[RFC PATCH v2 3/9] i386/sev: Replace LAUNCH_START ioctl with sev library equivalent

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Tyler Fanelli <tfanelli@redhat.com>
To: qemu-devel@nongnu.org
Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com,
	philmd@linaro.org, berrange@redhat.com,
	marcandre.lureau@gmail.com, Tyler Fanelli <tfanelli@redhat.com>
Subject: [RFC PATCH v2 3/9] i386/sev: Replace LAUNCH_START ioctl with sev library equivalent
Date: Wed,  4 Oct 2023 16:34:12 -0400	[thread overview]
Message-ID: <20231004203418.56508-4-tfanelli@redhat.com> (raw)
In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com>

The sev library offers an equivalent API for SEV_LAUNCH_START. The
library contains some internal state for each VM it's currently running,
and organizes the internal state for each VM via it's file descriptor.
Therefore, the VM's file descriptor must be provided as input.

If this API ioctl call fails, fw_error will be set accordingly.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
---
 target/i386/sev.c | 80 ++++++++++++++++++-----------------------------
 1 file changed, 30 insertions(+), 50 deletions(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 97388f5fa2..4c888fa77f 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -715,51 +715,6 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len)
     return 0;
 }
 
-static int
-sev_launch_start(SevGuestState *sev)
-{
-    gsize sz;
-    int ret = 1;
-    int fw_error, rc;
-    struct kvm_sev_launch_start start = {
-        .handle = sev->handle, .policy = sev->policy
-    };
-    guchar *session = NULL, *dh_cert = NULL;
-
-    if (sev->session_file) {
-        if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
-            goto out;
-        }
-        start.session_uaddr = (unsigned long)session;
-        start.session_len = sz;
-    }
-
-    if (sev->dh_cert_file) {
-        if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
-            goto out;
-        }
-        start.dh_uaddr = (unsigned long)dh_cert;
-        start.dh_len = sz;
-    }
-
-    trace_kvm_sev_launch_start(start.policy, session, dh_cert);
-    rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error);
-    if (rc < 0) {
-        error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
-                __func__, ret, fw_error, fw_error_to_str(fw_error));
-        goto out;
-    }
-
-    sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE);
-    sev->handle = start.handle;
-    ret = 0;
-
-out:
-    g_free(session);
-    g_free(dh_cert);
-    return ret;
-}
-
 static int
 sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len)
 {
@@ -913,11 +868,13 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
     SevGuestState *sev
         = (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
+    gsize sz;
     char *devname;
-    int ret, fw_error;
+    int ret = -1, fw_error;
     uint32_t ebx;
     uint32_t host_cbitpos;
     struct sev_user_data_status status = {};
+    guchar *session = NULL, *dh_cert = NULL;
     KVMState *s = kvm_state;
 
     if (!sev) {
@@ -1007,23 +964,46 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
         goto err;
     }
 
-    ret = sev_launch_start(sev);
+    if (!sev->session_file || !sev->dh_cert_file) {
+        goto err;
+    }
+
+    if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
+        goto err;
+    }
+
+    if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
+        goto err;
+    }
+
+    ret = sev_launch_start(s->vmfd, sev->policy, (void *) dh_cert,
+                           (void *) session, &fw_error);
     if (ret) {
-        error_setg(errp, "%s: failed to create encryption context", __func__);
+        error_setg(errp, "%s: LAUNCH_START ret=%d fw_error=%d '%s'",
+                   __func__, ret, fw_error, fw_error_to_str(fw_error));
         goto err;
     }
 
+    sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE);
+
     ram_block_notifier_add(&sev_ram_notifier);
     qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
     qemu_add_vm_change_state_handler(sev_vm_state_change, sev);
 
     cgs->ready = true;
 
-    return 0;
+    ret = 0;
+    goto out;
+
 err:
     sev_guest = NULL;
     ram_block_discard_disable(false);
-    return -1;
+out:
+    g_free(session);
+    g_free(dh_cert);
+
+    return ret;
+
 }
 
 int
-- 
2.40.1

next prev parent reply	other threads:[~2023-10-04 20:35 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-04 20:34 [RFC PATCH v2 0/9] i386/sev: Use C API of Rust SEV library Tyler Fanelli
2023-10-04 20:34 ` [RFC PATCH v2 1/9] Add Rust SEV library as subproject Tyler Fanelli
2023-10-05  6:03   ` Philippe Mathieu-Daudé
2023-10-05 23:41     ` Tyler Fanelli
2023-10-11  3:05     ` Tyler Fanelli
2023-10-05 15:54   ` Stefan Hajnoczi
2023-10-11  3:10     ` Tyler Fanelli
2023-10-13 18:09       ` Manos Pitsidianakis
2023-10-13 18:20         ` Tyler Fanelli
2023-10-16  9:16           ` Daniel P. Berrangé
2023-10-16 13:38             ` Philippe Mathieu-Daudé
2023-10-16 13:51             ` Stefan Hajnoczi
2024-03-05 13:47   ` Daniel P. Berrangé
2024-03-05 15:40     ` Philippe Mathieu-Daudé
2023-10-04 20:34 ` [RFC PATCH v2 2/9] i386/sev: Replace INIT and ES_INIT ioctls with sev library equivalents Tyler Fanelli
2023-10-04 20:34 ` Tyler Fanelli [this message]
2023-10-04 20:34 ` [RFC PATCH v2 4/9] i386/sev: Replace UPDATE_DATA ioctl with sev library equivalent Tyler Fanelli
2023-10-04 20:34 ` [RFC PATCH v2 5/9] i386/sev: Replace LAUNCH_UPDATE_VMSA " Tyler Fanelli
2023-10-04 20:34 ` [RFC PATCH v2 6/9] i386/sev: Replace LAUNCH_MEASURE " Tyler Fanelli
2023-10-04 20:34 ` [RFC PATCH v2 7/9] i386/sev: Replace LAUNCH_SECRET " Tyler Fanelli
2023-10-04 20:34 ` [RFC PATCH v2 8/9] i386/sev: Replace LAUNCH_FINISH " Tyler Fanelli
2023-10-04 20:34 ` [RFC PATCH v2 9/9] i386/sev: Replace SEV_ATTESTATION_REPORT " Tyler Fanelli

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:97388f5fa dfblob:4c888fa77 )
 OR (
bs:"[RFC PATCH v2 3/9] i386/sev: Replace LAUNCH_START ioctl with sev library equivalent" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231004203418.56508-4-tfanelli@redhat.com \
    --to=tfanelli@redhat.com \
    --cc=berrange@redhat.com \
    --cc=marcandre.lureau@gmail.com \
    --cc=mtosatti@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).