hypervisor: Add enable_sgx_attribute to the Vm API

We need a dedicated function to enable the SGX attribute capability
through the Hypervisor abstraction.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

hypervisor/src/kvm/mod.rs

@@ -24,6 +24,8 @@ use kvm_ioctls::{NoDatamatch, VcpuFd, VmFd};
 use serde_derive::{Deserialize, Serialize};
 #[cfg(target_arch = "aarch64")]
 use std::convert::TryInto;
+#[cfg(target_arch = "x86_64")]
+use std::fs::File;
 use std::os::unix::io::{AsRawFd, RawFd};
 use std::result;
 #[cfg(target_arch = "x86_64")]
@@ -87,6 +89,9 @@ pub use {
     kvm_ioctls::VcpuExit,
 };
 
+#[cfg(target_arch = "x86_64")]
+const KVM_CAP_SGX_ATTRIBUTE: u32 = 196;
+
 #[cfg(feature = "tdx")]
 ioctl_iowr_nr!(KVM_MEMORY_ENCRYPT_OP, KVMIO, 0xba, std::os::raw::c_ulong);
 
@@ -324,6 +329,18 @@ impl vm::Vm for KvmVm {
             .map_err(|e| vm::HypervisorVmError::EnableSplitIrq(e.into()))?;
         Ok(())
     }
+    #[cfg(target_arch = "x86_64")]
+    fn enable_sgx_attribute(&self, file: File) -> vm::Result<()> {
+        let mut cap = kvm_enable_cap {
+            cap: KVM_CAP_SGX_ATTRIBUTE,
+            ..Default::default()
+        };
+        cap.args[0] = file.as_raw_fd() as u64;
+        self.fd
+            .enable_cap(&cap)
+            .map_err(|e| vm::HypervisorVmError::EnableSgxAttribute(e.into()))?;
+        Ok(())
+    }
     /// Retrieve guest clock.
     #[cfg(target_arch = "x86_64")]
     fn get_clock(&self) -> vm::Result<ClockData> {

hypervisor/src/mshv/mod.rs

@@ -28,6 +28,8 @@ pub use x86_64::VcpuMshvState as CpuState;
 #[cfg(target_arch = "x86_64")]
 pub use x86_64::*;
 
+#[cfg(target_arch = "x86_64")]
+use std::fs::File;
 use std::os::unix::io::AsRawFd;
 use std::sync::RwLock;
 
@@ -760,6 +762,10 @@ impl vm::Vm for MshvVm {
     fn enable_split_irq(&self) -> vm::Result<()> {
         Ok(())
     }
+    #[cfg(target_arch = "x86_64")]
+    fn enable_sgx_attribute(&self, _file: File) -> vm::Result<()> {
+        Ok(())
+    }
     fn register_ioevent(
         &self,
         fd: &EventFd,

hypervisor/src/vm.rs

@@ -25,6 +25,8 @@ use crate::KvmVmState as VmState;
 use crate::{IoEventAddress, IrqRoutingEntry, MemoryRegion};
 #[cfg(feature = "kvm")]
 use kvm_ioctls::Cap;
+#[cfg(target_arch = "x86_64")]
+use std::fs::File;
 use std::sync::Arc;
 use thiserror::Error;
 use vmm_sys_util::eventfd::EventFd;
@@ -117,6 +119,11 @@ pub enum HypervisorVmError {
     #[error("Failed to enable split Irq: {0}")]
     EnableSplitIrq(#[source] anyhow::Error),
     ///
+    /// Enable SGX attribute error
+    ///
+    #[error("Failed to enable SGX attribute: {0}")]
+    EnableSgxAttribute(#[source] anyhow::Error),
+    ///
     /// Get clock error
     ///
     #[error("Failed to get clock: {0}")]
@@ -246,6 +253,8 @@ pub trait Vm: Send + Sync {
     /// Enable split Irq capability
     #[cfg(target_arch = "x86_64")]
     fn enable_split_irq(&self) -> Result<()>;
+    #[cfg(target_arch = "x86_64")]
+    fn enable_sgx_attribute(&self, file: File) -> Result<()>;
     /// Retrieve guest clock.
     #[cfg(all(feature = "kvm", target_arch = "x86_64"))]
     fn get_clock(&self) -> Result<ClockData>;