Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> Cc: kvm@xxxxxxxxxxxxxxx Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> --- accel/kvm/kvm-all.c | 30 ++++++++++++++++++++++++++++++ accel/stubs/kvm-stub.c | 14 ++++++++++++++ include/sysemu/kvm.h | 25 +++++++++++++++++++++++++ 3 files changed, 69 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 300fc3cd44ce..4468c8fe002c 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -107,6 +107,8 @@ struct KVMState /* memory encryption */ void *memcrypt_handle; + int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len); + void (*memcrypt_debug_ops)(void *handle, MemoryRegion *mr); }; KVMState *kvm_state; @@ -142,6 +144,34 @@ int kvm_get_max_memslots(void) return s->nr_slots; } +bool kvm_memcrypt_enabled(void) +{ + if (kvm_state && kvm_state->memcrypt_handle) { + return true; + } + + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_encrypt_data) { + return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle, + ptr, len); + } + + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ + if (kvm_state->memcrypt_handle && + kvm_state->memcrypt_debug_ops) { + kvm_state->memcrypt_debug_ops(kvm_state->memcrypt_handle, mr); + } +} + static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml) { KVMState *s = kvm_state; diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index c964af3e1c97..5739712a67e3 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -105,6 +105,20 @@ int kvm_on_sigbus(int code, void *addr) return 1; } +bool kvm_memcrypt_enabled(void) +{ + return false; +} + +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len) +{ + return 1; +} + +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr) +{ +} + #ifndef CONFIG_USER_ONLY int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev) { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 85002ac49a54..d69bd1ff2b07 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -231,6 +231,31 @@ int kvm_destroy_vcpu(CPUState *cpu); */ bool kvm_arm_supports_user_irq(void); +/** + * kvm_memcrypt_enabled - return boolean indicating whether memory encryption + * is enabled + * Returns: 1 memory encryption is enabled + * 0 memory encryption is disabled + */ +bool kvm_memcrypt_enabled(void); + +/** + * kvm_memcrypt_encrypt_data: encrypt the memory range + * + * Return: 1 failed to encrypt the range + * 0 succesfully encrypted memory region + */ +int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len); + +/** + * kvm_memcrypt_set_debug_ram_ops: set debug_ram_ops callback + * + * When debug_ram_ops is set, debug access to this memory region will use + * memory encryption APIs. + */ +void kvm_memcrypt_set_debug_ops(MemoryRegion *mr); + + #ifdef NEED_CPU_H #include "cpu.h" -- 2.14.3