qemu/0065-hw-i386-set-ram_debug_ops-when-memo.patch

From 6d17c0a5da11a757f26db7763823fcb53a79d445 Mon Sep 17 00:00:00 2001
From: Brijesh Singh <brijesh.singh@amd.com>
Date: Thu, 15 Feb 2018 09:03:23 -0600
Subject: [PATCH] hw/i386: set ram_debug_ops when memory encryption is enabled

When memory encryption is enabled, the guest RAM and boot flash ROM will
contain the encrypted data. By setting the debug ops allow us to invoke
encryption APIs when accessing the memory for the debug purposes.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
[BR: FATE#322124]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/i386/pc.c       | 9 +++++++++
 hw/i386/pc_sysfw.c | 6 ++++++
 2 files changed, 15 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index e7faf92143..c9c91e150b 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1355,6 +1355,15 @@ void pc_memory_init(PCMachineState *pcms,
         e820_add_entry(0x100000000ULL, pcms->above_4g_mem_size, E820_RAM);
     }
 
+    /*
+     * When memory encryption is enabled, the guest RAM will be encrypted with
+     * a guest unique key. Set the debug ops so that any debug access to the
+     * guest RAM will go through the memory encryption APIs.
+     */
+    if (kvm_memcrypt_enabled()) {
+        kvm_memcrypt_set_debug_ops(ram);
+    }
+
     if (!pcmc->has_reserved_memory &&
         (machine->ram_slots ||
          (machine->maxram_size > machine->ram_size))) {
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 8ddbbf74d3..3d149b1c9f 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -180,6 +180,12 @@ static void pc_system_flash_init(MemoryRegion *rom_memory)
                     error_report("failed to encrypt pflash rom");
                     exit(1);
                 }
+
+                /*
+                 * The pflash ROM is encrypted, set the debug ops so that any
+                 * debug accesses will use memory encryption APIs.
+                 */
+                kvm_memcrypt_set_debug_ops(flash_mem);
             }
         }
     }
Accepting request 579209 from home:bfrogers:branches:Virtualization Update to 2.11.1, plus a few other fixes. OBS-URL: https://build.opensuse.org/request/show/579209 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=392 2018-02-22 23:01:24 +01:00			`From 6d17c0a5da11a757f26db7763823fcb53a79d445 Mon Sep 17 00:00:00 2001`
Accepting request 574394 from home:bfrogers:branches:Virtualization - Add AMD SEV (Secure Encrypted Virtualization) support by taking the v7 series of the patches posted to qemu ml. (fate#322124) - Update python3 related patches now that they are upstream OBS-URL: https://build.opensuse.org/request/show/574394 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=390 2018-02-08 20:55:31 +01:00			`From: Brijesh Singh <brijesh.singh@amd.com>`
Accepting request 579209 from home:bfrogers:branches:Virtualization Update to 2.11.1, plus a few other fixes. OBS-URL: https://build.opensuse.org/request/show/579209 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=392 2018-02-22 23:01:24 +01:00			`Date: Thu, 15 Feb 2018 09:03:23 -0600`
			`Subject: [PATCH] hw/i386: set ram_debug_ops when memory encryption is enabled`
Accepting request 574394 from home:bfrogers:branches:Virtualization - Add AMD SEV (Secure Encrypted Virtualization) support by taking the v7 series of the patches posted to qemu ml. (fate#322124) - Update python3 related patches now that they are upstream OBS-URL: https://build.opensuse.org/request/show/574394 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=390 2018-02-08 20:55:31 +01:00
			`When memory encryption is enabled, the guest RAM and boot flash ROM will`
			`contain the encrypted data. By setting the debug ops allow us to invoke`
			`encryption APIs when accessing the memory for the debug purposes.`

			`Cc: Paolo Bonzini <pbonzini@redhat.com>`
			`Cc: Richard Henderson <rth@twiddle.net>`
			`Cc: Eduardo Habkost <ehabkost@redhat.com>`
			`Cc: "Michael S. Tsirkin" <mst@redhat.com>`
			`Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>`
			`[BR: FATE#322124]`
			`Signed-off-by: Bruce Rogers <brogers@suse.com>`
			`---`
			`hw/i386/pc.c \| 9 +++++++++`
			`hw/i386/pc_sysfw.c \| 6 ++++++`
			`2 files changed, 15 insertions(+)`

			`diff --git a/hw/i386/pc.c b/hw/i386/pc.c`
			`index e7faf92143..c9c91e150b 100644`
			`--- a/hw/i386/pc.c`
			`+++ b/hw/i386/pc.c`
			`@@ -1355,6 +1355,15 @@ void pc_memory_init(PCMachineState *pcms,`
			`e820_add_entry(0x100000000ULL, pcms->above_4g_mem_size, E820_RAM);`
			`}`

			`+ /*`
			`+ * When memory encryption is enabled, the guest RAM will be encrypted with`
			`+ * a guest unique key. Set the debug ops so that any debug access to the`
			`+ * guest RAM will go through the memory encryption APIs.`
			`+ */`
			`+ if (kvm_memcrypt_enabled()) {`
			`+ kvm_memcrypt_set_debug_ops(ram);`
			`+ }`
			`+`
			`if (!pcmc->has_reserved_memory &&`
			`(machine->ram_slots \|\|`
			`(machine->maxram_size > machine->ram_size))) {`
			`diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c`
			`index 8ddbbf74d3..3d149b1c9f 100644`
			`--- a/hw/i386/pc_sysfw.c`
			`+++ b/hw/i386/pc_sysfw.c`
			`@@ -180,6 +180,12 @@ static void pc_system_flash_init(MemoryRegion *rom_memory)`
			`error_report("failed to encrypt pflash rom");`
			`exit(1);`
			`}`
			`+`
			`+ /*`
			`+ * The pflash ROM is encrypted, set the debug ops so that any`
			`+ * debug accesses will use memory encryption APIs.`
			`+ */`
			`+ kvm_memcrypt_set_debug_ops(flash_mem);`
			`}`
			`}`
			`}`