Commit 5bdd3743 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-sev' into staging 



* Migrate MSR_SMI_COUNT (Liran)
* Update kernel headers (Gerd, myself)
* SEV support (Brijesh)

I have not tested non-x86 compilation, but I reordered the SEV patches
so that all non-x86-specific changes go first to catch any possible
issues (which weren't there anyway :)).

# gpg: Signature made Tue 13 Mar 2018 16:37:06 GMT
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream-sev: (22 commits)
  sev/i386: add sev_get_capabilities()
  sev/i386: qmp: add query-sev-capabilities command
  sev/i386: qmp: add query-sev-launch-measure command
  sev/i386: hmp: add 'info sev' command
  cpu/i386: populate CPUID 0x8000_001F when SEV is active
  sev/i386: add migration blocker
  sev/i386: finalize the SEV guest launch flow
  sev/i386: add support to LAUNCH_MEASURE command
  target/i386: encrypt bios rom
  sev/i386: add command to encrypt guest memory region
  sev/i386: add command to create launch memory encryption context
  sev/i386: register the guest memory range which may contain encrypted data
  sev/i386: add command to initialize the memory encryption context
  include: add psp-sev.h header file
  sev/i386: qmp: add query-sev command
  target/i386: add Secure Encrypted Virtualization (SEV) object
  kvm: introduce memory encryption APIs
  kvm: add memory encryption context
  docs: add AMD Secure Encrypted Virtualization (SEV)
  machine: add memory-encryption option
  ...

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 56e8698f 9f750794

accel/Makefile.objs

+1 −1
Original line number Diff line number Diff line 
obj-$(CONFIG_SOFTMMU) += accel.o

obj-y += kvm/

obj-$(CONFIG_KVM) += kvm/

obj-$(CONFIG_TCG) += tcg/

obj-y += stubs/

accel/kvm/Makefile.objs

+2 −1
Original line number Diff line number Diff line 
obj-$(CONFIG_KVM) += kvm-all.o
 
obj-y += kvm-all.o

obj-$(call lnot,$(CONFIG_SEV)) += sev-stub.o

accel/kvm/kvm-all.c

+39 −0
Original line number Diff line number Diff line
@@ -38,6 +38,7 @@ 
#include "qemu/event_notifier.h"

#include "trace.h"

#include "hw/irq.h"

#include "sysemu/sev.h"



#include "hw/boards.h"
@@ -103,6 +104,10 @@ struct KVMState 
#endif

    KVMMemoryListener memory_listener;

    QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;



    /* memory encryption */

    void *memcrypt_handle;

    int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len);

};



KVMState *kvm_state;
@@ -138,6 +143,26 @@ int kvm_get_max_memslots(void) 
    return s->nr_slots;

}



bool kvm_memcrypt_enabled(void)

{

    if (kvm_state && kvm_state->memcrypt_handle) {

        return true;

    }



    return false;

}



int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len)

{

    if (kvm_state->memcrypt_handle &&

        kvm_state->memcrypt_encrypt_data) {

        return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle,

                                              ptr, len);

    }



    return 1;

}



static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml)

{

    KVMState *s = kvm_state;
@@ -1636,6 +1661,20 @@ static int kvm_init(MachineState *ms) 


    kvm_state = s;



    /*

     * if memory encryption object is specified then initialize the memory

     * encryption context.

     */

    if (ms->memory_encryption) {

        kvm_state->memcrypt_handle = sev_guest_init(ms->memory_encryption);

        if (!kvm_state->memcrypt_handle) {

            ret = -1;

            goto err;

        }



        kvm_state->memcrypt_encrypt_data = sev_encrypt_data;

    }



    ret = kvm_arch_init(ms, s);

    if (ret < 0) {

        goto err;

accel/kvm/sev-stub.c

0 → 100644
+26 −0
Original line number Diff line number Diff line 
/*

 * QEMU SEV stub

 *

 * Copyright Advanced Micro Devices 2018

 *

 * Authors:

 *      Brijesh Singh <brijesh.singh@amd.com>

 *

 * This work is licensed under the terms of the GNU GPL, version 2 or later.

 * See the COPYING file in the top-level directory.

 *

 */



#include "qemu/osdep.h"

#include "qemu-common.h"

#include "sysemu/sev.h"



int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)

{

    abort();

}



void *sev_guest_init(const char *id)

{

    return NULL;

}

accel/stubs/kvm-stub.c

+10 −0
Original line number Diff line number Diff line
@@ -105,6 +105,16 @@ int kvm_on_sigbus(int code, void *addr) 
    return 1;

}



bool kvm_memcrypt_enabled(void)

{

    return false;

}



int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len)

{

  return 1;

}



#ifndef CONFIG_USER_ONLY

int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev)

{