On Wed, Oct 04, 2017 at 08:13:48AM -0500, Brijesh Singh wrote: > If hardware supports memory encryption then KVM_MEMORY_ENCRYPT_OP ioctl can > be used by qemu to issue a platform specific memory encryption commands.
Minor issues: "If the hardware supports memory encryption then the KVM_MEMORY_ENCRYPT_OP ioctl can be used by qemu to issue platform specific memory encryption commands." > Cc: Thomas Gleixner <[email protected]> > Cc: Ingo Molnar <[email protected]> > Cc: "H. Peter Anvin" <[email protected]> > Cc: Paolo Bonzini <[email protected]> > Cc: "Radim Krčmář" <[email protected]> > Cc: Joerg Roedel <[email protected]> > Cc: Borislav Petkov <[email protected]> > Cc: Tom Lendacky <[email protected]> > Cc: [email protected] > Cc: [email protected] > Cc: [email protected] > Signed-off-by: Brijesh Singh <[email protected]> > Reviewed-by: Paolo Bonzini <[email protected]> > --- > Documentation/virtual/kvm/api.txt | 16 ++++++++++++++++ > arch/x86/include/asm/kvm_host.h | 2 ++ > arch/x86/kvm/x86.c | 12 ++++++++++++ > include/uapi/linux/kvm.h | 2 ++ > 4 files changed, 32 insertions(+) > > diff --git a/Documentation/virtual/kvm/api.txt > b/Documentation/virtual/kvm/api.txt > index e63a35fafef0..cc1aa76ee6cd 100644 > --- a/Documentation/virtual/kvm/api.txt > +++ b/Documentation/virtual/kvm/api.txt > @@ -3390,6 +3390,22 @@ invalid, if invalid pages are written to (e.g. after > the end of memory) > or if no page table is present for the addresses (e.g. when using > hugepages). > > +4.109 KVM_MEMORY_ENCRYPT_OP > + > +Capability: basic > +Architectures: x86 > +Type: system > +Parameters: a opaque platform specific structure (in/out) ^ s/a/an/ > +Returns: 0 on success; -1 on error > + > +If platform supports creating encrypted VMs then this ioctl can be used for "If the platform... " > +issuing a platform specific memory encryption commands to manage the > encrypted change that line to: "issuing platform-specific memory encryption commands to manage those encrypted" > +VMs. > + > +Currently, this ioctl is used for issuing Secure Encrypted Virtualization > (SEV) > +commands on AMD Processors. The SEV commands are defined in > +Documentation/virtual/kvm/amd-memory-encryption.txt. > + Nice. With those addressed: Reviewed-by: Borislav Petkov <[email protected]> -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
