[RFC] target/i386: restrict SEV to 64 bit host builds

Message ID	20240626140307.1026816-1-alex.bennee@linaro.org
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org> To: qemu-devel@nongnu.org Cc: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>, kvm@vger.kernel.org (open list:X86 KVM CPUs) Subject: [RFC PATCH] target/i386: restrict SEV to 64 bit host builds Date: Wed, 26 Jun 2024 15:03:07 +0100 Message-Id: <20240626140307.1026816-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::535; envelope-from=alex.bennee@linaro.org; helo=mail-ed1-x535.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
Series	[RFC] target/i386: restrict SEV to 64 bit host builds \| expand [RFC] target/i386: restrict SEV to 64 bit host builds

Alex Bennée June 26, 2024, 2:03 p.m. UTC

Re-enabling the 32 bit host build on i686 showed the recently merged
SEV code doesn't take enough care over its types. While the format
strings could use more portable types there isn't much we can do about
casting uint64_t into a pointer. The easiest solution seems to be just
to disable SEV for a 32 bit build. It's highly unlikely anyone would
want this functionality anyway.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
 target/i386/sev.h       | 2 +-
 target/i386/meson.build | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

Daniel P. Berrangé June 26, 2024, 2:20 p.m. UTC | #1

On Wed, Jun 26, 2024 at 03:03:07PM +0100, Alex Bennée wrote:
> Re-enabling the 32 bit host build on i686 showed the recently merged
> SEV code doesn't take enough care over its types. While the format
> strings could use more portable types there isn't much we can do about
> casting uint64_t into a pointer. The easiest solution seems to be just
> to disable SEV for a 32 bit build. It's highly unlikely anyone would
> want this functionality anyway.
> 
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> ---
>  target/i386/sev.h       | 2 +-
>  target/i386/meson.build | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index 858005a119..b0cb9dd7ed 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -45,7 +45,7 @@ typedef struct SevKernelLoaderContext {
>      size_t cmdline_size;
>  } SevKernelLoaderContext;
>  
> -#ifdef CONFIG_SEV
> +#if defined(CONFIG_SEV) && defined(HOST_X86_64)
>  bool sev_enabled(void);
>  bool sev_es_enabled(void);
>  bool sev_snp_enabled(void);
> diff --git a/target/i386/meson.build b/target/i386/meson.build
> index 075117989b..d2a008926c 100644
> --- a/target/i386/meson.build
> +++ b/target/i386/meson.build
> @@ -6,7 +6,7 @@ i386_ss.add(files(
>    'xsave_helper.c',
>    'cpu-dump.c',
>  ))
> -i386_ss.add(when: 'CONFIG_SEV', if_true: files('host-cpu.c', 'confidential-guest.c'))
> +i386_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('host-cpu.c', 'confidential-guest.c'))
>  
>  # x86 cpu type
>  i386_ss.add(when: 'CONFIG_KVM', if_true: files('host-cpu.c'))
> @@ -21,7 +21,7 @@ i386_system_ss.add(files(
>    'cpu-apic.c',
>    'cpu-sysemu.c',
>  ))
> -i386_system_ss.add(when: 'CONFIG_SEV', if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
> +i386_system_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
>  
>  i386_user_ss = ss.source_set()

Instead of changing each usage of CONFIG_SEV, is it better to
prevent it getting enabled in the first place ?

eg. move

  #CONFIG_SEV=n

From

  configs/devices/i386-softmmu/default.mak

to

  configs/devices/x86_64-softmmu/default.mak

And then also change

  hw/i386/Kconfig

to say

  config SEV
      bool
      select X86_FW_OVMF
      depends on KVM && X86_64


With regards,
Daniel

Richard Henderson June 26, 2024, 4:11 p.m. UTC | #2

On 6/26/24 07:03, Alex Bennée wrote:
> While the format
> strings could use more portable types there isn't much we can do about
> casting uint64_t into a pointer.

Use uintptr_t, obviously.


r~

Alex Bennée June 26, 2024, 4:17 p.m. UTC | #3

Daniel P. Berrangé <berrange@redhat.com> writes:

> On Wed, Jun 26, 2024 at 03:03:07PM +0100, Alex Bennée wrote:
>> Re-enabling the 32 bit host build on i686 showed the recently merged
>> SEV code doesn't take enough care over its types. While the format
>> strings could use more portable types there isn't much we can do about
>> casting uint64_t into a pointer. The easiest solution seems to be just
>> to disable SEV for a 32 bit build. It's highly unlikely anyone would
>> want this functionality anyway.
>> 
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> ---
>>  target/i386/sev.h       | 2 +-
>>  target/i386/meson.build | 4 ++--
>>  2 files changed, 3 insertions(+), 3 deletions(-)
>> 
>> diff --git a/target/i386/sev.h b/target/i386/sev.h
>> index 858005a119..b0cb9dd7ed 100644
>> --- a/target/i386/sev.h
>> +++ b/target/i386/sev.h
>> @@ -45,7 +45,7 @@ typedef struct SevKernelLoaderContext {
>>      size_t cmdline_size;
>>  } SevKernelLoaderContext;
>>  
>> -#ifdef CONFIG_SEV
>> +#if defined(CONFIG_SEV) && defined(HOST_X86_64)
>>  bool sev_enabled(void);
>>  bool sev_es_enabled(void);
>>  bool sev_snp_enabled(void);
>> diff --git a/target/i386/meson.build b/target/i386/meson.build
>> index 075117989b..d2a008926c 100644
>> --- a/target/i386/meson.build
>> +++ b/target/i386/meson.build
>> @@ -6,7 +6,7 @@ i386_ss.add(files(
>>    'xsave_helper.c',
>>    'cpu-dump.c',
>>  ))
>> -i386_ss.add(when: 'CONFIG_SEV', if_true: files('host-cpu.c', 'confidential-guest.c'))
>> +i386_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('host-cpu.c', 'confidential-guest.c'))
>>  
>>  # x86 cpu type
>>  i386_ss.add(when: 'CONFIG_KVM', if_true: files('host-cpu.c'))
>> @@ -21,7 +21,7 @@ i386_system_ss.add(files(
>>    'cpu-apic.c',
>>    'cpu-sysemu.c',
>>  ))
>> -i386_system_ss.add(when: 'CONFIG_SEV', if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
>> +i386_system_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
>>  
>>  i386_user_ss = ss.source_set()
>
> Instead of changing each usage of CONFIG_SEV, is it better to
> prevent it getting enabled in the first place ?
>
> eg. move
>
>   #CONFIG_SEV=n
>
> From
>
>   configs/devices/i386-softmmu/default.mak
>
> to
>
>   configs/devices/x86_64-softmmu/default.mak
>
> And then also change
>
>   hw/i386/Kconfig
>
> to say
>
>   config SEV
>       bool
>       select X86_FW_OVMF
>       depends on KVM && X86_64

I was wondering if I could do it all with Kconfig. Will respin thanks.

>
>
> With regards,
> Daniel

Philippe Mathieu-Daudé June 26, 2024, 5 p.m. UTC | #4

On 26/6/24 16:20, Daniel P. Berrangé wrote:
> On Wed, Jun 26, 2024 at 03:03:07PM +0100, Alex Bennée wrote:
>> Re-enabling the 32 bit host build on i686 showed the recently merged
>> SEV code doesn't take enough care over its types. While the format
>> strings could use more portable types there isn't much we can do about
>> casting uint64_t into a pointer. The easiest solution seems to be just
>> to disable SEV for a 32 bit build. It's highly unlikely anyone would
>> want this functionality anyway.
>>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> ---
>>   target/i386/sev.h       | 2 +-
>>   target/i386/meson.build | 4 ++--
>>   2 files changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/target/i386/sev.h b/target/i386/sev.h
>> index 858005a119..b0cb9dd7ed 100644
>> --- a/target/i386/sev.h
>> +++ b/target/i386/sev.h
>> @@ -45,7 +45,7 @@ typedef struct SevKernelLoaderContext {
>>       size_t cmdline_size;
>>   } SevKernelLoaderContext;
>>   
>> -#ifdef CONFIG_SEV
>> +#if defined(CONFIG_SEV) && defined(HOST_X86_64)
>>   bool sev_enabled(void);
>>   bool sev_es_enabled(void);
>>   bool sev_snp_enabled(void);
>> diff --git a/target/i386/meson.build b/target/i386/meson.build
>> index 075117989b..d2a008926c 100644
>> --- a/target/i386/meson.build
>> +++ b/target/i386/meson.build
>> @@ -6,7 +6,7 @@ i386_ss.add(files(
>>     'xsave_helper.c',
>>     'cpu-dump.c',
>>   ))
>> -i386_ss.add(when: 'CONFIG_SEV', if_true: files('host-cpu.c', 'confidential-guest.c'))
>> +i386_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('host-cpu.c', 'confidential-guest.c'))
>>   
>>   # x86 cpu type
>>   i386_ss.add(when: 'CONFIG_KVM', if_true: files('host-cpu.c'))
>> @@ -21,7 +21,7 @@ i386_system_ss.add(files(
>>     'cpu-apic.c',
>>     'cpu-sysemu.c',
>>   ))
>> -i386_system_ss.add(when: 'CONFIG_SEV', if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
>> +i386_system_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
>>   
>>   i386_user_ss = ss.source_set()
> 
> Instead of changing each usage of CONFIG_SEV, is it better to
> prevent it getting enabled in the first place ?
> 
> eg. move
> 
>    #CONFIG_SEV=n
> 
> From
> 
>    configs/devices/i386-softmmu/default.mak
> 
> to
> 
>    configs/devices/x86_64-softmmu/default.mak
> 
> And then also change
> 
>    hw/i386/Kconfig
> 
> to say
> 
>    config SEV
>        bool
>        select X86_FW_OVMF
>        depends on KVM && X86_64

Both are *targets*, IIUC we want to disable on *hosts*.

Paolo Bonzini June 26, 2024, 11:42 p.m. UTC | #5

On 6/26/24 16:03, Alex Bennée wrote:
> Re-enabling the 32 bit host build on i686 showed the recently merged
> SEV code doesn't take enough care over its types. While the format
> strings could use more portable types there isn't much we can do about
> casting uint64_t into a pointer. The easiest solution seems to be just
> to disable SEV for a 32 bit build. It's highly unlikely anyone would
> want this functionality anyway.

It's better style to just fix the compilation issues.  I'll send a small 
series once I test it.

Paolo

> 
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> ---
>   target/i386/sev.h       | 2 +-
>   target/i386/meson.build | 4 ++--
>   2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index 858005a119..b0cb9dd7ed 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -45,7 +45,7 @@ typedef struct SevKernelLoaderContext {
>       size_t cmdline_size;
>   } SevKernelLoaderContext;
>   
> -#ifdef CONFIG_SEV
> +#if defined(CONFIG_SEV) && defined(HOST_X86_64)
>   bool sev_enabled(void);
>   bool sev_es_enabled(void);
>   bool sev_snp_enabled(void);
> diff --git a/target/i386/meson.build b/target/i386/meson.build
> index 075117989b..d2a008926c 100644
> --- a/target/i386/meson.build
> +++ b/target/i386/meson.build
> @@ -6,7 +6,7 @@ i386_ss.add(files(
>     'xsave_helper.c',
>     'cpu-dump.c',
>   ))
> -i386_ss.add(when: 'CONFIG_SEV', if_true: files('host-cpu.c', 'confidential-guest.c'))
> +i386_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('host-cpu.c', 'confidential-guest.c'))
>   
>   # x86 cpu type
>   i386_ss.add(when: 'CONFIG_KVM', if_true: files('host-cpu.c'))
> @@ -21,7 +21,7 @@ i386_system_ss.add(files(
>     'cpu-apic.c',
>     'cpu-sysemu.c',
>   ))
> -i386_system_ss.add(when: 'CONFIG_SEV', if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
> +i386_system_ss.add(when: ['CONFIG_SEV', 'HOST_X86_64'], if_true: files('sev.c'), if_false: files('sev-sysemu-stub.c'))
>   
>   i386_user_ss = ss.source_set()
>

[RFC] target/i386: restrict SEV to 64 bit host builds

Commit Message

Comments

Patch