[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM blo
From: |
Igor Mammedov |
Subject: |
Re: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier |
Date: |
Fri, 26 Apr 2019 14:29:08 +0200 |
On Thu, 25 Apr 2019 22:58:18 +0000
"Natarajan, Janakarajan" <address@hidden> wrote:
> A client can register to this notifier to know whether the newly added or
> removed memory region is marked as encrypted. This information is needed
> for the SEV guest launch. In SEV guest, some memory regions may contain
> encrypted data (e.g guest RAM). The memory region which contains the
> encrypted data should be registered/unregistered using the
> KVM_MEMORY_{REG,UNREG}_ENCRYPTED ioctl.
>
> Signed-off-by: Janakarajan Natarajan <address@hidden>
> ---
> exec.c | 1 +
> include/exec/memory.h | 18 ++++++++++++++++++
> include/exec/ramlist.h | 19 +++++++++++++++++++
> memory.c | 16 ++++++++++++++++
> numa.c | 33 +++++++++++++++++++++++++++++++++
> stubs/ram-block.c | 8 ++++++++
> 6 files changed, 95 insertions(+)
>
> diff --git a/exec.c b/exec.c
> index 2646207661..a02c394e48 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -79,6 +79,7 @@
> * are protected by the ramlist lock.
> */
> RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
> +RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list;
>
> static MemoryRegion *system_memory;
> static MemoryRegion *system_io;
> diff --git a/include/exec/memory.h b/include/exec/memory.h
> index 9144a47f57..ae720ff511 100644
> --- a/include/exec/memory.h
> +++ b/include/exec/memory.h
> @@ -374,6 +374,7 @@ struct MemoryRegion {
> bool terminates;
> bool ram_device;
> bool enabled;
> + bool encrypted;
> bool warning_printed; /* For reservations */
> uint8_t vga_logging_count;
> MemoryRegion *alias;
> @@ -1131,6 +1132,23 @@ int
> memory_region_iommu_attrs_to_index(IOMMUMemoryRegion *iommu_mr,
> */
> int memory_region_iommu_num_indexes(IOMMUMemoryRegion *iommu_mr);
>
> +/**
> + * memory_region_mark_encrypted: marks the memory region as encrypted and
> + * lets the listeners of encrypted ram know that a memory region containing
> + * encrypted ram block has been added
> + *
> + * @mr: the memory region
> + */
> +void memory_region_mark_encrypted(MemoryRegion *mr);
> +
> +/**
> + * memory_region_is_encrypted: returns if the memory region was marked as
> + * encrypted when it was created
> + *
> + * @mr: the memory region
> + */
> +bool memory_region_is_encrypted(MemoryRegion *mr);
> +
> /**
> * memory_region_name: get a memory region's name
> *
> diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h
> index bc4faa1b00..5349f27fa5 100644
> --- a/include/exec/ramlist.h
> +++ b/include/exec/ramlist.h
> @@ -7,6 +7,7 @@
> #include "qemu/rcu_queue.h"
>
> typedef struct RAMBlockNotifier RAMBlockNotifier;
> +typedef struct RAMBlockEncryptedNotifier RAMBlockEncryptedNotifier;
>
> #define DIRTY_MEMORY_VGA 0
> #define DIRTY_MEMORY_CODE 1
> @@ -55,6 +56,11 @@ typedef struct RAMList {
> } RAMList;
> extern RAMList ram_list;
>
> +typedef struct RAMBlockEncryptedNotifierList {
> + QLIST_HEAD(, RAMBlockEncryptedNotifier) ram_block_notifiers;
> +} RAMBlockEncryptedNotifierList;
> +extern RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list;
> +
> /* Should be holding either ram_list.mutex, or the RCU lock. */
> #define INTERNAL_RAMBLOCK_FOREACH(block) \
> QLIST_FOREACH_RCU(block, &ram_list.blocks, next)
> @@ -70,6 +76,14 @@ struct RAMBlockNotifier {
> QLIST_ENTRY(RAMBlockNotifier) next;
> };
>
> +struct RAMBlockEncryptedNotifier {
> + void (*ram_block_encrypted_added)(RAMBlockEncryptedNotifier *n,
> + void *host, size_t size);
> + void (*ram_block_encrypted_removed)(RAMBlockEncryptedNotifier *n,
> + void *host, size_t size);
> + QLIST_ENTRY(RAMBlockEncryptedNotifier) next;
> +};
> +
> void ram_block_notifier_add(RAMBlockNotifier *n);
> void ram_block_notifier_remove(RAMBlockNotifier *n);
> void ram_block_notify_add(void *host, size_t size);
> @@ -77,4 +91,9 @@ void ram_block_notify_remove(void *host, size_t size);
>
> void ram_block_dump(Monitor *mon);
>
> +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n);
> +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n);
> +void ram_block_encrypted_notify_add(void *host, size_t size);
> +void ram_block_encrypted_notify_remove(void *host, size_t size);
> +
> #endif /* RAMLIST_H */
> diff --git a/memory.c b/memory.c
> index bb2b71ee38..eca02d369b 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -2009,6 +2009,22 @@ int memory_region_iommu_num_indexes(IOMMUMemoryRegion
> *iommu_mr)
> return imrc->num_indexes(iommu_mr);
> }
>
> +void memory_region_mark_encrypted(MemoryRegion *mr)
> +{
> + RAMBlock *block = mr->ram_block;
> +
> + mr->encrypted = kvm_memcrypt_enabled();
> +
> + if (mr->encrypted) {
> + ram_block_encrypted_notify_add(block->host, block->max_length);
> + }
> +}
> +
> +bool memory_region_is_encrypted(MemoryRegion *mr)
> +{
> + return mr->encrypted;
> +}
> +
> void memory_region_set_log(MemoryRegion *mr, bool log, unsigned client)
> {
> uint8_t mask = 1 << client;
> diff --git a/numa.c b/numa.c
> index 3875e1efda..08601366c5 100644
> --- a/numa.c
> +++ b/numa.c
looks like wrong file to put RAMBlock code in. I though that we should put it
in exec.c
> @@ -638,6 +638,39 @@ MemdevList *qmp_query_memdev(Error **errp)
> return list;
> }
>
> +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n)
> +{
> + QLIST_INSERT_HEAD(&ram_block_encrypted_notifier_list.ram_block_notifiers,
> + n, next);
> +}
> +
> +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n)
> +{
> + QLIST_REMOVE(n, next);
> +}
> +
> +void ram_block_encrypted_notify_add(void *host, size_t size)
> +{
> + RAMBlockEncryptedNotifier *notifier;
> +
> + QLIST_FOREACH(notifier,
> + &ram_block_encrypted_notifier_list.ram_block_notifiers,
> + next) {
> + notifier->ram_block_encrypted_added(notifier, host, size);
> + }
> +}
> +
> +void ram_block_encrypted_notify_remove(void *host, size_t size)
> +{
> + RAMBlockEncryptedNotifier *notifier;
> +
> + QLIST_FOREACH(notifier,
> + &ram_block_encrypted_notifier_list.ram_block_notifiers,
> + next) {
> + notifier->ram_block_encrypted_removed(notifier, host, size);
> + }
> +}
> +
> void ram_block_notifier_add(RAMBlockNotifier *n)
> {
> QLIST_INSERT_HEAD(&ram_list.ramblock_notifiers, n, next);
> diff --git a/stubs/ram-block.c b/stubs/ram-block.c
> index 73c0a3ee08..0f68922feb 100644
> --- a/stubs/ram-block.c
> +++ b/stubs/ram-block.c
> @@ -25,6 +25,14 @@ void ram_block_notifier_remove(RAMBlockNotifier *n)
> {
> }
>
> +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n)
> +{
> +}
> +
> +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n)
> +{
> +}
> +
> int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
> {
> return 0;
- [Qemu-devel] [PATCH 0/3] Add RAM block encrypted notifier, Natarajan, Janakarajan, 2019/04/26
- [Qemu-devel] [PATCH 3/3] sev: Change SEV to use EncryptedRAMBlock Notifier, Natarajan, Janakarajan, 2019/04/26
- [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier, Natarajan, Janakarajan, 2019/04/26
- Re: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier,
Igor Mammedov <=
- [Qemu-devel] [PATCH 2/3] hw: Notify listeners about guest pages which contain encrypted data, Natarajan, Janakarajan, 2019/04/26