From: Peter Maydell <peter.maydell@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, Brijesh Singh <brijesh.singh@amd.com>,
Michael Roth <michael.roth@amd.com>,
Markus Armbruster <armbru@redhat.com>,
Pankaj Gupta <pankaj.gupta@amd.com>
Subject: Re: [PULL 21/45] i386/sev: Introduce 'sev-snp-guest' object
Date: Fri, 7 Jun 2024 15:15:30 +0100 [thread overview]
Message-ID: <CAFEAcA9k4YSALNG+mJP7Disox7xm-giAknFzfZ2MxGDkPpsTLw@mail.gmail.com> (raw)
In-Reply-To: <20240604064409.957105-22-pbonzini@redhat.com>
On Tue, 4 Jun 2024 at 07:45, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> SEV-SNP support relies on a different set of properties/state than the
> existing 'sev-guest' object. This patch introduces the 'sev-snp-guest'
> object, which can be used to configure an SEV-SNP guest. For example,
> a default-configured SEV-SNP guest with no additional information
> passed in for use with attestation:
>
> -object sev-snp-guest,id=sev0
>
> or a fully-specified SEV-SNP guest where all spec-defined binary
> blobs are passed in as base64-encoded strings:
>
> -object sev-snp-guest,id=sev0, \
> policy=0x30000, \
> init-flags=0, \
> id-block=YWFhYWFhYWFhYWFhYWFhCg==, \
> id-auth=CxHK/OKLkXGn/KpAC7Wl1FSiisWDbGTEKz..., \
> author-key-enabled=on, \
> host-data=LNkCWBRC5CcdGXirbNUV1OrsR28s..., \
> guest-visible-workarounds=AA==, \
>
> See the QAPI schema updates included in this patch for more usage
> details.
>
> In some cases these blobs may be up to 4096 characters, but this is
> generally well below the default limit for linux hosts where
> command-line sizes are defined by the sysconf-configurable ARG_MAX
> value, which defaults to 2097152 characters for Ubuntu hosts, for
> example.
Hi; Coverity reports (CID 1546887) an issue in this code:
> +static void
> +sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf;
> + gsize len;
> +
> + g_free(sev_snp_guest->id_block);
> + g_free((guchar *)finish->id_block_uaddr);
> +
> + /* store the base64 str so we don't need to re-encode in getter */
> + sev_snp_guest->id_block = g_strdup(value);
> +
> + finish->id_block_uaddr =
> + (uint64_t)qbase64_decode(sev_snp_guest->id_block, -1, &len, errp);
> +
> + if (!finish->id_block_uaddr) {
> + return;
> + }
> +
> + if (len != KVM_SEV_SNP_ID_BLOCK_SIZE) {
> + error_setg(errp, "parameter length of %lu not equal to %u",
> + len, KVM_SEV_SNP_ID_BLOCK_SIZE);
> + return;
Here if len is not 96 then we return early...
> + }
> +
> + finish->id_block_en = (len) ? 1 : 0;
...but here we check whether len is 0, which it can never be.
What was the intention here?
Side notes: you don't need to cast the argument to g_free(); and
you don't need to put brackets around a single argument like "len".
thanks
-- PMM
next prev parent reply other threads:[~2024-06-07 14:17 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 6:43 [PULL 00/45] mostly i386 patches for 2024-06-04 Paolo Bonzini
2024-06-04 6:43 ` [PULL 01/45] virtio-blk: remove SCSI passthrough functionality Paolo Bonzini
2024-06-04 14:33 ` Richard Henderson
2024-06-04 6:43 ` [PULL 02/45] host/i386: nothing looks at CPUINFO_SSE4 Paolo Bonzini
2024-06-04 6:43 ` [PULL 03/45] meson: assume x86-64-v2 baseline ISA Paolo Bonzini
2024-06-04 6:43 ` [PULL 04/45] host/i386: assume presence of CMOV Paolo Bonzini
2024-06-04 6:43 ` [PULL 05/45] host/i386: assume presence of SSE2 Paolo Bonzini
2024-06-04 6:43 ` [PULL 06/45] host/i386: assume presence of SSSE3 Paolo Bonzini
2024-06-04 6:43 ` [PULL 07/45] host/i386: assume presence of POPCNT Paolo Bonzini
2024-06-04 6:43 ` [PULL 08/45] target/i386: fix SSE and SSE2 feature check Paolo Bonzini
2024-06-04 6:43 ` [PULL 09/45] target/i386: fix memory opsize for Mov to/from Seg Paolo Bonzini
2024-06-04 6:43 ` [PULL 10/45] target/i386/tcg: Fix RDPID feature check Paolo Bonzini
2024-06-04 6:43 ` [PULL 11/45] target/i386: fix xsave.flat from kvm-unit-tests Paolo Bonzini
2024-06-04 6:43 ` [PULL 12/45] update-linux-headers: fix forwarding to asm-generic headers Paolo Bonzini
2024-06-04 6:43 ` [PULL 13/45] update-linux-headers: move pvpanic.h to correct directory Paolo Bonzini
2024-06-04 6:43 ` [PULL 14/45] linux-headers: Update to current kvm/next Paolo Bonzini
2024-06-04 6:43 ` [PULL 15/45] update-linux-headers: import linux/kvm_para.h header Paolo Bonzini
2024-06-04 6:43 ` [PULL 16/45] machine: allow early use of machine_require_guest_memfd Paolo Bonzini
2024-06-04 6:43 ` [PULL 17/45] i386/sev: Replace error_report with error_setg Paolo Bonzini
2024-06-04 6:43 ` [PULL 18/45] i386/sev: Introduce "sev-common" type to encapsulate common SEV state Paolo Bonzini
2024-06-07 14:20 ` Peter Maydell
2024-06-04 6:43 ` [PULL 19/45] i386/sev: Move sev_launch_update to separate class method Paolo Bonzini
2024-06-04 6:43 ` [PULL 20/45] i386/sev: Move sev_launch_finish " Paolo Bonzini
2024-06-04 6:43 ` [PULL 21/45] i386/sev: Introduce 'sev-snp-guest' object Paolo Bonzini
2024-06-07 14:15 ` Peter Maydell [this message]
2024-06-04 6:43 ` [PULL 22/45] i386/sev: Add a sev_snp_enabled() helper Paolo Bonzini
2024-06-04 6:43 ` [PULL 23/45] i386/sev: Add sev_kvm_init() override for SEV class Paolo Bonzini
2024-06-04 6:43 ` [PULL 24/45] i386/sev: Add snp_kvm_init() override for SNP class Paolo Bonzini
2024-06-04 6:43 ` [PULL 25/45] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled Paolo Bonzini
2024-06-04 6:43 ` [PULL 26/45] i386/sev: Don't return launch measurements for SEV-SNP guests Paolo Bonzini
2024-06-04 6:43 ` [PULL 27/45] i386/sev: Add a class method to determine KVM VM type for SNP guests Paolo Bonzini
2024-06-04 6:43 ` [PULL 28/45] i386/sev: Update query-sev QAPI format to handle SEV-SNP Paolo Bonzini
2024-06-04 6:43 ` [PULL 29/45] i386/sev: Add the SNP launch start context Paolo Bonzini
2024-06-04 6:43 ` [PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data Paolo Bonzini
2024-06-24 23:07 ` Richard Henderson
2024-06-04 6:43 ` [PULL 31/45] i386/sev: Set CPU state to protected once SNP guest payload is finalized Paolo Bonzini
2024-06-04 6:43 ` [PULL 32/45] hw/i386/sev: Add function to get SEV metadata from OVMF header Paolo Bonzini
2024-06-04 6:43 ` [PULL 33/45] i386/sev: Add support for populating OVMF metadata pages Paolo Bonzini
2024-06-04 6:43 ` [PULL 34/45] i386/sev: Add support for SNP CPUID validation Paolo Bonzini
2024-06-04 6:43 ` [PULL 35/45] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Paolo Bonzini
2024-06-04 6:44 ` [PULL 36/45] i386/sev: Invoke launch_updata_data() for SEV class Paolo Bonzini
2024-06-07 14:18 ` Peter Maydell
2024-06-04 6:44 ` [PULL 37/45] i386/sev: Invoke launch_updata_data() for SNP class Paolo Bonzini
2024-06-04 6:44 ` [PULL 38/45] i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE Paolo Bonzini
2024-06-04 6:44 ` [PULL 39/45] i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests Paolo Bonzini
2024-06-04 6:44 ` [PULL 40/45] i386/sev: Extract build_kernel_loader_hashes Paolo Bonzini
2024-06-04 6:44 ` [PULL 41/45] i386/sev: Reorder struct declarations Paolo Bonzini
2024-06-04 6:44 ` [PULL 42/45] i386/sev: Allow measured direct kernel boot on SNP Paolo Bonzini
2024-06-04 6:44 ` [PULL 43/45] memory: Introduce memory_region_init_ram_guest_memfd() Paolo Bonzini
2024-06-04 6:44 ` [PULL 44/45] hw/i386/sev: Use guest_memfd for legacy ROMs Paolo Bonzini
2024-06-04 6:44 ` [PULL 45/45] hw/i386: Add support for loading BIOS using guest_memfd Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA9k4YSALNG+mJP7Disox7xm-giAknFzfZ2MxGDkPpsTLw@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=armbru@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).