[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 04/14] confidential guest support: introduce ConfidentialGuest
From: |
Ashish Kalra |
Subject: |
[PATCH v4 04/14] confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs |
Date: |
Wed, 4 Aug 2021 11:55:11 +0000 |
From: Brijesh Singh <brijesh.singh@amd.com>
When memory encryption is enabled in VM, the guest RAM will be encrypted
with the guest-specific key, to protect the confidentiality of data while
in transit we need to platform specific hooks to save or migrate the
guest RAM.
Introduce the new ConfidentialGuestMemoryEncryptionOps in this patch
which will be later used by the encrypted guest for migration.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Co-developed-by: Ashish Kalra <ashish.kalra@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
include/exec/confidential-guest-support.h | 27 +++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/include/exec/confidential-guest-support.h
b/include/exec/confidential-guest-support.h
index ba2dd4b5df..d8b4bd4c42 100644
--- a/include/exec/confidential-guest-support.h
+++ b/include/exec/confidential-guest-support.h
@@ -20,6 +20,7 @@
#ifndef CONFIG_USER_ONLY
+#include <qapi/qapi-types-migration.h>
#include "qom/object.h"
#define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support"
@@ -53,8 +54,34 @@ struct ConfidentialGuestSupport {
bool ready;
};
+/**
+ * The functions registers with ConfidentialGuestMemoryEncryptionOps will be
+ * used during the encrypted guest migration.
+ */
+struct ConfidentialGuestMemoryEncryptionOps {
+ /* Initialize the platform specific state before starting the migration */
+ int (*save_setup)(MigrationParameters *p);
+
+ /* Write the encrypted page and metadata associated with it */
+ int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size,
+ uint64_t *bytes_sent);
+
+ /* Load the incoming encrypted page into guest memory */
+ int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr);
+
+ /* Check if gfn is in shared/unencrypted region */
+ bool (*is_gfn_in_unshared_region)(unsigned long gfn);
+
+ /* Write the shared regions list */
+ int (*save_outgoing_shared_regions_list)(QEMUFile *f);
+
+ /* Load the shared regions list */
+ int (*load_incoming_shared_regions_list)(QEMUFile *f);
+};
+
typedef struct ConfidentialGuestSupportClass {
ObjectClass parent;
+ struct ConfidentialGuestMemoryEncryptionOps *memory_encryption_ops;
} ConfidentialGuestSupportClass;
#endif /* !CONFIG_USER_ONLY */
--
2.17.1
- [PATCH v4 00/14] Add SEV guest live migration support, Ashish Kalra, 2021/08/04
- [PATCH v4 01/14] doc: update AMD SEV API spec web link, Ashish Kalra, 2021/08/04
- [PATCH v4 02/14] doc: update AMD SEV to include Live migration flow, Ashish Kalra, 2021/08/04
- [PATCH v4 03/14] migration.json: add AMD SEV specific migration parameters, Ashish Kalra, 2021/08/04
- [PATCH v4 04/14] confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs,
Ashish Kalra <=
- [PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context, Ashish Kalra, 2021/08/04
- [PATCH v4 06/14] target/i386: sev: do not create launch context for an incoming guest, Ashish Kalra, 2021/08/04
- [PATCH v4 07/14] target/i386: sev: add support to encrypt the outgoing page, Ashish Kalra, 2021/08/04
- [PATCH v4 08/14] target/i386: sev: add support to load incoming encrypted page, Ashish Kalra, 2021/08/04
- [PATCH v4 09/14] kvm: Add support for SEV shared regions list and KVM_EXIT_HYPERCALL., Ashish Kalra, 2021/08/04