@@ -1190,6 +1190,14 @@ void machine_run_board_init(MachineState *machine)
}
if (machine->cgs) {
+ /*
+ * Where confidential guest support is initialized depends on
+ * the specific mechanism in use. But, we need to make sure
+ * it's ready by now. If it isn't, that's a bug in the
+ * implementation of that cgs mechanism.
+ */
+ assert(machine->cgs->ready);
+
/*
* With confidential guests, the host can't see the real
* contents of RAM, so there's no point in it trying to merge
@@ -35,6 +35,8 @@
struct ConfidentialGuestSupport {
Object parent;
+
+ bool ready;
};
typedef struct ConfidentialGuestSupportClass {
@@ -737,6 +737,8 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
qemu_add_vm_change_state_handler(sev_vm_state_change, sev);
+ cgs->ready = true;
+
return 0;
err:
sev_guest = NULL;
The platform specific details of mechanisms for implementing confidential guest support may require setup at various points during initialization. Thus, it's not really feasible to have a single cgs initialization hook, but instead each mechanism needs its own initialization calls in arch or machine specific code. However, to make it harder to have a bug where a mechanism isn't properly initialized under some circumstances, we want to have a common place, relatively late in boot, where we verify that cgs has been initialized if it was requested. This patch introduces a ready flag to the ConfidentialGuestSupport base type to accomplish this, which we verify just before the machine specific initialization function. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> --- hw/core/machine.c | 8 ++++++++ include/exec/confidential-guest-support.h | 2 ++ target/i386/sev.c | 2 ++ 3 files changed, 12 insertions(+)