[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 03/16] target/arm/kvm-rme: Initialize realm
From: |
Richard Henderson |
Subject: |
Re: [RFC PATCH 03/16] target/arm/kvm-rme: Initialize realm |
Date: |
Fri, 27 Jan 2023 10:37:12 -1000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 |
On 1/27/23 05:07, Jean-Philippe Brucker wrote:
+static inline int kvm_arm_rme_init(ConfidentialGuestSupport *cgs, Error **errp)
+{
+ return 0;
+}
+
+static inline int kvm_arm_rme_vm_type(MachineState *ms)
+{
+ return 0;
+}
Should the stubs really return 0, or g_assert_not_reached()?
+static RmeGuest *cgs_to_rme(ConfidentialGuestSupport *cgs)
+{
+ if (!cgs) {
+ return NULL;
+ }
+ return (RmeGuest *)object_dynamic_cast(OBJECT(cgs), TYPE_RME_GUEST);
+}
Direct usage of object_dynamic_cast is usually not correct.
Normally one would use DECLARE_INSTANCE_CHECKER to define the entire function. But if you
prefer to type-check the input argument as ConfidentialGuestSupport I can see defining
your own function. But in that case I think you probably want to use OBJECT_CHECK, which
asserts that the cast succeeds.
But then I see that cgs_to_rme is, in all instances so far, also used as a
predicate.
+bool kvm_arm_rme_enabled(void)
+{
+ ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs;
+
+ return !!cgs_to_rme(cgs);
+}
Ah, hmm. Well, probably wouldn't want an assert here.
At present I would expect exactly one object class to be present in the
qemu-system-aarch64 binary that would pass the machine_check_confidential_guest_support
test done by core code. But we are hoping to move toward a heterogeneous model where e.g.
the TYPE_SEV_GUEST object might be discoverable within the same executable.
Therefore, if cgs_to_rme above uses assert, this might use object_dynamic_cast here
directly. It seems like we ought to have a boolean test for this kind of thing, but no.
+int kvm_arm_rme_init(ConfidentialGuestSupport *cgs, Error **errp)
+{
+ int ret;
+ static Error *rme_mig_blocker;
+ RmeGuest *guest = cgs_to_rme(cgs);
+
+ if (!guest) {
+ /* Either no cgs, or another confidential guest type */
+ return 0;
+ }
+
+ if (!kvm_enabled()) {
+ error_setg(errp, "KVM required for RME");
+ return -ENODEV;
+ }
I think this null check, and the kvm_enabled check, belong in virt.c.
You'll not get the error with the !CONFIG_KVM version of this function above.
r~
- [RFC PATCH 00/16] arm: Run Arm CCA VMs with KVM, Jean-Philippe Brucker, 2023/01/27
- [RFC PATCH 03/16] target/arm/kvm-rme: Initialize realm, Jean-Philippe Brucker, 2023/01/27
- Re: [RFC PATCH 03/16] target/arm/kvm-rme: Initialize realm,
Richard Henderson <=
- [RFC PATCH 01/16] NOMERGE: Add KVM Arm RME definitions to Linux headers, Jean-Philippe Brucker, 2023/01/27
- [RFC PATCH 07/16] target/arm/kvm: Select RME VM type for the scratch VM, Jean-Philippe Brucker, 2023/01/27
- [RFC PATCH 02/16] target/arm: Add confidential guest support, Jean-Philippe Brucker, 2023/01/27
- [RFC PATCH 04/16] hw/arm/virt: Add support for Arm RME, Jean-Philippe Brucker, 2023/01/27
- [RFC PATCH 05/16] target/arm/kvm: Split kvm_arch_get/put_registers, Jean-Philippe Brucker, 2023/01/27