Re: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize t

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize t

From:	Daniel P . Berrangé
Subject:	Re: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context
Date:	Thu, 8 Mar 2018 16:57:40 +0000
User-agent:	Mutt/1.9.2 (2017-12-15)

On Thu, Mar 08, 2018 at 06:48:44AM -0600, Brijesh Singh wrote:
> When memory encryption is enabled, KVM_SEV_INIT command is used to
> initialize the platform. The command loads the SEV related persistent
> data from non-volatile storage and initializes the platform context.
> This command should be first issued before invoking any other guest
> commands provided by the SEV firmware.
> 
> Cc: Paolo Bonzini <address@hidden>
> Cc: Richard Henderson <address@hidden>
> Cc: Eduardo Habkost <address@hidden>
> Signed-off-by: Brijesh Singh <address@hidden>
> ---
>  accel/kvm/kvm-all.c       |  16 ++++
>  include/sysemu/sev.h      |  22 +++++
>  stubs/Makefile.objs       |   1 +
>  stubs/sev.c               |  21 +++++
>  target/i386/Makefile.objs |   2 +-
>  target/i386/monitor.c     |  11 ++-
>  target/i386/sev-stub.c    |  41 +++++++++
>  target/i386/sev.c         | 224 
> ++++++++++++++++++++++++++++++++++++++++++++++
>  target/i386/sev_i386.h    |  24 +++++
>  target/i386/trace-events  |   3 +
>  10 files changed, 362 insertions(+), 3 deletions(-)
>  create mode 100644 include/sysemu/sev.h
>  create mode 100644 stubs/sev.c
>  create mode 100644 target/i386/sev-stub.c
> 

> +static const char *const sev_fw_errlist[] = {
> +    "",
> +    "Platform state is invalid",
> +    "Guest state is invalid",
> +    "Platform configuration is invalid",
> +    "Buffer too small",
> +    "Platform is already owned",
> +    "Certificate is invalid",
> +    "Policy is not allowed",
> +    "Guest is not active",
> +    "Invalid address",
> +    "Bad signature",
> +    "Bad measurement",
> +    "Asid is already owned",
> +    "Invalid ASID",
> +    "WBINVD is required",
> +    "DF_FLUSH is required",
> +    "Guest handle is invalid",
> +    "Invalid command",
> +    "Guest is active",
> +    "Hardware error",
> +    "Hardware unsafe",
> +    "Feature not supported",
> +    "Invalid parameter"
> +};
> +
> +#define SEV_FW_MAX_ERROR      ARRAY_SIZE(sev_fw_errlist)
> +

> +static const char *
> +fw_error_to_str(int code)
> +{
> +    if (code >= SEV_FW_MAX_ERROR) {
> +        return "unknown error";

Seems '0' is not an error, and negative numbers are invalid
too, so augment this with   '|| code <= 0' to avoid bad array
access on negative numbers

> +    }
> +
> +    return sev_fw_errlist[code];
> +}

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v12 06/28] kvm: update kvm.h to include memory encryption ioctls, (continued)
- [Qemu-devel] [PATCH v12 06/28] kvm: update kvm.h to include memory encryption ioctls, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 07/28] docs: add AMD Secure Encrypted Virtualization (SEV), Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Brijesh Singh, 2018/03/08
  - Re: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Daniel P . Berrangé, 2018/03/08
- [Qemu-devel] [PATCH v12 09/28] qmp: add query-sev command, Brijesh Singh, 2018/03/08
  - Re: [Qemu-devel] [PATCH v12 09/28] qmp: add query-sev command, Daniel P . Berrangé, 2018/03/08
- [Qemu-devel] [PATCH v12 10/28] include: add psp-sev.h header file, Brijesh Singh, 2018/03/08
  - Re: [Qemu-devel] [PATCH v12 10/28] include: add psp-sev.h header file, Daniel P . Berrangé, 2018/03/08
- [Qemu-devel] [PATCH v12 12/28] sev/i386: register the guest memory range which may contain encrypted data, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context, Brijesh Singh, 2018/03/08
  - Re: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context, Daniel P . Berrangé <=
- [Qemu-devel] [PATCH v12 13/28] kvm: introduce memory encryption APIs, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 14/28] hmp: add 'info sev' command, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 15/28] sev/i386: add command to create launch memory encryption context, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 17/28] target/i386: encrypt bios rom, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 18/28] sev/i386: add support to LAUNCH_MEASURE command, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 20/28] hw/i386: set ram_debug_ops when memory encryption is enabled, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 16/28] sev/i386: add command to encrypt guest memory region, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 19/28] sev/i386: finalize the SEV guest launch flow, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 21/28] sev/i386: add debug encrypt and decrypt commands, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 23/28] qmp: add query-sev-launch-measure command, Brijesh Singh, 2018/03/08

Prev by Date: Re: [Qemu-devel] [PATCH v12 10/28] include: add psp-sev.h header file
Next by Date: Re: [Qemu-devel] [PATCH v12 23/28] qmp: add query-sev-launch-measure command
Previous by thread: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context
Next by thread: [Qemu-devel] [PATCH v12 13/28] kvm: introduce memory encryption APIs
Index(es):
- Date
- Thread