On 12/17/21 17:17, Michael Roth wrote:
+void kvm_sev_ioctl(struct sev_vm *sev, int cmd, void *data)
+{
+ struct kvm_sev_cmd arg = {0};
+ int ret;
+
+ arg.id = cmd;
+ arg.sev_fd = sev->fd;
+ arg.data = (__u64)data;
+
+ ret = ioctl(vm_get_fd(sev->vm), KVM_MEMORY_ENCRYPT_OP, &arg);
If the helper vm_get_fd() exists why not add another which takes a
struct sev_vm. So you can do __vm_get_fd(sev) here?
I can add it as a local helper for now, maybe sev_get_kvm_fd(), to
distinguish from the SEV_PATH fd? I'm not sure it's worth exporting it
as part of the library though since vm_get_fd(sev_get_vm(sev)) would be
more familiar to callers that are already used to the kvm_util library.
I also prefer the one that you suggest.
Can you dedup this from sev_ioctl() in sev_migrate_tests.c? That
function already correctly asserts the fw_error.
This is a little bit awkward since sev_ioctl() in sev_migrate_tests opens
SEV_PATH on demand whereas this one pulls it out of struct sev_vm. I
could make kvm_sev_ioctl() expect the KVM fd as a parameter but that
means external callers need another call to pull it out of struct
sev_vm.
Yeah, it's a bit weird because sev_migrate_tests do not use struct
sev_vm. Unless you port them first, you could have both
kvm_vm_sev_ioctl that takes a struct kvm_vm, and sev_vm_ioctl that takes
a struct sev_vm. Then you only need to change the argument of
verify_mirror_allowed_cmds to struct kvm_vm.
Paolo
