代码拉取完成,页面将自动刷新
同步操作将从 OpenCloudOS Stream/qemu 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 57046de9f4d4e0ee965f331ed5c8c93481d2b167 Mon Sep 17 00:00:00 2001
From: jiangxin <[email protected]>
Date: Wed, 25 Aug 2021 09:59:16 +0800
Subject: [PATCH 03/14] target/i386: csv: Add command to load data to CSV3
guest memory
The KVM_CSV3_LAUNCH_ENCRYPT_DATA command is used to load data to an
encrypted guest memory in an isolated memory region that guest owns.
Signed-off-by: Xin Jiang <[email protected]>
Signed-off-by: hanliyang <[email protected]>
---
linux-headers/linux/kvm.h | 7 ++++
target/i386/csv-sysemu-stub.c | 5 +++
target/i386/csv.c | 69 +++++++++++++++++++++++++++++++++++
target/i386/csv.h | 2 +
target/i386/trace-events | 3 ++
5 files changed, 86 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 794e0fd49..3f1a40206 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -2054,6 +2054,13 @@ enum csv3_cmd_id {
KVM_CSV3_NR_MIN = 0xc0,
KVM_CSV3_INIT = KVM_CSV3_NR_MIN,
+ KVM_CSV3_LAUNCH_ENCRYPT_DATA,
+};
+
+struct kvm_csv3_launch_encrypt_data {
+ __u64 gpa;
+ __u64 uaddr;
+ __u32 len;
};
struct kvm_csv3_init_data {
diff --git a/target/i386/csv-sysemu-stub.c b/target/i386/csv-sysemu-stub.c
index 72f0f5c77..b0ccbd2f1 100644
--- a/target/i386/csv-sysemu-stub.c
+++ b/target/i386/csv-sysemu-stub.c
@@ -19,3 +19,8 @@ int csv3_init(uint32_t policy, int fd, void *state, struct sev_ops *ops)
{
return 0;
}
+
+int csv3_load_data(uint64_t gpa, uint8_t *ptr, uint64_t len, Error **errp)
+{
+ g_assert_not_reached();
+}
diff --git a/target/i386/csv.c b/target/i386/csv.c
index f02aadb54..0e3f4478a 100644
--- a/target/i386/csv.c
+++ b/target/i386/csv.c
@@ -13,6 +13,7 @@
#include "qemu/osdep.h"
#include "qemu/error-report.h"
+#include "qapi/error.h"
#include <linux/kvm.h>
@@ -20,6 +21,7 @@
#include <numaif.h>
#endif
+#include "trace.h"
#include "cpu.h"
#include "sev.h"
#include "csv.h"
@@ -74,3 +76,70 @@ csv3_enabled(void)
return sev_es_enabled() && (csv3_guest.policy & GUEST_POLICY_CSV3_BIT);
}
+
+static bool
+csv3_check_state(SevState state)
+{
+ return *((SevState *)csv3_guest.state) == state ? true : false;
+}
+
+static int
+csv3_ioctl(int cmd, void *data, int *error)
+{
+ if (csv3_guest.sev_ioctl)
+ return csv3_guest.sev_ioctl(csv3_guest.sev_fd, cmd, data, error);
+ else
+ return -1;
+}
+
+static const char *
+fw_error_to_str(int code)
+{
+ if (csv3_guest.fw_error_to_str)
+ return csv3_guest.fw_error_to_str(code);
+ else
+ return NULL;
+}
+
+static int
+csv3_launch_encrypt_data(uint64_t gpa, uint8_t *addr, uint64_t len)
+{
+ int ret, fw_error;
+ struct kvm_csv3_launch_encrypt_data update;
+
+ if (!addr || !len) {
+ return 1;
+ }
+
+ update.gpa = (__u64)gpa;
+ update.uaddr = (__u64)(unsigned long)addr;
+ update.len = len;
+ trace_kvm_csv3_launch_encrypt_data(gpa, addr, len);
+ ret = csv3_ioctl(KVM_CSV3_LAUNCH_ENCRYPT_DATA, &update, &fw_error);
+ if (ret) {
+ error_report("%s: CSV3 LAUNCH_ENCRYPT_DATA ret=%d fw_error=%d '%s'",
+ __func__, ret, fw_error, fw_error_to_str(fw_error));
+ }
+
+ return ret;
+}
+
+int
+csv3_load_data(uint64_t gpa, uint8_t *ptr, uint64_t len, Error **errp)
+{
+ int ret = 0;
+
+ if (!csv3_enabled()) {
+ error_setg(errp, "%s: CSV3 is not enabled", __func__);
+ return -1;
+ }
+
+ /* if CSV3 is in update state then load the data to secure memory */
+ if (csv3_check_state(SEV_STATE_LAUNCH_UPDATE)) {
+ ret = csv3_launch_encrypt_data(gpa, ptr, len);
+ if (ret)
+ error_setg(errp, "%s: CSV3 fail to encrypt data", __func__);
+ }
+
+ return ret;
+}
diff --git a/target/i386/csv.h b/target/i386/csv.h
index cf125fe0f..928774f59 100644
--- a/target/i386/csv.h
+++ b/target/i386/csv.h
@@ -86,4 +86,6 @@ typedef struct Csv3GuestState Csv3GuestState;
extern struct Csv3GuestState csv3_guest;
extern int csv3_init(uint32_t policy, int fd, void *state, struct sev_ops *ops);
+int csv3_load_data(uint64_t gpa, uint8_t *ptr, uint64_t len, Error **errp);
+
#endif
diff --git a/target/i386/trace-events b/target/i386/trace-events
index 87b765c73..e07061bf3 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -19,3 +19,6 @@ kvm_sev_receive_update_data(void *src, void *dst, int len, void *hdr, int hdr_le
kvm_sev_receive_finish(void) ""
kvm_sev_send_update_vmsa(uint32_t cpu_id, uint32_t cpu_index, void *dst, int len) "cpu_id %d cpu_index %d trans %p len %d"
kvm_sev_receive_update_vmsa(uint32_t cpu_id, uint32_t cpu_index, void *src, int len, void *hdr, int hdr_len) "cpu_id %d cpu_index %d trans %p len %d hdr %p hdr_len %d"
+
+# csv.c
+kvm_csv3_launch_encrypt_data(uint64_t gpa, void *addr, uint64_t len) "gpa 0x%" PRIx64 "addr %p len 0x%" PRIu64
--
2.41.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手