[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 05/22] target/i386/monitor: Return QMP error when SEV is d
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH v3 05/22] target/i386/monitor: Return QMP error when SEV is disabled in build |
Date: |
Thu, 7 Oct 2021 13:29:42 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.0 |
On 10/4/21 10:11, Paolo Bonzini wrote:
> On 02/10/21 14:53, Philippe Mathieu-Daudé wrote:
>> If the management layer tries to inject a secret, it gets an empty
>> response in case the binary built without SEV:
>>
>> { "execute": "sev-inject-launch-secret",
>> "arguments": { "packet-header": "mypkt", "secret": "mypass",
>> "gpa": 4294959104 }
>> }
>> {
>> "return": {
>> }
>> }
>>
>> Make it clearer by returning an error, mentioning the feature is
>> disabled:
>>
>> { "execute": "sev-inject-launch-secret",
>> "arguments": { "packet-header": "mypkt", "secret": "mypass",
>> "gpa": 4294959104 }
>> }
>> {
>> "error": {
>> "class": "GenericError",
>> "desc": "this feature or command is not currently supported"
>> }
>> }
>>
>> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
>> Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>> target/i386/monitor.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
>> index 196c1c9e77f..a9f85acd473 100644
>> --- a/target/i386/monitor.c
>> +++ b/target/i386/monitor.c
>> @@ -28,6 +28,7 @@
>> #include "monitor/hmp-target.h"
>> #include "monitor/hmp.h"
>> #include "qapi/qmp/qdict.h"
>> +#include "qapi/qmp/qerror.h"
>> #include "sysemu/kvm.h"
>> #include "sysemu/sev.h"
>> #include "qapi/error.h"
>> @@ -743,6 +744,10 @@ void qmp_sev_inject_launch_secret(const char
>> *packet_hdr,
>> bool has_gpa, uint64_t gpa,
>> Error **errp)
>> {
>> + if (!sev_enabled()) {
>> + error_setg(errp, QERR_UNSUPPORTED);
>> + return;
>> + }
>> if (!has_gpa) {
>> uint8_t *data;
>> struct sev_secret_area *area;
>>
>
> This should be done in the sev_inject_launch_secret stub instead, I
> think. Or if you do it here, you can remove the "if (!sev_guest)"
> conditional in the non-stub version.
This part is not related to SEV builtin; what we want to avoid here
is management layer to try to inject secret while the guest hasn't
been started with SEV (IOW 'no memory encryption requested for KVM).
Maybe this error message is more explicit?
error_setg(errp, "Guest is not using memory encryption");
Or:
error_setg(errp, "Guest is not using SEV");
- [PATCH v3 01/22] qapi/misc-target: Wrap long 'SEV Attestation Report' long lines, (continued)
- [PATCH v3 01/22] qapi/misc-target: Wrap long 'SEV Attestation Report' long lines, Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 02/22] qapi/misc-target: Group SEV QAPI definitions, Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 03/22] target/i386/kvm: Introduce i386_softmmu_kvm Meson source set, Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 04/22] target/i386/kvm: Restrict SEV stubs to x86 architecture, Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 05/22] target/i386/monitor: Return QMP error when SEV is disabled in build, Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 06/22] target/i386/cpu: Add missing 'qapi/error.h' header, Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 07/22] target/i386/sev_i386.h: Remove unused headers, Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 09/22] target/i386/sev: Mark unreachable code with g_assert_not_reached(), Philippe Mathieu-Daudé, 2021/10/02
- [PATCH v3 08/22] target/i386/sev: Remove sev_get_me_mask(), Philippe Mathieu-Daudé, 2021/10/02