Re: [PATCH v2 06/10] i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM

[Roy Hopkins <roy.hopkins@suse.com>]

On Thu, 2024-04-04 at 18:06 +0530, Ani Sinha wrote:
> 
> 
> > On 3 Apr 2024, at 16:41, Roy Hopkins <roy.hopkins@suse.com> wrote:
> > 
> > When using an IGVM file the configuration of the system firmware is
> > defined by IGVM directives contained in the file. In this case the user
> > should not configure any pflash devices.
> > 
> > This commit skips initialization of the ROM mode when pflash0 is not set
> > then checks to ensure no pflash devices have been configured when using
> > IGVM, exiting with an error message if this is not the case.
> > 
> > Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
> > ---
> > hw/i386/pc_sysfw.c | 23 +++++++++++++++++++++--
> > 1 file changed, 21 insertions(+), 2 deletions(-)
> > 
> > diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
> > index 3efabbbab2..2412f26225 100644
> > --- a/hw/i386/pc_sysfw.c
> > +++ b/hw/i386/pc_sysfw.c
> > @@ -226,8 +226,13 @@ void pc_system_firmware_init(PCMachineState *pcms,
> >     }
> > 
> >     if (!pflash_blk[0]) {
> > -        /* Machine property pflash0 not set, use ROM mode */
> > -        x86_bios_rom_init(MACHINE(pcms), "bios.bin", rom_memory, false);
> > +        /*
> > +         * Machine property pflash0 not set, use ROM mode unless using
> > IGVM,
> > +         * in which case the firmware must be provided by the IGVM file.
> 
> What if the igvm file does not contain a firmware? Can we have a check for
> that case somewhere and assert if firmware is absent?
> 
I don't think we can easily check for presence of firmware. In fact, using IGVM
means that you can effectively launch a guest without traditional firmware. A
good example of this is if you use IGVM to deploy an SVSM module that is used to
help with guest migration. In this case, the SVSM code would be placed in memory
(by the IGVM directives) and the initial CPU state configured to launch the SVSM
kernel directly.

> > +         */
> > +        if (!cgs_is_igvm(MACHINE(pcms)->cgs)) {
> > +            x86_bios_rom_init(MACHINE(pcms), "bios.bin", rom_memory,
> > false);
> > +        }
> >     } else {
> >         if (kvm_enabled() && !kvm_readonly_mem_enabled()) {
> >             /*
> > @@ -243,6 +248,20 @@ void pc_system_firmware_init(PCMachineState *pcms,
> >     }
> > 
> >     pc_system_flash_cleanup_unused(pcms);
> > +
> > +    /*
> > +     * The user should not have specified any pflash devices when using
> > IGVM
> > +     * to configure the guest.
> > +     */
> > +    if (cgs_is_igvm(MACHINE(pcms)->cgs)) {
> > +        for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) {
> > +            if (pcms->flash[i]) {
> > +                error_report("pflash devices cannot be configured when "
> > +                             "using IGVM");
> > +                exit(1);
> > +            }
> > +        }
> > +    }
> 
> I have not tested this change but looking at pc_system_flash_create() creates
> flash[0] and flash[1] for all cases (well except for isapc machines). So for
> igvm case, would this not cause an exit all the time?
> 
Although the flash devices are created, if they are not configured then they are
removed by the call to pc_system_flash_cleanup_unused() above, meaning that this
check succeeds in the IGVM case.

> > }
> > 
> > void x86_firmware_configure(void *ptr, int size)
> > -- 
> > 2.43.0
> > 
> 

Regards,
Roy