[Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block e

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block e

From:	Natarajan, Janakarajan
Subject:	[Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier
Date:	Thu, 25 Apr 2019 22:58:18 +0000

A client can register to this notifier to know whether the newly added or
removed memory region is marked as encrypted. This information is needed
for the SEV guest launch. In SEV guest, some memory regions may contain
encrypted data (e.g guest RAM). The memory region which contains the
encrypted data should be registered/unregistered using the
KVM_MEMORY_{REG,UNREG}_ENCRYPTED ioctl.

Signed-off-by: Janakarajan Natarajan <address@hidden>
---
 exec.c                 |  1 +
 include/exec/memory.h  | 18 ++++++++++++++++++
 include/exec/ramlist.h | 19 +++++++++++++++++++
 memory.c               | 16 ++++++++++++++++
 numa.c                 | 33 +++++++++++++++++++++++++++++++++
 stubs/ram-block.c      |  8 ++++++++
 6 files changed, 95 insertions(+)

diff --git a/exec.c b/exec.c
index 2646207661..a02c394e48 100644
--- a/exec.c
+++ b/exec.c
@@ -79,6 +79,7 @@
  * are protected by the ramlist lock.
  */
 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
+RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list;
 
 static MemoryRegion *system_memory;
 static MemoryRegion *system_io;
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 9144a47f57..ae720ff511 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -374,6 +374,7 @@ struct MemoryRegion {
     bool terminates;
     bool ram_device;
     bool enabled;
+    bool encrypted;
     bool warning_printed; /* For reservations */
     uint8_t vga_logging_count;
     MemoryRegion *alias;
@@ -1131,6 +1132,23 @@ int memory_region_iommu_attrs_to_index(IOMMUMemoryRegion 
*iommu_mr,
  */
 int memory_region_iommu_num_indexes(IOMMUMemoryRegion *iommu_mr);
 
+/**
+ * memory_region_mark_encrypted: marks the memory region as encrypted and
+ * lets the listeners of encrypted ram know that a memory region containing
+ * encrypted ram block has been added
+ *
+ * @mr: the memory region
+ */
+void memory_region_mark_encrypted(MemoryRegion *mr);
+
+/**
+ * memory_region_is_encrypted: returns if the memory region was marked as
+ * encrypted when it was created
+ *
+ * @mr: the memory region
+ */
+bool memory_region_is_encrypted(MemoryRegion *mr);
+
 /**
  * memory_region_name: get a memory region's name
  *
diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h
index bc4faa1b00..5349f27fa5 100644
--- a/include/exec/ramlist.h
+++ b/include/exec/ramlist.h
@@ -7,6 +7,7 @@
 #include "qemu/rcu_queue.h"
 
 typedef struct RAMBlockNotifier RAMBlockNotifier;
+typedef struct RAMBlockEncryptedNotifier RAMBlockEncryptedNotifier;
 
 #define DIRTY_MEMORY_VGA       0
 #define DIRTY_MEMORY_CODE      1
@@ -55,6 +56,11 @@ typedef struct RAMList {
 } RAMList;
 extern RAMList ram_list;
 
+typedef struct RAMBlockEncryptedNotifierList {
+    QLIST_HEAD(, RAMBlockEncryptedNotifier) ram_block_notifiers;
+} RAMBlockEncryptedNotifierList;
+extern RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list;
+
 /* Should be holding either ram_list.mutex, or the RCU lock. */
 #define  INTERNAL_RAMBLOCK_FOREACH(block)  \
     QLIST_FOREACH_RCU(block, &ram_list.blocks, next)
@@ -70,6 +76,14 @@ struct RAMBlockNotifier {
     QLIST_ENTRY(RAMBlockNotifier) next;
 };
 
+struct RAMBlockEncryptedNotifier {
+    void (*ram_block_encrypted_added)(RAMBlockEncryptedNotifier *n,
+                                      void *host, size_t size);
+    void (*ram_block_encrypted_removed)(RAMBlockEncryptedNotifier *n,
+                                        void *host, size_t size);
+    QLIST_ENTRY(RAMBlockEncryptedNotifier) next;
+};
+
 void ram_block_notifier_add(RAMBlockNotifier *n);
 void ram_block_notifier_remove(RAMBlockNotifier *n);
 void ram_block_notify_add(void *host, size_t size);
@@ -77,4 +91,9 @@ void ram_block_notify_remove(void *host, size_t size);
 
 void ram_block_dump(Monitor *mon);
 
+void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n);
+void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n);
+void ram_block_encrypted_notify_add(void *host, size_t size);
+void ram_block_encrypted_notify_remove(void *host, size_t size);
+
 #endif /* RAMLIST_H */
diff --git a/memory.c b/memory.c
index bb2b71ee38..eca02d369b 100644
--- a/memory.c
+++ b/memory.c
@@ -2009,6 +2009,22 @@ int memory_region_iommu_num_indexes(IOMMUMemoryRegion 
*iommu_mr)
     return imrc->num_indexes(iommu_mr);
 }
 
+void memory_region_mark_encrypted(MemoryRegion *mr)
+{
+    RAMBlock *block = mr->ram_block;
+
+    mr->encrypted = kvm_memcrypt_enabled();
+
+    if (mr->encrypted) {
+        ram_block_encrypted_notify_add(block->host, block->max_length);
+    }
+}
+
+bool memory_region_is_encrypted(MemoryRegion *mr)
+{
+    return mr->encrypted;
+}
+
 void memory_region_set_log(MemoryRegion *mr, bool log, unsigned client)
 {
     uint8_t mask = 1 << client;
diff --git a/numa.c b/numa.c
index 3875e1efda..08601366c5 100644
--- a/numa.c
+++ b/numa.c
@@ -638,6 +638,39 @@ MemdevList *qmp_query_memdev(Error **errp)
     return list;
 }
 
+void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n)
+{
+    QLIST_INSERT_HEAD(&ram_block_encrypted_notifier_list.ram_block_notifiers,
+                      n, next);
+}
+
+void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n)
+{
+    QLIST_REMOVE(n, next);
+}
+
+void ram_block_encrypted_notify_add(void *host, size_t size)
+{
+    RAMBlockEncryptedNotifier *notifier;
+
+    QLIST_FOREACH(notifier,
+                  &ram_block_encrypted_notifier_list.ram_block_notifiers,
+                  next) {
+        notifier->ram_block_encrypted_added(notifier, host, size);
+    }
+}
+
+void ram_block_encrypted_notify_remove(void *host, size_t size)
+{
+    RAMBlockEncryptedNotifier *notifier;
+
+    QLIST_FOREACH(notifier,
+                  &ram_block_encrypted_notifier_list.ram_block_notifiers,
+                  next) {
+        notifier->ram_block_encrypted_removed(notifier, host, size);
+    }
+}
+
 void ram_block_notifier_add(RAMBlockNotifier *n)
 {
     QLIST_INSERT_HEAD(&ram_list.ramblock_notifiers, n, next);
diff --git a/stubs/ram-block.c b/stubs/ram-block.c
index 73c0a3ee08..0f68922feb 100644
--- a/stubs/ram-block.c
+++ b/stubs/ram-block.c
@@ -25,6 +25,14 @@ void ram_block_notifier_remove(RAMBlockNotifier *n)
 {
 }
 
+void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n)
+{
+}
+
+void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n)
+{
+}
+
 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
 {
     return 0;
-- 
2.20.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/3] Add RAM block encrypted notifier, Natarajan, Janakarajan, 2019/04/26
- [Qemu-devel] [PATCH 3/3] sev: Change SEV to use EncryptedRAMBlock Notifier, Natarajan, Janakarajan, 2019/04/26
- [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier, Natarajan, Janakarajan <=
  - Re: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier, Igor Mammedov, 2019/04/26
    - Re: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier, Janakarajan Natarajan, 2019/04/26
- [Qemu-devel] [PATCH 2/3] hw: Notify listeners about guest pages which contain encrypted data, Natarajan, Janakarajan, 2019/04/26

Prev by Date: [Qemu-devel] [PATCH 3/3] sev: Change SEV to use EncryptedRAMBlock Notifier
Next by Date: [Qemu-devel] [PATCH 2/3] hw: Notify listeners about guest pages which contain encrypted data
Previous by thread: [Qemu-devel] [PATCH 3/3] sev: Change SEV to use EncryptedRAMBlock Notifier
Next by thread: Re: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier
Index(es):
- Date
- Thread