Re: [Qemu-devel] [PATCH v3 07/14] target/i386: sev: provide callback to setup outgoing context

[Dr. David Alan Gilbert]

* Singh, Brijesh (address@hidden) wrote:
> The user provides the target machine's Platform Diffie-Hellman key (PDH)
> and certificate chain before starting the SEV guest migration. Cache the
> certificate chain as we need them while creating the outgoing context.
> 
> Signed-off-by: Brijesh Singh <address@hidden>
> ---
>  accel/kvm/kvm-all.c    | 12 +++++++++++
>  accel/kvm/sev-stub.c   |  6 ++++++
>  include/sysemu/sev.h   |  2 ++
>  target/i386/sev.c      | 45 ++++++++++++++++++++++++++++++++++++++++++
>  target/i386/sev_i386.h |  6 ++++++
>  5 files changed, 71 insertions(+)
> 
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index f450f25295..d0304c6947 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -165,6 +165,17 @@ bool kvm_memcrypt_enabled(void)
>      return false;
>  }
>  
> +static int kvm_memcrypt_save_setup(const char *pdh, const char *plat_cert,
> +                                   const char *amd_cert)
> +{
> +    return sev_save_setup(kvm_state->memcrypt_handle, pdh,
> +                          plat_cert, amd_cert);
> +}
> +
> +static struct MachineMemoryEncryptionOps sev_memory_encryption_ops = {
> +    .save_setup = kvm_memcrypt_save_setup,
> +};
> +
>  int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len)
>  {
>      if (kvm_state->memcrypt_handle &&
> @@ -1968,6 +1979,7 @@ static int kvm_init(MachineState *ms)
>          }
>  
>          kvm_state->memcrypt_encrypt_data = sev_encrypt_data;
> +        mc->memory_encryption_ops = &sev_memory_encryption_ops;

It surprises me that this isn't in target/i386/kvm.c somehow

>      }
>  
>      ret = kvm_arch_init(ms, s);
> diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c
> index 4f97452585..528f8cf7f1 100644
> --- a/accel/kvm/sev-stub.c
> +++ b/accel/kvm/sev-stub.c
> @@ -24,3 +24,9 @@ void *sev_guest_init(const char *id)
>  {
>      return NULL;
>  }
> +
> +int sev_save_setup(void *handle, const char *pdh, const char *plat_cert,
> +                   const char *amd_cert)
> +{
> +    return 1;
> +}
> diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
> index 98c1ec8d38..d5123d4fa3 100644
> --- a/include/sysemu/sev.h
> +++ b/include/sysemu/sev.h
> @@ -18,4 +18,6 @@
>  
>  void *sev_guest_init(const char *id);
>  int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len);
> +int sev_save_setup(void *handle, const char *pdh, const char *plat_cert,
> +                   const char *amd_cert);
>  #endif
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index f1423cb0c0..70e9d86815 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -27,6 +27,7 @@
>  #include "sysemu/sysemu.h"
>  #include "trace.h"
>  #include "migration/blocker.h"
> +#include "migration/qemu-file.h"

Do you need that yet?

>  #define DEFAULT_GUEST_POLICY    0x1 /* disable debug */
>  #define DEFAULT_SEV_DEVICE      "/dev/sev"
> @@ -62,6 +63,8 @@ static const char *const sev_fw_errlist[] = {
>  
>  #define SEV_FW_MAX_ERROR      ARRAY_SIZE(sev_fw_errlist)
>  
> +#define SEV_FW_BLOB_MAX_SIZE            0x4000          /* 16KB */
> +
>  static int
>  sev_ioctl(int fd, int cmd, void *data, int *error)
>  {
> @@ -729,6 +732,48 @@ sev_vm_state_change(void *opaque, int running, RunState 
> state)
>      }
>  }
>  
> +static inline bool check_blob_length(size_t value)
> +{
> +    if (value > SEV_FW_BLOB_MAX_SIZE) {
> +        error_report("invalid length max=%ld got=%d",
> +                     value, SEV_FW_BLOB_MAX_SIZE);

Those two parameters are the wrong way around aren't they?

> +        return false;
> +    }
> +
> +    return true;
> +}
> +
> +int sev_save_setup(void *handle, const char *pdh, const char *plat_cert,
> +                   const char *amd_cert)
> +{
> +    SEVState *s = (SEVState *)handle;
> +
> +    s->remote_pdh = g_base64_decode(pdh, &s->remote_pdh_len);
> +    if (!check_blob_length(s->remote_pdh_len)) {

Print something to say what went wrong.

> +        goto error;
> +    }
> +
> +    s->remote_plat_cert = g_base64_decode(plat_cert,
> +                                          &s->remote_plat_cert_len);
> +    if (!check_blob_length(s->remote_plat_cert_len)) {
> +        goto error;
> +    }
> +
> +    s->amd_cert = g_base64_decode(amd_cert, &s->amd_cert_len);
> +    if (!check_blob_length(s->amd_cert_len)) {
> +        goto error;
> +    }
> +
> +    return 0;
> +
> +error:
> +    g_free(s->remote_pdh);
> +    g_free(s->remote_plat_cert);
> +    g_free(s->amd_cert);
> +
> +    return 1;
> +}
> +
>  void *
>  sev_guest_init(const char *id)
>  {
> diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
> index 55313441ae..32906de998 100644
> --- a/target/i386/sev_i386.h
> +++ b/target/i386/sev_i386.h
> @@ -81,6 +81,12 @@ struct SEVState {
>      int sev_fd;
>      SevState state;
>      gchar *measurement;
> +    guchar *remote_pdh;
> +    size_t remote_pdh_len;
> +    guchar *remote_plat_cert;
> +    size_t remote_plat_cert_len;
> +    guchar *amd_cert;
> +    size_t amd_cert_len;
>  };
>  
>  typedef struct SEVState SEVState;
> -- 
> 2.17.1
> 
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK