[Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api support

Wed, 08 Mar 2017 13:38:42 -0800 

Add high level API's to provide guest memory encryption support.

Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
 include/sysemu/kvm.h |    7 +++++++
 kvm-all.c            |   52 ++++++++++++++++++++++++++++++++++++++++++++++++++
 kvm-stub.c           |   31 ++++++++++++++++++++++++++++++
 3 files changed, 90 insertions(+)

diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 24281fc..6f88a06 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -227,6 +227,13 @@ int kvm_init_vcpu(CPUState *cpu);
 int kvm_cpu_exec(CPUState *cpu);
 int kvm_destroy_vcpu(CPUState *cpu);
 
+bool kvm_memcrypt_enabled(void);
+void *kvm_memcrypt_get_handle(void);
+void kvm_memcrypt_set_debug_ops(MemoryRegion *mr);
+int kvm_memcrypt_create_launch_context(void);
+int kvm_memcrypt_release_launch_context(void);
+int kvm_memcrypt_encrypt_launch_data(uint8_t *ptr, uint64_t len);
+
 #ifdef NEED_CPU_H
 #include "cpu.h"
 
diff --git a/kvm-all.c b/kvm-all.c
index 9040bd5..bba0f39 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -36,6 +36,7 @@
 #include "qemu/event_notifier.h"
 #include "trace-root.h"
 #include "hw/irq.h"
+#include "sysemu/security-policy.h"
 
 #include "hw/boards.h"
 
@@ -101,6 +102,13 @@ struct KVMState
 #endif
     KVMMemoryListener memory_listener;
     QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;
+
+    /* memory encryption support */
+    void *ehandle;
+    int (*create_launch_context)(void *ehandle);
+    int (*release_launch_context)(void *ehandle);
+    int (*encrypt_launch_data)(void *ehandle, uint8_t *dst, uint64_t len);
+    void (*memcrypt_debug_ops)(void *ehandle, MemoryRegion *mr);
 };
 
 KVMState *kvm_state;
@@ -128,6 +136,50 @@ static const KVMCapabilityInfo kvm_required_capabilites[] 
= {
     KVM_CAP_LAST_INFO
 };
 
+bool kvm_memcrypt_enabled(void)
+{
+    return kvm_state->ehandle ? true : false;
+}
+
+int kvm_memcrypt_create_launch_context(void)
+{
+    if (kvm_state->create_launch_context) {
+        return kvm_state->create_launch_context(kvm_state->ehandle);
+    }
+
+    return 1;
+}
+
+int kvm_memcrypt_release_launch_context(void)
+{
+    if (kvm_state->release_launch_context) {
+        return kvm_state->release_launch_context(kvm_state->ehandle);
+    }
+
+    return 1;
+}
+
+int kvm_memcrypt_encrypt_launch_data(uint8_t *dst, uint64_t len)
+{
+    if (kvm_state->encrypt_launch_data) {
+        return kvm_state->encrypt_launch_data(kvm_state->ehandle, dst, len);
+    }
+
+    return 1;
+}
+
+void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
+{
+    if (kvm_state->memcrypt_debug_ops) {
+        return kvm_state->memcrypt_debug_ops(kvm_state->ehandle, mr);
+    }
+}
+
+void *kvm_memcrypt_get_handle(void)
+{
+    return kvm_state->ehandle;
+}
+
 int kvm_get_max_memslots(void)
 {
     KVMState *s = KVM_STATE(current_machine->accelerator);
diff --git a/kvm-stub.c b/kvm-stub.c
index ef0c734..20920aa 100644
--- a/kvm-stub.c
+++ b/kvm-stub.c
@@ -105,6 +105,37 @@ int kvm_on_sigbus(int code, void *addr)
     return 1;
 }
 
+bool kvm_memcrypt_enabled(void)
+{
+    return false;
+}
+
+void *kvm_memcrypt_get_handle(void)
+{
+    return NULL;
+}
+
+void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
+{
+    return;
+}
+
+int kvm_memcrypt_create_launch_context(void)
+{
+    return 1;
+}
+
+int kvm_memcrypt_release_launch_context(void)
+{
+    return 1;
+}
+
+int kvm_memcrypt_encrypt_launch_data(uint8_t *ptr, uint64_t len)
+{
+    return 1;
+}
+
+
 #ifndef CONFIG_USER_ONLY
 int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev)
 {

Reply via email to