diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch new file mode 100644 index 00000000..df8994c8 --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch @@ -0,0 +1,151 @@ +From 6a4347f1283b37a8367df7774fb4d8375e67cc1c Mon Sep 17 00:00:00 2001 +From: Sudheesh Mavila <sudheesh.mavila@amd.com> +Date: Mon, 22 Oct 2018 14:13:40 +0530 +Subject: [PATCH 65/95] KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From 69eaedee411c1fc1cf123520897a96b7cf04d8a0 +If hardware supports memory encryption then KVM_MEMORY_ENCRYPT_REG_REGION +and KVM_MEMORY_ENCRYPT_UNREG_REGION ioctl's can be used by userspace to +register/unregister the guest memory regions which may contain the encrypted +data (e.g guest RAM, PCI BAR, SMRAM etc). + +Cc: Thomas Gleixner <tglx@linutronix.de> +Cc: Ingo Molnar <mingo@redhat.com> +Cc: "H. Peter Anvin" <hpa@zytor.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: "Radim Krčmář" <rkrcmar@redhat.com> +Cc: Joerg Roedel <joro@8bytes.org> +Cc: Borislav Petkov <bp@suse.de> +Cc: Tom Lendacky <thomas.lendacky@amd.com> +Cc: x86@kernel.org +Cc: kvm@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Improvements-by: Borislav Petkov <bp@suse.de> +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Reviewed-by: Borislav Petkov <bp@suse.de> +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + Documentation/virtual/kvm/api.txt | 34 ++++++++++++++++++++++++++++++++++ + arch/x86/include/asm/kvm_host.h | 2 ++ + arch/x86/kvm/x86.c | 24 ++++++++++++++++++++++++ + include/uapi/linux/kvm.h | 8 ++++++++ + 4 files changed, 68 insertions(+) + +diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt +index 8e11bb6..6c96d44 100644 +--- a/Documentation/virtual/kvm/api.txt ++++ b/Documentation/virtual/kvm/api.txt +@@ -3430,6 +3430,40 @@ Currently, this ioctl is used for issuing Secure Encrypted Virtualization + (SEV) commands on AMD Processors. The SEV commands are defined in + Documentation/virtual/kvm/amd-memory-encryption.txt. + ++4.110 KVM_MEMORY_ENCRYPT_REG_REGION ++ ++Capability: basic ++Architectures: x86 ++Type: system ++Parameters: struct kvm_enc_region (in) ++Returns: 0 on success; -1 on error ++ ++This ioctl can be used to register a guest memory region which may ++contain encrypted data (e.g. guest RAM, SMRAM etc). ++ ++It is used in the SEV-enabled guest. When encryption is enabled, a guest ++memory region may contain encrypted data. The SEV memory encryption ++engine uses a tweak such that two identical plaintext pages, each at ++different locations will have differing ciphertexts. So swapping or ++moving ciphertext of those pages will not result in plaintext being ++swapped. So relocating (or migrating) physical backing pages for the SEV ++guest will require some additional steps. ++ ++Note: The current SEV key management spec does not provide commands to ++swap or migrate (move) ciphertext pages. Hence, for now we pin the guest ++memory region registered with the ioctl. ++ ++4.111 KVM_MEMORY_ENCRYPT_UNREG_REGION ++ ++Capability: basic ++Architectures: x86 ++Type: system ++Parameters: struct kvm_enc_region (in) ++Returns: 0 on success; -1 on error ++ ++This ioctl can be used to unregister the guest memory region registered ++with KVM_MEMORY_ENCRYPT_REG_REGION ioctl above. ++ + 5. The kvm_run structure + ------------------------ + +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h +index 7595643..430eeb3 100755 +--- a/arch/x86/include/asm/kvm_host.h ++++ b/arch/x86/include/asm/kvm_host.h +@@ -1068,6 +1068,8 @@ struct kvm_x86_ops { + + void (*setup_mce)(struct kvm_vcpu *vcpu); + int (*mem_enc_op)(struct kvm *kvm, void __user *argp); ++ int (*mem_enc_reg_region)(struct kvm *kvm, struct kvm_enc_region *argp); ++ int (*mem_enc_unreg_region)(struct kvm *kvm, struct kvm_enc_region *argp); + + int (*get_msr_feature)(struct kvm_msr_entry *entry); + }; +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 5243482..25af617 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -4390,6 +4390,30 @@ long kvm_arch_vm_ioctl(struct file *filp, + r = kvm_x86_ops->mem_enc_op(kvm, argp); + break; + } ++ case KVM_MEMORY_ENCRYPT_REG_REGION: { ++ struct kvm_enc_region region; ++ ++ r = -EFAULT; ++ if (copy_from_user(®ion, argp, sizeof(region))) ++ goto out; ++ ++ r = -ENOTTY; ++ if (kvm_x86_ops->mem_enc_reg_region) ++ r = kvm_x86_ops->mem_enc_reg_region(kvm, ®ion); ++ break; ++ } ++ case KVM_MEMORY_ENCRYPT_UNREG_REGION: { ++ struct kvm_enc_region region; ++ ++ r = -EFAULT; ++ if (copy_from_user(®ion, argp, sizeof(region))) ++ goto out; ++ ++ r = -ENOTTY; ++ if (kvm_x86_ops->mem_enc_unreg_region) ++ r = kvm_x86_ops->mem_enc_unreg_region(kvm, ®ion); ++ break; ++ } + default: + r = -ENOTTY; + } +diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h +index 409f266..24f9ae2 100644 +--- a/include/uapi/linux/kvm.h ++++ b/include/uapi/linux/kvm.h +@@ -1363,6 +1363,14 @@ struct kvm_s390_ucas_mapping { + /* Memory Encryption Commands */ + #define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long) + ++struct kvm_enc_region { ++ __u64 addr; ++ __u64 size; ++}; ++ ++#define KVM_MEMORY_ENCRYPT_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_region) ++#define KVM_MEMORY_ENCRYPT_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_region) ++ + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) + #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) + #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) +-- +2.7.4 + |