From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58BB7C433EF for ; Thu, 7 Oct 2021 11:29:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 398E461130 for ; Thu, 7 Oct 2021 11:29:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240908AbhJGLbm (ORCPT ); Thu, 7 Oct 2021 07:31:42 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:42264 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230087AbhJGLbk (ORCPT ); Thu, 7 Oct 2021 07:31:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1633606186; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=drYJ3joVpGlpbZnnoT10cnxDs5NiORQp9FnHE19ej48=; b=H5kXp3MOh2QhWlRPyIGV4tzWYzYAIJkPWPUHioEC6e4SVvG+SHsrRDw80DI/LHCx1S2Bf5 OKgOq01juNo+j9tMrmIjFXlylYih5iOJldKg9Ya+PiZhnafMTRjTfnC5RDJm2bMLyT5KbA xn/7u7g1oLuVz78bfYz/omrg+y4xUQ4= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-216-HO7iCreaOzuWWtxuHfyNRA-1; Thu, 07 Oct 2021 07:29:45 -0400 X-MC-Unique: HO7iCreaOzuWWtxuHfyNRA-1 Received: by mail-wr1-f69.google.com with SMTP id p12-20020adfc38c000000b00160d6a7e293so1945786wrf.18 for ; Thu, 07 Oct 2021 04:29:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=drYJ3joVpGlpbZnnoT10cnxDs5NiORQp9FnHE19ej48=; b=uU9Zdg6uP5eN8pp96cdhKMyFUN1nmjWEVgkxgN9JWe+hHFm4P7OukiyCxSyyUQ2KGy 7J9smi/t/TnBex8Lr5yl3FW4UGfGXNfpVBJyJ3eZROBIwyT1dDoXCl/BU8inRQ6dzauk a0JGwbX4lumuXHbkdg80qwSkEM+2KbZt8Eu3Up5mnRdNq5TF8ilVaixHG2C2AzZNk6Nt wgSGXaMdn3YgPZ7uoyTpaqEeRfX+M7odIgV+lpDjq7ardzh4JPPiARPqjTNn6sgyiHTg C1KUeTM+sw9bSdcfwGmJiTvfaeBljdiULwhC6PMss6h7iDEnLkXX4nu0Oyx9VboPBMF0 MdXA== X-Gm-Message-State: AOAM533gYb6fsmMjGoku+RVTHjrjmMdpHCmHIv3siWvX5usCpw5rcrR0 9jKFQQF70BWJ5wR4qkKrPBcEGhxp9mpehXvZImvwRQc8PFeLZ6lB1pN4tVLzgaTWaOLZA5XcMae 6igHWNSQ5ivpO X-Received: by 2002:a05:600c:2dc1:: with SMTP id e1mr3909739wmh.135.1633606184130; Thu, 07 Oct 2021 04:29:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyCGtQPVUTWH8//ChO0azrAsnUoGsBUNkudWwL4mB93Z03icqsjehxKzcd4fqupF2TMlDsgAQ== X-Received: by 2002:a05:600c:2dc1:: with SMTP id e1mr3909724wmh.135.1633606183940; Thu, 07 Oct 2021 04:29:43 -0700 (PDT) Received: from [192.168.1.36] (118.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.118]) by smtp.gmail.com with ESMTPSA id z16sm8450077wmk.6.2021.10.07.04.29.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Oct 2021 04:29:43 -0700 (PDT) Message-ID: <8f12bc3e-53aa-c946-bb06-f7d08721b243@redhat.com> Date: Thu, 7 Oct 2021 13:29:42 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.0 Subject: Re: [PATCH v3 05/22] target/i386/monitor: Return QMP error when SEV is disabled in build Content-Language: en-US To: Paolo Bonzini , Sergio Lopez , "Dr . David Alan Gilbert" Cc: Brijesh Singh , kvm@vger.kernel.org, Connor Kuehl , James Bottomley , Dov Murik , "Daniel P . Berrange" , Eduardo Habkost , qemu-devel@nongnu.org References: <20211002125317.3418648-1-philmd@redhat.com> <20211002125317.3418648-6-philmd@redhat.com> From: =?UTF-8?Q?Philippe_Mathieu-Daud=c3=a9?= In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org On 10/4/21 10:11, Paolo Bonzini wrote: > On 02/10/21 14:53, Philippe Mathieu-Daudé wrote: >> If the management layer tries to inject a secret, it gets an empty >> response in case the binary built without SEV: >> >>    { "execute": "sev-inject-launch-secret", >>      "arguments": { "packet-header": "mypkt", "secret": "mypass", >> "gpa": 4294959104 } >>    } >>    { >>        "return": { >>        } >>    } >> >> Make it clearer by returning an error, mentioning the feature is >> disabled: >> >>    { "execute": "sev-inject-launch-secret", >>      "arguments": { "packet-header": "mypkt", "secret": "mypass", >> "gpa": 4294959104 } >>    } >>    { >>        "error": { >>            "class": "GenericError", >>            "desc": "this feature or command is not currently supported" >>        } >>    } >> >> Reviewed-by: Dr. David Alan Gilbert >> Reviewed-by: Connor Kuehl >> Signed-off-by: Philippe Mathieu-Daudé >> --- >>   target/i386/monitor.c | 5 +++++ >>   1 file changed, 5 insertions(+) >> >> diff --git a/target/i386/monitor.c b/target/i386/monitor.c >> index 196c1c9e77f..a9f85acd473 100644 >> --- a/target/i386/monitor.c >> +++ b/target/i386/monitor.c >> @@ -28,6 +28,7 @@ >>   #include "monitor/hmp-target.h" >>   #include "monitor/hmp.h" >>   #include "qapi/qmp/qdict.h" >> +#include "qapi/qmp/qerror.h" >>   #include "sysemu/kvm.h" >>   #include "sysemu/sev.h" >>   #include "qapi/error.h" >> @@ -743,6 +744,10 @@ void qmp_sev_inject_launch_secret(const char >> *packet_hdr, >>                                     bool has_gpa, uint64_t gpa, >>                                     Error **errp) >>   { >> +    if (!sev_enabled()) { >> +        error_setg(errp, QERR_UNSUPPORTED); >> +        return; >> +    } >>       if (!has_gpa) { >>           uint8_t *data; >>           struct sev_secret_area *area; >> > > This should be done in the sev_inject_launch_secret stub instead, I > think.  Or if you do it here, you can remove the "if (!sev_guest)" > conditional in the non-stub version. This part is not related to SEV builtin; what we want to avoid here is management layer to try to inject secret while the guest hasn't been started with SEV (IOW 'no memory encryption requested for KVM). Maybe this error message is more explicit? error_setg(errp, "Guest is not using memory encryption"); Or: error_setg(errp, "Guest is not using SEV"); From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C36EC433EF for ; Thu, 7 Oct 2021 11:32:10 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0F77660FD7 for ; Thu, 7 Oct 2021 11:32:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 0F77660FD7 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=nongnu.org Received: from localhost ([::1]:44682 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mYRd9-00072Z-W2 for qemu-devel@archiver.kernel.org; Thu, 07 Oct 2021 07:32:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35628) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mYRax-0005jl-LU for qemu-devel@nongnu.org; Thu, 07 Oct 2021 07:29:52 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:31905) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mYRat-0001uW-VU for qemu-devel@nongnu.org; Thu, 07 Oct 2021 07:29:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1633606186; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=drYJ3joVpGlpbZnnoT10cnxDs5NiORQp9FnHE19ej48=; b=H5kXp3MOh2QhWlRPyIGV4tzWYzYAIJkPWPUHioEC6e4SVvG+SHsrRDw80DI/LHCx1S2Bf5 OKgOq01juNo+j9tMrmIjFXlylYih5iOJldKg9Ya+PiZhnafMTRjTfnC5RDJm2bMLyT5KbA xn/7u7g1oLuVz78bfYz/omrg+y4xUQ4= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-216-tdqfmVSGOxuSQhNXGHhA_Q-1; Thu, 07 Oct 2021 07:29:45 -0400 X-MC-Unique: tdqfmVSGOxuSQhNXGHhA_Q-1 Received: by mail-wr1-f71.google.com with SMTP id h11-20020adfa4cb000000b00160c791a550so4256538wrb.6 for ; Thu, 07 Oct 2021 04:29:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=drYJ3joVpGlpbZnnoT10cnxDs5NiORQp9FnHE19ej48=; b=tIP7SdH2o86SbF7Cn+wluVFxdUEiWV86WQPFn0aaugbKqMEuLmMyL7LW8UnjFj51Dm MkGqOQaHDjCWvnfnoeDQ7gndlcOn+WEr55yi4mLL7CCbiE9j4fQZChopV74JdG6df/B5 GlEKyTGTsQdbbN9IIRohZwfeSYCK+/DaCbgWCV+F4s8CwVhQs8ye+/xjeOmW34S1jaTY RwpF8O0sCZzo/0ulegEEBozJfBYQMF2VMvseNxSGaWIADaX5NwFnk4FRHXt9Z18i3tYS OAiQPZbqn+YC6xb7K0QlpalXy91h+8iZrq0Vweti04BRf1oRugAd0Oi/mCJJ5BVnhaau wC2g== X-Gm-Message-State: AOAM530LnkYUYqWSwnWQZ1RNs9+5OmYnbGnDXvuaNI5JDHYm2cLapdZD dzcIc02KVZAUosPD8uurrLLuyTT3KerK1mpCFhRAXuCjDNSqFaivaHZmlJaqw7wJ6vYjy/ZUXIr QeRiYChGbFYShYHY= X-Received: by 2002:a05:600c:2dc1:: with SMTP id e1mr3909736wmh.135.1633606184130; Thu, 07 Oct 2021 04:29:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyCGtQPVUTWH8//ChO0azrAsnUoGsBUNkudWwL4mB93Z03icqsjehxKzcd4fqupF2TMlDsgAQ== X-Received: by 2002:a05:600c:2dc1:: with SMTP id e1mr3909724wmh.135.1633606183940; Thu, 07 Oct 2021 04:29:43 -0700 (PDT) Received: from [192.168.1.36] (118.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.118]) by smtp.gmail.com with ESMTPSA id z16sm8450077wmk.6.2021.10.07.04.29.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Oct 2021 04:29:43 -0700 (PDT) Message-ID: <8f12bc3e-53aa-c946-bb06-f7d08721b243@redhat.com> Date: Thu, 7 Oct 2021 13:29:42 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.0 Subject: Re: [PATCH v3 05/22] target/i386/monitor: Return QMP error when SEV is disabled in build To: Paolo Bonzini , Sergio Lopez , "Dr . David Alan Gilbert" References: <20211002125317.3418648-1-philmd@redhat.com> <20211002125317.3418648-6-philmd@redhat.com> From: =?UTF-8?Q?Philippe_Mathieu-Daud=c3=a9?= In-Reply-To: Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -47 X-Spam_score: -4.8 X-Spam_bar: ---- X-Spam_report: (-4.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.05, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.964, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brijesh Singh , Eduardo Habkost , kvm@vger.kernel.org, Connor Kuehl , James Bottomley , qemu-devel@nongnu.org, Dov Murik , "Daniel P . Berrange" Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On 10/4/21 10:11, Paolo Bonzini wrote: > On 02/10/21 14:53, Philippe Mathieu-Daudé wrote: >> If the management layer tries to inject a secret, it gets an empty >> response in case the binary built without SEV: >> >>    { "execute": "sev-inject-launch-secret", >>      "arguments": { "packet-header": "mypkt", "secret": "mypass", >> "gpa": 4294959104 } >>    } >>    { >>        "return": { >>        } >>    } >> >> Make it clearer by returning an error, mentioning the feature is >> disabled: >> >>    { "execute": "sev-inject-launch-secret", >>      "arguments": { "packet-header": "mypkt", "secret": "mypass", >> "gpa": 4294959104 } >>    } >>    { >>        "error": { >>            "class": "GenericError", >>            "desc": "this feature or command is not currently supported" >>        } >>    } >> >> Reviewed-by: Dr. David Alan Gilbert >> Reviewed-by: Connor Kuehl >> Signed-off-by: Philippe Mathieu-Daudé >> --- >>   target/i386/monitor.c | 5 +++++ >>   1 file changed, 5 insertions(+) >> >> diff --git a/target/i386/monitor.c b/target/i386/monitor.c >> index 196c1c9e77f..a9f85acd473 100644 >> --- a/target/i386/monitor.c >> +++ b/target/i386/monitor.c >> @@ -28,6 +28,7 @@ >>   #include "monitor/hmp-target.h" >>   #include "monitor/hmp.h" >>   #include "qapi/qmp/qdict.h" >> +#include "qapi/qmp/qerror.h" >>   #include "sysemu/kvm.h" >>   #include "sysemu/sev.h" >>   #include "qapi/error.h" >> @@ -743,6 +744,10 @@ void qmp_sev_inject_launch_secret(const char >> *packet_hdr, >>                                     bool has_gpa, uint64_t gpa, >>                                     Error **errp) >>   { >> +    if (!sev_enabled()) { >> +        error_setg(errp, QERR_UNSUPPORTED); >> +        return; >> +    } >>       if (!has_gpa) { >>           uint8_t *data; >>           struct sev_secret_area *area; >> > > This should be done in the sev_inject_launch_secret stub instead, I > think.  Or if you do it here, you can remove the "if (!sev_guest)" > conditional in the non-stub version. This part is not related to SEV builtin; what we want to avoid here is management layer to try to inject secret while the guest hasn't been started with SEV (IOW 'no memory encryption requested for KVM). Maybe this error message is more explicit? error_setg(errp, "Guest is not using memory encryption"); Or: error_setg(errp, "Guest is not using SEV");