[RFC PATCH 4/8] i386/sev: Replace UPDATE_DATA ioctl with sev library equivalent
UPDATE_DATA takes the VM's file descriptor, a guest memory region to
be encrypted, as well as the size of the aforementioned guest memory
region.
If this API ioctl call fails, fw_error will be set accordingly.
Signed-off-by: Tyler Fanelli
---
target/i386/sev.c | 31 ++-
1 file changed, 6 insertions(+), 25 deletions(-)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 49be072cbc..615021a1a3 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -715,29 +715,6 @@ sev_read_file_base64(const char *filename, guchar **data,
gsize *len)
return 0;
}
-static int
-sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len)
-{
-int ret, fw_error;
-struct kvm_sev_launch_update_data update;
-
-if (!addr || !len) {
-return 1;
-}
-
-update.uaddr = (__u64)(unsigned long)addr;
-update.len = len;
-trace_kvm_sev_launch_update_data(addr, len);
-ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
-, _error);
-if (ret) {
-error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
-__func__, ret, fw_error, fw_error_to_str(fw_error));
-}
-
-return ret;
-}
-
static int
sev_launch_update_vmsa(SevGuestState *sev)
{
@@ -1009,15 +986,19 @@ out:
int
sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp)
{
+KVMState *s = kvm_state;
+int fw_error;
+
if (!sev_guest) {
return 0;
}
/* if SEV is in update state then encrypt the data else do nothing */
if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) {
-int ret = sev_launch_update_data(sev_guest, ptr, len);
+int ret = sev_launch_update_data(s->vmfd, (__u64) ptr, len, _error);
if (ret < 0) {
-error_setg(errp, "SEV: Failed to encrypt pflash rom");
+error_setg(errp, "SEV: Failed to encrypt pflash rom fw_err=%d",
+ fw_error);
return ret;
}
}
--
2.40.1
[RFC PATCH 4/8] i386/sev: Replace UPDATE_DATA ioctl with sev library equivalent
UPDATE_DATA takes the VM's file descriptor, a guest memory region to
be encrypted, as well as the size of the aforementioned guest memory
region.
If this API ioctl call fails, fw_error will be set accordingly.
Signed-off-by: Tyler Fanelli
---
target/i386/sev.c | 31 ++-
1 file changed, 6 insertions(+), 25 deletions(-)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 49be072cbc..615021a1a3 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -715,29 +715,6 @@ sev_read_file_base64(const char *filename, guchar **data,
gsize *len)
return 0;
}
-static int
-sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len)
-{
-int ret, fw_error;
-struct kvm_sev_launch_update_data update;
-
-if (!addr || !len) {
-return 1;
-}
-
-update.uaddr = (__u64)(unsigned long)addr;
-update.len = len;
-trace_kvm_sev_launch_update_data(addr, len);
-ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
-, _error);
-if (ret) {
-error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
-__func__, ret, fw_error, fw_error_to_str(fw_error));
-}
-
-return ret;
-}
-
static int
sev_launch_update_vmsa(SevGuestState *sev)
{
@@ -1009,15 +986,19 @@ out:
int
sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp)
{
+KVMState *s = kvm_state;
+int fw_error;
+
if (!sev_guest) {
return 0;
}
/* if SEV is in update state then encrypt the data else do nothing */
if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) {
-int ret = sev_launch_update_data(sev_guest, ptr, len);
+int ret = sev_launch_update_data(s->vmfd, (__u64) ptr, len, _error);
if (ret < 0) {
-error_setg(errp, "SEV: Failed to encrypt pflash rom");
+error_setg(errp, "SEV: Failed to encrypt pflash rom fw_err=%d",
+ fw_error);
return ret;
}
}
--
2.40.1
