On Mon, 2 Mar 2026 at 08:57, Paolo Bonzini <[email protected]> wrote:
>
> From: Ani Sinha <[email protected]>
>
> When the KVM VM file descriptor changes as a part of the confidential guest
> reset mechanism, it necessary to create a new confidential guest context and
> re-encrypt the VM memory. This happens for SEV-ES and SEV-SNP virtual machines
> as a part of SEV_LAUNCH_FINISH, SEV_SNP_LAUNCH_FINISH operations.
>
> A new resettable interface for SEV module has been added. A new reset callback
> for the reset 'exit' state has been implemented to perform the above
> operations
> when the VM file descriptor has changed during VM reset.
>
> Tracepoints has been added also for tracing purpose.
>
> Signed-off-by: Ani Sinha <[email protected]>
> Link: https://lore.kernel.org/r/[email protected]
> Signed-off-by: Paolo Bonzini <[email protected]>
Hi; Coverity points out an issue with this commit:
> +static void sev_handle_reset(Object *obj, ResetType type)
> +{
> + SevCommonState *sev_common =
> SEV_COMMON(MACHINE(qdev_get_machine())->cgs);
> + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(sev_common);
Getting the class pointer assumes that sev_common is not NULL...
> +
> + if (!sev_common) {
...but then we check for this afterwards.
Since this is a reset method you can assume that the object
is not NULL, as usual for methods on objects.
> + return;
> + }
> +
> + if (!runstate_is_running()) {
> + return;
> + }
> +
> + sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
> + if (sev_es_enabled() && !sev_snp_enabled()) {
> + sev_launch_get_measure(NULL, NULL);
> + }
> + if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) {
> + /* this calls sev_snp_launch_finish() etc */
> + klass->launch_finish(sev_common);
> + }
> +
> + trace_sev_handle_reset();
> + return;
> +}
thanks
-- PMM
