From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Subject: Re: [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context Date: Thu, 8 Mar 2018 16:57:40 +0000 Message-ID: <20180308165740.GI4718@redhat.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> <20180308124901.83533-12-brijesh.singh@amd.com> Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Cc: Peter Maydell , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , qemu-devel@nongnu.org, Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini To: Brijesh Singh Return-path: Content-Disposition: inline In-Reply-To: <20180308124901.83533-12-brijesh.singh@amd.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+gceq-qemu-devel2=m.gmane.org@nongnu.org Sender: "Qemu-devel" List-Id: kvm.vger.kernel.org On Thu, Mar 08, 2018 at 06:48:44AM -0600, Brijesh Singh wrote: > When memory encryption is enabled, KVM_SEV_INIT command is used to > initialize the platform. The command loads the SEV related persistent > data from non-volatile storage and initializes the platform context. > This command should be first issued before invoking any other guest > commands provided by the SEV firmware. > > Cc: Paolo Bonzini > Cc: Richard Henderson > Cc: Eduardo Habkost > Signed-off-by: Brijesh Singh > --- > accel/kvm/kvm-all.c | 16 ++++ > include/sysemu/sev.h | 22 +++++ > stubs/Makefile.objs | 1 + > stubs/sev.c | 21 +++++ > target/i386/Makefile.objs | 2 +- > target/i386/monitor.c | 11 ++- > target/i386/sev-stub.c | 41 +++++++++ > target/i386/sev.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++ > target/i386/sev_i386.h | 24 +++++ > target/i386/trace-events | 3 + > 10 files changed, 362 insertions(+), 3 deletions(-) > create mode 100644 include/sysemu/sev.h > create mode 100644 stubs/sev.c > create mode 100644 target/i386/sev-stub.c > > +static const char *const sev_fw_errlist[] = { > + "", > + "Platform state is invalid", > + "Guest state is invalid", > + "Platform configuration is invalid", > + "Buffer too small", > + "Platform is already owned", > + "Certificate is invalid", > + "Policy is not allowed", > + "Guest is not active", > + "Invalid address", > + "Bad signature", > + "Bad measurement", > + "Asid is already owned", > + "Invalid ASID", > + "WBINVD is required", > + "DF_FLUSH is required", > + "Guest handle is invalid", > + "Invalid command", > + "Guest is active", > + "Hardware error", > + "Hardware unsafe", > + "Feature not supported", > + "Invalid parameter" > +}; > + > +#define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) > + > +static const char * > +fw_error_to_str(int code) > +{ > + if (code >= SEV_FW_MAX_ERROR) { > + return "unknown error"; Seems '0' is not an error, and negative numbers are invalid too, so augment this with '|| code <= 0' to avoid bad array access on negative numbers > + } > + > + return sev_fw_errlist[code]; > +} Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|