From nobody Sun Feb 8 05:07:24 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1622644641; cv=none; d=zohomail.com; s=zohoarc; b=XXmh8mNwOjdVoHck3UcfISIisZ/G0cnY1VLBmUPG1N3TOodRABmLJmrqW+hdP63NOgGloRVx0toJdKiSKgP0SYQ+Dvz8oSyLNJOhvC7QzN6QxLQefkNNmO2QDQ82/fkx4u4e2snsPwjvFdc76uisgTwx/OyBYie9h+Njz82zAjw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1622644641; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=iTwOXTjo4NvDWseDd2HPIw6n8kMO/ZbxRpq8HMEnlLA=; b=jU1bO6SNY27BRXcrgj0WIQg9fJFuuLi7B9qV+wjlLkTO6cMXBfQl2Bdk7QMdWPzH74v3axq202cdR6aBF8v+dTmn09q34GrAqv8iKwiGOu23OEd5MRlaoKxFtzJwWAv/G5HgWb+2wP3MmjpWNueJ54MJ+uweIV9WgzzUWKjWP18= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 162264464193417.68445485431198; Wed, 2 Jun 2021 07:37:21 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-223-2gkglN8EOoOLsjT-0iGuuw-1; Wed, 02 Jun 2021 10:37:18 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 68BA7192297E; Wed, 2 Jun 2021 14:37:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 310E15D9D5; Wed, 2 Jun 2021 14:37:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B391D44A59; Wed, 2 Jun 2021 14:37:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 152Eb8CF002392 for ; Wed, 2 Jun 2021 10:37:08 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8AD4A208BDCC; Wed, 2 Jun 2021 14:37:08 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 860F3208BDDA for ; Wed, 2 Jun 2021 14:37:05 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 317B580D0E0 for ; Wed, 2 Jun 2021 14:37:05 +0000 (UTC) Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-184-dZ8kJM72PF6JLoU5qajVAg-1; Wed, 02 Jun 2021 10:37:03 -0400 Received: by mail-qt1-f177.google.com with SMTP id s12so1971459qta.3 for ; Wed, 02 Jun 2021 07:37:03 -0700 (PDT) Received: from rekt.ibmuc.com ([189.79.219.244]) by smtp.gmail.com with ESMTPSA id l65sm103808qke.7.2021.06.02.07.37.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Jun 2021 07:37:02 -0700 (PDT) X-MC-Unique: 2gkglN8EOoOLsjT-0iGuuw-1 X-MC-Unique: dZ8kJM72PF6JLoU5qajVAg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iTwOXTjo4NvDWseDd2HPIw6n8kMO/ZbxRpq8HMEnlLA=; b=MK4/YLBT5qQdzeC6hBheXG4cVMKn0ySBdDeLQqKcNNGJdhTqH4uxdQMWCvug8Hq+kV bOEalU3TiXgqgwbPiKb9vW0OzA+B6cK1eWuNxsMaj2kNyCNtjXDxKTJ3d7C+Flbsv4sG cW23fIvwojRSIMVTJ42rXsSFlUmWLwkR0A2JJEzHuyk3HsB+Pa1znJvEg/tWQV8ldgK7 pi/ynhwjrDKh+kICD58cNHnctoP7OjQDZUdaL6iGmVQ89kbZTAVvZvz2xFa0igParASY OVrUx6PR+bcK/lby83R15fuIZw8hDyiJekE5fJ7QsVFwQh9SxT3+nR83SL3fROOytzoI ot4Q== X-Gm-Message-State: AOAM533S2bcrWTKHJZqc4+7SUeJpLM97RP7vWPUKmJrZwIfmXVrpUyjA zw01U4GrmTv63yMgdhirpeS5sZe8Mwe5sA== X-Google-Smtp-Source: ABdhPJyRG9vueECdVZPY8jjCY0JI6S9xj0fYz8K88uspV5YG7BZ+/z15d14LYA6LQlZVAWoEf9PnQg== X-Received: by 2002:ac8:4319:: with SMTP id z25mr25552266qtm.262.1622644622545; Wed, 02 Jun 2021 07:37:02 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH 3/5] conf, qemu: add 'papr-pef' launch security type Date: Wed, 2 Jun 2021 11:36:24 -0300 Message-Id: <20210602143626.753447-4-danielhb413@gmail.com> In-Reply-To: <20210602143626.753447-1-danielhb413@gmail.com> References: <20210602143626.753447-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: danielhb413@gmail.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This patch adds the 'papr-pef' launch security type for the QEMU driver. Signed-off-by: Daniel Henrique Barboza --- docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c | 3 +++ src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 26 ++++++++++++++++++++++++++ src/qemu/qemu_namespace.c | 1 + src/qemu/qemu_process.c | 1 + src/qemu/qemu_validate.c | 8 ++++++++ 7 files changed, 41 insertions(+) diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 029ae7b1d4..e0fc18889a 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -486,6 +486,7 @@ sev s390-pv + papr-pef diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 9a9aea94d9..838386e6b7 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1402,6 +1402,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, "", "sev", "s390-pv", + "papr-pef", ); =20 static virClass *virDomainObjClass; @@ -14781,6 +14782,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, return NULL; break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -26884,6 +26886,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecD= ef *sec) } =20 case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF: virBufferAsprintf(buf, "\n", virDomainLaunchSecurityTypeToString(sec->sectype= )); break; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 37d0085699..e0731f7025 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2644,6 +2644,7 @@ typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, VIR_DOMAIN_LAUNCH_SECURITY_PV, + VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF, =20 VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index dcf7c61ef5..46e4bd555f 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6930,6 +6930,9 @@ qemuBuildMachineCommandLine(virCommand *cmd, case VIR_DOMAIN_LAUNCH_SECURITY_PV: virBufferAddLit(&buf, ",confidential-guest-support=3Dpv0"); break; + case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF: + virBufferAddLit(&buf, ",confidential-guest-support=3Dpef0"); + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: break; case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -9837,6 +9840,26 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand = *cmd) } =20 =20 +static int +qemuBuildPaprPEFCommandLine(virDomainObj *vm, virCommand *cmd) +{ + g_autoptr(virJSONValue) props =3D NULL; + g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivate *priv =3D vm->privateData; + + if (qemuMonitorCreateObjectProps(&props, "pef-guest", "pef0", + NULL) < 0) + return -1; + + if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < = 0) + return -1; + + virCommandAddArg(cmd, "-object"); + virCommandAddArgBuffer(cmd, &buf); + return 0; +} + + static int qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, virDomainSecDef *sec) @@ -9851,6 +9874,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand = *cmd, case VIR_DOMAIN_LAUNCH_SECURITY_PV: return qemuBuildPVCommandLine(vm, cmd); break; + case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF: + return qemuBuildPaprPEFCommandLine(vm, cmd); + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: break; case VIR_DOMAIN_LAUNCH_SECURITY_LAST: diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 156ee84292..9d1b806872 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -608,6 +608,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm, VIR_DEBUG("Set up launch security for SEV"); break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF: case VIR_DOMAIN_LAUNCH_SECURITY_NONE: break; case VIR_DOMAIN_LAUNCH_SECURITY_LAST: diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 22f2278fcf..44951fd592 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6705,6 +6705,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainO= bj *vm) case VIR_DOMAIN_LAUNCH_SECURITY_SEV: return qemuProcessPrepareSEVGuestInput(vm, sec); case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF: case VIR_DOMAIN_LAUNCH_SECURITY_NONE: break; case VIR_DOMAIN_LAUNCH_SECURITY_LAST: diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 462bf7b23d..030558ea98 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1232,6 +1232,14 @@ qemuValidateDomainDef(const virDomainDef *def, return -1; } break; + case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PAPR_PEF_GUEST)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("PAPR PEF launch security is not supporte= d with " + "this QEMU binary")); + return -1; + } + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: break; case VIR_DOMAIN_LAUNCH_SECURITY_LAST: --=20 2.31.1