KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl
If the hardware supports memory encryption then the KVM_MEMORY_ENCRYPT_OP ioctl can be used by qemu to issue a platform specific memory encryption commands. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Radim Krčmář" <rkrcmar@redhat.com> Cc: Joerg Roedel <joro@8bytes.org> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Borislav Petkov <bp@suse.de>
This commit is contained in:
parent
8765d75329
commit
5acc5c0631
|
@ -3394,6 +3394,22 @@ invalid, if invalid pages are written to (e.g. after the end of memory)
|
||||||
or if no page table is present for the addresses (e.g. when using
|
or if no page table is present for the addresses (e.g. when using
|
||||||
hugepages).
|
hugepages).
|
||||||
|
|
||||||
|
4.109 KVM_MEMORY_ENCRYPT_OP
|
||||||
|
|
||||||
|
Capability: basic
|
||||||
|
Architectures: x86
|
||||||
|
Type: system
|
||||||
|
Parameters: an opaque platform specific structure (in/out)
|
||||||
|
Returns: 0 on success; -1 on error
|
||||||
|
|
||||||
|
If the platform supports creating encrypted VMs then this ioctl can be used
|
||||||
|
for issuing platform-specific memory encryption commands to manage those
|
||||||
|
encrypted VMs.
|
||||||
|
|
||||||
|
Currently, this ioctl is used for issuing Secure Encrypted Virtualization
|
||||||
|
(SEV) commands on AMD Processors. The SEV commands are defined in
|
||||||
|
Documentation/virtual/kvm/amd-memory-encryption.txt.
|
||||||
|
|
||||||
5. The kvm_run structure
|
5. The kvm_run structure
|
||||||
------------------------
|
------------------------
|
||||||
|
|
||||||
|
|
|
@ -1066,6 +1066,8 @@ struct kvm_x86_ops {
|
||||||
int (*pre_enter_smm)(struct kvm_vcpu *vcpu, char *smstate);
|
int (*pre_enter_smm)(struct kvm_vcpu *vcpu, char *smstate);
|
||||||
int (*pre_leave_smm)(struct kvm_vcpu *vcpu, u64 smbase);
|
int (*pre_leave_smm)(struct kvm_vcpu *vcpu, u64 smbase);
|
||||||
int (*enable_smi_window)(struct kvm_vcpu *vcpu);
|
int (*enable_smi_window)(struct kvm_vcpu *vcpu);
|
||||||
|
|
||||||
|
int (*mem_enc_op)(struct kvm *kvm, void __user *argp);
|
||||||
};
|
};
|
||||||
|
|
||||||
struct kvm_arch_async_pf {
|
struct kvm_arch_async_pf {
|
||||||
|
|
|
@ -4281,6 +4281,12 @@ set_identity_unlock:
|
||||||
r = kvm_vm_ioctl_enable_cap(kvm, &cap);
|
r = kvm_vm_ioctl_enable_cap(kvm, &cap);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case KVM_MEMORY_ENCRYPT_OP: {
|
||||||
|
r = -ENOTTY;
|
||||||
|
if (kvm_x86_ops->mem_enc_op)
|
||||||
|
r = kvm_x86_ops->mem_enc_op(kvm, argp);
|
||||||
|
break;
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
r = -ENOTTY;
|
r = -ENOTTY;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1358,6 +1358,8 @@ struct kvm_s390_ucas_mapping {
|
||||||
/* Available with KVM_CAP_S390_CMMA_MIGRATION */
|
/* Available with KVM_CAP_S390_CMMA_MIGRATION */
|
||||||
#define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmma_log)
|
#define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmma_log)
|
||||||
#define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log)
|
#define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log)
|
||||||
|
/* Memory Encryption Commands */
|
||||||
|
#define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long)
|
||||||
|
|
||||||
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
|
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
|
||||||
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
|
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
|
||||||
|
|
Loading…
Reference in New Issue