d71 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -470,6 +470,21 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *env,
uint32_t function,
uint32_t index, int reg);
uint64_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index);
+/**
+ * kvm_memcrypt_set_debug_ram_ops: set debug_ram_ops callback
+ *
+ * When debug_ram_ops is set, debug access to this memory region will use
+ * memory encryption APIs.
+ */
+void kvm_memcrypt_set_debug_ops_memory_region(MemoryRegion *mr);
+
+/**
+ * kvm_memcrypt_set_debug_ops_cpu_state: override cpu_class callbacks
+ *
+ * This interface allows vendor specific debug ops to override any
+ * cpu_class callbacks.
+ */
+void kvm_memcrypt_set_debug_ops_cpu_state(CPUState *cs);
void kvm_set_sigmask_len(KVMState *s, unsigned int sigmask_len);
--
2.17.1
- [PATCH 00/11] Add QEMU debug support for SEV guests, Ashish Kalra, 2020/11/16
- [PATCH 01/11] memattrs: add debug attribute, Ashish Kalra, 2020/11/16
- [PATCH 02/11] exec: Add new MemoryDebugOps., Ashish Kalra, 2020/11/16
- [PATCH 03/11] exec: add ram_debug_ops support, Ashish Kalra, 2020/11/16
- [PATCH 04/11] exec: Add address_space_read and address_space_write debug helpers., Ashish Kalra, 2020/11/16
- [PATCH 05/11] exec: add debug version of physical memory read and write API, Ashish Kalra, 2020/11/16
- [PATCH 06/11] monitor/i386: use debug APIs when accessing guest memory, Ashish Kalra, 2020/11/16
- [PATCH 07/11] kvm: introduce debug memory encryption API,
Ashish Kalra <=
- [PATCH 08/11] sev/i386: add debug encrypt and decrypt commands, Ashish Kalra, 2020/11/16
- [PATCH 09/11] hw/i386: set ram_debug_ops when memory encryption is enabled, Ashish Kalra, 2020/11/16
- [PATCH 10/11] sev/i386: add SEV specific MemoryDebugOps., Ashish Kalra, 2020/11/16
- [PATCH 11/11] target/i386: clear C-bit when walking SEV guest page table, Ashish Kalra, 2020/11/16