From nobody Fri Apr 26 04:19:29 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593532197; cv=none; d=zohomail.com; s=zohoarc; b=nGeFzgy2CUwHKVB3/T99wuoNf4RIgjCplnCtt+CoyrJXHevZjAdCOhn3D/truPAmSvnSn+A3ooiZjk0IXI21MB0HeMqtb373HPGGNyrqcC2RVTyPuvQN2PTu324EWslUJItByK8bQ6aaYBwi4KHHe36Ebf9SvNKjAwQlZzO4ANA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593532197; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=7DiqiMDZFfUEcQK+ZSH9v2PIgWNJBt3qwpmszrKavw4=; b=P5itl0J7cru/vXDaGxkLDMmNC4IozjcZBy6irVW9XDKgJnzkuzM3+rZLdWDvaOaVmyW1QanyUrC0XkGDtw8Tp3mJunBBYt82mBseyjPoOrU0poN9pYol/onxZHrHo1ZhcIbk4CcC+eqBWA3p7oPWHrY8vGM/u6A9WS44lt0sZb8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1593532197207967.4534573834142; Tue, 30 Jun 2020 08:49:57 -0700 (PDT) Received: from localhost ([::1]:35946 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqIWB-0008KL-Ru for importer@patchew.org; Tue, 30 Jun 2020 11:49:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44878) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jqIRv-00047A-Kt for qemu-devel@nongnu.org; Tue, 30 Jun 2020 11:45:31 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:49296 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jqIRt-0004Ym-Uc for qemu-devel@nongnu.org; Tue, 30 Jun 2020 11:45:31 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-226-nV_bIMToPo-VLwHNGnLfIw-1; Tue, 30 Jun 2020 11:45:23 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B1A3F1005512 for ; Tue, 30 Jun 2020 15:45:22 +0000 (UTC) Received: from virtlab511.virt.lab.eng.bos.redhat.com (virtlab511.virt.lab.eng.bos.redhat.com [10.19.152.198]) by smtp.corp.redhat.com (Postfix) with ESMTP id 72B6A1A90F for ; Tue, 30 Jun 2020 15:45:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593531928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7DiqiMDZFfUEcQK+ZSH9v2PIgWNJBt3qwpmszrKavw4=; b=HJVBWHqVbngAQKS85Mfoc8kwIkmpQ/WSMGB7B/wlYdcphF2eZ2H9xQDucGtZ6Unkxf1Dyn YrpLositBFh1K0PVYLj5M2d/BmhfTlwNkc6v3yZuhG9Hcf2Oh0O87ZGhBa88Ib2/mzdwAZ aXUVJuK/1Zb256ozg13KnIMH8wb/A9Y= X-MC-Unique: nV_bIMToPo-VLwHNGnLfIw-1 From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH 1/2] target-i386: sev: provide proper error reporting for query-sev-capabilities Date: Tue, 30 Jun 2020 11:45:20 -0400 Message-Id: <20200630154521.552874-2-pbonzini@redhat.com> In-Reply-To: <20200630154521.552874-1-pbonzini@redhat.com> References: <20200630154521.552874-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pbonzini@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.120; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/30 03:55:26 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The query-sev-capabilities was reporting errors through error_report; change it to use Error** so that the cause of the failure is clearer. Signed-off-by: Paolo Bonzini Reviewed-by: Eric Blake --- target/i386/monitor.c | 10 +--------- target/i386/sev-stub.c | 3 ++- target/i386/sev.c | 18 +++++++++--------- target/i386/sev_i386.h | 2 +- 4 files changed, 13 insertions(+), 20 deletions(-) diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 27ebfa3ad2..7abae3c8df 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -726,13 +726,5 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Err= or **errp) =20 SevCapability *qmp_query_sev_capabilities(Error **errp) { - SevCapability *data; - - data =3D sev_get_capabilities(); - if (!data) { - error_setg(errp, "SEV feature is not available"); - return NULL; - } - - return data; + return sev_get_capabilities(errp); } diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index e5ee13309c..88e3f39a1e 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -44,7 +44,8 @@ char *sev_get_launch_measurement(void) return NULL; } =20 -SevCapability *sev_get_capabilities(void) +SevCapability *sev_get_capabilities(Error **errp) { + error_setg(errp, "SEV is not available in this QEMU"); return NULL; } diff --git a/target/i386/sev.c b/target/i386/sev.c index d273174ad3..70f9ee026f 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -399,7 +399,7 @@ sev_get_info(void) =20 static int sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chai= n, - size_t *cert_chain_len) + size_t *cert_chain_len, Error **errp) { guchar *pdh_data =3D NULL; guchar *cert_chain_data =3D NULL; @@ -410,8 +410,8 @@ sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len,= guchar **cert_chain, r =3D sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); if (r < 0) { if (err !=3D SEV_RET_INVALID_LEN) { - error_report("failed to export PDH cert ret=3D%d fw_err=3D%d (= %s)", - r, err, fw_error_to_str(err)); + error_setg(errp, "failed to export PDH cert ret=3D%d fw_err=3D= %d (%s)", + r, err, fw_error_to_str(err)); return 1; } } @@ -423,8 +423,8 @@ sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len,= guchar **cert_chain, =20 r =3D sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); if (r < 0) { - error_report("failed to export PDH cert ret=3D%d fw_err=3D%d (%s)", - r, err, fw_error_to_str(err)); + error_setg(errp, "failed to export PDH cert ret=3D%d fw_err=3D%d (= %s)", + r, err, fw_error_to_str(err)); goto e_free; } =20 @@ -441,7 +441,7 @@ e_free: } =20 SevCapability * -sev_get_capabilities(void) +sev_get_capabilities(Error **errp) { SevCapability *cap =3D NULL; guchar *pdh_data =3D NULL; @@ -452,13 +452,13 @@ sev_get_capabilities(void) =20 fd =3D open(DEFAULT_SEV_DEVICE, O_RDWR); if (fd < 0) { - error_report("%s: Failed to open %s '%s'", __func__, - DEFAULT_SEV_DEVICE, strerror(errno)); + error_setg_errno(errp, errno, "Failed to open %s", + DEFAULT_SEV_DEVICE); return NULL; } =20 if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, - &cert_chain_data, &cert_chain_len)) { + &cert_chain_data, &cert_chain_len, errp)) { goto out; } =20 diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 8eb7de1bef..4db6960f60 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -34,6 +34,6 @@ extern SevInfo *sev_get_info(void); extern uint32_t sev_get_cbit_position(void); extern uint32_t sev_get_reduced_phys_bits(void); extern char *sev_get_launch_measurement(void); -extern SevCapability *sev_get_capabilities(void); +extern SevCapability *sev_get_capabilities(Error **errp); =20 #endif --=20 2.26.2 From nobody Fri Apr 26 04:19:29 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593532111; cv=none; d=zohomail.com; s=zohoarc; b=B2gUCEo1ra4LjBYd6teQtXFKpLKrnz3+3wyG9Qmh0TtH+r3bEZHKRjnYtfliVQKQf6prxo1cqKDVhkgowL3rOlu8bxTD+vIHocn/NRYCX45EYo2xoTD8XGjFva79KLpft6M1dsdA6J7izP2u1dD+JXDhgQh5vNIn8n408fhmW0s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593532111; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6Gus6cY7WkGisapkwB2Z/oUU+cDvAzT67RkKmQRJGD4=; b=D/LIuJH95pTK0m5ZvtiqoHkwDr0Ul4enDddoeFZkW3lm3yxZCJeEgGwtFesvz2LR6B8LGrGdwitNQiq62/mDuWK3z8kvoT0l4FZsWjLK66L3/fekr/q9ZJn0r6dd7Ix/toCux/5NoDIvmW+lLLWWp2YUiG0jFt2ZArJ2IC84E6Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1593532111833411.42378410987874; Tue, 30 Jun 2020 08:48:31 -0700 (PDT) Received: from localhost ([::1]:60194 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqIUo-0006Lf-Dr for importer@patchew.org; Tue, 30 Jun 2020 11:48:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44860) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jqIRs-00042m-BA for qemu-devel@nongnu.org; Tue, 30 Jun 2020 11:45:28 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:41435 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jqIRq-0004XS-Mr for qemu-devel@nongnu.org; Tue, 30 Jun 2020 11:45:28 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-145-tYWUqNOKPCqew9EsBKp7tA-1; Tue, 30 Jun 2020 11:45:23 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1CCAA1800D42 for ; Tue, 30 Jun 2020 15:45:23 +0000 (UTC) Received: from virtlab511.virt.lab.eng.bos.redhat.com (virtlab511.virt.lab.eng.bos.redhat.com [10.19.152.198]) by smtp.corp.redhat.com (Postfix) with ESMTP id D34B01A90F for ; Tue, 30 Jun 2020 15:45:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593531925; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6Gus6cY7WkGisapkwB2Z/oUU+cDvAzT67RkKmQRJGD4=; b=T1Xyic9R8nUYyt8lYKvvKYGSSbpadiawqUQPQNEuCAmmTLMMDB01N0EBrUQ/64Upqbflay Xxi+NjbpnZUyK0wv9MsGzBeZnW31EZd3EITT8NRjzJaK71PfKptY1qUDg2oY7zDKQ59AIJ ncv+IzUgFjBaCEr3ZJQzxiAYtvq+jGU= X-MC-Unique: tYWUqNOKPCqew9EsBKp7tA-1 From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH 2/2] target-i386: sev: fail query-sev-capabilities if QEMU cannot use SEV Date: Tue, 30 Jun 2020 11:45:21 -0400 Message-Id: <20200630154521.552874-3-pbonzini@redhat.com> In-Reply-To: <20200630154521.552874-1-pbonzini@redhat.com> References: <20200630154521.552874-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pbonzini@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=207.211.31.120; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/30 00:34:33 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" In some cases, such as if the kvm-amd "sev" module parameter is set to 0, SEV will be unavailable but query-sev-capabilities will still return all the information. This tricks libvirt into erroneously reporting that SEV is available. Check the actual usability of the feature and return the appropriate error if QEMU cannot use KVM or KVM cannot use SEV. Signed-off-by: Paolo Bonzini Reviewed-by: Eric Blake --- target/i386/sev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 70f9ee026f..22194b3e32 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -450,6 +450,15 @@ sev_get_capabilities(Error **errp) uint32_t ebx; int fd; =20 + if (!kvm_enabled()) { + error_setg(errp, "KVM not enabled\n"); + return NULL; + } + if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) { + error_setg(errp, "SEV is not enabled\n"); + return NULL; + } + fd =3D open(DEFAULT_SEV_DEVICE, O_RDWR); if (fd < 0) { error_setg_errno(errp, errno, "Failed to open %s", --=20 2.26.2