[Qemu-devel] [PATCH 2/3] hw: Notify listeners about guest pages which contain encrypted data

Fri, 26 Apr 2019 00:27:20 -0700 

PC ram, pflash unit 0 rom and pc-dimm memory hotplug ram blocks need to be
encrypted.

Also, notify listeners when freeing a MemoryRegion if it has encrypted
data.

Signed-off-by: Janakarajan Natarajan <janakarajan.natara...@amd.com>
---
 exec.c                 | 5 +++++
 hw/i386/pc.c           | 1 +
 hw/i386/pc_sysfw.c     | 2 ++
 hw/mem/memory-device.c | 1 +
 4 files changed, 9 insertions(+)

diff --git a/exec.c b/exec.c
index a02c394e48..25be8f84f3 100644
--- a/exec.c
+++ b/exec.c
@@ -2442,6 +2442,11 @@ void qemu_ram_free(RAMBlock *block)
     }
 
     if (block->host) {
+        /* Notify only if encrypted */
+        if (memory_region_is_encrypted(block->mr)) {
+            ram_block_encrypted_notify_remove(block->host, block->max_length);
+        }
+
         ram_block_notify_remove(block->host, block->max_length);
     }
 
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index f2c15bf1f2..3af3094543 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1740,6 +1740,7 @@ void pc_memory_init(PCMachineState *pcms,
     ram = g_malloc(sizeof(*ram));
     memory_region_allocate_system_memory(ram, NULL, "pc.ram",
                                          machine->ram_size);
+    memory_region_mark_encrypted(ram);
     *ram_memory = ram;
     ram_below_4g = g_malloc(sizeof(*ram_below_4g));
     memory_region_init_alias(ram_below_4g, NULL, "ram-below-4g", ram,
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index c628540774..40d7da5ff6 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -199,6 +199,8 @@ static void pc_system_flash_map(PCMachineState *pcms,
 
             /* Encrypt the pflash boot ROM */
             if (kvm_memcrypt_enabled()) {
+                /* Mark pflash unit 0 as encrypted. This will pin the pages */
+                memory_region_mark_encrypted(flash_mem);
                 flash_ptr = memory_region_get_ram_ptr(flash_mem);
                 flash_size = memory_region_size(flash_mem);
                 ret = kvm_memcrypt_encrypt_data(flash_ptr, flash_size);
diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
index 5f2c408036..b2e77774d4 100644
--- a/hw/mem/memory-device.c
+++ b/hw/mem/memory-device.c
@@ -295,6 +295,7 @@ void memory_device_plug(MemoryDeviceState *md, MachineState 
*ms)
 
     memory_region_add_subregion(&ms->device_memory->mr,
                                 addr - ms->device_memory->base, mr);
+    memory_region_mark_encrypted(mr);
     trace_memory_device_plug(DEVICE(md)->id ? DEVICE(md)->id : "", addr);
 }
 
-- 
2.20.1

Reply via email to