From: Tyler Fanelli <tfanelli@redhat.com>
To: qemu-devel@nongnu.org
Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com,
Tyler Fanelli <tfanelli@redhat.com>
Subject: [RFC PATCH 6/8] i386/sev: Replace LAUNCH_MEASURE ioctl with sev library equivalent
Date: Thu, 14 Sep 2023 12:33:57 -0400 [thread overview]
Message-ID: <20230914163358.379957-7-tfanelli@redhat.com> (raw)
In-Reply-To: <20230914163358.379957-1-tfanelli@redhat.com>
The LAUNCH_MEASURE API returns the measurement of the launched guest's
memory pages (and VMCB save areas if ES is enabled). The caller is
responsible for ensuring that the pointer (identified as the "data"
argument) is a valid pointer that can hold the guest's measurement (a
measurement in SEV is 48 bytes in size).
If this API ioctl call fails, fw_error will be set accordingly.
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
---
target/i386/sev.c | 24 ++++++------------------
target/i386/sev.h | 2 ++
2 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index adb35291e8..f53ff140e3 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -721,7 +721,6 @@ sev_launch_get_measure(Notifier *notifier, void *unused)
SevGuestState *sev = sev_guest;
int ret, fw_error;
g_autofree guchar *data = NULL;
- struct kvm_sev_launch_measure measurement = {};
KVMState *s = kvm_state;
if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) {
@@ -738,31 +737,20 @@ sev_launch_get_measure(Notifier *notifier, void *unused)
}
}
- /* query the measurement blob length */
- ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
- &measurement, &fw_error);
- if (!measurement.len) {
- error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
- __func__, ret, fw_error, fw_error_to_str(fw_error));
- return;
- }
+ data = g_malloc(SEV_MEASUREMENT_SIZE);
- data = g_new0(guchar, measurement.len);
- measurement.uaddr = (unsigned long)data;
-
- /* get the measurement blob */
- ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
- &measurement, &fw_error);
+ ret = sev_launch_measure(s->vmfd, data, &fw_error);
if (ret) {
- error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
- __func__, ret, fw_error, fw_error_to_str(fw_error));
+ error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", __func__,
+ ret, fw_error, fw_error_to_str(fw_error));
+
return;
}
sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET);
/* encode the measurement value and emit the event */
- sev->measurement = g_base64_encode(data, measurement.len);
+ sev->measurement = g_base64_encode(data, SEV_MEASUREMENT_SIZE);
trace_kvm_sev_launch_measurement(sev->measurement);
}
diff --git a/target/i386/sev.h b/target/i386/sev.h
index e7499c95b1..acb181358e 100644
--- a/target/i386/sev.h
+++ b/target/i386/sev.h
@@ -38,6 +38,8 @@ typedef struct SevKernelLoaderContext {
size_t cmdline_size;
} SevKernelLoaderContext;
+#define SEV_MEASUREMENT_SIZE 48
+
#ifdef CONFIG_SEV
bool sev_enabled(void);
bool sev_es_enabled(void);
--
2.40.1
next prev parent reply other threads:[~2023-09-14 20:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-14 16:33 [RFC PATCH 0/8] i386/sev: Use C API of Rust SEV library Tyler Fanelli
2023-09-14 16:33 ` [RFC PATCH 1/8] Add SEV Rust library as dependency with CONFIG_SEV Tyler Fanelli
2023-09-14 16:33 ` [RFC PATCH 2/8] i386/sev: Replace INIT and ES_INIT ioctls with sev library equivalents Tyler Fanelli
2023-09-14 16:33 ` [RFC PATCH 3/8] i386/sev: Replace LAUNCH_START ioctl with sev library equivalent Tyler Fanelli
2023-09-14 16:33 ` [RFC PATCH 4/8] i386/sev: Replace UPDATE_DATA " Tyler Fanelli
2023-09-14 16:33 ` [RFC PATCH 5/8] i386/sev: Replace LAUNCH_UPDATE_VMSA " Tyler Fanelli
2023-09-14 16:33 ` Tyler Fanelli [this message]
2023-09-14 16:33 ` [RFC PATCH 7/8] i386/sev: Replace LAUNCH_SECRET " Tyler Fanelli
2023-09-14 16:33 ` [RFC PATCH 8/8] i386/sev: Replace LAUNCH_FINISH " Tyler Fanelli
-- strict thread matches above, loose matches on Subject: below --
2023-09-14 17:58 [RFC PATCH 0/8] i386/sev: Use C API of Rust SEV library Tyler Fanelli
2023-09-14 17:58 ` [RFC PATCH 6/8] i386/sev: Replace LAUNCH_MEASURE ioctl with sev library equivalent Tyler Fanelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230914163358.379957-7-tfanelli@redhat.com \
--to=tfanelli@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).