4f059b938c
- hw/loongarch/virt: Fix FDT memory node address width - hw/loongarch: Fix fdt memory node wrong 'reg' - load_elf: fix iterator's type for elf file processing - migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion `!qemu_in_… - target/i386: no single-step exception after MOV or POP SS - char-stdio: Restore blocking mode of stdout on exit - backends/cryptodev-builtin: Fix local_error leaks - target/loongarch: fix a wrong print in cpu dump - virtio-pci: fix use of a released vector - target/arm: Disable SVE extensions when SVE is disabled - hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE - target/i386: Introduce SapphireRapids-v3 to add missing features - virtio-net: Ensure queue index fits with RSS (CVE-2024-6505) - nbd/server: CVE-2024-7409: Avoid use-after-free when closing server - update io/trace-events. Parameters should remain consistent. - update docs/tools/virtfs-proxy-helper.rst. This place is spelled wrong. - kvm: Add support for CSV2 reboot - target/i386/kvm: Fix the resettable info when emulate Hygon CSV2 guest - target/i386: get/set/migrate GHCB state - target/i386: csv: Add support for migrate VMSA for CSV2 guest - migration/ram: Accelerate the loading of CSV guest's encrypted pages - migration/ram: Accelerate the transmission of CSV guest's encrypted pages - target/i386: csv: add support to load incoming encrypted pages queued in the CMD list - target/i386: csv: add support to queue the incoming page into a list - target/i386: csv: add support to encrypt the outgoing pages in the list queued before. - target/i386: csv: add support to queue the outgoing page into a list - target/i386: csv: Read cert chain from file when prepared for CSV live migration - target/i386: Introduce header file csv.h - migration/ram: Fix calculation of gfn correpond to a page in ramblock - target/i386: sev: Clear shared_regions_list when reboot CSV Guest - migration/ram: Force encrypted status for VGA vram - target/i386: sev: Return 0 if sev_send_get_packet_len() fails - kvm: Add support for userspace MSR filtering and handling of MSR_KVM_MIGRATION_CONTROL. - migration/ram: Force encrypted status for flash0 & flash1 devices. - migration/ram: add support to send encrypted pages - migration: add support to migrate shared regions list - kvm: Add support for SEV shared regions list and KVM_EXIT_HYPERCALL. - target/i386: sev: add support to load incoming encrypted page - target/i386: sev: add support to encrypt the outgoing page - target/i386: sev: do not create launch context for an incoming guest - target/i386: sev: provide callback to setup outgoing context - confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs - migration.json: add AMD SEV specific migration parameters - doc: update AMD SEV to include Live migration flow - crypto/tlscredspsk: Free username on finalize - hw/nvme: fix leak of uninitialized memory in io_mgmt_recv - hw/display/vhost-user-gpu.c: fix vhost_user_gpu_chr_read() - cvm : Implement command blacklist for cvm security enhancement - crypto: Introduce SM3 hash hmac pbkdf algorithm - virtio-net: Use virtual time for RSC timers - vvfat: Fix bug in writing to middle of file - hw/core/ptimer: fix timer zero period condition for freq > 1GHz - hw/misc: support vpsp Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
68 lines
2.5 KiB
Diff
68 lines
2.5 KiB
Diff
From da96618de3227b87ddd78388b80278bde230ce79 Mon Sep 17 00:00:00 2001
|
|
From: Brijesh Singh <brijesh.singh@amd.com>
|
|
Date: Tue, 27 Jul 2021 11:41:37 +0000
|
|
Subject: [PATCH] confidential guest support: introduce
|
|
ConfidentialGuestMemoryEncryptionOps for encrypted VMs
|
|
|
|
cherry-picked from https://github.com/AMDESE/qemu/commit/74fce7be9bd.
|
|
|
|
When memory encryption is enabled in VM, the guest RAM will be encrypted
|
|
with the guest-specific key, to protect the confidentiality of data while
|
|
in transit we need to platform specific hooks to save or migrate the
|
|
guest RAM.
|
|
|
|
Introduce the new ConfidentialGuestMemoryEncryptionOps in this patch
|
|
which will be later used by the encrypted guest for migration.
|
|
|
|
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
|
|
Co-developed-by: Ashish Kalra <ashish.kalra@amd.com>
|
|
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
|
|
Signed-off-by: hanliyang <hanliyang@hygon.cn>
|
|
---
|
|
include/exec/confidential-guest-support.h | 27 +++++++++++++++++++++++
|
|
1 file changed, 27 insertions(+)
|
|
|
|
diff --git a/include/exec/confidential-guest-support.h b/include/exec/confidential-guest-support.h
|
|
index ba2dd4b5df..343f686fc2 100644
|
|
--- a/include/exec/confidential-guest-support.h
|
|
+++ b/include/exec/confidential-guest-support.h
|
|
@@ -53,8 +53,35 @@ struct ConfidentialGuestSupport {
|
|
bool ready;
|
|
};
|
|
|
|
+/**
|
|
+ * The functions registers with ConfidentialGuestMemoryEncryptionOps will be
|
|
+ * used during the encrypted guest migration.
|
|
+ */
|
|
+struct ConfidentialGuestMemoryEncryptionOps {
|
|
+ /* Initialize the platform specific state before starting the migration */
|
|
+ int (*save_setup)(const char *pdh, const char *plat_cert,
|
|
+ const char *amd_cert);
|
|
+
|
|
+ /* Write the encrypted page and metadata associated with it */
|
|
+ int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size,
|
|
+ uint64_t *bytes_sent);
|
|
+
|
|
+ /* Load the incoming encrypted page into guest memory */
|
|
+ int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr);
|
|
+
|
|
+ /* Check if gfn is in shared/unencrypted region */
|
|
+ bool (*is_gfn_in_unshared_region)(unsigned long gfn);
|
|
+
|
|
+ /* Write the shared regions list */
|
|
+ int (*save_outgoing_shared_regions_list)(QEMUFile *f);
|
|
+
|
|
+ /* Load the shared regions list */
|
|
+ int (*load_incoming_shared_regions_list)(QEMUFile *f);
|
|
+};
|
|
+
|
|
typedef struct ConfidentialGuestSupportClass {
|
|
ObjectClass parent;
|
|
+ struct ConfidentialGuestMemoryEncryptionOps *memory_encryption_ops;
|
|
} ConfidentialGuestSupportClass;
|
|
|
|
#endif /* !CONFIG_USER_ONLY */
|
|
--
|
|
2.41.0.windows.1
|
|
|