[v2] hvf: Report HV_DENIED error

[PATCH v2] hvf: Report HV_DENIED error

Antonio Caggiano posted 1 patch 11 months ago

Diff against v1 v3
Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20230607085555.51643-1-quic._5Facaggian@quicinc.com

Maintainers: Cameron Esfahani <dirty@apple.com>, Roman Bolshakov <r.bolshakov@yadro.com>

There is a newer version of this series

accel/hvf/hvf-all.c | 5 +++++
1 file changed, 5 insertions(+)

Expand all Fold all

[PATCH v2] hvf: Report HV_DENIED error

Posted by Antonio Caggiano 11 months ago

On MacOS 11 and subsequent versions, in case the resulting binary is not
signed with the proper entitlement, handle and report the HV_DENIED
error.

Signed-off-by: Antonio Caggiano <quic_acaggian@quicinc.com>
---
v2: Use architecture specific defines from AvailabilityMacros.h to enable the
    HV_DENIED case only on MacOS 11 and subsequent versions.

 accel/hvf/hvf-all.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c
index 754707dbfb..1eacfc6a95 100644
--- a/accel/hvf/hvf-all.c
+++ b/accel/hvf/hvf-all.c
@@ -38,6 +38,11 @@ void assert_hvf_ok(hv_return_t ret)
     case HV_UNSUPPORTED:
         error_report("Error: HV_UNSUPPORTED");
         break;
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_VERSION_11_0
+    case HV_DENIED:
+        error_report("Error: HV_DENIED");
+        break;
+#endif
     default:
         error_report("Unknown Error");
     }
-- 
2.40.0

Re: [PATCH v2] hvf: Report HV_DENIED error

Posted by Peter Maydell 11 months ago

On Wed, 7 Jun 2023 at 09:56, Antonio Caggiano <quic_acaggian@quicinc.com> wrote:
>
> On MacOS 11 and subsequent versions, in case the resulting binary is not
> signed with the proper entitlement, handle and report the HV_DENIED
> error.
>
> Signed-off-by: Antonio Caggiano <quic_acaggian@quicinc.com>
> ---
> v2: Use architecture specific defines from AvailabilityMacros.h to enable the
>     HV_DENIED case only on MacOS 11 and subsequent versions.
>
>  accel/hvf/hvf-all.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c
> index 754707dbfb..1eacfc6a95 100644
> --- a/accel/hvf/hvf-all.c
> +++ b/accel/hvf/hvf-all.c
> @@ -38,6 +38,11 @@ void assert_hvf_ok(hv_return_t ret)
>      case HV_UNSUPPORTED:
>          error_report("Error: HV_UNSUPPORTED");
>          break;
> +#if __MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_VERSION_11_0
> +    case HV_DENIED:
> +        error_report("Error: HV_DENIED");
> +        break;
> +#endif

This doesn't seem to be the right ifdef guard:

../../accel/hvf/hvf-all.c:41:40: warning: 'MAC_OS_VERSION_11_0' is not
defined, evaluates to 0 [-Wundef]
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_VERSION_11_0
                                       ^
../../accel/hvf/hvf-all.c:42:10: error: use of undeclared identifier 'HV_DENIED'
    case HV_DENIED:
         ^
../../accel/hvf/hvf-all.c:44:14: error: expected ';' after break statement
        break
             ^
             ;

Our other version checks like this all do
#if defined(MAC_OS_VERSION_11_0) && MAC_OS_VERSION_MIN_REQUIRED >=
MAC_OS_VERSION_11_0
or similar.

>      default:
>          error_report("Unknown Error");
>      }
> --
> 2.40.0

thanks
-- PMM