Re: [Part2 PATCH v5 07/31] KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl

Borislav Petkov <bp@xxxxxxx> · Wed, 4 Oct 2017 16:50:07 +0200

On Wed, Oct 04, 2017 at 08:13:48AM -0500, Brijesh Singh wrote:
> If hardware supports memory encryption then KVM_MEMORY_ENCRYPT_OP ioctl can
> be used by qemu to issue a platform specific memory encryption commands.

Minor issues:

"If the hardware supports memory encryption then the
KVM_MEMORY_ENCRYPT_OP ioctl can be used by qemu to issue platform
specific memory encryption commands."

> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Cc: "Radim Krčmář" <rkrcmar@xxxxxxxxxx>
> Cc: Joerg Roedel <joro@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: x86@xxxxxxxxxx
> Cc: kvm@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
>  Documentation/virtual/kvm/api.txt | 16 ++++++++++++++++
>  arch/x86/include/asm/kvm_host.h   |  2 ++
>  arch/x86/kvm/x86.c                | 12 ++++++++++++
>  include/uapi/linux/kvm.h          |  2 ++
>  4 files changed, 32 insertions(+)
> 
> diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
> index e63a35fafef0..cc1aa76ee6cd 100644
> --- a/Documentation/virtual/kvm/api.txt
> +++ b/Documentation/virtual/kvm/api.txt
> @@ -3390,6 +3390,22 @@ invalid, if invalid pages are written to (e.g. after the end of memory)
>  or if no page table is present for the addresses (e.g. when using
>  hugepages).
>  
> +4.109 KVM_MEMORY_ENCRYPT_OP
> +
> +Capability: basic
> +Architectures: x86
> +Type: system
> +Parameters: a opaque platform specific structure (in/out)
	       ^

s/a/an/

> +Returns: 0 on success; -1 on error
> +
> +If platform supports creating encrypted VMs then this ioctl can be used for

"If the platform... "

> +issuing a platform specific memory encryption commands to manage the encrypted

change that line to:

"issuing platform-specific memory encryption commands to manage those encrypted"

> +VMs.
> +
> +Currently, this ioctl is used for issuing Secure Encrypted Virtualization (SEV)
> +commands on AMD Processors. The SEV commands are defined in
> +Documentation/virtual/kvm/amd-memory-encryption.txt.
> +

Nice.

With those addressed:

Reviewed-by: Borislav Petkov <bp@xxxxxxx>

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
-- 