amd-sev: Use kvm_guest_memfd for memory registering

Signed-off-by: Tyler Fanelli <[email protected]>
containers · Dec 12, 2024 · 6c1f4bb · 6c1f4bb
1 parent 3ae6bf9
commit 6c1f4bb
Showing 1 changed file with 34 additions and 11 deletions.
diff --git a/src/vmm/src/linux/tee/amdsnp.rs b/src/vmm/src/linux/tee/amdsnp.rs
@@ -9,7 +9,10 @@ use arch::x86_64::layout::*;
 use sev::firmware::{guest::GuestPolicy, host::Firmware};
 use sev::launch::snp::*;
 
-use kvm_bindings::{kvm_enc_region, CpuId, KVM_CPUID_FLAG_SIGNIFCANT_INDEX};
+use kvm_bindings::{
+    kvm_create_guest_memfd, kvm_userspace_memory_region2, CpuId, KVM_CPUID_FLAG_SIGNIFCANT_INDEX,
+    KVM_MEM_GUEST_MEMFD,
+};
 use kvm_ioctls::VmFd;
 use vm_memory::{
     Bytes, GuestAddress, GuestMemory, GuestMemoryMmap, GuestMemoryRegion, GuestRegionMmap,
@@ -86,24 +89,44 @@ impl AmdSnp {
         vm_fd: &VmFd,
         guest_mem: &GuestMemoryMmap,
     ) -> Result<Launcher<Started, RawFd, RawFd>, Error> {
-        let vm_rfd = vm_fd.as_raw_fd();
-        let fw_rfd = self.fw.as_raw_fd();
-
-        let launcher = Launcher::new(vm_rfd, fw_rfd).map_err(Error::CreateLauncher)?;
-
         for region in guest_mem.iter() {
             // It's safe to unwrap because the guest address is valid.
             let host_addr = guest_mem.get_host_address(region.start_addr()).unwrap();
-            let enc_region = kvm_enc_region {
-                addr: host_addr as u64,
+
+            // Create guest_memfd struct.
+            let gmem = kvm_create_guest_memfd {
                 size: region.len(),
+                flags: 0, //Unused.
+                reserved: [0; 6],
             };
 
-            vm_fd
-                .register_enc_memory_region(&enc_region)
-                .map_err(|_| Error::MemoryEncryptRegion)?;
+            // Create KVM guest_memfd.
+            let fd = vm_fd.create_guest_memfd(gmem).unwrap();
+
+            // Create memory region.
+            let mem_region = kvm_userspace_memory_region2 {
+                slot: 0,
+                flags: KVM_MEM_GUEST_MEMFD,
+                guest_phys_addr: region.start_addr().0,
+                memory_size: region.len(),
+                userspace_addr: host_addr as u64,
+                guest_memfd_offset: 0,
+                guest_memfd: fd as u32,
+                pad1: 0,
+                pad2: [0; 14],
+            };
+
+            // Set the memory region.
+            unsafe {
+                vm_fd.set_user_memory_region2(mem_region).unwrap();
+            }
         }
 
+        let vm_rfd = vm_fd.as_raw_fd();
+        let fw_rfd = self.fw.as_raw_fd();
+
+        let launcher = Launcher::new(vm_rfd, fw_rfd).map_err(Error::CreateLauncher)?;
+
         let mut policy = GuestPolicy(0);
         policy.set_smt_allowed(1);