*
*/
+#include "qemu/osdep.h"
+
#include <linux/kvm.h>
#include <linux/psp-sev.h>
#include <sys/ioctl.h>
-#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qom/object_interfaces.h"
#include "qemu/base64.h"
+#include "qemu/module.h"
#include "sysemu/kvm.h"
#include "sev_i386.h"
#include "sysemu/sysemu.h"
+#include "sysemu/runstate.h"
#include "trace.h"
#include "migration/blocker.h"
{
int r;
struct kvm_enc_region range;
+ ram_addr_t offset;
+ MemoryRegion *mr;
+
+ /*
+ * The RAM device presents a memory region that should be treated
+ * as IO region and should not be pinned.
+ */
+ mr = memory_region_from_host(host, &offset);
+ if (mr && memory_region_is_ram_device(mr)) {
+ return;
+ }
range.addr = (__u64)(unsigned long)host;
range.size = size;
{
int r;
struct kvm_enc_region range;
+ ram_addr_t offset;
+ MemoryRegion *mr;
+
+ /*
+ * The RAM device presents a memory region that should be treated
+ * as IO region and should not have been pinned.
+ */
+ mr = memory_region_from_host(host, &offset);
+ if (mr && memory_region_is_ram_device(mr)) {
+ return;
+ }
range.addr = (__u64)(unsigned long)host;
range.size = size;
{
object_class_property_add_str(oc, "sev-device",
qsev_guest_get_sev_device,
- qsev_guest_set_sev_device,
- NULL);
+ qsev_guest_set_sev_device);
object_class_property_set_description(oc, "sev-device",
- "SEV device to use", NULL);
+ "SEV device to use");
object_class_property_add_str(oc, "dh-cert-file",
qsev_guest_get_dh_cert_file,
- qsev_guest_set_dh_cert_file,
- NULL);
+ qsev_guest_set_dh_cert_file);
object_class_property_set_description(oc, "dh-cert-file",
- "guest owners DH certificate (encoded with base64)", NULL);
+ "guest owners DH certificate (encoded with base64)");
object_class_property_add_str(oc, "session-file",
qsev_guest_get_session_file,
- qsev_guest_set_session_file,
- NULL);
+ qsev_guest_set_session_file);
object_class_property_set_description(oc, "session-file",
- "guest owners session parameters (encoded with base64)", NULL);
-}
-
-static void
-qsev_guest_set_handle(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
- uint32_t value;
-
- visit_type_uint32(v, name, &value, errp);
- sev->handle = value;
-}
-
-static void
-qsev_guest_set_policy(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
- uint32_t value;
-
- visit_type_uint32(v, name, &value, errp);
- sev->policy = value;
-}
-
-static void
-qsev_guest_set_cbitpos(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
- uint32_t value;
-
- visit_type_uint32(v, name, &value, errp);
- sev->cbitpos = value;
-}
-
-static void
-qsev_guest_set_reduced_phys_bits(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
- uint32_t value;
-
- visit_type_uint32(v, name, &value, errp);
- sev->reduced_phys_bits = value;
-}
-
-static void
-qsev_guest_get_policy(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- uint32_t value;
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
-
- value = sev->policy;
- visit_type_uint32(v, name, &value, errp);
-}
-
-static void
-qsev_guest_get_handle(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- uint32_t value;
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
-
- value = sev->handle;
- visit_type_uint32(v, name, &value, errp);
-}
-
-static void
-qsev_guest_get_cbitpos(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- uint32_t value;
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
-
- value = sev->cbitpos;
- visit_type_uint32(v, name, &value, errp);
-}
-
-static void
-qsev_guest_get_reduced_phys_bits(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- uint32_t value;
- QSevGuestInfo *sev = QSEV_GUEST_INFO(obj);
-
- value = sev->reduced_phys_bits;
- visit_type_uint32(v, name, &value, errp);
+ "guest owners session parameters (encoded with base64)");
}
static void
sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE);
sev->policy = DEFAULT_GUEST_POLICY;
- object_property_add(obj, "policy", "uint32", qsev_guest_get_policy,
- qsev_guest_set_policy, NULL, NULL, NULL);
- object_property_add(obj, "handle", "uint32", qsev_guest_get_handle,
- qsev_guest_set_handle, NULL, NULL, NULL);
- object_property_add(obj, "cbitpos", "uint32", qsev_guest_get_cbitpos,
- qsev_guest_set_cbitpos, NULL, NULL, NULL);
- object_property_add(obj, "reduced-phys-bits", "uint32",
- qsev_guest_get_reduced_phys_bits,
- qsev_guest_set_reduced_phys_bits, NULL, NULL, NULL);
+ object_property_add_uint32_ptr(obj, "policy", &sev->policy,
+ OBJ_PROP_FLAG_READWRITE);
+ object_property_add_uint32_ptr(obj, "handle", &sev->handle,
+ OBJ_PROP_FLAG_READWRITE);
+ object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos,
+ OBJ_PROP_FLAG_READWRITE);
+ object_property_add_uint32_ptr(obj, "reduced-phys-bits",
+ &sev->reduced_phys_bits,
+ OBJ_PROP_FLAG_READWRITE);
}
/* sev guest info */
sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain,
size_t *cert_chain_len)
{
- guchar *pdh_data, *cert_chain_data;
+ guchar *pdh_data = NULL;
+ guchar *cert_chain_data = NULL;
struct sev_user_data_pdh_cert_export export = {};
int err, r;
SevCapability *
sev_get_capabilities(void)
{
- SevCapability *cap;
- guchar *pdh_data, *cert_chain_data;
+ SevCapability *cap = NULL;
+ guchar *pdh_data = NULL;
+ guchar *cert_chain_data = NULL;
size_t pdh_len = 0, cert_chain_len = 0;
uint32_t ebx;
int fd;
if (sev_get_pdh_info(fd, &pdh_data, &pdh_len,
&cert_chain_data, &cert_chain_len)) {
- return NULL;
+ goto out;
}
cap = g_new0(SevCapability, 1);
*/
cap->reduced_phys_bits = 1;
+out:
g_free(pdh_data);
g_free(cert_chain_data);
-
close(fd);
return cap;
}
{
gsize sz;
int ret = 1;
- int fw_error;
+ int fw_error, rc;
QSevGuestInfo *sev = s->sev_info;
struct kvm_sev_launch_start *start;
guchar *session = NULL, *dh_cert = NULL;
&error_abort);
if (sev->session_file) {
if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
- return 1;
+ goto out;
}
start->session_uaddr = (unsigned long)session;
start->session_len = sz;
if (sev->dh_cert_file) {
if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
- return 1;
+ goto out;
}
start->dh_uaddr = (unsigned long)dh_cert;
start->dh_len = sz;
}
trace_kvm_sev_launch_start(start->policy, session, dh_cert);
- ret = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error);
- if (ret < 0) {
+ rc = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error);
+ if (rc < 0) {
error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
__func__, ret, fw_error, fw_error_to_str(fw_error));
- return 1;
+ goto out;
}
object_property_set_int(OBJECT(sev), start->handle, "handle",
sev_set_guest_state(SEV_STATE_LAUNCH_UPDATE);
s->handle = start->handle;
s->policy = start->policy;
+ ret = 0;
+out:
g_free(start);
g_free(session);
g_free(dh_cert);
-
- return 0;
+ return ret;
}
static int
uint32_t host_cbitpos;
struct sev_user_data_status status = {};
- s = g_new0(SEVState, 1);
+ sev_state = s = g_new0(SEVState, 1);
s->sev_info = lookup_sev_guest_info(id);
if (!s->sev_info) {
error_report("%s: '%s' is not a valid '%s' object",
goto err;
}
- sev_state = s;
s->state = SEV_STATE_UNINIT;
host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
"reduced-phys-bits", NULL);
if (s->reduced_phys_bits < 1) {
error_report("%s: reduced_phys_bits check failed, it should be >=1,"
- "' requested '%d'", __func__, s->reduced_phys_bits);
+ " requested '%d'", __func__, s->reduced_phys_bits);
goto err;
}
ret = sev_platform_ioctl(s->sev_fd, SEV_PLATFORM_STATUS, &status,
&fw_error);
if (ret) {
- error_report("%s: failed to get platform status ret=%d"
+ error_report("%s: failed to get platform status ret=%d "
"fw_error='%d: %s'", __func__, ret, fw_error,
fw_error_to_str(fw_error));
goto err;
projects / mirror_qemu.git / blobdiff