From: Ashish Kalra <Ashish.Kalra@amd.com>
To: pbonzini@redhat.com
Cc: qemu-devel@nongnu.org, rth@twiddle.net, armbru@redhat.com,
dgilbert@redhat.com, ehabkost@redhat.com, kvm@vger.kernel.org,
mst@redhat.com, marcel.apfelbaum@gmail.com, mtosatti@redhat.com,
Thomas.Lendacky@amd.com, brijesh.singh@amd.com,
ssg.sos.patches@amd.com
Subject: [PATCH 00/11] Add QEMU debug support for SEV guests
Date: Mon, 16 Nov 2020 18:48:24 +0000 [thread overview]
Message-ID: <cover.1605316268.git.ashish.kalra@amd.com> (raw)
From: Ashish Kalra <ashish.kalra@amd.com>
This patchset adds QEMU debug support for SEV guests. Debug requires access to the guest pages, which is encrypted when SEV is enabled.
KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are available to decrypt/encrypt the guest pages, if the guest policy allows for debugging.
Changes are made to the guest page table walker since SEV guest pte entries will have the C-bit set.
Also introduces new MemoryDebugOps which hook into guest virtual and physical memory debug interfaces such as cpu_memory_rw_debug,
to allow vendor specific assist/hooks for debugging and delegating accessing the guest memory. This is used for example in case of
AMD SEV platform where the guest memory is encrypted and a SEV specific debug assist/hook will be required to access the guest memory.
The MemoryDebugOps are used by cpu_memory_rw_debug() and default to address_space_read and address_space_write_rom as described below.
typedef struct MemoryDebugOps {
MemTxResult (*read)(AddressSpace *as, hwaddr phys_addr,
MemTxAttrs attrs, void *buf,
hwaddr len);
MemTxResult (*write)(AddressSpace *as, hwaddr phys_addr,
MemTxAttrs attrs, const void *buf,
hwaddr len);
} MemoryDebugOps;
These ops would be used only by cpu_memory_rw_debug and would default to
static const MemoryDebugOps default_debug_ops = {
.translate = cpu_get_phys_page_attrs_debug,
.read = address_space_read,
.write = address_space_write_rom
};
static const MemoryDebugOps *debug_ops = &default_debug_ops;
Ashish Kalra (3):
exec: Add new MemoryDebugOps.
exec: Add address_space_read and address_space_write debug helpers.
sev/i386: add SEV specific MemoryDebugOps.
Brijesh Singh (8):
memattrs: add debug attribute
exec: add ram_debug_ops support
exec: add debug version of physical memory read and write API
monitor/i386: use debug APIs when accessing guest memory
kvm: introduce debug memory encryption API
sev/i386: add debug encrypt and decrypt commands
hw/i386: set ram_debug_ops when memory encryption is enabled
target/i386: clear C-bit when walking SEV guest page table
accel/kvm/kvm-all.c | 22 ++++
accel/kvm/sev-stub.c | 8 ++
accel/stubs/kvm-stub.c | 8 ++
hw/i386/pc.c | 9 ++
hw/i386/pc_sysfw.c | 6 +
include/exec/cpu-common.h | 18 +++
include/exec/memattrs.h | 2 +
include/exec/memory.h | 49 ++++++++
include/sysemu/kvm.h | 15 +++
include/sysemu/sev.h | 12 ++
monitor/misc.c | 4 +-
softmmu/cpus.c | 2 +-
softmmu/physmem.c | 170 +++++++++++++++++++++++++-
target/i386/kvm.c | 4 +
target/i386/monitor.c | 124 +++++++++++--------
target/i386/sev.c | 244 ++++++++++++++++++++++++++++++++++++++
target/i386/trace-events | 1 +
17 files changed, 642 insertions(+), 56 deletions(-)
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Ashish Kalra <Ashish.Kalra@amd.com>
To: pbonzini@redhat.com
Cc: Thomas.Lendacky@amd.com, brijesh.singh@amd.com,
ehabkost@redhat.com, kvm@vger.kernel.org, mst@redhat.com,
mtosatti@redhat.com, ssg.sos.patches@amd.com, armbru@redhat.com,
qemu-devel@nongnu.org, dgilbert@redhat.com, rth@twiddle.net
Subject: [PATCH 00/11] Add QEMU debug support for SEV guests
Date: Mon, 16 Nov 2020 18:48:24 +0000 [thread overview]
Message-ID: <cover.1605316268.git.ashish.kalra@amd.com> (raw)
From: Ashish Kalra <ashish.kalra@amd.com>
This patchset adds QEMU debug support for SEV guests. Debug requires access to the guest pages, which is encrypted when SEV is enabled.
KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are available to decrypt/encrypt the guest pages, if the guest policy allows for debugging.
Changes are made to the guest page table walker since SEV guest pte entries will have the C-bit set.
Also introduces new MemoryDebugOps which hook into guest virtual and physical memory debug interfaces such as cpu_memory_rw_debug,
to allow vendor specific assist/hooks for debugging and delegating accessing the guest memory. This is used for example in case of
AMD SEV platform where the guest memory is encrypted and a SEV specific debug assist/hook will be required to access the guest memory.
The MemoryDebugOps are used by cpu_memory_rw_debug() and default to address_space_read and address_space_write_rom as described below.
typedef struct MemoryDebugOps {
MemTxResult (*read)(AddressSpace *as, hwaddr phys_addr,
MemTxAttrs attrs, void *buf,
hwaddr len);
MemTxResult (*write)(AddressSpace *as, hwaddr phys_addr,
MemTxAttrs attrs, const void *buf,
hwaddr len);
} MemoryDebugOps;
These ops would be used only by cpu_memory_rw_debug and would default to
static const MemoryDebugOps default_debug_ops = {
.translate = cpu_get_phys_page_attrs_debug,
.read = address_space_read,
.write = address_space_write_rom
};
static const MemoryDebugOps *debug_ops = &default_debug_ops;
Ashish Kalra (3):
exec: Add new MemoryDebugOps.
exec: Add address_space_read and address_space_write debug helpers.
sev/i386: add SEV specific MemoryDebugOps.
Brijesh Singh (8):
memattrs: add debug attribute
exec: add ram_debug_ops support
exec: add debug version of physical memory read and write API
monitor/i386: use debug APIs when accessing guest memory
kvm: introduce debug memory encryption API
sev/i386: add debug encrypt and decrypt commands
hw/i386: set ram_debug_ops when memory encryption is enabled
target/i386: clear C-bit when walking SEV guest page table
accel/kvm/kvm-all.c | 22 ++++
accel/kvm/sev-stub.c | 8 ++
accel/stubs/kvm-stub.c | 8 ++
hw/i386/pc.c | 9 ++
hw/i386/pc_sysfw.c | 6 +
include/exec/cpu-common.h | 18 +++
include/exec/memattrs.h | 2 +
include/exec/memory.h | 49 ++++++++
include/sysemu/kvm.h | 15 +++
include/sysemu/sev.h | 12 ++
monitor/misc.c | 4 +-
softmmu/cpus.c | 2 +-
softmmu/physmem.c | 170 +++++++++++++++++++++++++-
target/i386/kvm.c | 4 +
target/i386/monitor.c | 124 +++++++++++--------
target/i386/sev.c | 244 ++++++++++++++++++++++++++++++++++++++
target/i386/trace-events | 1 +
17 files changed, 642 insertions(+), 56 deletions(-)
--
2.17.1
next reply other threads:[~2020-11-16 18:49 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 18:48 Ashish Kalra [this message]
2020-11-16 18:48 ` [PATCH 00/11] Add QEMU debug support for SEV guests Ashish Kalra
2020-11-16 18:48 ` [PATCH 01/11] memattrs: add debug attribute Ashish Kalra
2020-11-16 18:48 ` Ashish Kalra
2020-12-01 11:03 ` Dr. David Alan Gilbert
2020-12-01 11:03 ` Dr. David Alan Gilbert
2020-12-01 11:43 ` Peter Maydell
2020-12-01 11:43 ` Peter Maydell
2020-12-01 11:50 ` Dr. David Alan Gilbert
2020-12-01 11:50 ` Dr. David Alan Gilbert
2020-12-01 11:56 ` Peter Maydell
2020-12-01 11:56 ` Peter Maydell
2020-12-01 18:57 ` Dr. David Alan Gilbert
2020-12-01 18:57 ` Dr. David Alan Gilbert
2020-11-16 18:49 ` [PATCH 02/11] exec: Add new MemoryDebugOps Ashish Kalra
2020-11-16 18:49 ` Ashish Kalra
2020-12-01 11:37 ` Dr. David Alan Gilbert
2020-12-01 11:37 ` Dr. David Alan Gilbert
2020-12-01 11:48 ` Peter Maydell
2020-12-01 11:48 ` Peter Maydell
2020-12-01 14:27 ` Ashish Kalra
2020-12-01 14:27 ` Ashish Kalra
2020-12-01 14:38 ` Peter Maydell
2020-12-01 14:38 ` Peter Maydell
2020-12-01 14:49 ` Ashish Kalra
2020-12-01 14:49 ` Ashish Kalra
2020-11-16 18:49 ` [PATCH 03/11] exec: add ram_debug_ops support Ashish Kalra
2020-11-16 18:49 ` Ashish Kalra
2020-12-01 12:08 ` Peter Maydell
2020-12-01 12:08 ` Peter Maydell
2020-12-01 14:43 ` Ashish Kalra
2020-12-01 14:43 ` Ashish Kalra
2020-11-16 18:50 ` [PATCH 04/11] exec: Add address_space_read and address_space_write debug helpers Ashish Kalra
2020-11-16 18:50 ` Ashish Kalra
2020-11-16 18:51 ` [PATCH 05/11] exec: add debug version of physical memory read and write API Ashish Kalra
2020-11-16 18:51 ` Ashish Kalra
2020-11-24 5:42 ` Dov Murik
2020-11-24 5:42 ` Dov Murik
2020-11-16 18:51 ` [PATCH 06/11] monitor/i386: use debug APIs when accessing guest memory Ashish Kalra
2020-11-16 18:51 ` Ashish Kalra
2020-12-01 11:54 ` Peter Maydell
2020-12-01 11:54 ` Peter Maydell
2020-12-01 12:05 ` Peter Maydell
2020-12-01 12:05 ` Peter Maydell
2020-11-16 18:51 ` [PATCH 07/11] kvm: introduce debug memory encryption API Ashish Kalra
2020-11-16 18:51 ` Ashish Kalra
2020-11-16 18:52 ` [PATCH 08/11] sev/i386: add debug encrypt and decrypt commands Ashish Kalra
2020-11-16 18:52 ` Ashish Kalra
2020-11-16 18:52 ` [PATCH 09/11] hw/i386: set ram_debug_ops when memory encryption is enabled Ashish Kalra
2020-11-16 18:52 ` Ashish Kalra
2020-11-16 18:52 ` [PATCH 10/11] sev/i386: add SEV specific MemoryDebugOps Ashish Kalra
2020-11-16 18:52 ` Ashish Kalra
2020-11-16 18:53 ` [PATCH 11/11] target/i386: clear C-bit when walking SEV guest page table Ashish Kalra
2020-11-16 18:53 ` Ashish Kalra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1605316268.git.ashish.kalra@amd.com \
--to=ashish.kalra@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=armbru@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=ssg.sos.patches@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.