Re: [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api sup

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api sup

From:	Eduardo Habkost
Subject:	Re: [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api support
Date:	Wed, 8 Mar 2017 18:06:55 -0300
User-agent:	Mutt/1.7.1 (2016-10-04)

On Wed, Mar 08, 2017 at 03:52:26PM -0500, Brijesh Singh wrote:
> Add high level API's to provide guest memory encryption support.
> 
> Signed-off-by: Brijesh Singh <address@hidden>
> ---
>  include/sysemu/kvm.h |    7 +++++++
>  kvm-all.c            |   52 
> ++++++++++++++++++++++++++++++++++++++++++++++++++
>  kvm-stub.c           |   31 ++++++++++++++++++++++++++++++
>  3 files changed, 90 insertions(+)
> 
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index 24281fc..6f88a06 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -227,6 +227,13 @@ int kvm_init_vcpu(CPUState *cpu);
>  int kvm_cpu_exec(CPUState *cpu);
>  int kvm_destroy_vcpu(CPUState *cpu);
>  
> +bool kvm_memcrypt_enabled(void);
> +void *kvm_memcrypt_get_handle(void);
> +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr);
> +int kvm_memcrypt_create_launch_context(void);
> +int kvm_memcrypt_release_launch_context(void);
> +int kvm_memcrypt_encrypt_launch_data(uint8_t *ptr, uint64_t len);

Please document what the return value of those functions mean.

[...]
> +int kvm_memcrypt_create_launch_context(void)
> +{
> +    if (kvm_state->create_launch_context) {
> +        return kvm_state->create_launch_context(kvm_state->ehandle);
> +    }
> +
> +    return 1;

I suggest returning -ENOTSUP if not implemented.

> +}
> +
> +int kvm_memcrypt_release_launch_context(void)
> +{
> +    if (kvm_state->release_launch_context) {
> +        return kvm_state->release_launch_context(kvm_state->ehandle);
> +    }
> +
> +    return 1;
> +}
> +
> +int kvm_memcrypt_encrypt_launch_data(uint8_t *dst, uint64_t len)
> +{
> +    if (kvm_state->encrypt_launch_data) {
> +        return kvm_state->encrypt_launch_data(kvm_state->ehandle, dst, len);
> +    }
> +
> +    return 1;
> +}
> +
> +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
> +{
> +    if (kvm_state->memcrypt_debug_ops) {
> +        return kvm_state->memcrypt_debug_ops(kvm_state->ehandle, mr);
> +    }
> +}
> +
> +void *kvm_memcrypt_get_handle(void)
> +{
> +    return kvm_state->ehandle;
> +}
> +
>  int kvm_get_max_memslots(void)
>  {
>      KVMState *s = KVM_STATE(current_machine->accelerator);
> diff --git a/kvm-stub.c b/kvm-stub.c
> index ef0c734..20920aa 100644
> --- a/kvm-stub.c
> +++ b/kvm-stub.c
> @@ -105,6 +105,37 @@ int kvm_on_sigbus(int code, void *addr)
>      return 1;
>  }
>  
> +bool kvm_memcrypt_enabled(void)
> +{
> +    return false;
> +}
> +
> +void *kvm_memcrypt_get_handle(void)
> +{
> +    return NULL;
> +}
> +
> +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
> +{
> +    return;
> +}
> +
> +int kvm_memcrypt_create_launch_context(void)
> +{
> +    return 1;
> +}
> +
> +int kvm_memcrypt_release_launch_context(void)
> +{
> +    return 1;
> +}
> +
> +int kvm_memcrypt_encrypt_launch_data(uint8_t *ptr, uint64_t len)
> +{
> +    return 1;
> +}
> +
> +
>  #ifndef CONFIG_USER_ONLY
>  int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev)
>  {
> 

-- 
Eduardo

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [RFC PATCH v4 09/20] hmp: display memory encryption support in 'info kvm', (continued)
- [Qemu-devel] [RFC PATCH v4 09/20] hmp: display memory encryption support in 'info kvm', Brijesh Singh, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 09/20] hmp: display memory encryption support in 'info kvm', Eric Blake, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 12/20] SEV: add GUEST_STATUS command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 14/20] sev: add LAUNCH_FINISH command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 18/20] target/i386: add cpuid Fn8000_001f, Brijesh Singh, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 18/20] target/i386: add cpuid Fn8000_001f, Eduardo Habkost, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 16/20] sev: add DEBUG_ENCRYPT command, Brijesh Singh, 2017/03/08
- Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD), Eduardo Habkost, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD), Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api support, Brijesh Singh, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api support, Eduardo Habkost <=
- [Qemu-devel] [RFC PATCH v4 15/20] sev: add DEBUG_DECRYPT command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 17/20] target/i386: encrypt bios rom when memory encryption is enabled, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 20/20] migration: disable save/restore and migration when SEV is active, Brijesh Singh, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 20/20] migration: disable save/restore and migration when SEV is active, Eduardo Habkost, 2017/03/08
    - Re: [Qemu-devel] [RFC PATCH v4 20/20] migration: disable save/restore and migration when SEV is active, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 19/20] target/i386: clear memory encryption bit when walking SEV guest page table, Brijesh Singh, 2017/03/08
- Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD), no-reply, 2017/03/08

Prev by Date: Re: [Qemu-devel] Performance difference between QEMU 2.2.0 and 2.6.0
Next by Date: Re: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command
Previous by thread: [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api support
Next by thread: [Qemu-devel] [RFC PATCH v4 15/20] sev: add DEBUG_DECRYPT command
Index(es):
- Date
- Thread