[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[for-5.2 v4 01/10] host trust limitation: Introduce new host trust limit
|
From: |
David Gibson |
|
Subject: |
[for-5.2 v4 01/10] host trust limitation: Introduce new host trust limitation interface |
|
Date: |
Fri, 24 Jul 2020 12:57:35 +1000 |
Several architectures have mechanisms which are designed to protect guest
memory from interference or eavesdropping by a compromised hypervisor. AMD
SEV does this with in-chip memory encryption and Intel has a similar
mechanism. POWER's Protected Execution Framework (PEF) accomplishes a
similar goal using an ultravisor and new memory protection features,
instead of encryption.
To (partially) unify handling for these, this introduces a new
HostTrustLimitation QOM interface.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
backends/Makefile.objs | 2 ++
backends/host-trust-limitation.c | 29 ++++++++++++++++++++++++
include/exec/host-trust-limitation.h | 33 ++++++++++++++++++++++++++++
include/qemu/typedefs.h | 1 +
4 files changed, 65 insertions(+)
create mode 100644 backends/host-trust-limitation.c
create mode 100644 include/exec/host-trust-limitation.h
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 22d204cb48..dcb8f58d31 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -21,3 +21,5 @@ common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
common-obj-$(CONFIG_GIO) += dbus-vmstate.o
dbus-vmstate.o-cflags = $(GIO_CFLAGS)
dbus-vmstate.o-libs = $(GIO_LIBS)
+
+common-obj-y += host-trust-limitation.o
diff --git a/backends/host-trust-limitation.c b/backends/host-trust-limitation.c
new file mode 100644
index 0000000000..96a381cd8a
--- /dev/null
+++ b/backends/host-trust-limitation.c
@@ -0,0 +1,29 @@
+/*
+ * QEMU Host Trust Limitation interface
+ *
+ * Copyright: David Gibson, Red Hat Inc. 2020
+ *
+ * Authors:
+ * David Gibson <david@gibson.dropbear.id.au>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "exec/host-trust-limitation.h"
+
+static const TypeInfo host_trust_limitation_info = {
+ .name = TYPE_HOST_TRUST_LIMITATION,
+ .parent = TYPE_INTERFACE,
+ .class_size = sizeof(HostTrustLimitationClass),
+};
+
+static void host_trust_limitation_register_types(void)
+{
+ type_register_static(&host_trust_limitation_info);
+}
+
+type_init(host_trust_limitation_register_types)
diff --git a/include/exec/host-trust-limitation.h
b/include/exec/host-trust-limitation.h
new file mode 100644
index 0000000000..03887b1be1
--- /dev/null
+++ b/include/exec/host-trust-limitation.h
@@ -0,0 +1,33 @@
+/*
+ * QEMU Host Trust Limitation interface
+ *
+ * Copyright: David Gibson, Red Hat Inc. 2020
+ *
+ * Authors:
+ * David Gibson <david@gibson.dropbear.id.au>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ *
+ */
+#ifndef QEMU_HOST_TRUST_LIMITATION_H
+#define QEMU_HOST_TRUST_LIMITATION_H
+
+#include "qom/object.h"
+
+#define TYPE_HOST_TRUST_LIMITATION "host-trust-limitation"
+#define HOST_TRUST_LIMITATION(obj) \
+ INTERFACE_CHECK(HostTrustLimitation, (obj), \
+ TYPE_HOST_TRUST_LIMITATION)
+#define HOST_TRUST_LIMITATION_CLASS(klass) \
+ OBJECT_CLASS_CHECK(HostTrustLimitationClass, (klass), \
+ TYPE_HOST_TRUST_LIMITATION)
+#define HOST_TRUST_LIMITATION_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(HostTrustLimitationClass, (obj), \
+ TYPE_HOST_TRUST_LIMITATION)
+
+typedef struct HostTrustLimitationClass {
+ InterfaceClass parent;
+} HostTrustLimitationClass;
+
+#endif /* QEMU_HOST_TRUST_LIMITATION_H */
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 427027a970..624d59c037 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -51,6 +51,7 @@ typedef struct FWCfgIoState FWCfgIoState;
typedef struct FWCfgMemState FWCfgMemState;
typedef struct FWCfgState FWCfgState;
typedef struct HostMemoryBackend HostMemoryBackend;
+typedef struct HostTrustLimitation HostTrustLimitation;
typedef struct I2CBus I2CBus;
typedef struct I2SCodec I2SCodec;
typedef struct IOMMUMemoryRegion IOMMUMemoryRegion;
--
2.26.2
- [for-5.2 v4 00/10] Generalize memory encryption models, David Gibson, 2020/07/23
- [for-5.2 v4 04/10] host trust limitation: Rework the "memory-encryption" property, David Gibson, 2020/07/23
- [for-5.2 v4 02/10] host trust limitation: Handle memory encryption via interface, David Gibson, 2020/07/23
- [for-5.2 v4 03/10] host trust limitation: Move side effect out of machine_set_memory_encryption(), David Gibson, 2020/07/23
- [for-5.2 v4 06/10] host trust limitation: Add Error ** to HostTrustLimitation::kvm_init, David Gibson, 2020/07/23
- [for-5.2 v4 08/10] spapr: PEF: block migration, David Gibson, 2020/07/23
- [for-5.2 v4 01/10] host trust limitation: Introduce new host trust limitation interface,
David Gibson <=
- [for-5.2 v4 07/10] spapr: Add PEF based host trust limitation, David Gibson, 2020/07/23
- [for-5.2 v4 10/10] s390: Recognize host-trust-limitation option, David Gibson, 2020/07/23
- [for-5.2 v4 09/10] host trust limitation: Alter virtio default properties for protected guests, David Gibson, 2020/07/23
- [for-5.2 v4 05/10] host trust limitation: Decouple kvm_memcrypt_*() helpers from KVM, David Gibson, 2020/07/23