From: Richard Henderson <richard.henderson@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: Brijesh Singh <brijesh.singh@amd.com>,
Michael Roth <michael.roth@amd.com>,
Pankaj Gupta <pankaj.gupta@amd.com>
Subject: Re: [PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data
Date: Mon, 24 Jun 2024 16:07:16 -0700 [thread overview]
Message-ID: <91f19b8d-387a-47cd-b7cc-19cdf4442473@linaro.org> (raw)
In-Reply-To: <20240604064409.957105-31-pbonzini@redhat.com>
On 6/3/24 23:43, Paolo Bonzini wrote:
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> Process any queued up launch data and encrypt/measure it into the SNP
> guest instance prior to initial guest launch.
>
> This also updates the KVM_SEV_SNP_LAUNCH_UPDATE call to handle partial
> update responses.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Co-developed-by: Michael Roth <michael.roth@amd.com>
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> Co-developed-by: Pankaj Gupta <pankaj.gupta@amd.com>
> Signed-off-by: Pankaj Gupta <pankaj.gupta@amd.com>
> Message-ID: <20240530111643.1091816-17-pankaj.gupta@amd.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> target/i386/sev.c | 112 ++++++++++++++++++++++++++++++++++++++-
> target/i386/trace-events | 2 +
> 2 files changed, 113 insertions(+), 1 deletion(-)
>
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index e89b87d2f55..ef2e592ca76 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -756,6 +756,76 @@ out:
> return ret;
> }
>
> +static const char *
> +snp_page_type_to_str(int type)
> +{
> + switch (type) {
> + case KVM_SEV_SNP_PAGE_TYPE_NORMAL: return "Normal";
> + case KVM_SEV_SNP_PAGE_TYPE_ZERO: return "Zero";
> + case KVM_SEV_SNP_PAGE_TYPE_UNMEASURED: return "Unmeasured";
> + case KVM_SEV_SNP_PAGE_TYPE_SECRETS: return "Secrets";
> + case KVM_SEV_SNP_PAGE_TYPE_CPUID: return "Cpuid";
> + default: return "unknown";
> + }
> +}
> +
> +static int
> +sev_snp_launch_update(SevSnpGuestState *sev_snp_guest,
> + SevLaunchUpdateData *data)
> +{
> + int ret, fw_error;
> + struct kvm_sev_snp_launch_update update = {0};
> +
> + if (!data->hva || !data->len) {
> + error_report("SNP_LAUNCH_UPDATE called with invalid address"
> + "/ length: %p / %lx",
> + data->hva, data->len);
This patch does not compile on 32-bit x86:
../src/target/i386/sev.c: In function 'sev_snp_launch_update':
../src/target/i386/sev.c:886:22: error: format '%lx' expects argument of type 'long
unsigned int', but argument 3 has type 'uint64_t' {aka 'long long unsigned int'}
[-Werror=format=]
886 | error_report("SNP_LAUNCH_UPDATE called with invalid address"
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
887 | "/ length: %p / %lx",
888 | data->hva, data->len);
| ~~~~~~~~~
| |
| uint64_t {aka long long unsigned int}
../src/target/i386/sev.c:935:22: error: format '%lx' expects argument of type 'long
unsigned int', but argument 2 has type 'hwaddr' {aka 'long long unsigned int'}
[-Werror=format=]
935 | error_report("SEV-SNP: expected update of GPA range %lx-%lx,"
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
936 | "got GPA range %lx-%llx",
937 | data->gpa, data->gpa + data->len, data->gpa,
| ~~~~~~~~~
| |
| hwaddr {aka long long unsigned int}
../src/target/i386/sev.c:935:22: error: format '%lx' expects argument of type 'long
unsigned int', but argument 3 has type 'long long unsigned int' [-Werror=format=]
935 | error_report("SEV-SNP: expected update of GPA range %lx-%lx,"
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
936 | "got GPA range %lx-%llx",
937 | data->gpa, data->gpa + data->len, data->gpa,
| ~~~~~~~~~~~~~~~~~~~~~
| |
| long long unsigned int
../src/target/i386/sev.c:935:22: error: format '%lx' expects argument of type 'long
unsigned int', but argument 4 has type 'hwaddr' {aka 'long long unsigned int'}
[-Werror=format=]
935 | error_report("SEV-SNP: expected update of GPA range %lx-%lx,"
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
936 | "got GPA range %lx-%llx",
937 | data->gpa, data->gpa + data->len, data->gpa,
| ~~~~~~~~~
| |
| hwaddr {aka long long
unsigned int}
In file included from ../src/target/i386/sev.c:22:
../src/target/i386/sev.c: In function 'sev_snp_guest_set_guest_visible_workarounds':
/home/rth/qemu/src/include/qapi/error.h:319:25: error: format '%lu' expects argument of
type 'long unsigned int', but argument 6 has type 'gsize' {aka 'unsigned int'}
[-Werror=format=]
319 | (fmt), ## __VA_ARGS__)
| ^~~~~
../src/target/i386/sev.c:2149:9: note: in expansion of macro 'error_setg'
2149 | error_setg(errp, "parameter length of %lu exceeds max of %lu",
| ^~~~~~~~~~
/home/rth/qemu/src/include/qapi/error.h:319:25: error: format '%lu' expects argument of
type 'long unsigned int', but argument 7 has type 'unsigned int' [-Werror=format=]
319 | (fmt), ## __VA_ARGS__)
| ^~~~~
../src/target/i386/sev.c:2149:9: note: in expansion of macro 'error_setg'
2149 | error_setg(errp, "parameter length of %lu exceeds max of %lu",
| ^~~~~~~~~~
../src/target/i386/sev.c: In function 'sev_snp_guest_set_id_block':
../src/target/i386/sev.c:2174:12: error: cast to pointer from integer of different size
[-Werror=int-to-pointer-cast]
2174 | g_free((guchar *)finish->id_block_uaddr);
| ^
../src/target/i386/sev.c:2180:9: error: cast from pointer to integer of different size
[-Werror=pointer-to-int-cast]
2180 | (uint64_t)qbase64_decode(sev_snp_guest->id_block, -1, &len, errp);
| ^
/home/rth/qemu/src/include/qapi/error.h:319:25: error: format '%lu' expects argument of
type 'long unsigned int', but argument 6 has type 'gsize' {aka 'unsigned int'}
[-Werror=format=]
319 | (fmt), ## __VA_ARGS__)
| ^~~~~
../src/target/i386/sev.c:2187:9: note: in expansion of macro 'error_setg'
2187 | error_setg(errp, "parameter length of %lu not equal to %u",
| ^~~~~~~~~~
../src/target/i386/sev.c: In function 'sev_snp_guest_set_id_auth':
../src/target/i386/sev.c:2211:12: error: cast to pointer from integer of different size
[-Werror=int-to-pointer-cast]
2211 | g_free((guchar *)finish->id_auth_uaddr);
| ^
../src/target/i386/sev.c:2217:9: error: cast from pointer to integer of different size
[-Werror=pointer-to-int-cast]
2217 | (uint64_t)qbase64_decode(sev_snp_guest->id_auth, -1, &len, errp);
| ^
/home/rth/qemu/src/include/qapi/error.h:319:25: error: format '%lu' expects argument of
type 'long unsigned int', but argument 6 has type 'gsize' {aka 'unsigned int'}
[-Werror=format=]
319 | (fmt), ## __VA_ARGS__)
| ^~~~~
../src/target/i386/sev.c:2224:9: note: in expansion of macro 'error_setg'
2224 | error_setg(errp, "parameter length:ID_AUTH %lu exceeds max of %u",
| ^~~~~~~~~~
../src/target/i386/sev.c: In function 'sev_snp_guest_set_host_data':
/home/rth/qemu/src/include/qapi/error.h:319:25: error: format '%lu' expects argument of
type 'long unsigned int', but argument 6 has type 'gsize' {aka 'unsigned int'}
[-Werror=format=]
319 | (fmt), ## __VA_ARGS__)
| ^~~~~
../src/target/i386/sev.c:2290:9: note: in expansion of macro 'error_setg'
2290 | error_setg(errp, "parameter length of %lu not equal to %lu",
| ^~~~~~~~~~
/home/rth/qemu/src/include/qapi/error.h:319:25: error: format '%lu' expects argument of
type 'long unsigned int', but argument 7 has type 'unsigned int' [-Werror=format=]
319 | (fmt), ## __VA_ARGS__)
| ^~~~~
../src/target/i386/sev.c:2290:9: note: in expansion of macro 'error_setg'
2290 | error_setg(errp, "parameter length of %lu not equal to %lu",
| ^~~~~~~~~~
cc1: all warnings being treated as errors
ninja: build stopped: subcommand failed.
r~
next prev parent reply other threads:[~2024-06-24 23:08 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 6:43 [PULL 00/45] mostly i386 patches for 2024-06-04 Paolo Bonzini
2024-06-04 6:43 ` [PULL 01/45] virtio-blk: remove SCSI passthrough functionality Paolo Bonzini
2024-06-04 14:33 ` Richard Henderson
2024-06-04 6:43 ` [PULL 02/45] host/i386: nothing looks at CPUINFO_SSE4 Paolo Bonzini
2024-06-04 6:43 ` [PULL 03/45] meson: assume x86-64-v2 baseline ISA Paolo Bonzini
2024-06-04 6:43 ` [PULL 04/45] host/i386: assume presence of CMOV Paolo Bonzini
2024-06-04 6:43 ` [PULL 05/45] host/i386: assume presence of SSE2 Paolo Bonzini
2024-06-04 6:43 ` [PULL 06/45] host/i386: assume presence of SSSE3 Paolo Bonzini
2024-06-04 6:43 ` [PULL 07/45] host/i386: assume presence of POPCNT Paolo Bonzini
2024-06-04 6:43 ` [PULL 08/45] target/i386: fix SSE and SSE2 feature check Paolo Bonzini
2024-06-04 6:43 ` [PULL 09/45] target/i386: fix memory opsize for Mov to/from Seg Paolo Bonzini
2024-06-04 6:43 ` [PULL 10/45] target/i386/tcg: Fix RDPID feature check Paolo Bonzini
2024-06-04 6:43 ` [PULL 11/45] target/i386: fix xsave.flat from kvm-unit-tests Paolo Bonzini
2024-06-04 6:43 ` [PULL 12/45] update-linux-headers: fix forwarding to asm-generic headers Paolo Bonzini
2024-06-04 6:43 ` [PULL 13/45] update-linux-headers: move pvpanic.h to correct directory Paolo Bonzini
2024-06-04 6:43 ` [PULL 14/45] linux-headers: Update to current kvm/next Paolo Bonzini
2024-06-04 6:43 ` [PULL 15/45] update-linux-headers: import linux/kvm_para.h header Paolo Bonzini
2024-06-04 6:43 ` [PULL 16/45] machine: allow early use of machine_require_guest_memfd Paolo Bonzini
2024-06-04 6:43 ` [PULL 17/45] i386/sev: Replace error_report with error_setg Paolo Bonzini
2024-06-04 6:43 ` [PULL 18/45] i386/sev: Introduce "sev-common" type to encapsulate common SEV state Paolo Bonzini
2024-06-07 14:20 ` Peter Maydell
2024-06-04 6:43 ` [PULL 19/45] i386/sev: Move sev_launch_update to separate class method Paolo Bonzini
2024-06-04 6:43 ` [PULL 20/45] i386/sev: Move sev_launch_finish " Paolo Bonzini
2024-06-04 6:43 ` [PULL 21/45] i386/sev: Introduce 'sev-snp-guest' object Paolo Bonzini
2024-06-07 14:15 ` Peter Maydell
2024-06-04 6:43 ` [PULL 22/45] i386/sev: Add a sev_snp_enabled() helper Paolo Bonzini
2024-06-04 6:43 ` [PULL 23/45] i386/sev: Add sev_kvm_init() override for SEV class Paolo Bonzini
2024-06-04 6:43 ` [PULL 24/45] i386/sev: Add snp_kvm_init() override for SNP class Paolo Bonzini
2024-06-04 6:43 ` [PULL 25/45] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled Paolo Bonzini
2024-06-04 6:43 ` [PULL 26/45] i386/sev: Don't return launch measurements for SEV-SNP guests Paolo Bonzini
2024-06-04 6:43 ` [PULL 27/45] i386/sev: Add a class method to determine KVM VM type for SNP guests Paolo Bonzini
2024-06-04 6:43 ` [PULL 28/45] i386/sev: Update query-sev QAPI format to handle SEV-SNP Paolo Bonzini
2024-06-04 6:43 ` [PULL 29/45] i386/sev: Add the SNP launch start context Paolo Bonzini
2024-06-04 6:43 ` [PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data Paolo Bonzini
2024-06-24 23:07 ` Richard Henderson [this message]
2024-06-04 6:43 ` [PULL 31/45] i386/sev: Set CPU state to protected once SNP guest payload is finalized Paolo Bonzini
2024-06-04 6:43 ` [PULL 32/45] hw/i386/sev: Add function to get SEV metadata from OVMF header Paolo Bonzini
2024-06-04 6:43 ` [PULL 33/45] i386/sev: Add support for populating OVMF metadata pages Paolo Bonzini
2024-06-04 6:43 ` [PULL 34/45] i386/sev: Add support for SNP CPUID validation Paolo Bonzini
2024-06-04 6:43 ` [PULL 35/45] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Paolo Bonzini
2024-06-04 6:44 ` [PULL 36/45] i386/sev: Invoke launch_updata_data() for SEV class Paolo Bonzini
2024-06-07 14:18 ` Peter Maydell
2024-06-04 6:44 ` [PULL 37/45] i386/sev: Invoke launch_updata_data() for SNP class Paolo Bonzini
2024-06-04 6:44 ` [PULL 38/45] i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE Paolo Bonzini
2024-06-04 6:44 ` [PULL 39/45] i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests Paolo Bonzini
2024-06-04 6:44 ` [PULL 40/45] i386/sev: Extract build_kernel_loader_hashes Paolo Bonzini
2024-06-04 6:44 ` [PULL 41/45] i386/sev: Reorder struct declarations Paolo Bonzini
2024-06-04 6:44 ` [PULL 42/45] i386/sev: Allow measured direct kernel boot on SNP Paolo Bonzini
2024-06-04 6:44 ` [PULL 43/45] memory: Introduce memory_region_init_ram_guest_memfd() Paolo Bonzini
2024-06-04 6:44 ` [PULL 44/45] hw/i386/sev: Use guest_memfd for legacy ROMs Paolo Bonzini
2024-06-04 6:44 ` [PULL 45/45] hw/i386: Add support for loading BIOS using guest_memfd Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=91f19b8d-387a-47cd-b7cc-19cdf4442473@linaro.org \
--to=richard.henderson@linaro.org \
--cc=brijesh.singh@amd.com \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).