From: Brijesh Singh <brijesh.si...@amd.com>
When memory encryption is enabled, the guest memory will be encrypted with
the guest specific key. The patch introduces RAM_SAVE_FLAG_ENCRYPTED_PAGE
flag to distinguish the encrypted data from plaintext. Encrypted pages
may need special handling. The sev_save_outgoing_page() is used
by the sender to write the encrypted pages onto the socket, similarly the
sev_load_incoming_page() is used by the target to read the
encrypted pages from the socket and load into the guest memory.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Co-developed-by: Ashish Kalra <ashish.ka...@amd.com>
Signed-off-by: Ashish Kalra <ashish.ka...@amd.com>
---
include/sysemu/sev.h | 4 ++
migration/migration.h | 1 +
migration/ram.c | 162 +++++++++++++++++++++++++++++++++++++++++-
target/i386/sev.c | 14 ++++
4 files changed, 180 insertions(+), 1 deletion(-)
diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
index 118ee66406..023e694ac4 100644
--- a/include/sysemu/sev.h
+++ b/include/sysemu/sev.h
@@ -17,6 +17,9 @@
#include <qapi/qapi-types-migration.h>
#include "sysemu/kvm.h"
+#define RAM_SAVE_ENCRYPTED_PAGE 0x1
+#define RAM_SAVE_SHARED_REGIONS_LIST 0x2
+
bool sev_enabled(void);
int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp);
@@ -34,5 +37,6 @@ int sev_remove_shared_regions_list(unsigned long gfn_start,
int sev_add_shared_regions_list(unsigned long gfn_start, unsigned long
gfn_end);
int sev_save_outgoing_shared_regions_list(QEMUFile *f);
int sev_load_incoming_shared_regions_list(QEMUFile *f);
+bool sev_is_gfn_in_unshared_region(unsigned long gfn);
#endif
diff --git a/migration/migration.h b/migration/migration.h
index 7a5aa8c2fd..eda07e214d 100644
--- a/migration/migration.h
+++ b/migration/migration.h
@@ -391,5 +391,6 @@ bool migration_rate_limit(void);
void migration_cancel(void);
void populate_vfio_info(MigrationInfo *info);
+bool memcrypt_enabled(void);
#endif
diff --git a/migration/ram.c b/migration/ram.c
index 7a43bfd7af..1cb8d57a89 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -55,6 +55,11 @@
#include "qemu/iov.h"
#include "multifd.h"
#include "sysemu/runstate.h"
+#include "hw/boards.h"
+#include "exec/confidential-guest-support.h"
+
+/* Defines RAM_SAVE_ENCRYPTED_PAGE and RAM_SAVE_SHARED_REGION_LIST */
+#include "sysemu/sev.h"
#if defined(__linux__)
#include "qemu/userfaultfd.h"
@@ -78,12 +83,20 @@
#define RAM_SAVE_FLAG_XBZRLE 0x40
/* 0x80 is reserved in migration.h start with 0x100 next */
#define RAM_SAVE_FLAG_COMPRESS_PAGE 0x100
+#define RAM_SAVE_FLAG_ENCRYPTED_DATA 0x200
static inline bool is_zero_range(uint8_t *p, uint64_t size)
{
return buffer_is_zero(p, size);
}
+bool memcrypt_enabled(void)
+{
+ MachineState *ms = MACHINE(qdev_get_machine());
+
+ return ms->cgs->ready;
+}
+
XBZRLECacheStats xbzrle_counters;
/* struct contains XBZRLE cache and a static page
@@ -449,6 +462,8 @@ static QemuCond decomp_done_cond;
static bool do_compress_ram_page(QEMUFile *f, z_stream *stream, RAMBlock
*block,
ram_addr_t offset, uint8_t *source_buf);
+static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss,
+ bool last_stage);
static void *do_data_compress(void *opaque)
{
@@ -1165,6 +1180,80 @@ static int save_normal_page(RAMState *rs, RAMBlock
*block, ram_addr_t offset,
return 1;
}
+/**
+ * ram_save_encrypted_page - send the given encrypted page to the stream
+ */
+static int ram_save_encrypted_page(RAMState *rs, PageSearchStatus *pss,
+ bool last_stage)
+{
+ int ret;
+ uint8_t *p;
+ RAMBlock *block = pss->block;
+ ram_addr_t offset = pss->page << TARGET_PAGE_BITS;
+ uint64_t bytes_xmit;
+ MachineState *ms = MACHINE(qdev_get_machine());
+ ConfidentialGuestSupportClass *cgs_class =
+ (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs));
+ struct ConfidentialGuestMemoryEncryptionOps *ops =
+ cgs_class->memory_encryption_ops;
+
+ p = block->host + offset;
+
+ ram_counters.transferred +=
+ save_page_header(rs, rs->f, block,
+ offset | RAM_SAVE_FLAG_ENCRYPTED_DATA);
+
+ qemu_put_be32(rs->f, RAM_SAVE_ENCRYPTED_PAGE);
+ ret = ops->save_outgoing_page(rs->f, p, TARGET_PAGE_SIZE, &bytes_xmit);
+ if (ret) {
+ return -1;
+ }
+
+ ram_counters.transferred += bytes_xmit;
+ ram_counters.normal++;
+
+ return 1;
+}
+
+/**
+ * ram_save_shared_region_list: send the shared region list
+ */
+static int ram_save_shared_region_list(RAMState *rs, QEMUFile *f)
+{
+ MachineState *ms = MACHINE(qdev_get_machine());
+ ConfidentialGuestSupportClass *cgs_class =
+ (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs));
+ struct ConfidentialGuestMemoryEncryptionOps *ops =
+ cgs_class->memory_encryption_ops;
+
+ save_page_header(rs, rs->f, rs->last_seen_block,
+ RAM_SAVE_FLAG_ENCRYPTED_DATA);
+ qemu_put_be32(rs->f, RAM_SAVE_SHARED_REGIONS_LIST);
+ return ops->save_outgoing_shared_regions_list(rs->f);
+}
+
+static int load_encrypted_data(QEMUFile *f, uint8_t *ptr)
+{
+ MachineState *ms = MACHINE(qdev_get_machine());
+ ConfidentialGuestSupportClass *cgs_class =
+ (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs));
+ struct ConfidentialGuestMemoryEncryptionOps *ops =
+ cgs_class->memory_encryption_ops;
+
+ int flag;
+
+ flag = qemu_get_be32(f);
+
+ if (flag == RAM_SAVE_ENCRYPTED_PAGE) {
+ return ops->load_incoming_page(f, ptr);
+ } else if (flag == RAM_SAVE_SHARED_REGIONS_LIST) {
+ return ops->load_incoming_shared_regions_list(f);
+ } else {
+ error_report("unknown encrypted flag %x", flag);
+ return 1;
+ }
+}
+
/**
* ram_save_page: send the given page to the stream
*
@@ -1965,6 +2054,35 @@ static bool save_compress_page(RAMState *rs, RAMBlock
*block, ram_addr_t offset)
return false;
}
+/**
+ * encrypted_test_list: check if the page is encrypted
+ *
+ * Returns a bool indicating whether the page is encrypted.
+ */
+static bool encrypted_test_list(RAMState *rs, RAMBlock *block,
+ unsigned long page)
+{
+ MachineState *ms = MACHINE(qdev_get_machine());
+ ConfidentialGuestSupportClass *cgs_class =
+ (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs));
+ struct ConfidentialGuestMemoryEncryptionOps *ops =
+ cgs_class->memory_encryption_ops;
+ unsigned long gfn;
+
+ /* ROM devices contains the unencrypted data */
+ if (memory_region_is_rom(block->mr)) {
+ return false;
+ }
+
+ /*
+ * Translate page in ram_addr_t address space to GPA address
+ * space using memory region.
+ */
+ gfn = page + (block->mr->addr >> TARGET_PAGE_BITS);
+
+ return ops->is_gfn_in_unshared_region(gfn);
+}
+
/**
* ram_save_target_page: save one target page
*
@@ -1985,6 +2103,17 @@ static int ram_save_target_page(RAMState *rs,
PageSearchStatus *pss,
return res;
}
+ /*
+ * If memory encryption is enabled then use memory encryption APIs
+ * to write the outgoing buffer to the wire. The encryption APIs
+ * will take care of accessing the guest memory and re-encrypt it
+ * for the transport purposes.
+ */
+ if (memcrypt_enabled() &&
+ encrypted_test_list(rs, pss->block, pss->page)) {
+ return ram_save_encrypted_page(rs, pss, last_stage);
+ }
+
if (save_compress_page(rs, block, offset)) {
return 1;
}
@@ -2786,6 +2915,18 @@ void qemu_guest_free_page_hint(void *addr, size_t len)
}
}
+static int ram_encrypted_save_setup(void)
+{
+ MachineState *ms = MACHINE(qdev_get_machine());
+ ConfidentialGuestSupportClass *cgs_class =
+ (ConfidentialGuestSupportClass *) object_get_class(OBJECT(ms->cgs));
+ struct ConfidentialGuestMemoryEncryptionOps *ops =
+ cgs_class->memory_encryption_ops;
+ MigrationParameters *p = &migrate_get_current()->parameters;
+
+ return ops->save_setup(p);
+}
+
/*
* Each of ram_save_setup, ram_save_iterate and ram_save_complete has
* long-running RCU critical section. When rcu-reclaims in the code
@@ -2820,6 +2961,13 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
(*rsp)->f = f;
WITH_RCU_READ_LOCK_GUARD() {
+
+ if (memcrypt_enabled()) {
+ if (ram_encrypted_save_setup()) {
+ return -1;
+ }
+ }
+
qemu_put_be64(f, ram_bytes_total_common(true) |
RAM_SAVE_FLAG_MEM_SIZE);
RAMBLOCK_FOREACH_MIGRATABLE(block) {
@@ -3004,6 +3152,11 @@ static int ram_save_complete(QEMUFile *f, void *opaque)
flush_compressed_data(rs);
ram_control_after_iterate(f, RAM_CONTROL_FINISH);
+
+ /* send the shared regions list */
+ if (memcrypt_enabled()) {
+ ret = ram_save_shared_region_list(rs, f);
+ }
}
if (ret >= 0) {
@@ -3808,7 +3961,8 @@ static int ram_load_precopy(QEMUFile *f)
}
if (flags & (RAM_SAVE_FLAG_ZERO | RAM_SAVE_FLAG_PAGE |
- RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE)) {
+ RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE |
+ RAM_SAVE_FLAG_ENCRYPTED_DATA)) {
RAMBlock *block = ram_block_from_stream(f, flags);
host = host_from_ram_block_offset(block, addr);
@@ -3937,6 +4091,12 @@ static int ram_load_precopy(QEMUFile *f)
break;
}
break;
+ case RAM_SAVE_FLAG_ENCRYPTED_DATA:
+ if (load_encrypted_data(f, host)) {
+ error_report("Failed to load encrypted data");
+ ret = -EINVAL;
+ }
+ break;
case RAM_SAVE_FLAG_EOS:
/* normal exit */
multifd_recv_sync_main();
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 789051f7b4..d22f2ef6dc 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -142,6 +142,7 @@ static struct ConfidentialGuestMemoryEncryptionOps
sev_memory_encryption_ops = {
.save_setup = sev_save_setup,
.save_outgoing_page = sev_save_outgoing_page,
.load_incoming_page = sev_load_incoming_page,
+ .is_gfn_in_unshared_region = sev_is_gfn_in_unshared_region,
.save_outgoing_shared_regions_list = sev_save_outgoing_shared_regions_list,
.load_incoming_shared_regions_list = sev_load_incoming_shared_regions_list,
};
@@ -1647,6 +1648,19 @@ int sev_load_incoming_shared_regions_list(QEMUFile *f)
return 0;
}
+bool sev_is_gfn_in_unshared_region(unsigned long gfn)
+{
+ SevGuestState *s = sev_guest;
+ struct shared_region *pos;
+
+ QTAILQ_FOREACH(pos, &s->shared_regions_list, list) {
+ if (gfn >= pos->gfn_start && gfn < pos->gfn_end) {
+ return false;
+ }
+ }
+ return true;
+}
+
static void
sev_register_types(void)
{
--
2.17.1
