[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH RFC v3 00/49] Add AMD Secure Nested Paging (SEV-SNP) support
|
From: |
Ani Sinha |
|
Subject: |
Re: [PATCH RFC v3 00/49] Add AMD Secure Nested Paging (SEV-SNP) support |
|
Date: |
Thu, 18 Apr 2024 17:07:03 +0530 |
> On 20 Mar 2024, at 14:08, Michael Roth <michael.roth@amd.com> wrote:
>
> These patches implement SEV-SNP base support along with CPUID enforcement
> support for QEMU, and are also available at:
>
> https://github.com/amdese/qemu/commits/snp-v3-rfc
>
> they are based on top of the following patchset from Paolo:
>
> "[PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support"
> https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg04663.html
Can you please also CC me on future revisions of this patchset?
Thanks!
>
>
> Patch Layout
> ------------
>
> 01-05: Various changes needed to handle new header files in kvm-next tree
> and some hacks to get a functional header sync in place for building
> this series.
> 06-18: These are patches directly plucked from Xiaoyao's TDX v5 patchset[1]
> that implement common dependencies between SNP/TDX like base
> guest_memfd, KVM_EXIT_MEMORY_FAULT handling (with a small FIXUP), and
> mechanisms to disable SMM. We would've also needed some of the basic
> infrastructure for handling specifying VM types for KVM_CREATE, but
> much of that is now part of the sevinit2 series this patchset is based
> on. Ideally all these patches, once stable, could be maintained in a
> common tree so that future SNP/TDX patchsets can be more easily
> iterated on/reviewed.
> 19-20: Patches introduced by this series that are possible candidate for a
> common tree.
> shared/private pages when things like VFIO are in use.
> 21-32: Introduction of sev-snp-guest object and various configuration
> requirements for SNP.
> 33-36: Handling for various KVM_EXIT_VMGEXIT events that are handled in
> userspace.
> 37-49: Support for creating a cryptographic "launch" context and populating
> various OVMF metadata pages, BIOS regions, and vCPU/VMSA pages with
> the initial encrypted/measured/validated launch data prior to
> launching the SNP guest.
>
>
> Testing
> -------
>
> This series has been tested against the following host kernel tree, which
> is a snapshot of the latest WIP SNP hypervisor tree at the time of this
> posting. It will likely not be kept up to date afterward, so please keep an
> eye upstream or official AMDESE github if you are looking for the latest
> some time after this posting:
>
> https://github.com/mdroth/linux/commits/snp-host-v12-wip40/
>
> A patched OVMF is also needed due to upstream KVM no longer supporting MMIO
> ranges that are mapped as private. It is recommended you build the AmdSevX64
> variant as it provides the kernel-hashing support present in this series:
>
> https://github.com/mdroth/edk2/commits/apic-mmio-fix1c/
>
> A basic command-line invocation for SNP would be:
>
> qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
> -machine q35,confidential-guest-support=sev0,memory-backend=ram1
> -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
> -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=
> -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd
>
> With kernel-hashing and certificate data supplied:
>
> qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
> -machine q35,confidential-guest-support=sev0,memory-backend=ram1
> -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
> -object
> sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=,certs-path=/home/mroth/cert.blob,kernel-hashes=on
> -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd
> -kernel /boot/vmlinuz-6.8.0-snp-host-v12-wip40+
> -initrd /boot/initrd.img-6.8.0-snp-host-v12-wip40+
> -append "root=UUID=d72a6d1c-06cf-4b79-af43-f1bac4f620f9 ro
> console=ttyS0,115200n8"
>
> Any comments/feedback would be very much appreciated.
>
> [1] https://github.com/amdese/linux
> https://github.com/amdese/amdsev/tree/snp-latest
>
> Changes since rfc2:
>
> - reworked on top of guest_memfd support
> - added handling for various KVM_EXIT_VMGEXIT events
> - various changes/considerations for PCI passthrough support
> - general bugfixes/hardening/cleanups
> - qapi cmdline doc fixes/rework (Dov, Markus)
> - switch to qbase64_decode, more error-checking for cmdline opts (Dov)
> - unset id_block_en for 0 input (Dov)
> - use error_setg in snp init (Dov)
> - report more info in trace_kvm_sev_init (Dov)
> - rework bounds-checking for kvm_cpuid_info, rework existing checks for
> readability, add additional checks (Dov)
> - fixups for validated_ranges handling (Dov)
> - rename 'policy' field to 'snp-policy' in query-sev when sev-type is SNP
>
> Changes since rfc1:
>
> - rebased onto latest master
> - drop SNP config file in favor of a new 'sev-snp-guest' object where all
> SNP-related params are passed as strings/integers via command-line
> - report specific error if BIOS reports invalid address/len for
> reserved/pre-validated regions (Connor)
> - use Range helpers for handling validated region overlaps (Dave)
> - simplify error handling in sev_snp_launch_start, and report the correct
> return code when handling LAUNCH_START failures (Dov)
> - add SEV-SNP bit to CPUID 0x8000001f when SNP enabled
> - updated query-sev to handle differences between SEV and SEV-SNP
> - updated to work against v5 of SEV-SNP host kernel / hypervisor patches
>
> ----------------------------------------------------------------
> Brijesh Singh (5):
> i386/sev: Introduce 'sev-snp-guest' object
> i386/sev: Add the SNP launch start context
> i386/sev: Add handling to encrypt/finalize guest launch data
> hw/i386/sev: Add function to get SEV metadata from OVMF header
> i386/sev: Add support for populating OVMF metadata pages
>
> Chao Peng (2):
> kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot
> kvm: handle KVM_EXIT_MEMORY_FAULT
>
> Dov Murik (4):
> qapi, i386: Move kernel-hashes to SevCommonProperties
> i386/sev: Extract build_kernel_loader_hashes
> i386/sev: Reorder struct declarations
> i386/sev: Allow measured direct kernel boot on SNP
>
> Isaku Yamahata (2):
> pci-host/q35: Move PAM initialization above SMRAM initialization
> q35: Introduce smm_ranges property for q35-pci-host
>
> Michael Roth (30):
> Revert "linux-headers hack" from sevinit2 base tree
> scripts/update-linux-headers: Add setup_data.h to import list
> scripts/update-linux-headers: Add bits.h to file imports
> [HACK] linux-headers: Update headers for 6.8 + kvm-coco-queue + SNP
> [TEMP] hw/i386: Remove redeclaration of struct setup_data
> RAMBlock: Add support of KVM private guest memfd
> [FIXUP] "kvm: handle KVM_EXIT_MEMORY_FAULT": drop qemu_host_page_size
> trace/kvm: Add trace for page convertion between shared and private
> kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled()
> trace/kvm: Add trace for KVM_EXIT_MEMORY_FAULT
> i386/sev: Introduce "sev-common" type to encapsulate common SEV state
> i386/sev: Add a sev_snp_enabled() helper
> target/i386: Add handling for KVM_X86_SNP_VM VM type
> i386/sev: Skip RAMBlock notifiers for SNP
> i386/sev: Skip machine-init-done notifiers for SNP
> i386/sev: Set ms->require_guest_memfd for SNP
> i386/sev: Disable SMM for SNP
> i386/sev: Don't disable block discarding for SNP
> i386/cpu: Set SEV-SNP CPUID bit when SNP enabled
> i386/sev: Update query-sev QAPI format to handle SEV-SNP
> i386/sev: Don't return launch measurements for SEV-SNP guests
> kvm: Make kvm_convert_memory() non-static
> i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes
> i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes
> (MSR-based)
> i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests
> i386/sev: Set CPU state to protected once SNP guest payload is finalized
> i386/sev: Add support for SNP CPUID validation
> hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled
> hw/i386/sev: Use guest_memfd for legacy ROMs
> hw/i386: Add support for loading BIOS using guest_memfd
>
> Xiaoyao Li (6):
> HostMem: Add mechanism to opt in kvm guest memfd via MachineState
> trace/kvm: Split address space and slot id in trace_kvm_set_user_memory()
> kvm: Introduce support for memory_attributes
> physmem: Introduce ram_block_discard_guest_memfd_range()
> kvm/memory: Make memory type private by default if it has guest memfd
> backend
> memory: Introduce memory_region_init_ram_guest_memfd()
>
> accel/kvm/kvm-all.c | 241 ++-
> accel/kvm/trace-events | 4 +-
> accel/stubs/kvm-stub.c | 5 +
> backends/hostmem-file.c | 1 +
> backends/hostmem-memfd.c | 1 +
> backends/hostmem-ram.c | 1 +
> backends/hostmem.c | 1 +
> docs/system/i386/amd-memory-encryption.rst | 78 +-
> hw/core/machine.c | 5 +
> hw/i386/pc.c | 13 +-
> hw/i386/pc_q35.c | 2 +
> hw/i386/pc_sysfw.c | 25 +-
> hw/i386/pc_sysfw_ovmf.c | 33 +
> hw/i386/x86.c | 46 +-
> hw/pci-host/q35.c | 61 +-
> include/exec/cpu-common.h | 2 +
> include/exec/memory.h | 26 +-
> include/exec/ram_addr.h | 2 +-
> include/exec/ramblock.h | 1 +
> include/hw/boards.h | 2 +
> include/hw/i386/pc.h | 31 +-
> include/hw/i386/x86.h | 2 +-
> include/hw/pci-host/q35.h | 1 +
> include/standard-headers/asm-x86/bootparam.h | 17 +-
> include/standard-headers/asm-x86/kvm_para.h | 3 +-
> include/standard-headers/linux/ethtool.h | 48 +
> include/standard-headers/linux/fuse.h | 39 +-
> include/standard-headers/linux/input-event-codes.h | 1 +
> include/standard-headers/linux/virtio_gpu.h | 2 +
> include/standard-headers/linux/virtio_snd.h | 154 ++
> include/sysemu/hostmem.h | 1 +
> include/sysemu/kvm.h | 7 +
> include/sysemu/kvm_int.h | 2 +
> linux-headers/asm-arm64/kvm.h | 15 +-
> linux-headers/asm-arm64/sve_context.h | 11 +
> linux-headers/asm-generic/bitsperlong.h | 4 +
> linux-headers/asm-loongarch/kvm.h | 2 -
> linux-headers/asm-mips/kvm.h | 2 -
> linux-headers/asm-powerpc/kvm.h | 45 +-
> linux-headers/asm-riscv/kvm.h | 3 +-
> linux-headers/asm-s390/kvm.h | 315 +++-
> linux-headers/asm-x86/kvm.h | 372 ++++-
> linux-headers/asm-x86/setup_data.h | 83 +
> linux-headers/linux/bits.h | 15 +
> linux-headers/linux/kvm.h | 719 +--------
> linux-headers/linux/psp-sev.h | 71 +
> qapi/misc-target.json | 71 +-
> qapi/qom.json | 96 +-
> scripts/update-linux-headers.sh | 5 +-
> system/memory.c | 30 +
> system/physmem.c | 47 +-
> target/i386/cpu.c | 1 +
> target/i386/kvm/kvm.c | 4 +
> target/i386/sev-sysemu-stub.c | 2 +-
> target/i386/sev.c | 1631 ++++++++++++++++----
> target/i386/sev.h | 13 +-
> target/i386/trace-events | 3 +
> 57 files changed, 3272 insertions(+), 1146 deletions(-)
> create mode 100644 linux-headers/asm-x86/setup_data.h
> create mode 100644 linux-headers/linux/bits.h
>
>
>
>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH RFC v3 00/49] Add AMD Secure Nested Paging (SEV-SNP) support,
Ani Sinha <=