[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC v2 10/18] guest memory protection: Add guest memory protection inte
From: |
David Gibson |
Subject: |
[RFC v2 10/18] guest memory protection: Add guest memory protection interface |
Date: |
Thu, 21 May 2020 13:42:56 +1000 |
Several architectures have mechanisms which are designed to protect guest
memory from interference or eavesdropping by a compromised hypervisor. AMD
SEV does this with in-chip memory encryption and Intel has a similar
mechanism. POWER's Protected Execution Framework (PEF) accomplishes a
similar goal using an ultravisor and new memory protection features,
instead of encryption.
This introduces a new GuestMemoryProtection QOM interface which we'll use
to (partially) unify handling of these various mechanisms.
Signed-off-by: David Gibson <address@hidden>
---
backends/Makefile.objs | 2 ++
backends/guest-memory-protection.c | 29 +++++++++++++++++++++
include/exec/guest-memory-protection.h | 36 ++++++++++++++++++++++++++
3 files changed, 67 insertions(+)
create mode 100644 backends/guest-memory-protection.c
create mode 100644 include/exec/guest-memory-protection.h
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 28a847cd57..e4fb4f5280 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -21,3 +21,5 @@ common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
common-obj-$(CONFIG_GIO) += dbus-vmstate.o
dbus-vmstate.o-cflags = $(GIO_CFLAGS)
dbus-vmstate.o-libs = $(GIO_LIBS)
+
+common-obj-y += guest-memory-protection.o
diff --git a/backends/guest-memory-protection.c
b/backends/guest-memory-protection.c
new file mode 100644
index 0000000000..7e538214f7
--- /dev/null
+++ b/backends/guest-memory-protection.c
@@ -0,0 +1,29 @@
+#/*
+ * QEMU Guest Memory Protection interface
+ *
+ * Copyright: David Gibson, Red Hat Inc. 2020
+ *
+ * Authors:
+ * David Gibson <address@hidden>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "exec/guest-memory-protection.h"
+
+static const TypeInfo guest_memory_protection_info = {
+ .name = TYPE_GUEST_MEMORY_PROTECTION,
+ .parent = TYPE_INTERFACE,
+ .class_size = sizeof(GuestMemoryProtectionClass),
+};
+
+static void guest_memory_protection_register_types(void)
+{
+ type_register_static(&guest_memory_protection_info);
+}
+
+type_init(guest_memory_protection_register_types)
diff --git a/include/exec/guest-memory-protection.h
b/include/exec/guest-memory-protection.h
new file mode 100644
index 0000000000..38e9b01667
--- /dev/null
+++ b/include/exec/guest-memory-protection.h
@@ -0,0 +1,36 @@
+#/*
+ * QEMU Guest Memory Protection interface
+ *
+ * Copyright: David Gibson, Red Hat Inc. 2020
+ *
+ * Authors:
+ * David Gibson <address@hidden>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ *
+ */
+#ifndef QEMU_GUEST_MEMORY_PROTECTION_H
+#define QEMU_GUEST_MEMORY_PROTECTION_H
+
+#include "qom/object.h"
+
+typedef struct GuestMemoryProtection GuestMemoryProtection;
+
+#define TYPE_GUEST_MEMORY_PROTECTION "guest-memory-protection"
+#define GUEST_MEMORY_PROTECTION(obj) \
+ INTERFACE_CHECK(GuestMemoryProtection, (obj), \
+ TYPE_GUEST_MEMORY_PROTECTION)
+#define GUEST_MEMORY_PROTECTION_CLASS(klass) \
+ OBJECT_CLASS_CHECK(GuestMemoryProtectionClass, (klass), \
+ TYPE_GUEST_MEMORY_PROTECTION)
+#define GUEST_MEMORY_PROTECTION_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(GuestMemoryProtectionClass, (obj), \
+ TYPE_GUEST_MEMORY_PROTECTION)
+
+typedef struct GuestMemoryProtectionClass {
+ InterfaceClass parent;
+} GuestMemoryProtectionClass;
+
+#endif /* QEMU_GUEST_MEMORY_PROTECTION_H */
+
--
2.26.2
- [RFC v2 08/18] target/i386: sev: Remove redundant handle field, (continued)
- [RFC v2 08/18] target/i386: sev: Remove redundant handle field, David Gibson, 2020/05/20
- [RFC v2 12/18] guest memory protection: Perform KVM init via interface, David Gibson, 2020/05/20
- [RFC v2 13/18] guest memory protection: Move side effect out of machine_set_memory_encryption(), David Gibson, 2020/05/20
- [RFC v2 15/18] guest memory protection: Decouple kvm_memcrypt_*() helpers from KVM, David Gibson, 2020/05/20
- [RFC v2 06/18] target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields, David Gibson, 2020/05/20
- [RFC v2 14/18] guest memory protection: Rework the "memory-encryption" property, David Gibson, 2020/05/20
- [RFC v2 17/18] spapr: Added PEF based guest memory protection, David Gibson, 2020/05/20
- [RFC v2 10/18] guest memory protection: Add guest memory protection interface,
David Gibson <=
- [RFC v2 16/18] guest memory protection: Add Error ** to GuestMemoryProtection::kvm_init, David Gibson, 2020/05/20
- [RFC v2 18/18] guest memory protection: Alter virtio default properties for protected guests, David Gibson, 2020/05/20
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Sean Christopherson, 2020/05/29