qemu/target-i386-sev-Fix-missing-ERRP_GUARD-for-error_pre.patch

From 5a4e9ad98edc1ba5c1e93f0e24753c1a8355ffce Mon Sep 17 00:00:00 2001
From: dinglimin <dinglimin@cmss.chinamobile.com>
Date: Wed, 13 Mar 2024 13:49:37 +0800
Subject: [PATCH] target/i386/sev: Fix missing ERRP_GUARD() for error_prepend()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cheery-pick from f55cceac8c03e639711490f08996c32861591435
As the comment in qapi/error, passing @errp to error_prepend() requires ERRP_GUARD():

* = Why, when and how to use ERRP_GUARD() =
*
* Without ERRP_GUARD(), use of the @errp parameter is restricted:
...
* - It should not be passed to error_prepend(), error_vprepend() or
*   error_append_hint(), because that doesn't work with &error_fatal.
* ERRP_GUARD() lifts these restrictions.
*
* To use ERRP_GUARD(), add it right at the beginning of the function.
* @errp can then be used without worrying about the argument being
* NULL or &error_fatal.

ERRP_GUARD() could avoid the case when @errp is the pointer of
error_fatal, the user can't see this additional information, because
exit() happens in error_setg earlier than information is added [1].

The sev_inject_launch_secret() passes @errp to error_prepend(), and as
an APIs defined in target/i386/sev.h, it is necessary to protect its
@errp with ERRP_GUARD().

To avoid the issue like [1] said, add missing ERRP_GUARD() at the
beginning of this function.

[1]: Issue description in the commit message of commit ae7c80a7bd73
     ("error: New macro ERRP_GUARD()").

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20240229143914.1977550-17-zhao1.liu@linux.intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: dinglimin <dinglimin@cmss.chinamobile.com>
---
 target/i386/sev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 9a71246682..1a9d1db7a8 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -1044,6 +1044,7 @@ sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp)
 int sev_inject_launch_secret(const char *packet_hdr, const char *secret,
                              uint64_t gpa, Error **errp)
 {
+    ERRP_GUARD();
     struct kvm_sev_launch_secret input;
     g_autofree guchar *data = NULL, *hdr = NULL;
     int error, ret = 1;
-- 
2.27.0
QEMU update to version 8.2.0-2 - block: bugfix: Don't pause vm when NOSPACE EIO happened - block: enable cache mode of empty cdrom - block/mirror: fix file-system went to read-only after block-mirror - scsi-bus: fix incorrect call for blk_error_retry_reset_timeout() - scsi-bus: fix unmatched object_unref() - block: Add sanity check when setting retry parameters - block-backend: Stop retrying when draining - scsi-disk: Add support for retry on errors - scsi-bus: Refactor the code that retries requests - virtio_blk: Add support for retry on errors - block: Add error retry param setting - block-backend: Add timeout support for retry - block-backend: Enable retry action on errors - block-backend: Add device specific retry callback - block-backend: Introduce retry timer - qapi/block-core: Add retry option for error action - scsi: bugfix: fix division by zero - scsi: cdrom: Fix crash after remote cdrom detached - qemu-pr: fixed ioctl failed for multipath disk - scsi-disk: define props in scsi_block_disk to avoid memleaks - bugfix: fix possible memory leak - bugfix: fix some illegal memory access and memory leak - util/log: add CONFIG_DISABLE_QEMU_LOG macro - log: Add some logs on VM runtime path - bugfix: fix eventfds may double free when vm_id reused in ivshmem - hw/display/macfb: Fix missing ERRP_GUARD() in macfb_nubus_realize() - hw/cxl/cxl-host: Fix missing ERRP_GUARD() in cxl_fixed_memory_window_config() - qemu-img create: 'cache' paramter only use for reg file image - qemu-img: add qemu-img direct create - qemu-img block: set zero flags only when discard_zeros of the block supported - Revert "file-posix: Remove unused s->discard_zeroes" - pcie_sriov: Validate NumVFs (CVE-2024-26327) - hw/nvme: Use pcie_sriov_num_vfs() (CVE-2024-26328) - hw/acpi/cpu: Use CPUState typedef - target/i386/sev: Fix missing ERRP_GUARD() for error_prepend() - virtio-gpu: remove needless condition - hw/i2c/smbus_slave: Add object path on error prints - vfio/pci: Ascend710 change to bar2 quirk - vfio/pci: Ascend910 need 4Bytes quirk in bar0 - vfio/pci: Ascend710 need 4Bytes quirk in bar0 - vfio/pci: Ascend310 need 4Bytes quirk in bar4 - chardev/char-socket: Fix TLS io channels sending too much data to the backend - i386/cpuid: Move leaf 7 to correct group - i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F - i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs - i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available - blkio: Respect memory-alignment for bounce buffer allocations - virtio-gpu: Correct virgl_renderer_resource_get_info() error check - hw/usb: Style cleanup - tests/qemu-iotests: resolved the problem that the 108 test cases in the container fail Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit 404d45bf9147058a475a8031c454a6c8e0acc123) 2024-03-23 09:20:40 +08:00			`From 5a4e9ad98edc1ba5c1e93f0e24753c1a8355ffce Mon Sep 17 00:00:00 2001`
			`From: dinglimin <dinglimin@cmss.chinamobile.com>`
			`Date: Wed, 13 Mar 2024 13:49:37 +0800`
			`Subject: [PATCH] target/i386/sev: Fix missing ERRP_GUARD() for error_prepend()`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`cheery-pick from f55cceac8c03e639711490f08996c32861591435`
			`As the comment in qapi/error, passing @errp to error_prepend() requires ERRP_GUARD():`

			`* = Why, when and how to use ERRP_GUARD() =`
			`*`
			`* Without ERRP_GUARD(), use of the @errp parameter is restricted:`
			`...`
			`* - It should not be passed to error_prepend(), error_vprepend() or`
			`* error_append_hint(), because that doesn't work with &error_fatal.`
			`* ERRP_GUARD() lifts these restrictions.`
			`*`
			`* To use ERRP_GUARD(), add it right at the beginning of the function.`
			`* @errp can then be used without worrying about the argument being`
			`* NULL or &error_fatal.`

			`ERRP_GUARD() could avoid the case when @errp is the pointer of`
			`error_fatal, the user can't see this additional information, because`
			`exit() happens in error_setg earlier than information is added [1].`

			`The sev_inject_launch_secret() passes @errp to error_prepend(), and as`
			`an APIs defined in target/i386/sev.h, it is necessary to protect its`
			`@errp with ERRP_GUARD().`

			`To avoid the issue like [1] said, add missing ERRP_GUARD() at the`
			`beginning of this function.`

			`[1]: Issue description in the commit message of commit ae7c80a7bd73`
			`("error: New macro ERRP_GUARD()").`

			`Cc: Paolo Bonzini <pbonzini@redhat.com>`
			`Cc: Marcelo Tosatti <mtosatti@redhat.com>`
			`Signed-off-by: Zhao Liu <zhao1.liu@intel.com>`
			`Reviewed-by: Thomas Huth <thuth@redhat.com>`
			`Message-ID: <20240229143914.1977550-17-zhao1.liu@linux.intel.com>`
			`Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>`
			`Signed-off-by: dinglimin <dinglimin@cmss.chinamobile.com>`
			`---`
			`target/i386/sev.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/target/i386/sev.c b/target/i386/sev.c`
			`index 9a71246682..1a9d1db7a8 100644`
			`--- a/target/i386/sev.c`
			`+++ b/target/i386/sev.c`
			`@@ -1044,6 +1044,7 @@ sev_encrypt_flash(uint8_t ptr, uint64_t len, Error *errp)`
			`int sev_inject_launch_secret(const char packet_hdr, const char secret,`
			`uint64_t gpa, Error **errp)`
			`{`
			`+ ERRP_GUARD();`
			`struct kvm_sev_launch_secret input;`
			`g_autofree guchar data = NULL, hdr = NULL;`
			`int error, ret = 1;`
			`--`
			`2.27.0`