Re: [Qemu-devel] [PATCH 1/3] ram-encrypted-notifier: Introduce a RAM block encrypted notifier

Fri, 26 Apr 2019 05:29:40 -0700 

On Thu, 25 Apr 2019 22:58:18 +0000
"Natarajan, Janakarajan" <janakarajan.natara...@amd.com> wrote:

> A client can register to this notifier to know whether the newly added or
> removed memory region is marked as encrypted. This information is needed
> for the SEV guest launch. In SEV guest, some memory regions may contain
> encrypted data (e.g guest RAM). The memory region which contains the
> encrypted data should be registered/unregistered using the
> KVM_MEMORY_{REG,UNREG}_ENCRYPTED ioctl.
> 
> Signed-off-by: Janakarajan Natarajan <janakarajan.natara...@amd.com>
> ---
>  exec.c                 |  1 +
>  include/exec/memory.h  | 18 ++++++++++++++++++
>  include/exec/ramlist.h | 19 +++++++++++++++++++
>  memory.c               | 16 ++++++++++++++++
>  numa.c                 | 33 +++++++++++++++++++++++++++++++++
>  stubs/ram-block.c      |  8 ++++++++
>  6 files changed, 95 insertions(+)
> 
> diff --git a/exec.c b/exec.c
> index 2646207661..a02c394e48 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -79,6 +79,7 @@
>   * are protected by the ramlist lock.
>   */
>  RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
> +RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list;
>  
>  static MemoryRegion *system_memory;
>  static MemoryRegion *system_io;
> diff --git a/include/exec/memory.h b/include/exec/memory.h
> index 9144a47f57..ae720ff511 100644
> --- a/include/exec/memory.h
> +++ b/include/exec/memory.h
> @@ -374,6 +374,7 @@ struct MemoryRegion {
>      bool terminates;
>      bool ram_device;
>      bool enabled;
> +    bool encrypted;
>      bool warning_printed; /* For reservations */
>      uint8_t vga_logging_count;
>      MemoryRegion *alias;
> @@ -1131,6 +1132,23 @@ int 
> memory_region_iommu_attrs_to_index(IOMMUMemoryRegion *iommu_mr,
>   */
>  int memory_region_iommu_num_indexes(IOMMUMemoryRegion *iommu_mr);
>  
> +/**
> + * memory_region_mark_encrypted: marks the memory region as encrypted and
> + * lets the listeners of encrypted ram know that a memory region containing
> + * encrypted ram block has been added
> + *
> + * @mr: the memory region
> + */
> +void memory_region_mark_encrypted(MemoryRegion *mr);
> +
> +/**
> + * memory_region_is_encrypted: returns if the memory region was marked as
> + * encrypted when it was created
> + *
> + * @mr: the memory region
> + */
> +bool memory_region_is_encrypted(MemoryRegion *mr);
> +
>  /**
>   * memory_region_name: get a memory region's name
>   *
> diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h
> index bc4faa1b00..5349f27fa5 100644
> --- a/include/exec/ramlist.h
> +++ b/include/exec/ramlist.h
> @@ -7,6 +7,7 @@
>  #include "qemu/rcu_queue.h"
>  
>  typedef struct RAMBlockNotifier RAMBlockNotifier;
> +typedef struct RAMBlockEncryptedNotifier RAMBlockEncryptedNotifier;
>  
>  #define DIRTY_MEMORY_VGA       0
>  #define DIRTY_MEMORY_CODE      1
> @@ -55,6 +56,11 @@ typedef struct RAMList {
>  } RAMList;
>  extern RAMList ram_list;
>  
> +typedef struct RAMBlockEncryptedNotifierList {
> +    QLIST_HEAD(, RAMBlockEncryptedNotifier) ram_block_notifiers;
> +} RAMBlockEncryptedNotifierList;
> +extern RAMBlockEncryptedNotifierList ram_block_encrypted_notifier_list;
> +
>  /* Should be holding either ram_list.mutex, or the RCU lock. */
>  #define  INTERNAL_RAMBLOCK_FOREACH(block)  \
>      QLIST_FOREACH_RCU(block, &ram_list.blocks, next)
> @@ -70,6 +76,14 @@ struct RAMBlockNotifier {
>      QLIST_ENTRY(RAMBlockNotifier) next;
>  };
>  
> +struct RAMBlockEncryptedNotifier {
> +    void (*ram_block_encrypted_added)(RAMBlockEncryptedNotifier *n,
> +                                      void *host, size_t size);
> +    void (*ram_block_encrypted_removed)(RAMBlockEncryptedNotifier *n,
> +                                        void *host, size_t size);
> +    QLIST_ENTRY(RAMBlockEncryptedNotifier) next;
> +};
> +
>  void ram_block_notifier_add(RAMBlockNotifier *n);
>  void ram_block_notifier_remove(RAMBlockNotifier *n);
>  void ram_block_notify_add(void *host, size_t size);
> @@ -77,4 +91,9 @@ void ram_block_notify_remove(void *host, size_t size);
>  
>  void ram_block_dump(Monitor *mon);
>  
> +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n);
> +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n);
> +void ram_block_encrypted_notify_add(void *host, size_t size);
> +void ram_block_encrypted_notify_remove(void *host, size_t size);
> +
>  #endif /* RAMLIST_H */
> diff --git a/memory.c b/memory.c
> index bb2b71ee38..eca02d369b 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -2009,6 +2009,22 @@ int memory_region_iommu_num_indexes(IOMMUMemoryRegion 
> *iommu_mr)
>      return imrc->num_indexes(iommu_mr);
>  }
>  
> +void memory_region_mark_encrypted(MemoryRegion *mr)
> +{
> +    RAMBlock *block = mr->ram_block;
> +
> +    mr->encrypted = kvm_memcrypt_enabled();
> +
> +    if (mr->encrypted) {
> +        ram_block_encrypted_notify_add(block->host, block->max_length);
> +    }
> +}
> +
> +bool memory_region_is_encrypted(MemoryRegion *mr)
> +{
> +    return mr->encrypted;
> +}
> +
>  void memory_region_set_log(MemoryRegion *mr, bool log, unsigned client)
>  {
>      uint8_t mask = 1 << client;
> diff --git a/numa.c b/numa.c
> index 3875e1efda..08601366c5 100644
> --- a/numa.c
> +++ b/numa.c

looks like wrong file to put RAMBlock code in. I though that we should put it 
in exec.c

> @@ -638,6 +638,39 @@ MemdevList *qmp_query_memdev(Error **errp)
>      return list;
>  }
>  
> +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n)
> +{
> +    QLIST_INSERT_HEAD(&ram_block_encrypted_notifier_list.ram_block_notifiers,
> +                      n, next);
> +}
> +
> +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n)
> +{
> +    QLIST_REMOVE(n, next);
> +}
> +
> +void ram_block_encrypted_notify_add(void *host, size_t size)
> +{
> +    RAMBlockEncryptedNotifier *notifier;
> +
> +    QLIST_FOREACH(notifier,
> +                  &ram_block_encrypted_notifier_list.ram_block_notifiers,
> +                  next) {
> +        notifier->ram_block_encrypted_added(notifier, host, size);
> +    }
> +}
> +
> +void ram_block_encrypted_notify_remove(void *host, size_t size)
> +{
> +    RAMBlockEncryptedNotifier *notifier;
> +
> +    QLIST_FOREACH(notifier,
> +                  &ram_block_encrypted_notifier_list.ram_block_notifiers,
> +                  next) {
> +        notifier->ram_block_encrypted_removed(notifier, host, size);
> +    }
> +}
> +
>  void ram_block_notifier_add(RAMBlockNotifier *n)
>  {
>      QLIST_INSERT_HEAD(&ram_list.ramblock_notifiers, n, next);
> diff --git a/stubs/ram-block.c b/stubs/ram-block.c
> index 73c0a3ee08..0f68922feb 100644
> --- a/stubs/ram-block.c
> +++ b/stubs/ram-block.c
> @@ -25,6 +25,14 @@ void ram_block_notifier_remove(RAMBlockNotifier *n)
>  {
>  }
>  
> +void ram_block_encrypted_notifier_add(RAMBlockEncryptedNotifier *n)
> +{
> +}
> +
> +void ram_block_encrypted_notifier_remove(RAMBlockEncryptedNotifier *n)
> +{
> +}
> +
>  int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
>  {
>      return 0;

Reply via email to