代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/qemu 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 368bf2c044fcdd21f10545de103af7cd2a5986f9 Mon Sep 17 00:00:00 2001
From: jiangxin <jiangxin@hygon.cn>
Date: Wed, 25 Aug 2021 12:25:05 +0800
Subject: [PATCH] target/i386: csv: Add command to load vmcb to CSV3 guest
memory
The KVM_CSV3_LAUNCH_ENCRYPT_VMCB command is used to load and encrypt
the initial VMCB data to secure memory in an isolated region that
guest owns.
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
linux-headers/linux/kvm.h | 1 +
target/i386/csv-sysemu-stub.c | 5 +++++
target/i386/csv.c | 21 +++++++++++++++++++++
target/i386/csv.h | 1 +
target/i386/sev.c | 8 ++++++--
5 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index dd6d9c2e07..8487d0889b 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -2114,6 +2114,7 @@ enum csv3_cmd_id {
KVM_CSV3_INIT = KVM_CSV3_NR_MIN,
KVM_CSV3_LAUNCH_ENCRYPT_DATA,
+ KVM_CSV3_LAUNCH_ENCRYPT_VMCB,
};
struct kvm_csv3_launch_encrypt_data {
diff --git a/target/i386/csv-sysemu-stub.c b/target/i386/csv-sysemu-stub.c
index b0ccbd2f18..23d885f0f3 100644
--- a/target/i386/csv-sysemu-stub.c
+++ b/target/i386/csv-sysemu-stub.c
@@ -24,3 +24,8 @@ int csv3_load_data(uint64_t gpa, uint8_t *ptr, uint64_t len, Error **errp)
{
g_assert_not_reached();
}
+
+int csv3_launch_encrypt_vmcb(void)
+{
+ g_assert_not_reached();
+}
diff --git a/target/i386/csv.c b/target/i386/csv.c
index 2a596681b8..12282ba451 100644
--- a/target/i386/csv.c
+++ b/target/i386/csv.c
@@ -143,3 +143,24 @@ csv3_load_data(uint64_t gpa, uint8_t *ptr, uint64_t len, Error **errp)
return ret;
}
+
+int
+csv3_launch_encrypt_vmcb(void)
+{
+ int ret, fw_error;
+
+ if (!csv3_enabled()) {
+ error_report("%s: CSV3 is not enabled", __func__);
+ return -1;
+ }
+
+ ret = csv3_ioctl(KVM_CSV3_LAUNCH_ENCRYPT_VMCB, NULL, &fw_error);
+ if (ret) {
+ error_report("%s: CSV3 LAUNCH_ENCRYPT_VMCB ret=%d fw_error=%d '%s'",
+ __func__, ret, fw_error, fw_error_to_str(fw_error));
+ goto err;
+ }
+
+err:
+ return ret;
+}
diff --git a/target/i386/csv.h b/target/i386/csv.h
index 27b66f7857..3caf216743 100644
--- a/target/i386/csv.h
+++ b/target/i386/csv.h
@@ -86,6 +86,7 @@ typedef struct Csv3GuestState Csv3GuestState;
extern struct Csv3GuestState csv3_guest;
extern int csv3_init(uint32_t policy, int fd, void *state, struct sev_ops *ops);
+extern int csv3_launch_encrypt_vmcb(void);
int csv3_load_data(uint64_t gpa, uint8_t *ptr, uint64_t len, Error **errp);
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 1c453b3148..6ff8891678 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -880,8 +880,12 @@ sev_launch_get_measure(Notifier *notifier, void *unused)
}
if (sev_es_enabled()) {
- /* measure all the VM save areas before getting launch_measure */
- ret = sev_launch_update_vmsa(sev);
+ if (csv3_enabled()) {
+ ret = csv3_launch_encrypt_vmcb();
+ } else {
+ /* measure all the VM save areas before getting launch_measure */
+ ret = sev_launch_update_vmsa(sev);
+ }
if (ret) {
exit(1);
}
--
2.41.0.windows.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手