[PATCH v4 12/14] migration/ram: Force encrypted status for flash0 & flas

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v4 12/14] migration/ram: Force encrypted status for flash0 & flas

From:	Ashish Kalra
Subject:	[PATCH v4 12/14] migration/ram: Force encrypted status for flash0 & flash1 devices.
Date:	Wed, 4 Aug 2021 11:59:11 +0000

From: Ashish Kalra <ashish.kalra@amd.com>

Currently OVMF clears the C-bit and marks NonExistent memory space
as decrypted in the page encryption bitmap. By marking the
NonExistent memory space as decrypted it gurantees any future MMIO adds
will work correctly, but this marks flash0 device space as decrypted.
At reset the SEV core will be in forced encrypted state, so this
decrypted marking of flash0 device space will cause VCPU reset to fail
as flash0 device pages will be migrated incorrectly.

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
 migration/ram.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/migration/ram.c b/migration/ram.c
index 1cb8d57a89..4eca90cceb 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2074,6 +2074,14 @@ static bool encrypted_test_list(RAMState *rs, RAMBlock 
*block,
         return false;
     }
 
+    if (!strcmp(memory_region_name(block->mr), "system.flash0")) {
+        return true;
+    }
+
+    if (!strcmp(memory_region_name(block->mr), "system.flash1")) {
+        return false;
+    }
+
     /*
      * Translate page in ram_addr_t address space to GPA address
      * space using memory region.
-- 
2.17.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context, (continued)
- [PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context, Ashish Kalra, 2021/08/04
  - Re: [PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context, Dov Murik, 2021/08/05
    - Re: [PATCH v4 05/14] target/i386: sev: provide callback to setup outgoing context, Ashish Kalra, 2021/08/05
- [PATCH v4 06/14] target/i386: sev: do not create launch context for an incoming guest, Ashish Kalra, 2021/08/04
- [PATCH v4 07/14] target/i386: sev: add support to encrypt the outgoing page, Ashish Kalra, 2021/08/04
  - Re: [PATCH v4 07/14] target/i386: sev: add support to encrypt the outgoing page, Dov Murik, 2021/08/05
- [PATCH v4 08/14] target/i386: sev: add support to load incoming encrypted page, Ashish Kalra, 2021/08/04
- [PATCH v4 09/14] kvm: Add support for SEV shared regions list and KVM_EXIT_HYPERCALL., Ashish Kalra, 2021/08/04
- [PATCH v4 10/14] migration: add support to migrate shared regions list, Ashish Kalra, 2021/08/04
- [PATCH v4 11/14] migration/ram: add support to send encrypted pages, Ashish Kalra, 2021/08/04
- [PATCH v4 12/14] migration/ram: Force encrypted status for flash0 & flash1 devices., Ashish Kalra <=
- [PATCH v4 13/14] migration: for SEV live migration bump downtime limit to 1s., Ashish Kalra, 2021/08/04
- [PATCH v4 14/14] kvm: Add support for userspace MSR filtering and handling of MSR_KVM_MIGRATION_CONTROL., Ashish Kalra, 2021/08/04

Prev by Date: [PATCH v4 11/14] migration/ram: add support to send encrypted pages
Next by Date: [PATCH v4 13/14] migration: for SEV live migration bump downtime limit to 1s.
Previous by thread: [PATCH v4 11/14] migration/ram: add support to send encrypted pages
Next by thread: [PATCH v4 13/14] migration: for SEV live migration bump downtime limit to 1s.
Index(es):
- Date
- Thread