From nobody Mon Feb 9 01:51:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602758790; cv=none; d=zohomail.com; s=zohoarc; b=MdMktsaf34UB64TvMmeFDc8IvOojOcT4mA2HlNUbnx8uppGFGnPIRwyiqDL8O45T17b+fN3D+jiY8wkymDTr+tY/M0/oIskq/QQhQg60MQGie7ARwPGoufuLgzaz3m/EKhNCs73fRUDYqQFwPVpeKpQVQbk+E6mlbngvDq0NOmU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602758790; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=FtsSn9plQhgEDTKs4l1/1OqkKrcsxZrqunLoscNHH8k=; b=TPvvakn2+fMg3pWSEwJdsXGPIxJtRhnD4Y1NJI+WzyYHYnwDGILrctSpMIcFn9nMcUxiuNVXzaHGWtDJrAMWTK5ZQEixplQEpD/rckTY9AvMkKLoiyJbtxpmiCcqgpnvAmRHKObdNpTQT3GwLkdBFOk2HA9r267DjtCe14/qZME= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1602758790668168.69241272650345; Thu, 15 Oct 2020 03:46:30 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-304-lntLMozhOiGZMkw5uc4gPg-1; Thu, 15 Oct 2020 06:46:27 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C634918BE172; Thu, 15 Oct 2020 10:46:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A5D676EF68; Thu, 15 Oct 2020 10:46:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6BDF21826D39; Thu, 15 Oct 2020 10:46:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 09FAjxkN004222 for ; Thu, 15 Oct 2020 06:45:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2588F100238C; Thu, 15 Oct 2020 10:45:59 +0000 (UTC) Received: from nautilus.redhat.com (unknown [10.40.192.115]) by smtp.corp.redhat.com (Postfix) with ESMTP id EAB5D10013D7; Thu, 15 Oct 2020 10:45:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602758789; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=FtsSn9plQhgEDTKs4l1/1OqkKrcsxZrqunLoscNHH8k=; b=GIFi8cz7zvQAmnwwDf7XCiEf+ulWpECBCbKO1cZQfW7dcnTpTJ3g4nhfXFx/AyFTkoLzpM ayr4O54KllHyPFUB9d0t81KAXvYLO2Wg3H2jG+aqwrFJBHKaJPN+jg9z5uEOil3otOq4oZ 4z8ioiu4GUYyajAFFrfLkuJ6XkSdY2A= X-MC-Unique: lntLMozhOiGZMkw5uc4gPg-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt PATCH v2 4/4] conf: domain: sev: Make 'cbitpos' & 'reducedPhysBits' attrs optional Date: Thu, 15 Oct 2020 12:45:48 +0200 Message-Id: <0473b4d52c0b61b6c83565022cae6515ca57e5f4.1602758656.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , brijesh.singh@amd.com, dgilbert@redhat.com, Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" These XML attributes have been mandatory since the introduction of SEV support to libvirt. This design decision was based on QEMU's requirement for these to be mandatory for migration purposes, as differences in these values across platforms must result in the pre-migration checks failing (not that migration with SEV works at the time of this patch). Expecting the user to specify these is cumbersome and the same XML cannot be re-used across different revisions of SEV. Since we have SEV platform information saved in QEMU capabilities, we can make the attributes optional and should fill them in automatically in the QEMU driver right before starting it. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/57 Signed-off-by: Erik Skultety Reviewed-by: Daniel Henrique Barboza --- docs/schemas/domaincommon.rng | 16 ++++--- src/conf/domain_conf.c | 46 ++++++++++++------- ...v-missing-platform-info.x86_64-2.12.0.args | 37 +++++++++++++++ ...nch-security-sev-missing-platform-info.xml | 35 ++++++++++++++ tests/qemuxml2argvtest.c | 1 + 5 files changed, 113 insertions(+), 22 deletions(-) create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-plat= form-info.x86_64-2.12.0.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-plat= form-info.xml diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index c26408c400..ae25b9b1bc 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -467,12 +467,16 @@ sev - - - - - - + + + + + + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index bbe59f61d0..efa5ac527b 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -16764,6 +16764,7 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, virDomainSEVDefPtr def; unsigned long policy; g_autofree char *type =3D NULL; + int rc =3D -1; =20 def =3D g_new0(virDomainSEVDef, 1); =20 @@ -16788,25 +16789,35 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, goto error; } =20 - if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("failed to get launch security cbitpos")); - goto error; - } - - if (virXPathUInt("string(./reducedPhysBits)", ctxt, - &def->reduced_phys_bits) < 0) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("failed to get launch security reduced-phys-bits"= )); - goto error; - } - if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", _("failed to get launch security policy")); goto error; } =20 + /* the following attributes are platform dependent and if missing, we = can + * autofill them from domain capabilities later + */ + rc =3D virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos); + if (rc =3D=3D 0) { + def->haveCbitpos =3D true; + } else if (rc =3D=3D -2) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("Invalid format for launch security cbitpos")); + goto error; + } + + rc =3D virXPathUInt("string(./reducedPhysBits)", ctxt, + &def->reduced_phys_bits); + if (rc =3D=3D 0) { + def->haveReducedPhysBits =3D true; + } else if (rc =3D=3D -2) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("Invalid format for launch security " + "reduced-phys-bits")); + goto error; + } + def->policy =3D policy; def->dh_cert =3D virXPathString("string(./dhCert)", ctxt); def->session =3D virXPathString("string(./session)", ctxt); @@ -28958,9 +28969,12 @@ virDomainSEVDefFormat(virBufferPtr buf, virDomainS= EVDefPtr sev) virDomainLaunchSecurityTypeToString(sev->sectype)); virBufferAdjustIndent(buf, 2); =20 - virBufferAsprintf(buf, "%d\n", sev->cbitpos); - virBufferAsprintf(buf, "%d\n", - sev->reduced_phys_bits); + if (sev->haveCbitpos) + virBufferAsprintf(buf, "%d\n", sev->cbitpos); + + if (sev->haveReducedPhysBits) + virBufferAsprintf(buf, "%d\n", + sev->reduced_phys_bits); virBufferAsprintf(buf, "0x%04x\n", sev->policy); if (sev->dh_cert) virBufferEscapeString(buf, "%s\n", sev->dh_cert); diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-in= fo.x86_64-2.12.0.args b/tests/qemuxml2argvdata/launch-security-sev-missing-= platform-info.x86_64-2.12.0.args new file mode 100644 index 0000000000..378c3b681c --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_= 64-2.12.0.args @@ -0,0 +1,37 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt= ion=3Dsev0 \ +-m 214 \ +-realtime mlock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot strict=3Don \ +-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-hd,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-0,b= ootindex=3D1 \ +-object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x= 1,\ +dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ +session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-in= fo.xml b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x= ml new file mode 100644 index 0000000000..41ec4cb872 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.xml @@ -0,0 +1,35 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + + + + + + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 8aa791d9f7..f9b02b232f 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3316,6 +3316,7 @@ mymain(void) DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x"); =20 DO_TEST_CAPS_VER("launch-security-sev", "2.12.0"); + DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0"= ); =20 DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory"); DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages"); --=20 2.26.2