qemu/0064-sev-Finalize-the-SEV-guest-launch-f.patch

From 5f926f58bd02e7c42d7840a653cc33d83c90a5af Mon Sep 17 00:00:00 2001
From: Brijesh Singh <brijesh.singh@amd.com>
Date: Tue, 6 Feb 2018 19:08:10 -0600
Subject: [PATCH] sev: Finalize the SEV guest launch flow

SEV launch flow requires us to issue LAUNCH_FINISH command before guest
is ready to run.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
[BR: FATE#322124]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 accel/kvm/sev.c        | 29 +++++++++++++++++++++++++++++
 accel/kvm/trace-events |  1 +
 2 files changed, 30 insertions(+)

diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c
index 8d99c6cda4..e422f43caa 100644
--- a/accel/kvm/sev.c
+++ b/accel/kvm/sev.c
@@ -547,6 +547,34 @@ static Notifier sev_machine_done_notify = {
     .notify = sev_launch_get_measure,
 };
 
+static void
+sev_launch_finish(SEVState *s)
+{
+    int ret, error;
+
+    trace_kvm_sev_launch_finish();
+    ret = sev_ioctl(KVM_SEV_LAUNCH_FINISH, 0, &error);
+    if (ret) {
+        error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'",
+                     __func__, ret, error, fw_error_to_str(error));
+        exit(1);
+    }
+
+    sev_set_guest_state(SEV_STATE_RUNNING);
+}
+
+static void
+sev_vm_state_change(void *opaque, int running, RunState state)
+{
+    SEVState *s = opaque;
+
+    if (running) {
+        if (!sev_check_state(SEV_STATE_RUNNING)) {
+            sev_launch_finish(s);
+        }
+    }
+}
+
 void *
 sev_guest_init(const char *id)
 {
@@ -600,6 +628,7 @@ sev_guest_init(const char *id)
     sev_active = true;
     ram_block_notifier_add(&sev_ram_notifier);
     qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
+    qemu_add_vm_change_state_handler(sev_vm_state_change, s);
 
     sev_state = s;
 
diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events
index 19742bf9dd..e810d75ea1 100644
--- a/accel/kvm/trace-events
+++ b/accel/kvm/trace-events
@@ -21,3 +21,4 @@ kvm_sev_change_state(const char *old, const char *new) "%s -> %s"
 kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p"
 kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64
 kvm_sev_launch_measurement(const char *value) "data %s"
+kvm_sev_launch_finish(void) ""
Accepting request 574394 from home:bfrogers:branches:Virtualization - Add AMD SEV (Secure Encrypted Virtualization) support by taking the v7 series of the patches posted to qemu ml. (fate#322124) - Update python3 related patches now that they are upstream OBS-URL: https://build.opensuse.org/request/show/574394 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=390 2018-02-08 20:55:31 +01:00			`From 5f926f58bd02e7c42d7840a653cc33d83c90a5af Mon Sep 17 00:00:00 2001`
			`From: Brijesh Singh <brijesh.singh@amd.com>`
			`Date: Tue, 6 Feb 2018 19:08:10 -0600`
			`Subject: [PATCH] sev: Finalize the SEV guest launch flow`

			`SEV launch flow requires us to issue LAUNCH_FINISH command before guest`
			`is ready to run.`

			`Cc: Paolo Bonzini <pbonzini@redhat.com>`
			`Cc: kvm@vger.kernel.org`
			`Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>`
			`[BR: FATE#322124]`
			`Signed-off-by: Bruce Rogers <brogers@suse.com>`
			`---`
			`accel/kvm/sev.c \| 29 +++++++++++++++++++++++++++++`
			`accel/kvm/trace-events \| 1 +`
			`2 files changed, 30 insertions(+)`

			`diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c`
			`index 8d99c6cda4..e422f43caa 100644`
			`--- a/accel/kvm/sev.c`
			`+++ b/accel/kvm/sev.c`
			`@@ -547,6 +547,34 @@ static Notifier sev_machine_done_notify = {`
			`.notify = sev_launch_get_measure,`
			`};`

			`+static void`
			`+sev_launch_finish(SEVState *s)`
			`+{`
			`+ int ret, error;`
			`+`
			`+ trace_kvm_sev_launch_finish();`
			`+ ret = sev_ioctl(KVM_SEV_LAUNCH_FINISH, 0, &error);`
			`+ if (ret) {`
			`+ error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'",`
			`+ __func__, ret, error, fw_error_to_str(error));`
			`+ exit(1);`
			`+ }`
			`+`
			`+ sev_set_guest_state(SEV_STATE_RUNNING);`
			`+}`
			`+`
			`+static void`
			`+sev_vm_state_change(void *opaque, int running, RunState state)`
			`+{`
			`+ SEVState *s = opaque;`
			`+`
			`+ if (running) {`
			`+ if (!sev_check_state(SEV_STATE_RUNNING)) {`
			`+ sev_launch_finish(s);`
			`+ }`
			`+ }`
			`+}`
			`+`
			`void *`
			`sev_guest_init(const char *id)`
			`{`
			`@@ -600,6 +628,7 @@ sev_guest_init(const char *id)`
			`sev_active = true;`
			`ram_block_notifier_add(&sev_ram_notifier);`
			`qemu_add_machine_init_done_notifier(&sev_machine_done_notify);`
			`+ qemu_add_vm_change_state_handler(sev_vm_state_change, s);`

			`sev_state = s;`

			`diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events`
			`index 19742bf9dd..e810d75ea1 100644`
			`--- a/accel/kvm/trace-events`
			`+++ b/accel/kvm/trace-events`
			`@@ -21,3 +21,4 @@ kvm_sev_change_state(const char old, const char new) "%s -> %s"`
			`kvm_sev_launch_start(int policy, void session, void pdh) "policy 0x%x session %p pdh %p"`
			`kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64`
			`kvm_sev_launch_measurement(const char *value) "data %s"`
			`+kvm_sev_launch_finish(void) ""`