From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: "Nicholas Piggin" <npiggin@gmail.com>,
"Daniel Henrique Barboza" <danielhb413@gmail.com>,
"Cédric Le Goater" <clg@kaod.org>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Harsh Prateek Bora" <harshpb@linux.ibm.com>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Eric Farman" <farman@linux.ibm.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"David Hildenbrand" <david@redhat.com>,
"Ilya Leoshkevich" <iii@linux.ibm.com>,
"Thomas Huth" <thuth@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
qemu-devel@nongnu.org, qemu-ppc@nongnu.org,
qemu-s390x@nongnu.org
Subject: Re: [RFC PATCH 2/4] i386/sev: Switch to use confidential_guest_kvm_init()
Date: Tue, 6 Feb 2024 14:16:21 +0000 [thread overview]
Message-ID: <ZcI_NdzheUcHncd_@redhat.com> (raw)
In-Reply-To: <20240206082852.3333299-3-xiaoyao.li@intel.com>
On Tue, Feb 06, 2024 at 03:28:50AM -0500, Xiaoyao Li wrote:
> Use confidential_guest_kvm_init() instead of calling SEV specific
> sev_kvm_init(). As a bouns, it fits to future TDX when TDX implements
> its own confidential_guest_support and .kvm_init().
>
> Move the "TypeInfo sev_guest_info" definition and related functions to
> the end of the file, to avoid declaring the sev_kvm_init() ahead.
>
> Clean up the sve-stub.c since it's not needed anymore.
>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
> target/i386/kvm/kvm.c | 2 +-
> target/i386/kvm/meson.build | 2 -
> target/i386/kvm/sev-stub.c | 5 --
> target/i386/sev.c | 120 +++++++++++++++++++-----------------
> target/i386/sev.h | 2 -
> 5 files changed, 63 insertions(+), 68 deletions(-)
>
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index 76a66246eb72..bb63bba61fa1 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -2534,7 +2534,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> * mechanisms are supported in future (e.g. TDX), they'll need
> * their own initialization either here or elsewhere.
> */
> - ret = sev_kvm_init(ms->cgs, &local_err);
> + ret = confidential_guest_kvm_init(ms->cgs, &local_err);
If you agree with my comment in patch 1 about the API expecting non-NULL,
then this would need to be conditionalized (same for the 2 following
patches too)
if (ms->cgs) {
ret = confidential_guest_kvm_init(....)
if (ret < 0) {
....
}
}
> if (ret < 0) {
> error_report_err(local_err);
> return ret;
> diff --git a/target/i386/kvm/meson.build b/target/i386/kvm/meson.build
> index 84d9143e6029..e7850981e62d 100644
> --- a/target/i386/kvm/meson.build
> +++ b/target/i386/kvm/meson.build
> @@ -7,8 +7,6 @@ i386_kvm_ss.add(files(
>
> i386_kvm_ss.add(when: 'CONFIG_XEN_EMU', if_true: files('xen-emu.c'))
>
> -i386_kvm_ss.add(when: 'CONFIG_SEV', if_false: files('sev-stub.c'))
> -
> i386_system_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'), if_false: files('hyperv-stub.c'))
>
> i386_system_ss.add_all(when: 'CONFIG_KVM', if_true: i386_kvm_ss)
> diff --git a/target/i386/kvm/sev-stub.c b/target/i386/kvm/sev-stub.c
> index 1be5341e8a6a..4a1560cf8ad7 100644
> --- a/target/i386/kvm/sev-stub.c
> +++ b/target/i386/kvm/sev-stub.c
> @@ -14,8 +14,3 @@
> #include "qemu/osdep.h"
> #include "sev.h"
>
> -int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
> -{
> - /* If we get here, cgs must be some non-SEV thing */
> - return 0;
> -}
You can actually delete this entire file, since you removed the
only method in it, and stopped building it in the meson.build
patch above.
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 173de91afe7d..19e79d3631d0 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -353,63 +353,6 @@ static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **errp)
> sev->kernel_hashes = value;
> }
>
> -static void
> -sev_guest_class_init(ObjectClass *oc, void *data)
> -{
> - object_class_property_add_str(oc, "sev-device",
> - sev_guest_get_sev_device,
> - sev_guest_set_sev_device);
> - object_class_property_set_description(oc, "sev-device",
> - "SEV device to use");
> - object_class_property_add_str(oc, "dh-cert-file",
> - sev_guest_get_dh_cert_file,
> - sev_guest_set_dh_cert_file);
> - object_class_property_set_description(oc, "dh-cert-file",
> - "guest owners DH certificate (encoded with base64)");
> - object_class_property_add_str(oc, "session-file",
> - sev_guest_get_session_file,
> - sev_guest_set_session_file);
> - object_class_property_set_description(oc, "session-file",
> - "guest owners session parameters (encoded with base64)");
> - object_class_property_add_bool(oc, "kernel-hashes",
> - sev_guest_get_kernel_hashes,
> - sev_guest_set_kernel_hashes);
> - object_class_property_set_description(oc, "kernel-hashes",
> - "add kernel hashes to guest firmware for measured Linux boot");
> -}
> -
> -static void
> -sev_guest_instance_init(Object *obj)
> -{
> - SevGuestState *sev = SEV_GUEST(obj);
> -
> - sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE);
> - sev->policy = DEFAULT_GUEST_POLICY;
> - object_property_add_uint32_ptr(obj, "policy", &sev->policy,
> - OBJ_PROP_FLAG_READWRITE);
> - object_property_add_uint32_ptr(obj, "handle", &sev->handle,
> - OBJ_PROP_FLAG_READWRITE);
> - object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos,
> - OBJ_PROP_FLAG_READWRITE);
> - object_property_add_uint32_ptr(obj, "reduced-phys-bits",
> - &sev->reduced_phys_bits,
> - OBJ_PROP_FLAG_READWRITE);
> -}
> -
> -/* sev guest info */
> -static const TypeInfo sev_guest_info = {
> - .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT,
> - .name = TYPE_SEV_GUEST,
> - .instance_size = sizeof(SevGuestState),
> - .instance_finalize = sev_guest_finalize,
> - .class_init = sev_guest_class_init,
> - .instance_init = sev_guest_instance_init,
> - .interfaces = (InterfaceInfo[]) {
> - { TYPE_USER_CREATABLE },
> - { }
> - }
> -};
> -
> bool
> sev_enabled(void)
> {
> @@ -906,7 +849,7 @@ sev_vm_state_change(void *opaque, bool running, RunState state)
> }
> }
>
> -int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
> +static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
> {
> SevGuestState *sev
> = (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
> @@ -1383,6 +1326,67 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
> return ret;
> }
>
> +static void
> +sev_guest_class_init(ObjectClass *oc, void *data)
> +{
> + ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);
> +
> + klass->kvm_init = sev_kvm_init;
> +
> + object_class_property_add_str(oc, "sev-device",
> + sev_guest_get_sev_device,
> + sev_guest_set_sev_device);
> + object_class_property_set_description(oc, "sev-device",
> + "SEV device to use");
> + object_class_property_add_str(oc, "dh-cert-file",
> + sev_guest_get_dh_cert_file,
> + sev_guest_set_dh_cert_file);
> + object_class_property_set_description(oc, "dh-cert-file",
> + "guest owners DH certificate (encoded with base64)");
> + object_class_property_add_str(oc, "session-file",
> + sev_guest_get_session_file,
> + sev_guest_set_session_file);
> + object_class_property_set_description(oc, "session-file",
> + "guest owners session parameters (encoded with base64)");
> + object_class_property_add_bool(oc, "kernel-hashes",
> + sev_guest_get_kernel_hashes,
> + sev_guest_set_kernel_hashes);
> + object_class_property_set_description(oc, "kernel-hashes",
> + "add kernel hashes to guest firmware for measured Linux boot");
> +}
> +
> +static void
> +sev_guest_instance_init(Object *obj)
> +{
> + SevGuestState *sev = SEV_GUEST(obj);
> +
> + sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE);
> + sev->policy = DEFAULT_GUEST_POLICY;
> + object_property_add_uint32_ptr(obj, "policy", &sev->policy,
> + OBJ_PROP_FLAG_READWRITE);
> + object_property_add_uint32_ptr(obj, "handle", &sev->handle,
> + OBJ_PROP_FLAG_READWRITE);
> + object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos,
> + OBJ_PROP_FLAG_READWRITE);
> + object_property_add_uint32_ptr(obj, "reduced-phys-bits",
> + &sev->reduced_phys_bits,
> + OBJ_PROP_FLAG_READWRITE);
> +}
> +
> +/* sev guest info */
> +static const TypeInfo sev_guest_info = {
> + .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT,
> + .name = TYPE_SEV_GUEST,
> + .instance_size = sizeof(SevGuestState),
> + .instance_finalize = sev_guest_finalize,
> + .class_init = sev_guest_class_init,
> + .instance_init = sev_guest_instance_init,
> + .interfaces = (InterfaceInfo[]) {
> + { TYPE_USER_CREATABLE },
> + { }
> + }
> +};
> +
> static void
> sev_register_types(void)
> {
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index e7499c95b1e8..9e10d09539a7 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -57,6 +57,4 @@ int sev_inject_launch_secret(const char *hdr, const char *secret,
> int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size);
> void sev_es_set_reset_vector(CPUState *cpu);
>
> -int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
> -
> #endif
> --
> 2.34.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-02-06 14:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-06 8:28 [RFC PATCH 0/4] Confidential Guest Support: Introduce kvm_init() and kvm_reset() virtual functions Xiaoyao Li
2024-02-06 8:28 ` [RFC PATCH 1/4] confidential guest support: Add kvm_init() and kvm_reset() in class Xiaoyao Li
2024-02-06 14:14 ` Daniel P. Berrangé
2024-02-06 8:28 ` [RFC PATCH 2/4] i386/sev: Switch to use confidential_guest_kvm_init() Xiaoyao Li
2024-02-06 14:16 ` Daniel P. Berrangé [this message]
2024-02-07 7:10 ` Xiaoyao Li
2024-02-06 8:28 ` [RFC PATCH 3/4] ppc/pef: switch to use confidential_guest_kvm_init/reset() Xiaoyao Li
2024-02-06 8:28 ` [RFC PATCH 4/4] s390: Switch to use confidential_guest_kvm_init() Xiaoyao Li
2024-02-06 14:19 ` [RFC PATCH 0/4] Confidential Guest Support: Introduce kvm_init() and kvm_reset() virtual functions Daniel P. Berrangé
2024-02-07 7:29 ` Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZcI_NdzheUcHncd_@redhat.com \
--to=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=clg@kaod.org \
--cc=danielhb413@gmail.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=farman@linux.ibm.com \
--cc=harshpb@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=mtosatti@redhat.com \
--cc=npiggin@gmail.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.