代码拉取完成,页面将自动刷新
From 9cd331388ce95e3d7365fceab30016756eae2483 Mon Sep 17 00:00:00 2001
From: appleLin <appleLin@hygon.cn>
Date: Wed, 3 Aug 2022 21:02:41 +0800
Subject: [PATCH] anolis: target/i386/sev: Add support for reuse ASID for
different CSV guests
In you want to reuse one ASID for many CSV guests, you should provide a
label (i.e. userid) and the length of the label when launch CSV guest.
The CSV guests which were provided the same userid will share the same
ASID.
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
linux-headers/linux/kvm.h | 5 +++++
qapi/qom.json | 5 ++++-
qemu-options.hx | 5 ++++-
target/i386/csv.c | 2 --
target/i386/csv.h | 3 +++
target/i386/sev.c | 47 ++++++++++++++++++++++++++++++++++++++-
6 files changed, 62 insertions(+), 5 deletions(-)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 5fe2f8d04..3875127a3 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -2011,6 +2011,11 @@ struct kvm_csv_receive_encrypt_context {
__u32 trans_len;
};
+struct kvm_csv_init {
+ __u64 userid_addr;
+ __u32 len;
+};
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/qapi/qom.json b/qapi/qom.json
index eeb5395ff..387c0a142 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -773,6 +773,8 @@
# designated guest firmware page for measured boot
# with -kernel (default: false) (since 6.2)
#
+# @user-id: the user id of the guest owner, only support on Hygon CPUs
+#
# Since: 2.12
##
{ 'struct': 'SevGuestProperties',
@@ -783,7 +785,8 @@
'*handle': 'uint32',
'*cbitpos': 'uint32',
'reduced-phys-bits': 'uint32',
- '*kernel-hashes': 'bool' } }
+ '*kernel-hashes': 'bool',
+ '*user-id': 'str' } }
##
# @ObjectType:
diff --git a/qemu-options.hx b/qemu-options.hx
index 8997969d5..115e1835f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5189,7 +5189,7 @@ SRST
-object secret,id=sec0,keyid=secmaster0,format=base64,\\
data=$SECRET,iv=$(<iv.b64)
- ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file,kernel-hashes=on|off]``
+ ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file,kernel-hashes=on|off,user-id=id]``
Create a Secure Encrypted Virtualization (SEV) guest object,
which can be used to provide the guest memory encryption support
on AMD processors.
@@ -5233,6 +5233,9 @@ SRST
cmdline to a designated guest firmware page for measured Linux
boot with -kernel. The default is off. (Since 6.2)
+ The ``user-id`` set the user id of the guest owner, this only
+ support on Hygon CPUs.
+
e.g to launch a SEV guest
.. parsed-literal::
diff --git a/target/i386/csv.c b/target/i386/csv.c
index b0ca16980..0e4898296 100644
--- a/target/i386/csv.c
+++ b/target/i386/csv.c
@@ -52,8 +52,6 @@ struct ConfidentialGuestMemoryEncryptionOps csv_memory_encryption_ops = {
CsvGuestState csv_guest = { 0 };
-#define GUEST_POLICY_CSV_BIT (1 << 6)
-
int
csv_init(uint32_t policy, int fd, void *state, struct sev_ops *ops)
{
diff --git a/target/i386/csv.h b/target/i386/csv.h
index 2e0506313..86f46d30c 100644
--- a/target/i386/csv.h
+++ b/target/i386/csv.h
@@ -22,6 +22,9 @@
#include "cpu.h"
+#define GUEST_POLICY_CSV_BIT (1 << 6)
+#define GUEST_POLICY_REUSE_ASID (1 << 7)
+
#define CPUID_VENDOR_HYGON_EBX 0x6f677948 /* "Hygo" */
#define CPUID_VENDOR_HYGON_ECX 0x656e6975 /* "uine" */
#define CPUID_VENDOR_HYGON_EDX 0x6e65476e /* "nGen" */
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 40e52985a..cedea1353 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -82,6 +82,7 @@ struct SevGuestState {
uint32_t cbitpos;
uint32_t reduced_phys_bits;
bool kernel_hashes;
+ char *user_id;
/* runtime state */
uint32_t handle;
@@ -383,6 +384,22 @@ sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp)
s->dh_cert_file = g_strdup(value);
}
+static char *
+sev_guest_get_user_id(Object *obj, Error **errp)
+{
+ SevGuestState *s = SEV_GUEST(obj);
+
+ return g_strdup(s->user_id);
+}
+
+static void
+sev_guest_set_user_id(Object *obj, const char *value, Error **errp)
+{
+ SevGuestState *s = SEV_GUEST(obj);
+
+ s->user_id = g_strdup(value);
+}
+
static char *
sev_guest_get_sev_device(Object *obj, Error **errp)
{
@@ -436,6 +453,11 @@ sev_guest_class_init(ObjectClass *oc, void *data)
sev_guest_set_kernel_hashes);
object_class_property_set_description(oc, "kernel-hashes",
"add kernel hashes to guest firmware for measured Linux boot");
+ object_class_property_add_str(oc, "user-id",
+ sev_guest_get_user_id,
+ sev_guest_set_user_id);
+ object_class_property_set_description(oc, "user-id",
+ "user id of the guest owner");
}
static void
@@ -1137,7 +1159,30 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
}
trace_kvm_sev_init();
- ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
+
+ /* Only support reuse asid for CSV/CSV2 guest */
+ if (is_hygon_cpu() &&
+ (sev_guest->policy & GUEST_POLICY_REUSE_ASID) &&
+ !(sev_guest->policy & GUEST_POLICY_CSV_BIT)) {
+ char *user_id = NULL;
+ struct kvm_csv_init *init_cmd_buf = NULL;
+
+ user_id = object_property_get_str(OBJECT(sev), "user-id", NULL);
+ if (user_id && strlen(user_id)) {
+ init_cmd_buf = g_new0(struct kvm_csv_init, 1);
+ init_cmd_buf->len = strlen(user_id);
+ init_cmd_buf->userid_addr = (__u64)user_id;
+ }
+ ret = sev_ioctl(sev->sev_fd, cmd, init_cmd_buf, &fw_error);
+
+ if (user_id) {
+ g_free(user_id);
+ g_free(init_cmd_buf);
+ }
+ } else {
+ ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
+ }
+
if (ret) {
error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'",
__func__, ret, fw_error, fw_error_to_str(fw_error));
--
2.31.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手