[PATCH v5 00/11] Support for launchSecurity type s390-pv

Boris Fiuczynski posted 11 patches 2 years, 8 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210716094435.4754-1-fiuczy@linux.ibm.com
docs/formatdomain.rst                         |   7 +
docs/formatdomaincaps.html.in                 |  10 ++
docs/kbase/s390_protected_virt.rst            |  55 ++++++--
docs/schemas/domaincaps.rng                   |   9 ++
docs/schemas/domaincommon.rng                 |  79 ++++++-----
src/conf/domain_capabilities.c                |   1 +
src/conf/domain_capabilities.h                |   1 +
src/conf/domain_conf.c                        | 130 ++++++++++++------
src/conf/domain_conf.h                        |  17 ++-
src/conf/virconftypes.h                       |   2 +
src/qemu/qemu_capabilities.c                  |  24 ++++
src/qemu/qemu_capabilities.h                  |   4 +
src/qemu/qemu_cgroup.c                        |   4 +-
src/qemu/qemu_command.c                       |  75 ++++++++--
src/qemu/qemu_driver.c                        |   3 +-
src/qemu/qemu_firmware.c                      |  33 +++--
src/qemu/qemu_namespace.c                     |  21 ++-
src/qemu/qemu_process.c                       |  35 ++++-
src/qemu/qemu_validate.c                      |  32 ++++-
src/security/security_dac.c                   |   6 +-
tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
tests/domaincapsmock.c                        |  17 +++
.../launch-security-s390-pv.xml               |  18 +++
tests/genericxml2xmltest.c                    |   1 +
.../qemucapabilitiesdata/caps_6.0.0.s390x.xml |   1 +
.../launch-security-s390-pv.s390x-latest.args |  35 +++++
.../launch-security-s390-pv.xml               |  30 ++++
...v-missing-platform-info.x86_64-2.12.0.args |   4 +-
.../launch-security-sev.x86_64-2.12.0.args    |   4 +-
.../launch-security-sev.x86_64-6.0.0.args     |   4 +-
tests/qemuxml2argvmock.c                      |  16 +++
tests/qemuxml2argvtest.c                      |   2 +
38 files changed, 552 insertions(+), 135 deletions(-)
create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
[PATCH v5 00/11] Support for launchSecurity type s390-pv
Posted by Boris Fiuczynski 2 years, 8 months ago
This patch series introduces the launch security type s390-pv.
Specifying s390-pv as launch security type in an s390 domain prepares for
running the guest in protected virtualization secure mode, also known as
IBM Secure Execution.

diff to v4:
 - changed rng to do the verification for every launchSecurity type
 - removed previously added XML fail tests
 - added domain capability documentation

diff to v3:
 - rebased to current master
 - moved virDomainSEVDef into a union
 - improved XML formating for launchSecurity
 - use a shared id on the qemu cmd line for confidential-guest-support
 - added check for s390-pv host support into XML validation
 - changed from ignoring to failing if launchSecuroty child elements are provided for s390-pv
 - reduced test to  a single failing test
 - add availability of s390-pv in domain capabilities

diff to v2:
 - broke up previous patch one into three patches

diff to v1:
 - rebased to current master
 - added verification check for confidential-guest-support capability

Boris Fiuczynski (11):
  schemas: Refactor launch security
  conf: Rework SEV XML parse and format methods
  qemu: Make KVMSupportsSecureGuest capability available
  conf: Refactor launch security to allow more types
  qemu: Add s390-pv-guest capability
  conf: Add s390-pv as launch security type
  docs: Add s390-pv documentation
  conf: Add availability of s390-pv in domain capabilities
  docs: Add s390-pv in domain capabilities documentation
  qemu: Use common id lsec0 for launchSecurity
  qemu: Fix error code for SEV launchSecurity unsupported

 docs/formatdomain.rst                         |   7 +
 docs/formatdomaincaps.html.in                 |  10 ++
 docs/kbase/s390_protected_virt.rst            |  55 ++++++--
 docs/schemas/domaincaps.rng                   |   9 ++
 docs/schemas/domaincommon.rng                 |  79 ++++++-----
 src/conf/domain_capabilities.c                |   1 +
 src/conf/domain_capabilities.h                |   1 +
 src/conf/domain_conf.c                        | 130 ++++++++++++------
 src/conf/domain_conf.h                        |  17 ++-
 src/conf/virconftypes.h                       |   2 +
 src/qemu/qemu_capabilities.c                  |  24 ++++
 src/qemu/qemu_capabilities.h                  |   4 +
 src/qemu/qemu_cgroup.c                        |   4 +-
 src/qemu/qemu_command.c                       |  75 ++++++++--
 src/qemu/qemu_driver.c                        |   3 +-
 src/qemu/qemu_firmware.c                      |  33 +++--
 src/qemu/qemu_namespace.c                     |  21 ++-
 src/qemu/qemu_process.c                       |  35 ++++-
 src/qemu/qemu_validate.c                      |  32 ++++-
 src/security/security_dac.c                   |   6 +-
 tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
 tests/domaincapsmock.c                        |  17 +++
 .../launch-security-s390-pv.xml               |  18 +++
 tests/genericxml2xmltest.c                    |   1 +
 .../qemucapabilitiesdata/caps_6.0.0.s390x.xml |   1 +
 .../launch-security-s390-pv.s390x-latest.args |  35 +++++
 .../launch-security-s390-pv.xml               |  30 ++++
 ...v-missing-platform-info.x86_64-2.12.0.args |   4 +-
 .../launch-security-sev.x86_64-2.12.0.args    |   4 +-
 .../launch-security-sev.x86_64-6.0.0.args     |   4 +-
 tests/qemuxml2argvmock.c                      |  16 +++
 tests/qemuxml2argvtest.c                      |   2 +
 38 files changed, 552 insertions(+), 135 deletions(-)
 create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml

-- 
2.31.1

Re: [PATCH v5 00/11] Support for launchSecurity type s390-pv
Posted by Pavel Hrdina 2 years, 8 months ago
On Fri, Jul 16, 2021 at 11:44:24AM +0200, Boris Fiuczynski wrote:
> This patch series introduces the launch security type s390-pv.
> Specifying s390-pv as launch security type in an s390 domain prepares for
> running the guest in protected virtualization secure mode, also known as
> IBM Secure Execution.
> 
> diff to v4:
>  - changed rng to do the verification for every launchSecurity type
>  - removed previously added XML fail tests
>  - added domain capability documentation
> 
> diff to v3:
>  - rebased to current master
>  - moved virDomainSEVDef into a union
>  - improved XML formating for launchSecurity
>  - use a shared id on the qemu cmd line for confidential-guest-support
>  - added check for s390-pv host support into XML validation
>  - changed from ignoring to failing if launchSecuroty child elements are provided for s390-pv
>  - reduced test to  a single failing test
>  - add availability of s390-pv in domain capabilities
> 
> diff to v2:
>  - broke up previous patch one into three patches
> 
> diff to v1:
>  - rebased to current master
>  - added verification check for confidential-guest-support capability
> 
> Boris Fiuczynski (11):
>   schemas: Refactor launch security
>   conf: Rework SEV XML parse and format methods
>   qemu: Make KVMSupportsSecureGuest capability available
>   conf: Refactor launch security to allow more types
>   qemu: Add s390-pv-guest capability
>   conf: Add s390-pv as launch security type
>   docs: Add s390-pv documentation
>   conf: Add availability of s390-pv in domain capabilities
>   docs: Add s390-pv in domain capabilities documentation
>   qemu: Use common id lsec0 for launchSecurity
>   qemu: Fix error code for SEV launchSecurity unsupported

I can make the changes before pushing if you are agree with the pointed
issues.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Re: [PATCH v5 00/11] Support for launchSecurity type s390-pv
Posted by Boris Fiuczynski 2 years, 8 months ago
On 7/21/21 12:04 PM, Pavel Hrdina wrote:
> On Fri, Jul 16, 2021 at 11:44:24AM +0200, Boris Fiuczynski wrote:
>> This patch series introduces the launch security type s390-pv.
>> Specifying s390-pv as launch security type in an s390 domain prepares for
>> running the guest in protected virtualization secure mode, also known as
>> IBM Secure Execution.
>>
>> diff to v4:
>>   - changed rng to do the verification for every launchSecurity type
>>   - removed previously added XML fail tests
>>   - added domain capability documentation
>>
>> diff to v3:
>>   - rebased to current master
>>   - moved virDomainSEVDef into a union
>>   - improved XML formating for launchSecurity
>>   - use a shared id on the qemu cmd line for confidential-guest-support
>>   - added check for s390-pv host support into XML validation
>>   - changed from ignoring to failing if launchSecuroty child elements are provided for s390-pv
>>   - reduced test to  a single failing test
>>   - add availability of s390-pv in domain capabilities
>>
>> diff to v2:
>>   - broke up previous patch one into three patches
>>
>> diff to v1:
>>   - rebased to current master
>>   - added verification check for confidential-guest-support capability
>>
>> Boris Fiuczynski (11):
>>    schemas: Refactor launch security
>>    conf: Rework SEV XML parse and format methods
>>    qemu: Make KVMSupportsSecureGuest capability available
>>    conf: Refactor launch security to allow more types
>>    qemu: Add s390-pv-guest capability
>>    conf: Add s390-pv as launch security type
>>    docs: Add s390-pv documentation
>>    conf: Add availability of s390-pv in domain capabilities
>>    docs: Add s390-pv in domain capabilities documentation
>>    qemu: Use common id lsec0 for launchSecurity
>>    qemu: Fix error code for SEV launchSecurity unsupported
> 
> I can make the changes before pushing if you are agree with the pointed
> issues.
> 
> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
> 
Hi Pavel,
thanks for your review.
The agree with the changes you pointed out.
Please also apply the fixup patch I sent for patch 9. Thanks


-- 
Mit freundlichen Grüßen/Kind regards
    Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294


Re: [PATCH v5 00/11] Support for launchSecurity type s390-pv
Posted by Boris Fiuczynski 2 years, 8 months ago
On 7/21/21 12:45 PM, Boris Fiuczynski wrote:
> On 7/21/21 12:04 PM, Pavel Hrdina wrote:
>> On Fri, Jul 16, 2021 at 11:44:24AM +0200, Boris Fiuczynski wrote:
>>> This patch series introduces the launch security type s390-pv.
>>> Specifying s390-pv as launch security type in an s390 domain prepares 
>>> for
>>> running the guest in protected virtualization secure mode, also known as
>>> IBM Secure Execution.
>>>
>>> diff to v4:
>>>   - changed rng to do the verification for every launchSecurity type
>>>   - removed previously added XML fail tests
>>>   - added domain capability documentation
>>>
>>> diff to v3:
>>>   - rebased to current master
>>>   - moved virDomainSEVDef into a union
>>>   - improved XML formating for launchSecurity
>>>   - use a shared id on the qemu cmd line for confidential-guest-support
>>>   - added check for s390-pv host support into XML validation
>>>   - changed from ignoring to failing if launchSecuroty child elements 
>>> are provided for s390-pv
>>>   - reduced test to  a single failing test
>>>   - add availability of s390-pv in domain capabilities
>>>
>>> diff to v2:
>>>   - broke up previous patch one into three patches
>>>
>>> diff to v1:
>>>   - rebased to current master
>>>   - added verification check for confidential-guest-support capability
>>>
>>> Boris Fiuczynski (11):
>>>    schemas: Refactor launch security
>>>    conf: Rework SEV XML parse and format methods
>>>    qemu: Make KVMSupportsSecureGuest capability available
>>>    conf: Refactor launch security to allow more types
>>>    qemu: Add s390-pv-guest capability
>>>    conf: Add s390-pv as launch security type
>>>    docs: Add s390-pv documentation
>>>    conf: Add availability of s390-pv in domain capabilities
>>>    docs: Add s390-pv in domain capabilities documentation
>>>    qemu: Use common id lsec0 for launchSecurity
>>>    qemu: Fix error code for SEV launchSecurity unsupported
>>
>> I can make the changes before pushing if you are agree with the pointed
>> issues.
>>
>> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
>>
> Hi Pavel,
> thanks for your review.
> The agree with the changes you pointed out.
The => I
> Please also apply the fixup patch I sent for patch 9. Thanks
> 
> 


-- 
Mit freundlichen Grüßen/Kind regards
    Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294