From nobody Fri May  3 15:27:50 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1603212566; cv=none;
	d=zohomail.com; s=zohoarc;
	b=OWwSu5/4xfTHkjcfgJ5VvBPMSTzarWcYoDL2wuZJceAgMFuq3ZZp0YlXvTt0EVW7IXk5KbhT5u+qcOo+7WyDsTibmkfHPQ62CwyRNw5NPWZ08VqQsmSM/hCGLlK4a9gptA7nYuPQTIYNXTu6TU/40ioeE+2ZWjDF1kamU2PTO3U=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1603212566;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=sIekDO87fW9efPM5C0omNJG97cOLKgc1Ejx1V/p+y1Q=;
	b=dksOQGMEllRWhZdIaPrj7kXWOg1lGrIOCrMG/OLXcSqETWi7XJXub0BIeXkcqlZsSw+I1PmoGajklGhExrtHXd8shMV3qdwExJjaA32zY4aBN6Z2vc1ITeD2sVFv0OAT9HQfp1113qpcDpsY4NTTklRtoDO/9+2L+Swdx3B5C7s=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 160321256615052.21007941087714;
 Tue, 20 Oct 2020 09:49:26 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-423-DQXdOf-YNU6-AxZFFvk1YQ-1; Tue, 20 Oct 2020 12:49:22 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AB6DB107465B;
	Tue, 20 Oct 2020 16:49:07 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4467927C29;
	Tue, 20 Oct 2020 16:49:07 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0A6FD4EA6C;
	Tue, 20 Oct 2020 16:49:06 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 09KGn5Q4008221 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 20 Oct 2020 12:49:05 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5239A2C31E; Tue, 20 Oct 2020 16:49:05 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-114-206.ams2.redhat.com
	[10.36.114.206])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 6DDE455771;
	Tue, 20 Oct 2020 16:49:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1603212565;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=sIekDO87fW9efPM5C0omNJG97cOLKgc1Ejx1V/p+y1Q=;
	b=JeCJ9rTUwFIxiWLtQ/oaDTHWZXAq3kJRXVfVGquUxBZNoCpS2AIzrai5BQcLQ7FtnNCtiT
	54zLhB5noU7ctbV/ztCmes4Zbnaar7L8KmxLkAbnKApljY+ayjY8sVs2oDg63t3f6VmVjs
	DSKHDbtEHmCVQ47FFLjeM5ZibiR0oR8=
X-MC-Unique: DQXdOf-YNU6-AxZFFvk1YQ-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH] qemu: stop passing -enable-fips to QEMU >= 5.2.0
Date: Tue, 20 Oct 2020 17:48:59 +0100
Message-Id: <20201020164859.411074-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)

Use of the -enable-fips option is being deprecated in QEMU >=3D 5.2.0. If
FIPS compliance is required, QEMU must be built with libcrypt which will
unconditionally enforce it.

Thus there is no need for libvirt to pass -enable-fips to modern QEMU.
Unfortunately there was never any way to probe for -enable-fips in the
first instance, it was enabled by libvirt based on version number
originally, and then later unconditionally enabled when libvirt dropped
support for older QEMU. Similarly we now use a version number check to
decide when to stop passing -enable-fips.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_capabilities.c |  8 ++++++++
 src/qemu/qemu_capabilities.h |  1 +
 src/qemu/qemu_command.c      | 12 +++++++++++-
 src/qemu/qemu_command.h      |  2 +-
 src/qemu/qemu_driver.c       |  2 +-
 src/qemu/qemu_process.c      |  2 +-
 6 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 81d9ecd886..b4271cd863 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -601,6 +601,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               /* 380 */
               "usb-host.hostdevice",
               "virtio-balloon.free-page-reporting",
+              "fips-implied",
     );
=20
=20
@@ -5151,6 +5152,13 @@ virQEMUCapsInitQMPVersionCaps(virQEMUCapsPtr qemuCap=
s)
     /* TCG couldn't be disabled nor queried until QEMU 2.10 */
     if (qemuCaps->version < 2010000)
         virQEMUCapsSet(qemuCaps, QEMU_CAPS_TCG);
+
+    /* -enable-fips is deprecated in QEMU 5.2.0, and QEMU
+     * should be built with gcrypt to achieve FIPS compliance
+     * automatically / implicitly
+     */
+    if (qemuCaps->version >=3D 5002000)
+        virQEMUCapsSet(qemuCaps, QEMU_CAPS_FIPS_IMPLIED);
 }
=20
=20
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 44c45589f0..2976879fa3 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -581,6 +581,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     /* 380 */
     QEMU_CAPS_USB_HOST_HOSTDEVICE, /* -device usb-host.hostdevice */
     QEMU_CAPS_VIRTIO_BALLOON_FREE_PAGE_REPORTING, /*virtio balloon free-pa=
ge-reporting */
+    QEMU_CAPS_FIPS_IMPLIED, /* -enable-fips is no longer required, delegat=
e to gcrypt */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 697a2db62b..a8cb608c28 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1089,10 +1089,20 @@ qemuDiskConfigBlkdeviotuneEnabled(virDomainDiskDefP=
tr disk)
  *                          old QEMU            new QEMU
  * FIPS enabled             doesn't start       VNC auth disabled
  * FIPS disabled/missing    VNC auth enabled    VNC auth enabled
+ *
+ * In QEMU 5.2.0, use of -enable-fips was deprecated. In scenarios
+ * where FIPS is required, QEMU must be built against libgcrypt
+ * which automatically enforces FIPS compliance.
  */
 bool
-qemuCheckFips(void)
+qemuCheckFips(virDomainObjPtr vm)
 {
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virQEMUCapsPtr qemuCaps =3D priv->qemuCaps;
+
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_FIPS_IMPLIED))
+        return false;
+
     if (virFileExists("/proc/sys/crypto/fips_enabled")) {
         g_autofree char *buf =3D NULL;
=20
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index 8a30f2852c..8d46c65fcc 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -215,7 +215,7 @@ qemuDiskConfigBlkdeviotuneEnabled(virDomainDiskDefPtr d=
isk);
=20
=20
 bool
-qemuCheckFips(void);
+qemuCheckFips(virDomainObjPtr vm);
=20
 virJSONValuePtr qemuBuildHotpluggableCPUProps(const virDomainVcpuDef *vcpu)
     ATTRIBUTE_NONNULL(1);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 825bdd9119..53e4b9d085 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6452,7 +6452,7 @@ static char *qemuConnectDomainXMLToNative(virConnectP=
tr conn,
     }
=20
     if (!(cmd =3D qemuProcessCreatePretendCmd(driver, vm, NULL,
-                                            qemuCheckFips(), true, false,
+                                            qemuCheckFips(vm), true, false,
                                             VIR_QEMU_PROCESS_START_COLD)))
         goto cleanup;
=20
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 5bc76a75e3..db5d834b7c 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6820,7 +6820,7 @@ qemuProcessLaunch(virConnectPtr conn,
                                      incoming ? incoming->launchURI : NULL,
                                      snapshot, vmop,
                                      false,
-                                     qemuCheckFips(),
+                                     qemuCheckFips(vm),
                                      &nnicindexes, &nicindexes, 0)))
         goto cleanup;
=20
--=20
2.26.2