[PATCH 0/2] system/confidential-guest-support: Header cleanups

[PATCH 0/2] system/confidential-guest-support: Header cleanups

[Philippe Mathieu-Daudé]

Restrict "confidential-guest-support.h" to system
emulation, remove few SEV declarations on user mode.

Philippe Mathieu-Daudé (2):
  system: Move 'exec/confidential-guest-support.h' to system/
  target/i386/sev: Reduce system specific declarations

 .../confidential-guest-support.h              |  6 ++--
 target/i386/confidential-guest.h              |  2 +-
 target/i386/sev.h                             | 29 ++++++++++---------
 backends/confidential-guest-support.c         |  2 +-
 hw/core/machine.c                             |  2 +-
 hw/i386/pc_sysfw.c                            |  2 +-
 hw/ppc/pef.c                                  |  2 +-
 hw/ppc/spapr.c                                |  2 +-
 hw/s390x/s390-virtio-ccw.c                    |  2 +-
 system/vl.c                                   |  2 +-
 target/s390x/kvm/pv.c                         |  2 +-
 11 files changed, 28 insertions(+), 25 deletions(-)
 rename include/{exec => system}/confidential-guest-support.h (96%)

-- 
2.45.2

[PATCH 1/2] system: Move 'exec/confidential-guest-support.h' to system/

[Philippe Mathieu-Daudé]

"exec/confidential-guest-support.h" is specific to system
emulation, so move it under the system/ namespace.
Mechanical change doing:

  $ sed -i \
    -e 's,exec/confidential-guest-support.h,sysemu/confidential-guest-support.h,' \
        $(git grep -l exec/confidential-guest-support.h)

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/{exec => system}/confidential-guest-support.h | 6 +++---
 target/i386/confidential-guest.h                      | 2 +-
 target/i386/sev.h                                     | 2 +-
 backends/confidential-guest-support.c                 | 2 +-
 hw/core/machine.c                                     | 2 +-
 hw/ppc/pef.c                                          | 2 +-
 hw/ppc/spapr.c                                        | 2 +-
 hw/s390x/s390-virtio-ccw.c                            | 2 +-
 system/vl.c                                           | 2 +-
 target/s390x/kvm/pv.c                                 | 2 +-
 10 files changed, 12 insertions(+), 12 deletions(-)
 rename include/{exec => system}/confidential-guest-support.h (96%)

diff --git a/include/exec/confidential-guest-support.h b/include/system/confidential-guest-support.h
similarity index 96%
rename from include/exec/confidential-guest-support.h
rename to include/system/confidential-guest-support.h
index 02dc4e518f0..b68c4bebbc1 100644
--- a/include/exec/confidential-guest-support.h
+++ b/include/system/confidential-guest-support.h
@@ -18,7 +18,9 @@
 #ifndef QEMU_CONFIDENTIAL_GUEST_SUPPORT_H
 #define QEMU_CONFIDENTIAL_GUEST_SUPPORT_H
 
-#ifndef CONFIG_USER_ONLY
+#ifdef CONFIG_USER_ONLY
+#error Cannot include system/confidential-guest-support.h from user emulation
+#endif
 
 #include "qom/object.h"
 
@@ -94,6 +96,4 @@ static inline int confidential_guest_kvm_reset(ConfidentialGuestSupport *cgs,
     return 0;
 }
 
-#endif /* !CONFIG_USER_ONLY */
-
 #endif /* QEMU_CONFIDENTIAL_GUEST_SUPPORT_H */
diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-guest.h
index 7342d2843aa..0afb8317b58 100644
--- a/target/i386/confidential-guest.h
+++ b/target/i386/confidential-guest.h
@@ -14,7 +14,7 @@
 
 #include "qom/object.h"
 
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 
 #define TYPE_X86_CONFIDENTIAL_GUEST "x86-confidential-guest"
 
diff --git a/target/i386/sev.h b/target/i386/sev.h
index 858005a119c..2664c0b1b6c 100644
--- a/target/i386/sev.h
+++ b/target/i386/sev.h
@@ -18,7 +18,7 @@
 #include CONFIG_DEVICES /* CONFIG_SEV */
 #endif
 
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 
 #define TYPE_SEV_COMMON "sev-common"
 #define TYPE_SEV_GUEST "sev-guest"
diff --git a/backends/confidential-guest-support.c b/backends/confidential-guest-support.c
index 052fde8db04..1cd9bed505d 100644
--- a/backends/confidential-guest-support.c
+++ b/backends/confidential-guest-support.c
@@ -13,7 +13,7 @@
 
 #include "qemu/osdep.h"
 
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 
 OBJECT_DEFINE_ABSTRACT_TYPE(ConfidentialGuestSupport,
                             confidential_guest_support,
diff --git a/hw/core/machine.c b/hw/core/machine.c
index ba819fec0af..0e8af37194f 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -30,7 +30,7 @@
 #include "hw/pci/pci_bridge.h"
 #include "hw/mem/nvdimm.h"
 #include "migration/global_state.h"
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 #include "hw/virtio/virtio-pci.h"
 #include "hw/virtio/virtio-net.h"
 #include "hw/virtio/virtio-iommu.h"
diff --git a/hw/ppc/pef.c b/hw/ppc/pef.c
index cffda44602e..8b2d726e008 100644
--- a/hw/ppc/pef.c
+++ b/hw/ppc/pef.c
@@ -14,7 +14,7 @@
 #include "qom/object_interfaces.h"
 #include "system/kvm.h"
 #include "migration/blocker.h"
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 
 #define TYPE_PEF_GUEST "pef-guest"
 OBJECT_DECLARE_SIMPLE_TYPE(PefGuest, PEF_GUEST)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index ad21018b5aa..623842f8064 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -75,7 +75,7 @@
 #include "hw/virtio/vhost-scsi-common.h"
 
 #include "exec/ram_addr.h"
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 #include "hw/usb.h"
 #include "qemu/config-file.h"
 #include "qemu/error-report.h"
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index f4d64d64f94..b45d8963b36 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -14,7 +14,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "exec/ram_addr.h"
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 #include "hw/boards.h"
 #include "hw/s390x/s390-virtio-hcall.h"
 #include "hw/s390x/sclp.h"
diff --git a/system/vl.c b/system/vl.c
index a271ecc1acf..4785b3ff09a 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -107,7 +107,7 @@
 #include "qemu/plugin.h"
 #include "qemu/queue.h"
 #include "system/arch_init.h"
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 
 #include "ui/qemu-spice.h"
 #include "qapi/string-input-visitor.h"
diff --git a/target/s390x/kvm/pv.c b/target/s390x/kvm/pv.c
index e4b0d17a48a..69c1811e156 100644
--- a/target/s390x/kvm/pv.c
+++ b/target/s390x/kvm/pv.c
@@ -19,7 +19,7 @@
 #include "system/kvm.h"
 #include "system/cpus.h"
 #include "qom/object_interfaces.h"
-#include "exec/confidential-guest-support.h"
+#include "system/confidential-guest-support.h"
 #include "hw/s390x/ipl.h"
 #include "hw/s390x/sclp.h"
 #include "target/s390x/kvm/kvm_s390x.h"
-- 
2.45.2

[PATCH 2/2] target/i386/sev: Reduce system specific declarations

[Philippe Mathieu-Daudé]

"system/confidential-guest-support.h" is not needed,
remove it. Reorder #ifdef'ry to reduce declarations
exposed on user emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 target/i386/sev.h  | 29 ++++++++++++++++-------------
 hw/i386/pc_sysfw.c |  2 +-
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/target/i386/sev.h b/target/i386/sev.h
index 2664c0b1b6c..373669eaace 100644
--- a/target/i386/sev.h
+++ b/target/i386/sev.h
@@ -18,7 +18,17 @@
 #include CONFIG_DEVICES /* CONFIG_SEV */
 #endif
 
-#include "system/confidential-guest-support.h"
+#if !defined(CONFIG_SEV) || defined(CONFIG_USER_ONLY)
+#define sev_enabled() 0
+#define sev_es_enabled() 0
+#define sev_snp_enabled() 0
+#else
+bool sev_enabled(void);
+bool sev_es_enabled(void);
+bool sev_snp_enabled(void);
+#endif
+
+#if !defined(CONFIG_USER_ONLY)
 
 #define TYPE_SEV_COMMON "sev-common"
 #define TYPE_SEV_GUEST "sev-guest"
@@ -45,18 +55,6 @@ typedef struct SevKernelLoaderContext {
     size_t cmdline_size;
 } SevKernelLoaderContext;
 
-#ifdef CONFIG_SEV
-bool sev_enabled(void);
-bool sev_es_enabled(void);
-bool sev_snp_enabled(void);
-#else
-#define sev_enabled() 0
-#define sev_es_enabled() 0
-#define sev_snp_enabled() 0
-#endif
-
-uint32_t sev_get_cbit_position(void);
-uint32_t sev_get_reduced_phys_bits(void);
 bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp);
 
 int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp);
@@ -68,4 +66,9 @@ void sev_es_set_reset_vector(CPUState *cpu);
 
 void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size);
 
+#endif /* !CONFIG_USER_ONLY */
+
+uint32_t sev_get_cbit_position(void);
+uint32_t sev_get_reduced_phys_bits(void);
+
 #endif
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index da7ed121292..1eeb58ab37f 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -36,7 +36,7 @@
 #include "hw/qdev-properties.h"
 #include "hw/block/flash.h"
 #include "system/kvm.h"
-#include "sev.h"
+#include "target/i386/sev.h"
 
 #define FLASH_SECTOR_SIZE 4096
 
-- 
2.45.2

Re: [PATCH 1/2] system: Move 'exec/confidential-guest-support.h' to system/

[Thomas Huth]

On 18/12/2024 16.59, Philippe Mathieu-Daudé wrote:
> "exec/confidential-guest-support.h" is specific to system
> emulation, so move it under the system/ namespace.
> Mechanical change doing:
> 
>    $ sed -i \
>      -e 's,exec/confidential-guest-support.h,sysemu/confidential-guest-support.h,' \
>          $(git grep -l exec/confidential-guest-support.h)
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   include/{exec => system}/confidential-guest-support.h | 6 +++---
>   target/i386/confidential-guest.h                      | 2 +-
>   target/i386/sev.h                                     | 2 +-
>   backends/confidential-guest-support.c                 | 2 +-
>   hw/core/machine.c                                     | 2 +-
>   hw/ppc/pef.c                                          | 2 +-
>   hw/ppc/spapr.c                                        | 2 +-
>   hw/s390x/s390-virtio-ccw.c                            | 2 +-
>   system/vl.c                                           | 2 +-
>   target/s390x/kvm/pv.c                                 | 2 +-
>   10 files changed, 12 insertions(+), 12 deletions(-)
>   rename include/{exec => system}/confidential-guest-support.h (96%)

Reviewed-by: Thomas Huth <thuth@redhat.com>

Re: [PATCH 2/2] target/i386/sev: Reduce system specific declarations

[Thomas Huth]

On 18/12/2024 16.59, Philippe Mathieu-Daudé wrote:
> "system/confidential-guest-support.h" is not needed,
> remove it. Reorder #ifdef'ry to reduce declarations
> exposed on user emulation.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   target/i386/sev.h  | 29 ++++++++++++++++-------------
>   hw/i386/pc_sysfw.c |  2 +-
>   2 files changed, 17 insertions(+), 14 deletions(-)

Reviewed-by: Thomas Huth <thuth@redhat.com>

Re: [PATCH 1/2] system: Move 'exec/confidential-guest-support.h' to system/

[Philippe Mathieu-Daudé]

On 18/12/24 17:30, Zhao Liu wrote:
> On Wed, Dec 18, 2024 at 04:59:12PM +0100, Philippe Mathieu-Daudé wrote:
>> Date: Wed, 18 Dec 2024 16:59:12 +0100
>> From: Philippe Mathieu-Daudé <philmd@linaro.org>
>> Subject: [PATCH 1/2] system: Move 'exec/confidential-guest-support.h' to
>>   system/
>> X-Mailer: git-send-email 2.45.2
>>
>> "exec/confidential-guest-support.h" is specific to system
>> emulation, so move it under the system/ namespace.
>> Mechanical change doing:
>>
>>    $ sed -i \
>>      -e 's,exec/confidential-guest-support.h,sysemu/confidential-guest-support.h,' \
>>          $(git grep -l exec/confidential-guest-support.h)
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>>   include/{exec => system}/confidential-guest-support.h | 6 +++---
>>   target/i386/confidential-guest.h                      | 2 +-
>>   target/i386/sev.h                                     | 2 +-
>>   backends/confidential-guest-support.c                 | 2 +-
>>   hw/core/machine.c                                     | 2 +-
>>   hw/ppc/pef.c                                          | 2 +-
>>   hw/ppc/spapr.c                                        | 2 +-
>>   hw/s390x/s390-virtio-ccw.c                            | 2 +-
>>   system/vl.c                                           | 2 +-
>>   target/s390x/kvm/pv.c                                 | 2 +-
>>   10 files changed, 12 insertions(+), 12 deletions(-)
>>   rename include/{exec => system}/confidential-guest-support.h (96%)
>>
> 
> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
> 
> (MAINTAINERS is missed to change? :-))

Yeah there is no entry for CGS in MAINTAINERS :(

Re: [PATCH 2/2] target/i386/sev: Reduce system specific declarations

[Daniel P. Berrangé]

On Wed, Dec 18, 2024 at 04:59:13PM +0100, Philippe Mathieu-Daudé wrote:
> "system/confidential-guest-support.h" is not needed,
> remove it. Reorder #ifdef'ry to reduce declarations
> exposed on user emulation.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>  target/i386/sev.h  | 29 ++++++++++++++++-------------
>  hw/i386/pc_sysfw.c |  2 +-
>  2 files changed, 17 insertions(+), 14 deletions(-)
> 
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index 2664c0b1b6c..373669eaace 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -18,7 +18,17 @@
>  #include CONFIG_DEVICES /* CONFIG_SEV */
>  #endif
>  
> -#include "system/confidential-guest-support.h"
> +#if !defined(CONFIG_SEV) || defined(CONFIG_USER_ONLY)
> +#define sev_enabled() 0
> +#define sev_es_enabled() 0
> +#define sev_snp_enabled() 0
> +#else
> +bool sev_enabled(void);
> +bool sev_es_enabled(void);
> +bool sev_snp_enabled(void);
> +#endif
> +
> +#if !defined(CONFIG_USER_ONLY)

I'm surprised any of this header file is relevant to
user mode. If something is mistakely calling sev_ functions
from user mode compiled code, I'd be inclined to fix the
caller such that its #include ".../sev.h" can be wrapped
by !CONFIG_USER_ONLY

>  
>  #define TYPE_SEV_COMMON "sev-common"
>  #define TYPE_SEV_GUEST "sev-guest"
> @@ -45,18 +55,6 @@ typedef struct SevKernelLoaderContext {
>      size_t cmdline_size;
>  } SevKernelLoaderContext;
>  
> -#ifdef CONFIG_SEV
> -bool sev_enabled(void);
> -bool sev_es_enabled(void);
> -bool sev_snp_enabled(void);
> -#else
> -#define sev_enabled() 0
> -#define sev_es_enabled() 0
> -#define sev_snp_enabled() 0
> -#endif
> -
> -uint32_t sev_get_cbit_position(void);
> -uint32_t sev_get_reduced_phys_bits(void);
>  bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp);
>  
>  int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp);
> @@ -68,4 +66,9 @@ void sev_es_set_reset_vector(CPUState *cpu);
>  
>  void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size);
>  
> +#endif /* !CONFIG_USER_ONLY */
> +
> +uint32_t sev_get_cbit_position(void);
> +uint32_t sev_get_reduced_phys_bits(void);
> +
>  #endif
> diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
> index da7ed121292..1eeb58ab37f 100644
> --- a/hw/i386/pc_sysfw.c
> +++ b/hw/i386/pc_sysfw.c
> @@ -36,7 +36,7 @@
>  #include "hw/qdev-properties.h"
>  #include "hw/block/flash.h"
>  #include "system/kvm.h"
> -#include "sev.h"
> +#include "target/i386/sev.h"
>  
>  #define FLASH_SECTOR_SIZE 4096
>  
> -- 
> 2.45.2
> 
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH 2/2] target/i386/sev: Reduce system specific declarations

[Philippe Mathieu-Daudé]

On 18/12/24 16:59, Philippe Mathieu-Daudé wrote:
> "system/confidential-guest-support.h" is not needed,
> remove it. Reorder #ifdef'ry to reduce declarations
> exposed on user emulation.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   target/i386/sev.h  | 29 ++++++++++++++++-------------
>   hw/i386/pc_sysfw.c |  2 +-
>   2 files changed, 17 insertions(+), 14 deletions(-)


> +#if !defined(CONFIG_USER_ONLY)
>   
>   #define TYPE_SEV_COMMON "sev-common"
>   #define TYPE_SEV_GUEST "sev-guest"
> @@ -45,18 +55,6 @@ typedef struct SevKernelLoaderContext {
>       size_t cmdline_size;
>   } SevKernelLoaderContext;
>   
> -#ifdef CONFIG_SEV
> -bool sev_enabled(void);
> -bool sev_es_enabled(void);
> -bool sev_snp_enabled(void);
> -#else
> -#define sev_enabled() 0
> -#define sev_es_enabled() 0
> -#define sev_snp_enabled() 0
> -#endif
> -
> -uint32_t sev_get_cbit_position(void);
> -uint32_t sev_get_reduced_phys_bits(void);
>   bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp);
>   
>   int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp);

The motivation is to reduce system-specific definitions
exposed to user-mode in target/i386/cpu.c, like hwaddr &co,
but I'm not there yet and have too many local patches so
starting to send what's ready.

> @@ -68,4 +66,9 @@ void sev_es_set_reset_vector(CPUState *cpu);
>   
>   void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size);
>   
> +#endif /* !CONFIG_USER_ONLY */
> +
> +uint32_t sev_get_cbit_position(void);
> +uint32_t sev_get_reduced_phys_bits(void);
> +
>   #endif

Re: [PATCH 2/2] target/i386/sev: Reduce system specific declarations

[Philippe Mathieu-Daudé]

On 18/12/24 17:17, Daniel P. Berrangé wrote:
> On Wed, Dec 18, 2024 at 04:59:13PM +0100, Philippe Mathieu-Daudé wrote:
>> "system/confidential-guest-support.h" is not needed,
>> remove it. Reorder #ifdef'ry to reduce declarations
>> exposed on user emulation.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>>   target/i386/sev.h  | 29 ++++++++++++++++-------------
>>   hw/i386/pc_sysfw.c |  2 +-
>>   2 files changed, 17 insertions(+), 14 deletions(-)
>>
>> diff --git a/target/i386/sev.h b/target/i386/sev.h
>> index 2664c0b1b6c..373669eaace 100644
>> --- a/target/i386/sev.h
>> +++ b/target/i386/sev.h
>> @@ -18,7 +18,17 @@
>>   #include CONFIG_DEVICES /* CONFIG_SEV */
>>   #endif
>>   
>> -#include "system/confidential-guest-support.h"
>> +#if !defined(CONFIG_SEV) || defined(CONFIG_USER_ONLY)
>> +#define sev_enabled() 0
>> +#define sev_es_enabled() 0
>> +#define sev_snp_enabled() 0
>> +#else
>> +bool sev_enabled(void);
>> +bool sev_es_enabled(void);
>> +bool sev_snp_enabled(void);
>> +#endif
>> +
>> +#if !defined(CONFIG_USER_ONLY)
> 
> I'm surprised any of this header file is relevant to
> user mode. If something is mistakely calling sev_ functions
> from user mode compiled code, I'd be inclined to fix the
> caller such that its #include ".../sev.h" can be wrapped
> by !CONFIG_USER_ONLY

I forgot to mention and just replied in another post:

   The motivation is to reduce system-specific definitions
   exposed to user-mode in target/i386/cpu.c, like hwaddr &co,
   but I'm not there yet and have too many local patches so
   starting to send what's ready.

WRT SEV what is bugging me is in cpu_x86_cpuid():

target/i386/cpu.c-7137-    case 0x8000001F:
target/i386/cpu.c-7138-        *eax = *ebx = *ecx = *edx = 0;
target/i386/cpu.c:7139:        if (sev_enabled()) {
target/i386/cpu.c-7140-            *eax = 0x2;
target/i386/cpu.c-7141-            *eax |= sev_es_enabled() ? 0x8 : 0;
target/i386/cpu.c-7142-            *eax |= sev_snp_enabled() ? 0x10 : 0;
target/i386/cpu.c-7143-            *ebx = sev_get_cbit_position() & 
0x3f; /* EBX[5:0] */
target/i386/cpu.c-7144-            *ebx |= (sev_get_reduced_phys_bits() 
& 0x3f) << 6; /* EBX[11:6] */
target/i386/cpu.c-7145-        }
target/i386/cpu.c-7146-        break;

but maybe I can use #ifdef'ry around CONFIG_USER_ONLY like
with SGX:

     case 0x12:
#ifndef CONFIG_USER_ONLY
         if (count > 1) {
             uint64_t epc_addr, epc_size;

             if (sgx_epc_get_section(count - 2, &epc_addr, &epc_size)) {
                 *eax = *ebx = *ecx = *edx = 0;
                 break;
             }
             ...
#endif
         break;

> 
>>   
>>   #define TYPE_SEV_COMMON "sev-common"
>>   #define TYPE_SEV_GUEST "sev-guest"
>> @@ -45,18 +55,6 @@ typedef struct SevKernelLoaderContext {
>>       size_t cmdline_size;
>>   } SevKernelLoaderContext;
>>   
>> -#ifdef CONFIG_SEV
>> -bool sev_enabled(void);
>> -bool sev_es_enabled(void);
>> -bool sev_snp_enabled(void);
>> -#else
>> -#define sev_enabled() 0
>> -#define sev_es_enabled() 0
>> -#define sev_snp_enabled() 0
>> -#endif
>> -
>> -uint32_t sev_get_cbit_position(void);
>> -uint32_t sev_get_reduced_phys_bits(void);
>>   bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp);
>>   
>>   int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp);

Re: [PATCH 1/2] system: Move 'exec/confidential-guest-support.h' to system/

[Zhao Liu]

On Wed, Dec 18, 2024 at 04:59:12PM +0100, Philippe Mathieu-Daudé wrote:
> Date: Wed, 18 Dec 2024 16:59:12 +0100
> From: Philippe Mathieu-Daudé <philmd@linaro.org>
> Subject: [PATCH 1/2] system: Move 'exec/confidential-guest-support.h' to
>  system/
> X-Mailer: git-send-email 2.45.2
> 
> "exec/confidential-guest-support.h" is specific to system
> emulation, so move it under the system/ namespace.
> Mechanical change doing:
> 
>   $ sed -i \
>     -e 's,exec/confidential-guest-support.h,sysemu/confidential-guest-support.h,' \
>         $(git grep -l exec/confidential-guest-support.h)
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>  include/{exec => system}/confidential-guest-support.h | 6 +++---
>  target/i386/confidential-guest.h                      | 2 +-
>  target/i386/sev.h                                     | 2 +-
>  backends/confidential-guest-support.c                 | 2 +-
>  hw/core/machine.c                                     | 2 +-
>  hw/ppc/pef.c                                          | 2 +-
>  hw/ppc/spapr.c                                        | 2 +-
>  hw/s390x/s390-virtio-ccw.c                            | 2 +-
>  system/vl.c                                           | 2 +-
>  target/s390x/kvm/pv.c                                 | 2 +-
>  10 files changed, 12 insertions(+), 12 deletions(-)
>  rename include/{exec => system}/confidential-guest-support.h (96%)
> 

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>

(MAINTAINERS is missed to change? :-))

Re: [PATCH 2/2] target/i386/sev: Reduce system specific declarations

[Zhao Liu]

On Wed, Dec 18, 2024 at 04:59:13PM +0100, Philippe Mathieu-Daudé wrote:
> Date: Wed, 18 Dec 2024 16:59:13 +0100
> From: Philippe Mathieu-Daudé <philmd@linaro.org>
> Subject: [PATCH 2/2] target/i386/sev: Reduce system specific declarations
> X-Mailer: git-send-email 2.45.2
> 
> "system/confidential-guest-support.h" is not needed,
> remove it. Reorder #ifdef'ry to reduce declarations
> exposed on user emulation.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>  target/i386/sev.h  | 29 ++++++++++++++++-------------
>  hw/i386/pc_sysfw.c |  2 +-
>  2 files changed, 17 insertions(+), 14 deletions(-)
> 

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>