From 2c7233eb103adbf567778270b69950dd7a776c72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:16:58 +0200 Subject: target/i386/sev: Prefix QMP errors with 'SEV' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Multiple errors might be reported to the monitor, better to prefix the SEV ones so we can distinct them. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Dr. David Alan Gilbert Message-Id: <20211007161716.453984-6-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index bcd9260fa4..4f1952cd32 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -440,7 +440,8 @@ sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain, r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); if (r < 0) { if (err != SEV_RET_INVALID_LEN) { - error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)", + error_setg(errp, "SEV: Failed to export PDH cert" + " ret=%d fw_err=%d (%s)", r, err, fw_error_to_str(err)); return 1; } @@ -453,7 +454,7 @@ sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain, r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); if (r < 0) { - error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)", + error_setg(errp, "SEV: Failed to export PDH cert ret=%d fw_err=%d (%s)", r, err, fw_error_to_str(err)); goto e_free; } @@ -491,7 +492,7 @@ sev_get_capabilities(Error **errp) fd = open(DEFAULT_SEV_DEVICE, O_RDWR); if (fd < 0) { - error_setg_errno(errp, errno, "Failed to open %s", + error_setg_errno(errp, errno, "SEV: Failed to open %s", DEFAULT_SEV_DEVICE); return NULL; } @@ -557,8 +558,9 @@ sev_get_attestation_report(const char *mnonce, Error **errp) &input, &err); if (ret < 0) { if (err != SEV_RET_INVALID_LEN) { - error_setg(errp, "failed to query the attestation report length " - "ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err)); + error_setg(errp, "SEV: Failed to query the attestation report" + " length ret=%d fw_err=%d (%s)", + ret, err, fw_error_to_str(err)); g_free(buf); return NULL; } @@ -572,7 +574,7 @@ sev_get_attestation_report(const char *mnonce, Error **errp) ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret) { - error_setg_errno(errp, errno, "Failed to get attestation report" + error_setg_errno(errp, errno, "SEV: Failed to get attestation report" " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err)); goto e_free_data; } @@ -596,7 +598,7 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) GError *error = NULL; if (!g_file_get_contents(filename, &base64, &sz, &error)) { - error_report("failed to read '%s' (%s)", filename, error->message); + error_report("SEV: Failed to read '%s' (%s)", filename, error->message); g_error_free(error); return -1; } @@ -911,7 +913,7 @@ sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { int ret = sev_launch_update_data(sev_guest, ptr, len); if (ret < 0) { - error_setg(errp, "failed to encrypt pflash rom"); + error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; } } @@ -930,7 +932,7 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, MemoryRegion *mr = NULL; if (!sev_guest) { - error_setg(errp, "SEV: SEV not enabled."); + error_setg(errp, "SEV not enabled for guest"); return 1; } -- cgit v1.2.3 From 4e7189e112966ac3a7bc884273a8b07291c3012e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:02 +0200 Subject: target/i386/sev: Remove sev_get_me_mask() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unused dead code makes review harder, so remove it. Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Connor Kuehl Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-10-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 9 --------- 1 file changed, 9 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 4f1952cd32..9e3f2ec8dd 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -65,7 +65,6 @@ struct SevGuestState { uint8_t api_major; uint8_t api_minor; uint8_t build_id; - uint64_t me_mask; int sev_fd; SevState state; gchar *measurement; @@ -389,12 +388,6 @@ sev_es_enabled(void) return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES); } -uint64_t -sev_get_me_mask(void) -{ - return sev_guest ? sev_guest->me_mask : ~0; -} - uint32_t sev_get_cbit_position(void) { @@ -833,8 +826,6 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - sev->me_mask = ~(1UL << sev->cbitpos); - devname = object_property_get_str(OBJECT(sev), "sev-device", NULL); sev->sev_fd = open(devname, O_RDWR); if (sev->sev_fd < 0) { -- cgit v1.2.3 From ed84ae720d0b28c50906412a903e598f75ee1d7c Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Thu, 7 Oct 2021 18:17:04 +0200 Subject: target/i386/sev: sev_get_attestation_report use g_autofree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removes a whole bunch of g_free's and a goto. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Connor Kuehl Reviewed-by: Brijesh Singh Message-Id: <20210603113017.34922-1-dgilbert@redhat.com> Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-12-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 9e3f2ec8dd..3a30ba6d94 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -521,8 +521,8 @@ sev_get_attestation_report(const char *mnonce, Error **errp) struct kvm_sev_attestation_report input = {}; SevAttestationReport *report = NULL; SevGuestState *sev = sev_guest; - guchar *data; - guchar *buf; + g_autofree guchar *data = NULL; + g_autofree guchar *buf = NULL; gsize len; int err = 0, ret; @@ -542,7 +542,6 @@ sev_get_attestation_report(const char *mnonce, Error **errp) if (len != sizeof(input.mnonce)) { error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")", sizeof(input.mnonce), len); - g_free(buf); return NULL; } @@ -554,7 +553,6 @@ sev_get_attestation_report(const char *mnonce, Error **errp) error_setg(errp, "SEV: Failed to query the attestation report" " length ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err)); - g_free(buf); return NULL; } } @@ -569,7 +567,7 @@ sev_get_attestation_report(const char *mnonce, Error **errp) if (ret) { error_setg_errno(errp, errno, "SEV: Failed to get attestation report" " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err)); - goto e_free_data; + return NULL; } report = g_new0(SevAttestationReport, 1); @@ -577,9 +575,6 @@ sev_get_attestation_report(const char *mnonce, Error **errp) trace_kvm_sev_attestation_report(mnonce, report->data); -e_free_data: - g_free(data); - g_free(buf); return report; } -- cgit v1.2.3 From 2f573c415e8c84ec79aa6deb1d04fa9fccdebca7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:05 +0200 Subject: target/i386/sev: Use g_autofree in sev_launch_get_measure() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use g_autofree to remove a pair of g_free/goto. Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-13-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 3a30ba6d94..5cbbcf0bb9 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -685,8 +685,8 @@ sev_launch_get_measure(Notifier *notifier, void *unused) { SevGuestState *sev = sev_guest; int ret, error; - guchar *data; - struct kvm_sev_launch_measure *measurement; + g_autofree guchar *data = NULL; + g_autofree struct kvm_sev_launch_measure *measurement = NULL; if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { return; @@ -708,7 +708,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) if (!measurement->len) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(errno)); - goto free_measurement; + return; } data = g_new0(guchar, measurement->len); @@ -720,7 +720,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) if (ret) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(errno)); - goto free_data; + return; } sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); @@ -728,11 +728,6 @@ sev_launch_get_measure(Notifier *notifier, void *unused) /* encode the measurement value and emit the event */ sev->measurement = g_base64_encode(data, measurement->len); trace_kvm_sev_launch_measurement(sev->measurement); - -free_data: - g_free(data); -free_measurement: - g_free(measurement); } char * -- cgit v1.2.3 From 93777de3650e7db4b0434d63dd461505b85519f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:07 +0200 Subject: target/i386/sev: Rename sev_i386.h -> sev.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SEV is a x86 specific feature, and the "sev_i386.h" header is already in target/i386/. Rename it as "sev.h" to simplify. Patch created mechanically using: $ git mv target/i386/sev_i386.h target/i386/sev.h $ sed -i s/sev_i386.h/sev.h/ $(git grep -l sev_i386.h) Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Dr. David Alan Gilbert Message-Id: <20211007161716.453984-15-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 5cbbcf0bb9..e43bbf3a17 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -25,7 +25,7 @@ #include "qemu/uuid.h" #include "crypto/hash.h" #include "sysemu/kvm.h" -#include "sev_i386.h" +#include "sev.h" #include "sysemu/sysemu.h" #include "sysemu/runstate.h" #include "trace.h" -- cgit v1.2.3 From 3208de1cd23937254a456b95ef16658b68821a13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:10 +0200 Subject: target/i386/sev: Move qmp_query_sev_attestation_report() to sev.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move qmp_query_sev_attestation_report() from monitor.c to sev.c and make sev_get_attestation_report() static. We don't need the stub anymore, remove it. Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-18-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index e43bbf3a17..038fa56058 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -32,6 +32,8 @@ #include "migration/blocker.h" #include "qom/object.h" #include "monitor/monitor.h" +#include "qapi/qapi-commands-misc-target.h" +#include "qapi/qmp/qerror.h" #include "exec/confidential-guest-support.h" #include "hw/i386/pc.h" @@ -515,8 +517,8 @@ out: return cap; } -SevAttestationReport * -sev_get_attestation_report(const char *mnonce, Error **errp) +static SevAttestationReport *sev_get_attestation_report(const char *mnonce, + Error **errp) { struct kvm_sev_attestation_report input = {}; SevAttestationReport *report = NULL; @@ -578,6 +580,12 @@ sev_get_attestation_report(const char *mnonce, Error **errp) return report; } +SevAttestationReport *qmp_query_sev_attestation_report(const char *mnonce, + Error **errp) +{ + return sev_get_attestation_report(mnonce, errp); +} + static int sev_read_file_base64(const char *filename, guchar **data, gsize *len) { -- cgit v1.2.3 From 11a6ed0e77e8dd37ccea07575791b70c0410efea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:11 +0200 Subject: target/i386/sev: Move qmp_sev_inject_launch_secret() to sev.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move qmp_sev_inject_launch_secret() from monitor.c to sev.c and make sev_inject_launch_secret() static. We don't need the stub anymore, remove it. Previously with binaries built without SEV, management layer was getting an empty response: { "execute": "sev-inject-launch-secret", "arguments": { "packet-header": "mypkt", "secret": "mypass", "gpa": 4294959104 } } { "return": { } } Now the response is explicit, mentioning the feature is disabled: { "execute": "sev-inject-launch-secret", "arguments": { "packet-header": "mypkt", "secret": "mypass", "gpa": 4294959104 } } { "error": { "class": "GenericError", "desc": "this feature or command is not currently supported" } } Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-19-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 038fa56058..072bb6f0fd 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -973,6 +973,37 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, return 0; } +#define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294" +struct sev_secret_area { + uint32_t base; + uint32_t size; +}; + +void qmp_sev_inject_launch_secret(const char *packet_hdr, + const char *secret, + bool has_gpa, uint64_t gpa, + Error **errp) +{ + if (!sev_enabled()) { + error_setg(errp, "SEV not enabled for guest"); + return; + } + if (!has_gpa) { + uint8_t *data; + struct sev_secret_area *area; + + if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) { + error_setg(errp, "SEV: no secret area found in OVMF," + " gpa must be specified."); + return; + } + area = (struct sev_secret_area *)data; + gpa = area->base; + } + + sev_inject_launch_secret(packet_hdr, secret, gpa, errp); +} + static int sev_es_parse_reset_block(SevInfoBlock *info, uint32_t *addr) { -- cgit v1.2.3 From 8371df29021241b43a7a9df6369fc70f649551a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:12 +0200 Subject: target/i386/sev: Move qmp_query_sev_capabilities() to sev.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move qmp_query_sev_capabilities() from monitor.c to sev.c and make sev_get_capabilities() static. We don't need the stub anymore, remove it. Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-20-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 072bb6f0fd..56e9e03acc 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -466,8 +466,7 @@ e_free: return 1; } -SevCapability * -sev_get_capabilities(Error **errp) +static SevCapability *sev_get_capabilities(Error **errp) { SevCapability *cap = NULL; guchar *pdh_data = NULL; @@ -517,6 +516,11 @@ out: return cap; } +SevCapability *qmp_query_sev_capabilities(Error **errp) +{ + return sev_get_capabilities(errp); +} + static SevAttestationReport *sev_get_attestation_report(const char *mnonce, Error **errp) { -- cgit v1.2.3 From 0875a7038b8de0d79479a7d4662f0a9cdfa61940 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:13 +0200 Subject: target/i386/sev: Move qmp_query_sev_launch_measure() to sev.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move qmp_query_sev_launch_measure() from monitor.c to sev.c and make sev_get_launch_measurement() static. We don't need the stub anymore, remove it. Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-21-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 56e9e03acc..ec874b3df8 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -742,8 +742,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) trace_kvm_sev_launch_measurement(sev->measurement); } -char * -sev_get_launch_measurement(void) +static char *sev_get_launch_measurement(void) { if (sev_guest && sev_guest->state >= SEV_STATE_LAUNCH_SECRET) { @@ -753,6 +752,23 @@ sev_get_launch_measurement(void) return NULL; } +SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) +{ + char *data; + SevLaunchMeasureInfo *info; + + data = sev_get_launch_measurement(); + if (!data) { + error_setg(errp, "SEV launch measurement is not available"); + return NULL; + } + + info = g_malloc0(sizeof(*info)); + info->data = data; + + return info; +} + static Notifier sev_machine_done_notify = { .notify = sev_launch_get_measure, }; -- cgit v1.2.3 From aa3950182f902a48f60d7040069b092eb5aaae21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:14 +0200 Subject: target/i386/sev: Move qmp_query_sev() & hmp_info_sev() to sev.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move qmp_query_sev() & hmp_info_sev()() from monitor.c to sev.c and make sev_get_info() static. We don't need the stub anymore, remove it. Add a stub for hmp_info_sev(). Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-22-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index ec874b3df8..19504796fb 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -32,6 +32,7 @@ #include "migration/blocker.h" #include "qom/object.h" #include "monitor/monitor.h" +#include "monitor/hmp.h" #include "qapi/qapi-commands-misc-target.h" #include "qapi/qmp/qerror.h" #include "exec/confidential-guest-support.h" @@ -402,8 +403,7 @@ sev_get_reduced_phys_bits(void) return sev_guest ? sev_guest->reduced_phys_bits : 0; } -SevInfo * -sev_get_info(void) +static SevInfo *sev_get_info(void) { SevInfo *info; @@ -422,6 +422,40 @@ sev_get_info(void) return info; } +SevInfo *qmp_query_sev(Error **errp) +{ + SevInfo *info; + + info = sev_get_info(); + if (!info) { + error_setg(errp, "SEV feature is not available"); + return NULL; + } + + return info; +} + +void hmp_info_sev(Monitor *mon, const QDict *qdict) +{ + SevInfo *info = sev_get_info(); + + if (info && info->enabled) { + monitor_printf(mon, "handle: %d\n", info->handle); + monitor_printf(mon, "state: %s\n", SevState_str(info->state)); + monitor_printf(mon, "build: %d\n", info->build_id); + monitor_printf(mon, "api version: %d.%d\n", + info->api_major, info->api_minor); + monitor_printf(mon, "debug: %s\n", + info->policy & SEV_POLICY_NODBG ? "off" : "on"); + monitor_printf(mon, "key-sharing: %s\n", + info->policy & SEV_POLICY_NOKS ? "off" : "on"); + } else { + monitor_printf(mon, "SEV is not enabled\n"); + } + + qapi_free_SevInfo(info); +} + static int sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain, size_t *cert_chain_len, Error **errp) -- cgit v1.2.3 From cd35beb488c655a86da60d85949c026387187171 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Oct 2021 18:17:15 +0200 Subject: monitor: Reduce hmp_info_sev() declaration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While being conditionally used for TARGET_I386 in hmp-commands-info.hx, hmp_info_sev() is declared for all targets. Reduce its declaration to target including "monitor/hmp-target.h". This is a minor cleanup. Reviewed-by: Paolo Bonzini Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20211007161716.453984-23-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 19504796fb..4c64c68244 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -32,7 +32,7 @@ #include "migration/blocker.h" #include "qom/object.h" #include "monitor/monitor.h" -#include "monitor/hmp.h" +#include "monitor/hmp-target.h" #include "qapi/qapi-commands-misc-target.h" #include "qapi/qmp/qerror.h" #include "exec/confidential-guest-support.h" -- cgit v1.2.3 From eb8257a261325988873e047872975b5eda03efb4 Mon Sep 17 00:00:00 2001 From: Dov Murik Date: Mon, 11 Oct 2021 17:30:25 +0000 Subject: target/i386/sev: Use local variable for kvm_sev_launch_start The struct kvm_sev_launch_start has a constant and small size, and therefore we can use a regular local variable for it instead of allocating and freeing heap memory for it. Signed-off-by: Dov Murik Reviewed-by: Dr. David Alan Gilbert Message-Id: <20211011173026.2454294-2-dovmurik@linux.ibm.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 4c64c68244..0062566c71 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -647,31 +647,29 @@ sev_launch_start(SevGuestState *sev) gsize sz; int ret = 1; int fw_error, rc; - struct kvm_sev_launch_start *start; + struct kvm_sev_launch_start start = { + .handle = sev->handle, .policy = sev->policy + }; guchar *session = NULL, *dh_cert = NULL; - start = g_new0(struct kvm_sev_launch_start, 1); - - start->handle = sev->handle; - start->policy = sev->policy; if (sev->session_file) { if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { goto out; } - start->session_uaddr = (unsigned long)session; - start->session_len = sz; + start.session_uaddr = (unsigned long)session; + start.session_len = sz; } if (sev->dh_cert_file) { if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { goto out; } - start->dh_uaddr = (unsigned long)dh_cert; - start->dh_len = sz; + start.dh_uaddr = (unsigned long)dh_cert; + start.dh_len = sz; } - trace_kvm_sev_launch_start(start->policy, session, dh_cert); - rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); + trace_kvm_sev_launch_start(start.policy, session, dh_cert); + rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); if (rc < 0) { error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); @@ -679,11 +677,10 @@ sev_launch_start(SevGuestState *sev) } sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); - sev->handle = start->handle; + sev->handle = start.handle; ret = 0; out: - g_free(start); g_free(session); g_free(dh_cert); return ret; -- cgit v1.2.3 From 59e42d88b6851b238927cbe48505b1cef547ce3b Mon Sep 17 00:00:00 2001 From: Dov Murik Date: Mon, 11 Oct 2021 17:30:26 +0000 Subject: target/i386/sev: Use local variable for kvm_sev_launch_measure The struct kvm_sev_launch_measure has a constant and small size, and therefore we can use a regular local variable for it instead of allocating and freeing heap memory for it. Signed-off-by: Dov Murik Reviewed-by: Dr. David Alan Gilbert Message-Id: <20211011173026.2454294-3-dovmurik@linux.ibm.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'target/i386/sev.c') diff --git a/target/i386/sev.c b/target/i386/sev.c index 0062566c71..eede07f11d 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -729,7 +729,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) SevGuestState *sev = sev_guest; int ret, error; g_autofree guchar *data = NULL; - g_autofree struct kvm_sev_launch_measure *measurement = NULL; + struct kvm_sev_launch_measure measurement = {}; if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { return; @@ -743,23 +743,21 @@ sev_launch_get_measure(Notifier *notifier, void *unused) } } - measurement = g_new0(struct kvm_sev_launch_measure, 1); - /* query the measurement blob length */ ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, - measurement, &error); - if (!measurement->len) { + &measurement, &error); + if (!measurement.len) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(errno)); return; } - data = g_new0(guchar, measurement->len); - measurement->uaddr = (unsigned long)data; + data = g_new0(guchar, measurement.len); + measurement.uaddr = (unsigned long)data; /* get the measurement blob */ ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, - measurement, &error); + &measurement, &error); if (ret) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(errno)); @@ -769,7 +767,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); /* encode the measurement value and emit the event */ - sev->measurement = g_base64_encode(data, measurement->len); + sev->measurement = g_base64_encode(data, measurement.len); trace_kvm_sev_launch_measurement(sev->measurement); } -- cgit v1.2.3