diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch | 151 |
1 files changed, 0 insertions, 151 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch deleted file mode 100644 index df8994c8..00000000 --- a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0065-KVM-Introduce-KVM_MEMORY_ENCRYPT_-UN-REG_REGION.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 6a4347f1283b37a8367df7774fb4d8375e67cc1c Mon Sep 17 00:00:00 2001 -From: Sudheesh Mavila <sudheesh.mavila@amd.com> -Date: Mon, 22 Oct 2018 14:13:40 +0530 -Subject: [PATCH 65/95] KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From 69eaedee411c1fc1cf123520897a96b7cf04d8a0 -If hardware supports memory encryption then KVM_MEMORY_ENCRYPT_REG_REGION -and KVM_MEMORY_ENCRYPT_UNREG_REGION ioctl's can be used by userspace to -register/unregister the guest memory regions which may contain the encrypted -data (e.g guest RAM, PCI BAR, SMRAM etc). - -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Ingo Molnar <mingo@redhat.com> -Cc: "H. Peter Anvin" <hpa@zytor.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: "Radim Krčmář" <rkrcmar@redhat.com> -Cc: Joerg Roedel <joro@8bytes.org> -Cc: Borislav Petkov <bp@suse.de> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: x86@kernel.org -Cc: kvm@vger.kernel.org -Cc: linux-kernel@vger.kernel.org -Improvements-by: Borislav Petkov <bp@suse.de> -Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> -Reviewed-by: Borislav Petkov <bp@suse.de> -Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> ---- - Documentation/virtual/kvm/api.txt | 34 ++++++++++++++++++++++++++++++++++ - arch/x86/include/asm/kvm_host.h | 2 ++ - arch/x86/kvm/x86.c | 24 ++++++++++++++++++++++++ - include/uapi/linux/kvm.h | 8 ++++++++ - 4 files changed, 68 insertions(+) - -diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt -index 8e11bb6..6c96d44 100644 ---- a/Documentation/virtual/kvm/api.txt -+++ b/Documentation/virtual/kvm/api.txt -@@ -3430,6 +3430,40 @@ Currently, this ioctl is used for issuing Secure Encrypted Virtualization - (SEV) commands on AMD Processors. The SEV commands are defined in - Documentation/virtual/kvm/amd-memory-encryption.txt. - -+4.110 KVM_MEMORY_ENCRYPT_REG_REGION -+ -+Capability: basic -+Architectures: x86 -+Type: system -+Parameters: struct kvm_enc_region (in) -+Returns: 0 on success; -1 on error -+ -+This ioctl can be used to register a guest memory region which may -+contain encrypted data (e.g. guest RAM, SMRAM etc). -+ -+It is used in the SEV-enabled guest. When encryption is enabled, a guest -+memory region may contain encrypted data. The SEV memory encryption -+engine uses a tweak such that two identical plaintext pages, each at -+different locations will have differing ciphertexts. So swapping or -+moving ciphertext of those pages will not result in plaintext being -+swapped. So relocating (or migrating) physical backing pages for the SEV -+guest will require some additional steps. -+ -+Note: The current SEV key management spec does not provide commands to -+swap or migrate (move) ciphertext pages. Hence, for now we pin the guest -+memory region registered with the ioctl. -+ -+4.111 KVM_MEMORY_ENCRYPT_UNREG_REGION -+ -+Capability: basic -+Architectures: x86 -+Type: system -+Parameters: struct kvm_enc_region (in) -+Returns: 0 on success; -1 on error -+ -+This ioctl can be used to unregister the guest memory region registered -+with KVM_MEMORY_ENCRYPT_REG_REGION ioctl above. -+ - 5. The kvm_run structure - ------------------------ - -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 7595643..430eeb3 100755 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -1068,6 +1068,8 @@ struct kvm_x86_ops { - - void (*setup_mce)(struct kvm_vcpu *vcpu); - int (*mem_enc_op)(struct kvm *kvm, void __user *argp); -+ int (*mem_enc_reg_region)(struct kvm *kvm, struct kvm_enc_region *argp); -+ int (*mem_enc_unreg_region)(struct kvm *kvm, struct kvm_enc_region *argp); - - int (*get_msr_feature)(struct kvm_msr_entry *entry); - }; -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 5243482..25af617 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -4390,6 +4390,30 @@ long kvm_arch_vm_ioctl(struct file *filp, - r = kvm_x86_ops->mem_enc_op(kvm, argp); - break; - } -+ case KVM_MEMORY_ENCRYPT_REG_REGION: { -+ struct kvm_enc_region region; -+ -+ r = -EFAULT; -+ if (copy_from_user(®ion, argp, sizeof(region))) -+ goto out; -+ -+ r = -ENOTTY; -+ if (kvm_x86_ops->mem_enc_reg_region) -+ r = kvm_x86_ops->mem_enc_reg_region(kvm, ®ion); -+ break; -+ } -+ case KVM_MEMORY_ENCRYPT_UNREG_REGION: { -+ struct kvm_enc_region region; -+ -+ r = -EFAULT; -+ if (copy_from_user(®ion, argp, sizeof(region))) -+ goto out; -+ -+ r = -ENOTTY; -+ if (kvm_x86_ops->mem_enc_unreg_region) -+ r = kvm_x86_ops->mem_enc_unreg_region(kvm, ®ion); -+ break; -+ } - default: - r = -ENOTTY; - } -diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h -index 409f266..24f9ae2 100644 ---- a/include/uapi/linux/kvm.h -+++ b/include/uapi/linux/kvm.h -@@ -1363,6 +1363,14 @@ struct kvm_s390_ucas_mapping { - /* Memory Encryption Commands */ - #define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long) - -+struct kvm_enc_region { -+ __u64 addr; -+ __u64 size; -+}; -+ -+#define KVM_MEMORY_ENCRYPT_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_region) -+#define KVM_MEMORY_ENCRYPT_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_region) -+ - #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) - #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) - #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) --- -2.7.4 - |