Re: [PATCH v8 08/13] confidential guest support: Move SEV initialization into arch specific code
On Tue, 2 Feb 2021 15:13:10 +1100
David Gibson wrote:
> While we've abstracted some (potential) differences between mechanisms for
> securing guest memory, the initialization is still specific to SEV. Given
> that, move it into x86's kvm_arch_init() code, rather than the generic
> kvm_init() code.
>
> Signed-off-by: David Gibson
> Reviewed-by: Cornelia Huck
> ---
Reviewed-by: Greg Kurz
> accel/kvm/kvm-all.c | 14 --
> accel/kvm/sev-stub.c | 4 ++--
> target/i386/kvm/kvm.c | 20
> target/i386/sev.c | 7 ++-
> 4 files changed, 28 insertions(+), 17 deletions(-)
>
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index 3d820d0c7d..7150acdbcc 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -2180,20 +2180,6 @@ static int kvm_init(MachineState *ms)
>
> kvm_state = s;
>
> -/*
> - * if memory encryption object is specified then initialize the memory
> - * encryption context.
> - */
> -if (ms->cgs) {
> -Error *local_err = NULL;
> -/* FIXME handle mechanisms other than SEV */
> -ret = sev_kvm_init(ms->cgs, _err);
> -if (ret < 0) {
> -error_report_err(local_err);
> -goto err;
> -}
> -}
> -
> ret = kvm_arch_init(ms, s);
> if (ret < 0) {
> goto err;
> diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c
> index 512e205f7f..9587d1b2a3 100644
> --- a/accel/kvm/sev-stub.c
> +++ b/accel/kvm/sev-stub.c
> @@ -17,6 +17,6 @@
>
> int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
> {
> -/* SEV can't be selected if it's not compiled */
> -g_assert_not_reached();
> +/* If we get here, cgs must be some non-SEV thing */
> +return 0;
> }
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index 6dc1ee052d..4788139128 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -42,6 +42,7 @@
> #include "hw/i386/intel_iommu.h"
> #include "hw/i386/x86-iommu.h"
> #include "hw/i386/e820_memory_layout.h"
> +#include "sysemu/sev.h"
>
> #include "hw/pci/pci.h"
> #include "hw/pci/msi.h"
> @@ -2135,6 +2136,25 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> uint64_t shadow_mem;
> int ret;
> struct utsname utsname;
> +Error *local_err = NULL;
> +
> +/*
> + * Initialize SEV context, if required
> + *
> + * If no memory encryption is requested (ms->cgs == NULL) this is
> + * a no-op.
> + *
> + * It's also a no-op if a non-SEV confidential guest support
> + * mechanism is selected. SEV is the only mechanism available to
> + * select on x86 at present, so this doesn't arise, but if new
> + * mechanisms are supported in future (e.g. TDX), they'll need
> + * their own initialization either here or elsewhere.
> + */
> +ret = sev_kvm_init(ms->cgs, _err);
> +if (ret < 0) {
> +error_report_err(local_err);
> +return ret;
> +}
>
> if (!kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
> error_report("kvm: KVM_CAP_IRQ_ROUTING not supported by KVM");
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index f9e9b5d8ae..11c9a3cc21 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -664,13 +664,18 @@ sev_vm_state_change(void *opaque, int running, RunState
> state)
>
> int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
> {
> -SevGuestState *sev = SEV_GUEST(cgs);
> +SevGuestState *sev
> += (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
> char *devname;
> int ret, fw_error;
> uint32_t ebx;
> uint32_t host_cbitpos;
> struct sev_user_data_status status = {};
>
> +if (!sev) {
> +return 0;
> +}
> +
> ret = ram_block_discard_disable(true);
> if (ret) {
> error_report("%s: cannot disable RAM discard", __func__);
[PATCH v8 08/13] confidential guest support: Move SEV initialization into arch specific code
While we've abstracted some (potential) differences between mechanisms for
securing guest memory, the initialization is still specific to SEV. Given
that, move it into x86's kvm_arch_init() code, rather than the generic
kvm_init() code.
Signed-off-by: David Gibson
Reviewed-by: Cornelia Huck
---
accel/kvm/kvm-all.c | 14 --
accel/kvm/sev-stub.c | 4 ++--
target/i386/kvm/kvm.c | 20
target/i386/sev.c | 7 ++-
4 files changed, 28 insertions(+), 17 deletions(-)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 3d820d0c7d..7150acdbcc 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2180,20 +2180,6 @@ static int kvm_init(MachineState *ms)
kvm_state = s;
-/*
- * if memory encryption object is specified then initialize the memory
- * encryption context.
- */
-if (ms->cgs) {
-Error *local_err = NULL;
-/* FIXME handle mechanisms other than SEV */
-ret = sev_kvm_init(ms->cgs, _err);
-if (ret < 0) {
-error_report_err(local_err);
-goto err;
-}
-}
-
ret = kvm_arch_init(ms, s);
if (ret < 0) {
goto err;
diff --git a/accel/kvm/sev-stub.c b/accel/kvm/sev-stub.c
index 512e205f7f..9587d1b2a3 100644
--- a/accel/kvm/sev-stub.c
+++ b/accel/kvm/sev-stub.c
@@ -17,6 +17,6 @@
int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
-/* SEV can't be selected if it's not compiled */
-g_assert_not_reached();
+/* If we get here, cgs must be some non-SEV thing */
+return 0;
}
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 6dc1ee052d..4788139128 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -42,6 +42,7 @@
#include "hw/i386/intel_iommu.h"
#include "hw/i386/x86-iommu.h"
#include "hw/i386/e820_memory_layout.h"
+#include "sysemu/sev.h"
#include "hw/pci/pci.h"
#include "hw/pci/msi.h"
@@ -2135,6 +2136,25 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
uint64_t shadow_mem;
int ret;
struct utsname utsname;
+Error *local_err = NULL;
+
+/*
+ * Initialize SEV context, if required
+ *
+ * If no memory encryption is requested (ms->cgs == NULL) this is
+ * a no-op.
+ *
+ * It's also a no-op if a non-SEV confidential guest support
+ * mechanism is selected. SEV is the only mechanism available to
+ * select on x86 at present, so this doesn't arise, but if new
+ * mechanisms are supported in future (e.g. TDX), they'll need
+ * their own initialization either here or elsewhere.
+ */
+ret = sev_kvm_init(ms->cgs, _err);
+if (ret < 0) {
+error_report_err(local_err);
+return ret;
+}
if (!kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
error_report("kvm: KVM_CAP_IRQ_ROUTING not supported by KVM");
diff --git a/target/i386/sev.c b/target/i386/sev.c
index f9e9b5d8ae..11c9a3cc21 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -664,13 +664,18 @@ sev_vm_state_change(void *opaque, int running, RunState
state)
int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
-SevGuestState *sev = SEV_GUEST(cgs);
+SevGuestState *sev
+= (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
char *devname;
int ret, fw_error;
uint32_t ebx;
uint32_t host_cbitpos;
struct sev_user_data_status status = {};
+if (!sev) {
+return 0;
+}
+
ret = ram_block_discard_disable(true);
if (ret) {
error_report("%s: cannot disable RAM discard", __func__);
--
2.29.2
