amd-sev: Set guest_memfd memory regions in memory_init

Signed-off-by: Tyler Fanelli <[email protected]>
containers · Dec 12, 2024 · 535914f · 535914f
1 parent d2670e7
commit 535914f
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 39 deletions.
diff --git a/src/vmm/src/linux/tee/amdsnp.rs b/src/vmm/src/linux/tee/amdsnp.rs
@@ -12,10 +12,7 @@ use sev::{
     firmware::{guest::GuestPolicy, host::Firmware},
 };
 
-use kvm_bindings::{
-    kvm_create_guest_memfd, kvm_userspace_memory_region2, CpuId, KVM_CPUID_FLAG_SIGNIFCANT_INDEX,
-    KVM_MEM_GUEST_MEMFD,
-};
+use kvm_bindings::{CpuId, KVM_CPUID_FLAG_SIGNIFCANT_INDEX};
 use kvm_ioctls::VmFd;
 use vm_memory::{
     Bytes, GuestAddress, GuestMemory, GuestMemoryMmap, GuestMemoryRegion, GuestRegionMmap,
@@ -90,41 +87,8 @@ impl AmdSnp {
     pub fn vm_prepare(
         &self,
         vm_fd: &VmFd,
-        guest_mem: &GuestMemoryMmap,
+        _guest_mem: &GuestMemoryMmap,
     ) -> Result<Launcher<Started, RawFd, RawFd>, Error> {
-        for region in guest_mem.iter() {
-            // It's safe to unwrap because the guest address is valid.
-            let host_addr = guest_mem.get_host_address(region.start_addr()).unwrap();
-
-            // Create guest_memfd struct.
-            let gmem = kvm_create_guest_memfd {
-                size: region.len(),
-                flags: 0, //Unused.
-                reserved: [0; 6],
-            };
-
-            // Create KVM guest_memfd.
-            let fd = vm_fd.create_guest_memfd(gmem).unwrap();
-
-            // Create memory region.
-            let mem_region = kvm_userspace_memory_region2 {
-                slot: 0,
-                flags: KVM_MEM_GUEST_MEMFD,
-                guest_phys_addr: region.start_addr().0,
-                memory_size: region.len(),
-                userspace_addr: host_addr as u64,
-                guest_memfd_offset: 0,
-                guest_memfd: fd as u32,
-                pad1: 0,
-                pad2: [0; 14],
-            };
-
-            // Set the memory region.
-            unsafe {
-                vm_fd.set_user_memory_region2(mem_region).unwrap();
-            }
-        }
-
         let vm_rfd = vm_fd.as_raw_fd();
         let fw_rfd = self.fw.as_raw_fd();
 

diff --git a/src/vmm/src/linux/vstate.rs b/src/vmm/src/linux/vstate.rs
@@ -38,14 +38,20 @@ use crate::vmm_config::machine_config::CpuFeaturesTemplate;
 use arch::aarch64::gic::GICDevice;
 #[cfg(target_arch = "x86_64")]
 use cpuid::{c3, filter_cpuid, t2, VmSpec};
+#[cfg(not(feature = "amd-sev"))]
+use kvm_bindings::kvm_userspace_memory_region;
 #[cfg(target_arch = "x86_64")]
 use kvm_bindings::{
     kvm_clock_data, kvm_debugregs, kvm_irqchip, kvm_lapic_state, kvm_mp_state, kvm_pit_config,
     kvm_pit_state2, kvm_regs, kvm_sregs, kvm_vcpu_events, kvm_xcrs, kvm_xsave, CpuId, MsrList,
     Msrs, KVM_CLOCK_TSC_STABLE, KVM_IRQCHIP_IOAPIC, KVM_IRQCHIP_PIC_MASTER, KVM_IRQCHIP_PIC_SLAVE,
     KVM_MAX_CPUID_ENTRIES, KVM_PIT_SPEAKER_DUMMY,
 };
-use kvm_bindings::{kvm_userspace_memory_region, KVM_API_VERSION};
+
+#[cfg(feature = "amd-sev")]
+use kvm_bindings::{kvm_create_guest_memfd, kvm_userspace_memory_region2, KVM_MEM_GUEST_MEMFD};
+
+use kvm_bindings::KVM_API_VERSION;
 use kvm_ioctls::*;
 use utils::eventfd::EventFd;
 use utils::signal::{register_signal_handler, sigrtmin, Killable};
@@ -562,6 +568,8 @@ impl Vm {
         if guest_mem.num_regions() > kvm_max_memslots {
             return Err(Error::NotEnoughMemorySlots);
         }
+
+        #[cfg(not(feature = "amd-sev"))]
         for region in guest_mem.iter() {
             // It's safe to unwrap because the guest address is valid.
             let host_addr = guest_mem.get_host_address(region.start_addr()).unwrap();
@@ -583,6 +591,42 @@ impl Vm {
             self.next_mem_slot += 1;
         }
 
+        #[cfg(feature = "amd-sev")]
+        for region in guest_mem.iter() {
+            // It's safe to unwrap because the guest address is valid.
+            let host_addr = guest_mem.get_host_address(region.start_addr()).unwrap();
+
+            // Create guest_memfd struct.
+            let gmem = kvm_create_guest_memfd {
+                size: region.len(),
+                flags: 0, // Unused.
+                reserved: [0; 6],
+            };
+
+            // Create KVM guest_memfd.
+            let guest_memfd = self.fd.create_guest_memfd(gmem).unwrap();
+
+            // Create memory region.
+            let memory_region = kvm_userspace_memory_region2 {
+                slot: self.next_mem_slot,
+                flags: KVM_MEM_GUEST_MEMFD,
+                guest_phys_addr: region.start_addr().raw_value(),
+                memory_size: region.len(),
+                userspace_addr: host_addr as u64,
+                guest_memfd_offset: 0,
+                guest_memfd: guest_memfd as u32,
+                pad1: 0,
+                pad2: [0; 14],
+            };
+
+            // Set the memory region.
+            unsafe {
+                self.fd.set_user_memory_region2(memory_region).unwrap();
+            }
+
+            self.next_mem_slot += 1;
+        }
+
         #[cfg(target_arch = "x86_64")]
         self.fd
             .set_tss_address(arch::x86_64::layout::KVM_TSS_ADDRESS as usize)