From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Roy Hopkins <roy.hopkins@suse.com>
Cc: qemu-devel@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Sergio Lopez" <slp@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Alistair Francis" <alistair@alistair23.me>,
"Peter Xu" <peterx@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Michael Roth" <michael.roth@amd.com>,
"Ani Sinha" <anisinha@redhat.com>,
"Jörg Roedel" <jroedel@suse.com>
Subject: Re: [PATCH v4 07/17] sev: Update launch_update_data functions to use Error handling
Date: Wed, 24 Jul 2024 18:21:47 +0100 [thread overview]
Message-ID: <ZqE4K1iXMOBEul9D@redhat.com> (raw)
In-Reply-To: <d988d0ca2eadb0594cb694b65e972164a681af8e.1720004383.git.roy.hopkins@suse.com>
On Wed, Jul 03, 2024 at 12:05:45PM +0100, Roy Hopkins wrote:
> The class function and implementations for updating launch data return
> a code in case of error. In some cases an error message is generated and
> in other cases, just the error return value is used.
>
> This small refactor adds an 'Error **errp' parameter to all functions
> which consistently set an error condition if a non-zero value is
> returned.
Ahh, OK, so you've already addressed my suggestion from the previous
patch then :-)
> Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
> ---
> target/i386/sev.c | 59 +++++++++++++++++++++++++----------------------
> 1 file changed, 31 insertions(+), 28 deletions(-)
>
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 491ca5369e..5eabeadda6 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -121,7 +121,8 @@ struct SevCommonStateClass {
> Error **errp);
> int (*launch_start)(SevCommonState *sev_common);
> void (*launch_finish)(SevCommonState *sev_common);
> - int (*launch_update_data)(SevCommonState *sev_common, hwaddr gpa, uint8_t *ptr, size_t len);
> + int (*launch_update_data)(SevCommonState *sev_common, hwaddr gpa,
> + uint8_t *ptr, size_t len, Error **errp);
> int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp);
> };
>
> @@ -945,14 +946,16 @@ out:
> return ret;
> }
>
> -static int
> -sev_launch_update_data(SevCommonState *sev_common, hwaddr gpa,
> - uint8_t *addr, size_t len)
> +static int sev_launch_update_data(SevCommonState *sev_common, hwaddr gpa,
> + uint8_t *addr, size_t len, Error **errp)
> {
> int ret, fw_error;
> struct kvm_sev_launch_update_data update;
>
> if (!addr || !len) {
> + error_setg(errp,
> + "%s: Invalid parameters provided for updating launch data.",
> + __func__);
> return 1;
> }
This change I'm not too sure about. I feel like this was written to
be an intentional no-op, rather than an error. If it is supposed to
be an error then change to 'return -1' too.
>
> @@ -962,8 +965,8 @@ sev_launch_update_data(SevCommonState *sev_common, hwaddr gpa,
> ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
> &update, &fw_error);
> if (ret) {
> - error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
> - __func__, ret, fw_error, fw_error_to_str(fw_error));
> + error_setg(errp, "%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", __func__,
> + ret, fw_error, fw_error_to_str(fw_error));
> }
>
> return ret;
> @@ -1091,8 +1094,8 @@ sev_launch_finish(SevCommonState *sev_common)
> migrate_add_blocker(&sev_mig_blocker, &error_fatal);
> }
>
> -static int
> -snp_launch_update_data(uint64_t gpa, void *hva, size_t len, int type)
> +static int snp_launch_update_data(uint64_t gpa, void *hva, size_t len,
> + int type, Error **errp)
> {
> SevLaunchUpdateData *data;
>
> @@ -1107,13 +1110,11 @@ snp_launch_update_data(uint64_t gpa, void *hva, size_t len, int type)
> return 0;
> }
>
> -static int
> -sev_snp_launch_update_data(SevCommonState *sev_common, hwaddr gpa,
> - uint8_t *ptr, size_t len)
> +static int sev_snp_launch_update_data(SevCommonState *sev_common, hwaddr gpa,
> + uint8_t *ptr, size_t len, Error **errp)
> {
> - int ret = snp_launch_update_data(gpa, ptr, len,
> - KVM_SEV_SNP_PAGE_TYPE_NORMAL);
> - return ret;
> + return snp_launch_update_data(gpa, ptr, len,
> + KVM_SEV_SNP_PAGE_TYPE_NORMAL, errp);
> }
>
> static int
> @@ -1165,8 +1166,8 @@ sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info,
> return 0;
> }
>
> -static int
> -snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, size_t cpuid_len)
> +static int snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva,
> + size_t cpuid_len, Error **errp)
> {
> KvmCpuidInfo kvm_cpuid_info = {0};
> SnpCpuidInfo snp_cpuid_info;
> @@ -1183,26 +1184,26 @@ snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, size_t cpuid_len)
> } while (ret == -E2BIG);
>
> if (ret) {
> - error_report("SEV-SNP: unable to query CPUID values for CPU: '%s'",
> - strerror(-ret));
> + error_setg(errp, "SEV-SNP: unable to query CPUID values for CPU: '%s'",
> + strerror(-ret));
> return 1;
> }
>
> ret = sev_snp_cpuid_info_fill(&snp_cpuid_info, &kvm_cpuid_info);
> if (ret) {
> - error_report("SEV-SNP: failed to generate CPUID table information");
> + error_setg(errp, "SEV-SNP: failed to generate CPUID table information");
> return 1;
> }
>
> memcpy(hva, &snp_cpuid_info, sizeof(snp_cpuid_info));
>
> return snp_launch_update_data(cpuid_addr, hva, cpuid_len,
> - KVM_SEV_SNP_PAGE_TYPE_CPUID);
> + KVM_SEV_SNP_PAGE_TYPE_CPUID, errp);
> }
>
> -static int
> -snp_launch_update_kernel_hashes(SevSnpGuestState *sev_snp, uint32_t addr,
> - void *hva, uint32_t len)
> +static int snp_launch_update_kernel_hashes(SevSnpGuestState *sev_snp,
> + uint32_t addr, void *hva,
> + uint32_t len, Error **errp)
> {
> int type = KVM_SEV_SNP_PAGE_TYPE_ZERO;
> if (sev_snp->parent_obj.kernel_hashes) {
> @@ -1214,7 +1215,7 @@ snp_launch_update_kernel_hashes(SevSnpGuestState *sev_snp, uint32_t addr,
> sizeof(*sev_snp->kernel_hashes_data));
> type = KVM_SEV_SNP_PAGE_TYPE_NORMAL;
> }
> - return snp_launch_update_data(addr, hva, len, type);
> + return snp_launch_update_data(addr, hva, len, type, errp);
> }
>
> static int
> @@ -1252,12 +1253,14 @@ snp_populate_metadata_pages(SevSnpGuestState *sev_snp,
> }
>
> if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) {
> - ret = snp_launch_update_cpuid(desc->base, hva, desc->len);
> + ret = snp_launch_update_cpuid(desc->base, hva, desc->len,
> + &error_fatal);
> } else if (desc->type == SEV_DESC_TYPE_SNP_KERNEL_HASHES) {
> ret = snp_launch_update_kernel_hashes(sev_snp, desc->base, hva,
> - desc->len);
> + desc->len, &error_fatal);
> } else {
> - ret = snp_launch_update_data(desc->base, hva, desc->len, type);
> + ret = snp_launch_update_data(desc->base, hva, desc->len, type,
> + &error_fatal);
> }
>
> if (ret) {
> @@ -1542,7 +1545,7 @@ sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp)
>
> /* if SEV is in update state then encrypt the data else do nothing */
> if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) {
> - if (klass->launch_update_data(sev_common, gpa, ptr, len)) {
> + if (klass->launch_update_data(sev_common, gpa, ptr, len, errp)) {
> error_setg(errp, "SEV: Failed to encrypt flash");
> return -1;
> }
> --
> 2.43.0
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-07-24 17:22 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-03 11:05 [PATCH v4 00/17] Introduce support for IGVM files Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 01/17] meson: Add optional dependency on IGVM library Roy Hopkins
2024-07-24 16:26 ` Daniel P. Berrangé
2024-07-03 11:05 ` [PATCH v4 02/17] backends/confidential-guest-support: Add functions to support IGVM Roy Hopkins
2024-07-24 16:47 ` Daniel P. Berrangé
2024-07-03 11:05 ` [PATCH v4 03/17] backends/igvm: Add IGVM loader and configuration Roy Hopkins
2024-07-24 16:59 ` Daniel P. Berrangé
2024-07-29 13:35 ` Stefano Garzarella
2024-07-03 11:05 ` [PATCH v4 04/17] hw/i386: Add igvm-cfg object and processing for IGVM files Roy Hopkins
2024-07-24 17:08 ` Daniel P. Berrangé
2024-07-03 11:05 ` [PATCH v4 05/17] i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM Roy Hopkins
2024-07-24 17:13 ` Daniel P. Berrangé
2024-08-13 10:42 ` Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 06/17] sev: Fix error handling in sev_encrypt_flash() Roy Hopkins
2024-07-24 17:19 ` Daniel P. Berrangé
2024-07-03 11:05 ` [PATCH v4 07/17] sev: Update launch_update_data functions to use Error handling Roy Hopkins
2024-07-24 17:21 ` Daniel P. Berrangé [this message]
2024-07-03 11:05 ` [PATCH v4 08/17] target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache() Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 09/17] i386/sev: Refactor setting of reset vector and initial CPU state Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 10/17] i386/sev: Implement ConfidentialGuestSupport functions for SEV Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 11/17] docs/system: Add documentation on support for IGVM Roy Hopkins
2024-07-24 17:25 ` Daniel P. Berrangé
2024-07-29 13:41 ` Stefano Garzarella
2024-07-03 11:05 ` [PATCH v4 12/17] docs/interop/firmware.json: Add igvm to FirmwareDevice Roy Hopkins
2024-07-24 17:27 ` Daniel P. Berrangé
2024-07-03 11:05 ` [PATCH v4 13/17] backends/confidential-guest-support: Add set_guest_policy() function Roy Hopkins
2024-07-24 17:30 ` Daniel P. Berrangé
2024-07-03 11:05 ` [PATCH v4 14/17] backends/igvm: Process initialization sections in IGVM file Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 15/17] backends/igvm: Handle policy for SEV guests Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 16/17] i386/sev: Add implementation of CGS set_guest_policy() Roy Hopkins
2024-07-03 11:05 ` [PATCH v4 17/17] sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 Roy Hopkins
2024-07-20 18:26 ` [PATCH v4 00/17] Introduce support for IGVM files Michael S. Tsirkin
2024-08-13 9:53 ` Roy Hopkins
2024-08-13 10:21 ` Michael S. Tsirkin
2024-07-24 16:29 ` Daniel P. Berrangé
2024-08-02 15:57 ` Roy Hopkins
2024-08-02 16:03 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqE4K1iXMOBEul9D@redhat.com \
--to=berrange@redhat.com \
--cc=alistair@alistair23.me \
--cc=anisinha@redhat.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eduardo@habkost.net \
--cc=imammedo@redhat.com \
--cc=jroedel@suse.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=roy.hopkins@suse.com \
--cc=sgarzare@redhat.com \
--cc=slp@redhat.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.