[PATCH 0/2] avoid assertion failure when trying confidential guests without KVM

[PATCH 0/2] avoid assertion failure when trying confidential guests without KVM

[Paolo Bonzini]

When using confidential guests and forgetting the accelerator, the result
is not very nice:

    $ qemu-system-x86_64 -object sev-guest,id=sev0,policy=0x5,id=sev0,cbitpos=51,reduced-phys-bits=1 -M confidential-guest-support=sev0
    qemu-system-x86_64: ../softmmu/vl.c:2619: qemu_machine_creation_done: Assertion `machine->cgs->ready' failed.

Assume that the lack of initialization is due to missing code in the
accelerator to look at current_machine->cgs, and report a nicer
error error.

Paolo Bonzini (2):
  vl: convert qemu_machine_creation_done() to Error **
  vl: do not assert if sev-guest is used together with TCG

 system/vl.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

-- 
2.44.0

[PATCH 1/2] vl: convert qemu_machine_creation_done() to Error **

[Paolo Bonzini]

Allow using Error ** to pass an error string up to qmp_x_exit_preconfig()
and possibly main().

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 system/vl.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/system/vl.c b/system/vl.c
index 70f4cece7f9..0c970cf0203 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -2653,7 +2653,7 @@ static void qemu_create_cli_devices(void)
     rom_reset_order_override();
 }
 
-static void qemu_machine_creation_done(void)
+static bool qemu_machine_creation_done(Error **errp)
 {
     MachineState *machine = MACHINE(qdev_get_machine());
 
@@ -2684,7 +2684,8 @@ static void qemu_machine_creation_done(void)
     }
 
     if (foreach_device_config(DEV_GDB, gdbserver_start) < 0) {
-        exit(1);
+        error_setg(errp, "could not start gdbserver");
+        return false;
     }
     if (!vga_interface_created && !default_vga &&
         vga_interface_type != VGA_NONE) {
@@ -2692,6 +2693,7 @@ static void qemu_machine_creation_done(void)
                     "type does not use that option; "
                     "No VGA device has been created");
     }
+    return true;
 }
 
 void qmp_x_exit_preconfig(Error **errp)
@@ -2703,7 +2705,9 @@ void qmp_x_exit_preconfig(Error **errp)
 
     qemu_init_board();
     qemu_create_cli_devices();
-    qemu_machine_creation_done();
+    if (!qemu_machine_creation_done(errp)) {
+        return;
+    }
 
     if (loadvm) {
         RunState state = autostart ? RUN_STATE_RUNNING : runstate_get();
-- 
2.44.0

[PATCH 2/2] vl: do not assert if sev-guest is used together with TCG

[Paolo Bonzini]

cgs->ready can be false if the accelerator does not look at
current_machine->cgs altogether.

Assume that the lack of initialization is due to this, and
report a nicer error instead of an assertion failure:

    $ qemu-system-x86_64 -object sev-guest,id=sev0,policy=0x5,id=sev0,cbitpos=51,reduced-phys-bits=1 -M confidential-guest-support=sev0
    qemu-system-x86_64: ../softmmu/vl.c:2619: qemu_machine_creation_done: Assertion `machine->cgs->ready' failed.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 system/vl.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/system/vl.c b/system/vl.c
index 0c970cf0203..c6442229824 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -2676,11 +2676,10 @@ static bool qemu_machine_creation_done(Error **errp)
 
     qdev_machine_creation_done();
 
-    if (machine->cgs) {
-        /*
-         * Verify that Confidential Guest Support has actually been initialized
-         */
-        assert(machine->cgs->ready);
+    if (machine->cgs && !machine->cgs->ready) {
+        error_setg(errp, "accelerator does not support confidential guest %s",
+                   object_get_typename(OBJECT(machine->cgs)));
+        exit(1);
     }
 
     if (foreach_device_config(DEV_GDB, gdbserver_start) < 0) {
-- 
2.44.0

Re: [PATCH 1/2] vl: convert qemu_machine_creation_done() to Error **

[Philippe Mathieu-Daudé]

On 18/3/24 22:56, Paolo Bonzini wrote:
> Allow using Error ** to pass an error string up to qmp_x_exit_preconfig()
> and possibly main().
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   system/vl.c | 10 +++++++---
>   1 file changed, 7 insertions(+), 3 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>