On 12/17/21 17:17, Michael Roth wrote:
+void kvm_sev_ioctl(struct sev_vm *sev, int cmd, void *data) +{
struct kvm_sev_cmd arg = {0};
int ret;
arg.id = cmd;
arg.sev_fd = sev->fd;
arg.data = (__u64)data;
ret = ioctl(vm_get_fd(sev->vm), KVM_MEMORY_ENCRYPT_OP, &arg);
If the helper vm_get_fd() exists why not add another which takes a struct sev_vm. So you can do __vm_get_fd(sev) here?
I can add it as a local helper for now, maybe sev_get_kvm_fd(), to distinguish from the SEV_PATH fd? I'm not sure it's worth exporting it as part of the library though since vm_get_fd(sev_get_vm(sev)) would be more familiar to callers that are already used to the kvm_util library.
I also prefer the one that you suggest.
Can you dedup this from sev_ioctl() in sev_migrate_tests.c? That function already correctly asserts the fw_error.
This is a little bit awkward since sev_ioctl() in sev_migrate_tests opens SEV_PATH on demand whereas this one pulls it out of struct sev_vm. I could make kvm_sev_ioctl() expect the KVM fd as a parameter but that means external callers need another call to pull it out of struct sev_vm.
Yeah, it's a bit weird because sev_migrate_tests do not use struct sev_vm. Unless you port them first, you could have both kvm_vm_sev_ioctl that takes a struct kvm_vm, and sev_vm_ioctl that takes a struct sev_vm. Then you only need to change the argument of verify_mirror_allowed_cmds to struct kvm_vm.
Paolo