On Wed, Mar 08, 2017 at 03:52:26PM -0500, Brijesh Singh wrote:
> Add high level API's to provide guest memory encryption support.
>
> Signed-off-by: Brijesh Singh <[email protected]>
> ---
> include/sysemu/kvm.h | 7 +++++++
> kvm-all.c | 52
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> kvm-stub.c | 31 ++++++++++++++++++++++++++++++
> 3 files changed, 90 insertions(+)
>
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index 24281fc..6f88a06 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -227,6 +227,13 @@ int kvm_init_vcpu(CPUState *cpu);
> int kvm_cpu_exec(CPUState *cpu);
> int kvm_destroy_vcpu(CPUState *cpu);
>
> +bool kvm_memcrypt_enabled(void);
> +void *kvm_memcrypt_get_handle(void);
> +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr);
> +int kvm_memcrypt_create_launch_context(void);
> +int kvm_memcrypt_release_launch_context(void);
> +int kvm_memcrypt_encrypt_launch_data(uint8_t *ptr, uint64_t len);
Please document what the return value of those functions mean.
[...]
> +int kvm_memcrypt_create_launch_context(void)
> +{
> + if (kvm_state->create_launch_context) {
> + return kvm_state->create_launch_context(kvm_state->ehandle);
> + }
> +
> + return 1;
I suggest returning -ENOTSUP if not implemented.
> +}
> +
> +int kvm_memcrypt_release_launch_context(void)
> +{
> + if (kvm_state->release_launch_context) {
> + return kvm_state->release_launch_context(kvm_state->ehandle);
> + }
> +
> + return 1;
> +}
> +
> +int kvm_memcrypt_encrypt_launch_data(uint8_t *dst, uint64_t len)
> +{
> + if (kvm_state->encrypt_launch_data) {
> + return kvm_state->encrypt_launch_data(kvm_state->ehandle, dst, len);
> + }
> +
> + return 1;
> +}
> +
> +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
> +{
> + if (kvm_state->memcrypt_debug_ops) {
> + return kvm_state->memcrypt_debug_ops(kvm_state->ehandle, mr);
> + }
> +}
> +
> +void *kvm_memcrypt_get_handle(void)
> +{
> + return kvm_state->ehandle;
> +}
> +
> int kvm_get_max_memslots(void)
> {
> KVMState *s = KVM_STATE(current_machine->accelerator);
> diff --git a/kvm-stub.c b/kvm-stub.c
> index ef0c734..20920aa 100644
> --- a/kvm-stub.c
> +++ b/kvm-stub.c
> @@ -105,6 +105,37 @@ int kvm_on_sigbus(int code, void *addr)
> return 1;
> }
>
> +bool kvm_memcrypt_enabled(void)
> +{
> + return false;
> +}
> +
> +void *kvm_memcrypt_get_handle(void)
> +{
> + return NULL;
> +}
> +
> +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
> +{
> + return;
> +}
> +
> +int kvm_memcrypt_create_launch_context(void)
> +{
> + return 1;
> +}
> +
> +int kvm_memcrypt_release_launch_context(void)
> +{
> + return 1;
> +}
> +
> +int kvm_memcrypt_encrypt_launch_data(uint8_t *ptr, uint64_t len)
> +{
> + return 1;
> +}
> +
> +
> #ifndef CONFIG_USER_ONLY
> int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev)
> {
>
--
Eduardo
