Add the unreg ioctl to the patch subject:
Subject: [Part2 PATCH v5 08/31] KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REGISTER_REGION ioctls
On Wed, Oct 04, 2017 at 08:13:49AM -0500, Brijesh Singh wrote:
> If hardware supports memory encryption then KVM_MEMORY_ENCRYPT_REGISTER_REGION
> and KVM_MEMORY_ENCRYPT_UNREGISTER_REGION ioctl's can be used by userspace to
> register/unregister the guest memory regions which may contain the encrypted
> data (e.g guest RAM, PCI BAR, SMRAM etc).
>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Cc: "Radim Krčmář" <rkrcmar@xxxxxxxxxx>
> Cc: Joerg Roedel <joro@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: x86@xxxxxxxxxx
> Cc: kvm@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
> Documentation/virtual/kvm/api.txt | 34 ++++++++++++++++++++++++++++++++++
> arch/x86/include/asm/kvm_host.h | 2 ++
> arch/x86/kvm/x86.c | 36 ++++++++++++++++++++++++++++++++++++
> include/uapi/linux/kvm.h | 10 ++++++++++
> 4 files changed, 82 insertions(+)
...
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index 4a39d99c5f99..d595d3970390 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -1359,6 +1359,16 @@ struct kvm_s390_ucas_mapping {
> /* Memory Encryption Commands */
> #define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long)
>
> +struct kvm_enc_region {
> + __u64 addr;
> + __u64 size;
> +};
> +
> +#define KVM_MEMORY_ENCRYPT_REGISTER_REGION _IOR(KVMIO, 0xbb,\
> + struct kvm_enc_region)
> +#define KVM_MEMORY_ENCRYPT_UNREGISTER_REGION _IOR(KVMIO, 0xbc,\
> + struct kvm_enc_region)
Yuck, those are needlessly too long. They could be just as understandable if
they were called:
#define KVM_MEM_ENC_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_region)
#define KVM_MEM_ENC_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_region)
or so... I know, it'll need to change the qemu patches but it is more
compact this way, IMO, and you don't have to break the _IOR line.
Anyway, here are some cleanups ontop. For example, you don't really need
those trivial wrappers
kvm_vm_ioctl_mem_enc_register_region() and
kvm_vm_ioctl_mem_enc_unregister_region()
and can simply call the function pointers directly.
Also, you might wanna do that for kvm_vm_ioctl_mem_enc_op() too, in the
previous patch, which is just as trivial.
The rest is text streamlining.
---
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index a9f3c3abd279..fa4bc1d43c68 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -3414,20 +3414,20 @@ Type: system
Parameters: struct kvm_enc_region (in)
Returns: 0 on success; -1 on error
-This ioctl can be used to register the guest memory region which may contain the
-encrypted data (e.g guest RAM, SMRAM etc).
+This ioctl can be used to register a guest memory region which may
+contain encrypted data (e.g. guest RAM, SMRAM etc).
-The ioctl is used in the SEV-enabled guest. When encryption is enabled, the
-guest memory region may contain the encrypted data. The SEV memory encryption
-engine uses a tweak such that two identical plaintext pages at different
-location will have different ciphertext. So swapping or moving ciphertext of
-two pages will not result in plaintext being swapped. So relocating
-(or migrating) physical backing pages for the SEV guest will require some
-additional steps.
+It is used in the SEV-enabled guest. When encryption is enabled, a guest
+memory region may contain encrypted data. The SEV memory encryption
+engine uses a tweak such that two identical plaintext pages, each at
+different locations will have differing ciphertexts. So swapping or
+moving ciphertext of those pages will not result in plaintext being
+swapped. So relocating (or migrating) physical backing pages for the SEV
+guest will require some additional steps.
-Note: current SEV key management spec does not provide commands to swap or
-migrate (move) ciphertext pages. Hence, for now we pin the guest memory region
-registered with the ioctl.
+Note: The current SEV key management spec does not provide commands to
+swap or migrate (move) ciphertext pages. Hence, for now we pin the guest
+memory region registered with the ioctl.
4.111 KVM_MEMORY_ENCRYPT_UNREGISTER_REGION
@@ -3437,8 +3437,8 @@ Type: system
Parameters: struct kvm_enc_region (in)
Returns: 0 on success; -1 on error
-This ioctl can be used to unregister the guest memory region registered with
-KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl.
+This ioctl can be used to unregister the guest memory region registered
+with KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl above.
5. The kvm_run structure
------------------------
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 95a95f24bcd7..96a4506f9b4d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4018,24 +4018,6 @@ static int kvm_vm_ioctl_mem_enc_op(struct kvm *kvm, void __user *argp)
return -ENOTTY;
}
-static int kvm_vm_ioctl_mem_enc_register_region(struct kvm *kvm,
- struct kvm_enc_region *region)
-{
- if (kvm_x86_ops->mem_enc_register_region)
- return kvm_x86_ops->mem_enc_register_region(kvm, region);
-
- return -ENOTTY;
-}
-
-static int kvm_vm_ioctl_mem_enc_unregister_region(struct kvm *kvm,
- struct kvm_enc_region *region)
-{
- if (kvm_x86_ops->mem_enc_unregister_region)
- return kvm_x86_ops->mem_enc_unregister_region(kvm, region);
-
- return -ENOTTY;
-}
-
long kvm_arch_vm_ioctl(struct file *filp,
unsigned int ioctl, unsigned long arg)
{
@@ -4306,7 +4288,10 @@ long kvm_arch_vm_ioctl(struct file *filp,
r = -EFAULT;
if (copy_from_user(®ion, argp, sizeof(region)))
goto out;
- r = kvm_vm_ioctl_mem_enc_register_region(kvm, ®ion);
+
+ r = -ENOTTY;
+ if (kvm_x86_ops->mem_enc_register_region)
+ r = kvm_x86_ops->mem_enc_register_region(kvm, ®ion);
break;
}
case KVM_MEMORY_ENCRYPT_UNREGISTER_REGION: {
@@ -4315,7 +4300,10 @@ long kvm_arch_vm_ioctl(struct file *filp,
r = -EFAULT;
if (copy_from_user(®ion, argp, sizeof(region)))
goto out;
- r = kvm_vm_ioctl_mem_enc_unregister_region(kvm, ®ion);
+
+ r = -ENOTTY;
+ if (kvm_x86_ops->mem_enc_unregister_region)
+ r = kvm_x86_ops->mem_enc_unregister_region(kvm, ®ion);
break;
}
default:
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
