[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize t
From: |
Daniel P . Berrangé |
Subject: |
Re: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context |
Date: |
Thu, 8 Mar 2018 16:57:40 +0000 |
User-agent: |
Mutt/1.9.2 (2017-12-15) |
On Thu, Mar 08, 2018 at 06:48:44AM -0600, Brijesh Singh wrote:
> When memory encryption is enabled, KVM_SEV_INIT command is used to
> initialize the platform. The command loads the SEV related persistent
> data from non-volatile storage and initializes the platform context.
> This command should be first issued before invoking any other guest
> commands provided by the SEV firmware.
>
> Cc: Paolo Bonzini <address@hidden>
> Cc: Richard Henderson <address@hidden>
> Cc: Eduardo Habkost <address@hidden>
> Signed-off-by: Brijesh Singh <address@hidden>
> ---
> accel/kvm/kvm-all.c | 16 ++++
> include/sysemu/sev.h | 22 +++++
> stubs/Makefile.objs | 1 +
> stubs/sev.c | 21 +++++
> target/i386/Makefile.objs | 2 +-
> target/i386/monitor.c | 11 ++-
> target/i386/sev-stub.c | 41 +++++++++
> target/i386/sev.c | 224
> ++++++++++++++++++++++++++++++++++++++++++++++
> target/i386/sev_i386.h | 24 +++++
> target/i386/trace-events | 3 +
> 10 files changed, 362 insertions(+), 3 deletions(-)
> create mode 100644 include/sysemu/sev.h
> create mode 100644 stubs/sev.c
> create mode 100644 target/i386/sev-stub.c
>
> +static const char *const sev_fw_errlist[] = {
> + "",
> + "Platform state is invalid",
> + "Guest state is invalid",
> + "Platform configuration is invalid",
> + "Buffer too small",
> + "Platform is already owned",
> + "Certificate is invalid",
> + "Policy is not allowed",
> + "Guest is not active",
> + "Invalid address",
> + "Bad signature",
> + "Bad measurement",
> + "Asid is already owned",
> + "Invalid ASID",
> + "WBINVD is required",
> + "DF_FLUSH is required",
> + "Guest handle is invalid",
> + "Invalid command",
> + "Guest is active",
> + "Hardware error",
> + "Hardware unsafe",
> + "Feature not supported",
> + "Invalid parameter"
> +};
> +
> +#define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist)
> +
> +static const char *
> +fw_error_to_str(int code)
> +{
> + if (code >= SEV_FW_MAX_ERROR) {
> + return "unknown error";
Seems '0' is not an error, and negative numbers are invalid
too, so augment this with '|| code <= 0' to avoid bad array
access on negative numbers
> + }
> +
> + return sev_fw_errlist[code];
> +}
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [Qemu-devel] [PATCH v12 06/28] kvm: update kvm.h to include memory encryption ioctls, (continued)
- [Qemu-devel] [PATCH v12 06/28] kvm: update kvm.h to include memory encryption ioctls, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 07/28] docs: add AMD Secure Encrypted Virtualization (SEV), Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 09/28] qmp: add query-sev command, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 10/28] include: add psp-sev.h header file, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 12/28] sev/i386: register the guest memory range which may contain encrypted data, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context, Brijesh Singh, 2018/03/08
- Re: [Qemu-devel] [PATCH v12 11/28] sev/i386: add command to initialize the memory encryption context,
Daniel P . Berrangé <=
- [Qemu-devel] [PATCH v12 13/28] kvm: introduce memory encryption APIs, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 14/28] hmp: add 'info sev' command, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 15/28] sev/i386: add command to create launch memory encryption context, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 17/28] target/i386: encrypt bios rom, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 18/28] sev/i386: add support to LAUNCH_MEASURE command, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 20/28] hw/i386: set ram_debug_ops when memory encryption is enabled, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 16/28] sev/i386: add command to encrypt guest memory region, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 19/28] sev/i386: finalize the SEV guest launch flow, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 21/28] sev/i386: add debug encrypt and decrypt commands, Brijesh Singh, 2018/03/08
- [Qemu-devel] [PATCH v12 23/28] qmp: add query-sev-launch-measure command, Brijesh Singh, 2018/03/08