[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC v2 10/18] guest memory protection: Add guest memory protection
From: |
Greg Kurz |
Subject: |
Re: [RFC v2 10/18] guest memory protection: Add guest memory protection interface |
Date: |
Mon, 25 May 2020 12:27:35 +0200 |
On Thu, 21 May 2020 13:42:56 +1000
David Gibson <address@hidden> wrote:
> Several architectures have mechanisms which are designed to protect guest
> memory from interference or eavesdropping by a compromised hypervisor. AMD
> SEV does this with in-chip memory encryption and Intel has a similar
> mechanism. POWER's Protected Execution Framework (PEF) accomplishes a
> similar goal using an ultravisor and new memory protection features,
> instead of encryption.
>
> This introduces a new GuestMemoryProtection QOM interface which we'll use
> to (partially) unify handling of these various mechanisms.
>
> Signed-off-by: David Gibson <address@hidden>
> ---
> backends/Makefile.objs | 2 ++
> backends/guest-memory-protection.c | 29 +++++++++++++++++++++
> include/exec/guest-memory-protection.h | 36 ++++++++++++++++++++++++++
> 3 files changed, 67 insertions(+)
> create mode 100644 backends/guest-memory-protection.c
> create mode 100644 include/exec/guest-memory-protection.h
>
> diff --git a/backends/Makefile.objs b/backends/Makefile.objs
> index 28a847cd57..e4fb4f5280 100644
> --- a/backends/Makefile.objs
> +++ b/backends/Makefile.objs
> @@ -21,3 +21,5 @@ common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
> common-obj-$(CONFIG_GIO) += dbus-vmstate.o
> dbus-vmstate.o-cflags = $(GIO_CFLAGS)
> dbus-vmstate.o-libs = $(GIO_LIBS)
> +
> +common-obj-y += guest-memory-protection.o
> diff --git a/backends/guest-memory-protection.c
> b/backends/guest-memory-protection.c
> new file mode 100644
> index 0000000000..7e538214f7
> --- /dev/null
> +++ b/backends/guest-memory-protection.c
> @@ -0,0 +1,29 @@
> +#/*
> + * QEMU Guest Memory Protection interface
> + *
> + * Copyright: David Gibson, Red Hat Inc. 2020
> + *
> + * Authors:
> + * David Gibson <address@hidden>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later. See the COPYING file in the top-level directory.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "exec/guest-memory-protection.h"
> +
> +static const TypeInfo guest_memory_protection_info = {
> + .name = TYPE_GUEST_MEMORY_PROTECTION,
> + .parent = TYPE_INTERFACE,
> + .class_size = sizeof(GuestMemoryProtectionClass),
> +};
> +
> +static void guest_memory_protection_register_types(void)
> +{
> + type_register_static(&guest_memory_protection_info);
> +}
> +
> +type_init(guest_memory_protection_register_types)
> diff --git a/include/exec/guest-memory-protection.h
> b/include/exec/guest-memory-protection.h
> new file mode 100644
> index 0000000000..38e9b01667
> --- /dev/null
> +++ b/include/exec/guest-memory-protection.h
> @@ -0,0 +1,36 @@
> +#/*
> + * QEMU Guest Memory Protection interface
> + *
> + * Copyright: David Gibson, Red Hat Inc. 2020
> + *
> + * Authors:
> + * David Gibson <address@hidden>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later. See the COPYING file in the top-level directory.
> + *
> + */
> +#ifndef QEMU_GUEST_MEMORY_PROTECTION_H
> +#define QEMU_GUEST_MEMORY_PROTECTION_H
> +
> +#include "qom/object.h"
> +
> +typedef struct GuestMemoryProtection GuestMemoryProtection;
> +
> +#define TYPE_GUEST_MEMORY_PROTECTION "guest-memory-protection"
> +#define GUEST_MEMORY_PROTECTION(obj) \
> + INTERFACE_CHECK(GuestMemoryProtection, (obj), \
> + TYPE_GUEST_MEMORY_PROTECTION)
> +#define GUEST_MEMORY_PROTECTION_CLASS(klass) \
> + OBJECT_CLASS_CHECK(GuestMemoryProtectionClass, (klass), \
> + TYPE_GUEST_MEMORY_PROTECTION)
> +#define GUEST_MEMORY_PROTECTION_GET_CLASS(obj) \
> + OBJECT_GET_CLASS(GuestMemoryProtectionClass, (obj), \
> + TYPE_GUEST_MEMORY_PROTECTION)
> +
> +typedef struct GuestMemoryProtectionClass {
> + InterfaceClass parent;
> +} GuestMemoryProtectionClass;
> +
> +#endif /* QEMU_GUEST_MEMORY_PROTECTION_H */
> +
Applying patch #1294935 using "git am -s -m"
Description: [RFC,v2,10/18] guest memory protection: Add guest memory protection
Applying: guest memory protection: Add guest memory protection interface
.git/rebase-apply/patch:95: new blank line at EOF.
+
warning: 1 line adds whitespace errors.
- [RFC v2 12/18] guest memory protection: Perform KVM init via interface, (continued)
- [RFC v2 12/18] guest memory protection: Perform KVM init via interface, David Gibson, 2020/05/20
- [RFC v2 13/18] guest memory protection: Move side effect out of machine_set_memory_encryption(), David Gibson, 2020/05/20
- [RFC v2 15/18] guest memory protection: Decouple kvm_memcrypt_*() helpers from KVM, David Gibson, 2020/05/20
- [RFC v2 06/18] target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields, David Gibson, 2020/05/20
- [RFC v2 14/18] guest memory protection: Rework the "memory-encryption" property, David Gibson, 2020/05/20
- [RFC v2 17/18] spapr: Added PEF based guest memory protection, David Gibson, 2020/05/20
- [RFC v2 10/18] guest memory protection: Add guest memory protection interface, David Gibson, 2020/05/20
- Re: [RFC v2 10/18] guest memory protection: Add guest memory protection interface,
Greg Kurz <=
- [RFC v2 16/18] guest memory protection: Add Error ** to GuestMemoryProtection::kvm_init, David Gibson, 2020/05/20
- [RFC v2 18/18] guest memory protection: Alter virtio default properties for protected guests, David Gibson, 2020/05/20
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Sean Christopherson, 2020/05/29