On 4/22/2025 11:34 PM, Zhao Liu wrote:
+int tdx_pre_create_vcpu(CPUState *cpu, Error **errp)
+{
+ X86CPU *x86cpu = X86_CPU(cpu);
+ CPUX86State *env = &x86cpu->env;
+ g_autofree struct kvm_tdx_init_vm *init_vm = NULL;
+ Error *local_err = NULL;
+ int retry = 10000;
+ int r = 0;
+
+ QEMU_LOCK_GUARD(&tdx_guest->lock);
+ if (tdx_guest->initialized) {
+ return r;
+ }
+
+ init_vm = g_malloc0(sizeof(struct kvm_tdx_init_vm) +
+ sizeof(struct kvm_cpuid_entry2) *
KVM_MAX_CPUID_ENTRIES);
+
+ r = setup_td_xfam(x86cpu, errp);
+ if (r) {
+ return r;
+ }
+
+ init_vm->cpuid.nent = kvm_x86_build_cpuid(env, init_vm->cpuid.entries, 0);
+ tdx_filter_cpuid(&init_vm->cpuid);
+
+ init_vm->attributes = tdx_guest->attributes;
+ init_vm->xfam = tdx_guest->xfam;
+
+ /*
+ * KVM_TDX_INIT_VM gets -EAGAIN when KVM side SEAMCALL(TDH_MNG_CREATE)
+ * gets TDX_RND_NO_ENTROPY due to Random number generation (e.g., RDRAND or
+ * RDSEED) is busy.
+ *
+ * Retry for the case.
+ */
+ do {
+ error_free(local_err);
+ local_err = NULL;
+ r = tdx_vm_ioctl(KVM_TDX_INIT_VM, 0, init_vm, &local_err);
+ } while (r == -EAGAIN && --retry);
+
+ if (r < 0) {
+ if (!retry) {
+ error_report("Hardware RNG (Random Number Generator) is busy "
+ "occupied by someone (via RDRAND/RDSEED) maliciously,
"
+ "which leads to KVM_TDX_INIT_VM keeping failure "
+ "due to lack of entropy.");
This needs to be
error_append_hint(local_err, ....);
so that this message gets associated with the error object that
is propagated, and the top level will print it all at once.
Good suggestion! Will change to it in the next version.
A little suggestion:
With error_append_hint(local_err, ...), you can add "ERRP_GUARD()" at
the beginning of tdx_pre_create_vcpu(), just like the commit 95e9053a34ca.
I don't think ERRP_GUARD() is needed.
ERRP_GUARD() is used to guard @errp, while here error_append_hint() is
used on @local_err.
