1 files changed, 151 insertions, 0 deletions

diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch
new file mode 100644
index 00000000..df8994c8
--- /dev/null
+++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch
@@ -0,0 +1,151 @@
+From 6a4347f1283b37a8367df7774fb4d8375e67cc1c Mon Sep 17 00:00:00 2001
+From: Sudheesh Mavila <sudheesh.mavila@amd.com>
+Date: Mon, 22 Oct 2018 14:13:40 +0530
+Subject: [PATCH 65/95] KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From  69eaedee411c1fc1cf123520897a96b7cf04d8a0
+If hardware supports memory encryption then KVM_MEMORY_ENCRYPT_REG_REGION
+and KVM_MEMORY_ENCRYPT_UNREG_REGION ioctl's can be used by userspace to
+register/unregister the guest memory regions which may contain the encrypted
+data (e.g guest RAM, PCI BAR, SMRAM etc).
+
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: "Radim Krčmář" <rkrcmar@redhat.com>
+Cc: Joerg Roedel <joro@8bytes.org>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: x86@kernel.org
+Cc: kvm@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Improvements-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com>
+---
+ Documentation/virtual/kvm/api.txt | 34 ++++++++++++++++++++++++++++++++++
+ arch/x86/include/asm/kvm_host.h   |  2 ++
+ arch/x86/kvm/x86.c                | 24 ++++++++++++++++++++++++
+ include/uapi/linux/kvm.h          |  8 ++++++++
+ 4 files changed, 68 insertions(+)
+
+diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
+index 8e11bb6..6c96d44 100644
+--- a/Documentation/virtual/kvm/api.txt
++++ b/Documentation/virtual/kvm/api.txt
+@@ -3430,6 +3430,40 @@ Currently, this ioctl is used for issuing Secure Encrypted Virtualization
+ (SEV) commands on AMD Processors. The SEV commands are defined in
+ Documentation/virtual/kvm/amd-memory-encryption.txt.
+ 
++4.110 KVM_MEMORY_ENCRYPT_REG_REGION
++
++Capability: basic
++Architectures: x86
++Type: system
++Parameters: struct kvm_enc_region (in)
++Returns: 0 on success; -1 on error
++
++This ioctl can be used to register a guest memory region which may
++contain encrypted data (e.g. guest RAM, SMRAM etc).
++
++It is used in the SEV-enabled guest. When encryption is enabled, a guest
++memory region may contain encrypted data. The SEV memory encryption
++engine uses a tweak such that two identical plaintext pages, each at
++different locations will have differing ciphertexts. So swapping or
++moving ciphertext of those pages will not result in plaintext being
++swapped. So relocating (or migrating) physical backing pages for the SEV
++guest will require some additional steps.
++
++Note: The current SEV key management spec does not provide commands to
++swap or migrate (move) ciphertext pages. Hence, for now we pin the guest
++memory region registered with the ioctl.
++
++4.111 KVM_MEMORY_ENCRYPT_UNREG_REGION
++
++Capability: basic
++Architectures: x86
++Type: system
++Parameters: struct kvm_enc_region (in)
++Returns: 0 on success; -1 on error
++
++This ioctl can be used to unregister the guest memory region registered
++with KVM_MEMORY_ENCRYPT_REG_REGION ioctl above.
++
+ 5. The kvm_run structure
+ ------------------------
+ 
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index 7595643..430eeb3 100755
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -1068,6 +1068,8 @@ struct kvm_x86_ops {
+ 
+ 	void (*setup_mce)(struct kvm_vcpu *vcpu);
+ 	int (*mem_enc_op)(struct kvm *kvm, void __user *argp);
++	int (*mem_enc_reg_region)(struct kvm *kvm, struct kvm_enc_region *argp);
++	int (*mem_enc_unreg_region)(struct kvm *kvm, struct kvm_enc_region *argp);
+ 
+ 	int (*get_msr_feature)(struct kvm_msr_entry *entry);
+ };
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 5243482..25af617 100644
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -4390,6 +4390,30 @@ long kvm_arch_vm_ioctl(struct file *filp,
+ 			r = kvm_x86_ops->mem_enc_op(kvm, argp);
+ 		break;
+ 	}
++	case KVM_MEMORY_ENCRYPT_REG_REGION: {
++		struct kvm_enc_region region;
++
++		r = -EFAULT;
++		if (copy_from_user(&region, argp, sizeof(region)))
++			goto out;
++
++		r = -ENOTTY;
++		if (kvm_x86_ops->mem_enc_reg_region)
++			r = kvm_x86_ops->mem_enc_reg_region(kvm, &region);
++		break;
++	}
++	case KVM_MEMORY_ENCRYPT_UNREG_REGION: {
++		struct kvm_enc_region region;
++
++		r = -EFAULT;
++		if (copy_from_user(&region, argp, sizeof(region)))
++			goto out;
++
++		r = -ENOTTY;
++		if (kvm_x86_ops->mem_enc_unreg_region)
++			r = kvm_x86_ops->mem_enc_unreg_region(kvm, &region);
++		break;
++	}
+ 	default:
+ 		r = -ENOTTY;
+ 	}
+diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
+index 409f266..24f9ae2 100644
+--- a/include/uapi/linux/kvm.h
++++ b/include/uapi/linux/kvm.h
+@@ -1363,6 +1363,14 @@ struct kvm_s390_ucas_mapping {
+ /* Memory Encryption Commands */
+ #define KVM_MEMORY_ENCRYPT_OP      _IOWR(KVMIO, 0xba, unsigned long)
+ 
++struct kvm_enc_region {
++	__u64 addr;
++	__u64 size;
++};
++
++#define KVM_MEMORY_ENCRYPT_REG_REGION    _IOR(KVMIO, 0xbb, struct kvm_enc_region)
++#define KVM_MEMORY_ENCRYPT_UNREG_REGION  _IOR(KVMIO, 0xbc, struct kvm_enc_region)
++
+ #define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)
+ #define KVM_DEV_ASSIGN_PCI_2_3		(1 << 1)
+ #define KVM_DEV_ASSIGN_MASK_INTX	(1 << 2)
+-- 
+2.7.4
+