From nobody Tue Apr 23 18:19:01 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1637116163761754.709353125962;
 Tue, 16 Nov 2021 18:29:23 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-498-wvWaMQAJNcyf4fP98E5kkw-1; Tue, 16 Nov 2021 21:29:21 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7F7611808304;
	Wed, 17 Nov 2021 02:29:14 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6909519D9B;
	Wed, 17 Nov 2021 02:29:13 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 60FD94A703;
	Wed, 17 Nov 2021 02:29:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
	[10.11.54.1])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1AH2O6b6001968 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 16 Nov 2021 21:24:06 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id E052C4010FEE; Wed, 17 Nov 2021 02:24:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D9DF440CFD0A
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:05 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BB5248007B1
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:05 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-157-IYGSSaFAOEOlY88ngiYoXw-1; Tue, 16 Nov 2021 21:24:04 -0500
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
	(mail-am5eur02lp2053.outbound.protection.outlook.com [104.47.4.53])
	(Using TLS) by relay.mimecast.com with ESMTP id
	de-mta-27-BMe42S1bNYitKpD8Lbzlfg-1; Wed, 17 Nov 2021 03:24:01 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7554.eurprd04.prod.outlook.com (2603:10a6:20b:2da::23)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.16;
	Wed, 17 Nov 2021 02:24:01 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6%4]) with mapi id 15.20.4690.027;
	Wed, 17 Nov 2021 02:24:01 +0000
Received: from localhost (75.169.35.15) by
	AM6PR08CA0024.eurprd08.prod.outlook.com (2603:10a6:20b:b2::36)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19
	via Frontend Transport; Wed, 17 Nov 2021 02:24:00 +0000
X-MC-Unique: wvWaMQAJNcyf4fP98E5kkw-1
X-MC-Unique: IYGSSaFAOEOlY88ngiYoXw-1
X-MC-Unique: BMe42S1bNYitKpD8Lbzlfg-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [RFC PATCH 1/3] libvirt: Introduce virDomainInjectLaunchSecret public
	API
Date: Tue, 16 Nov 2021 19:23:52 -0700
Message-ID: <20211117022354.16174-2-jfehlig@suse.com>
In-Reply-To: <20211117022354.16174-1-jfehlig@suse.com>
References: <20211117022354.16174-1-jfehlig@suse.com>
X-ClientProxiedBy: AM6PR08CA0024.eurprd08.prod.outlook.com
	(2603:10a6:20b:b2::36) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 64c51670-c2e0-4c7c-bfe6-08d9a971514e
X-MS-TrafficTypeDiagnostic: AM9PR04MB7554:
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB7554C877441D282968715AEEC69A9@AM9PR04MB7554.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 pBAgefO2h92MoaSZUq7vNH3H+wW+97zD2GRad+0rPAth+lP1ObFWZYyP6CfuR5w8qPJF/PfA1RRGcka/OFqg0llTOlbt1CEqyXcDHNUFCaLNe7U2TO/Shqb9bunlJRkEOBpOz+QcNKfvu+KyjBHXlreO6qouYPzFHTPj048VUzMcBm/ZdR0LNIPEy4sRVyjlenfxvhofYArmQwtCnwSr3Zw3HdDvEkz9ecsch4XHBTCXmyDdYClCzbBIYZZsSy/jvh8D7fJXnesfSgOkRSGI0hKrYBdO/xYMEGeH3R3qedHoHvQySRxR/t0YVU/EQ79g6tXpvb6zUIhzf7+TwF9wHr30NCbXSodu8gXAijM5UUwoZXjfXweKw6lYC7EF3JhIfInnOkKslfET3Zpbr+Ls86KBWB+GaMopTvXYNAOKjehwPYeykhlGgRheQIwcN7I7IR4BzBOgV6FwsYTx3b6drzFUlct71dijkXNPwtt1JsJ36Hhsq0CsyXdR6vKWu+eUxbnnCJbQ4JM9nyYf2NYf6gi19bThf5kE5SGaauV22uen/kDV0ykSZ/5ELn8zj8GbBoDu44S89cPQAlMZHra7isqdfxrgO7lN2rrnjAwhjW+SkKZbcgVziAsD/V5wglNxNoTM9rXkBpgk/FR4Wh9yQ0RiJdLemntxJfnizpU+s2kSL55E+j2MljHpXuMs4ss7
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(8936002)(508600001)(66476007)(66946007)(86362001)(956004)(2616005)(6916009)(1076003)(6486002)(83380400001)(316002)(6666004)(2906002)(66556008)(38100700002)(8676002)(36756003)(26005)(186003)(5660300002)(6496006)(145543001);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?1SNa/AOyarcBoIQC6X3NzAu3pr6lZxt/uGba/Wzpk1w6oiQ4qp1Upphghtay?=
	=?us-ascii?Q?bIeBZRUHFf1KuSzFNlS8uYB5wClEqdkbf/6U+FmCEb2JE49qUhoOrdnzcmbY?=
	=?us-ascii?Q?s4s7qOnzk0XtNn6Q1+YTmFPqytd3JDbQJAj3AywdmxwEFXDnMKKL6+d+CVV7?=
	=?us-ascii?Q?HTIRQ/A9V+g1YcFEZInySU3SDhQpoWg49lGA5HuOEcKYpr/e757BIGwKQS4f?=
	=?us-ascii?Q?lWrsi8yrgSbeNXGU+Mi6cqNdgbyugnep3fNZEJcuDOAf1Jgqa7OYR2zHJ7AA?=
	=?us-ascii?Q?kRNsgFMlN/5hytDR15ygoYr9aLLUjPWPDcfXcycBs1fHQBa1jx4/5azPPGCq?=
	=?us-ascii?Q?E8+1/jbNBxM8g72jypx1ax00y/uxbMTmv6PlqjIpapcvCciv5AVP/OUI44Pn?=
	=?us-ascii?Q?JSKNPEN4q9RwLMPK57USA8gr0qFUIphJva70iv0cvkWhoXVr2p7DxP3HR1JC?=
	=?us-ascii?Q?BuOSPRifmlBw4g6CLgXRqzGqQXjQF6hvYea7C88osaK28ilcYfvXu0VsRcRy?=
	=?us-ascii?Q?N/fW/X5VeVSzHXOOW5cxAfJ5weMwRaitjAuUfPvpu2Pouqax7PaFVkTw2Zoq?=
	=?us-ascii?Q?unY7qCnsjaQNVKH38eI3HbwR05L4bHibERzqSO3PPtwpmxtO5nJsjZhhyjQP?=
	=?us-ascii?Q?2WSaEQlN0W8J1iIps81LkjBq9iBDo/ICGvXRvMW7o9eGs7gPNMcGacJ5yRUd?=
	=?us-ascii?Q?9ycxYFhXQDnR828JN4JcbytMX29ANuMT6izU9G1sMLVhvDjutyDdw4nDcwq0?=
	=?us-ascii?Q?3FBuw9C+d4H8YGBsKeaE3LMhtzoEX3dTh7Z3548qsCKNPzNoO7Jf1vWlK7A0?=
	=?us-ascii?Q?ZwDs9mMLEB0MzzQ8bmScf+CXGovbB6LqtrdSZJe4NrZ5F1DuXR7F2sZz3FRp?=
	=?us-ascii?Q?KolF7YQ00c/jL832sEUlNoxWMLwsC6WDASlA5OZV7X8rp/sL/KmBwJDXQmwG?=
	=?us-ascii?Q?jZvqUwTCk2fQemaC3D5v3iCu/fvQtXUnbqzjPOmSrnWN5wFmL+AU0QvD2qjL?=
	=?us-ascii?Q?2mtztZ39CZGq7JbwQCPdcqd6vwhvSxH9ZI7wzKebg0be7SzSdU8U0kdB1V+d?=
	=?us-ascii?Q?Zx3n/xYwzO1EQ171shtDihZ3Ub96JK63pDp2jvyHjzcV65bwke9fD4QMTtQ0?=
	=?us-ascii?Q?jgS67FxlzMqdPE96h/Ksw/fiXtMq5hKXtnBQYwuZMhgPkqMprcjOW0180zzd?=
	=?us-ascii?Q?KMdRJeOMT3u2BiD7czedcC8J8MBdBHpE5RYDRMIbfecZiwhGPA+MVKQW9Aeb?=
	=?us-ascii?Q?mGklBKx5NlmyElz7aNKbggcTwV1gktJbYXtXkEeYQmBYMvcmTCVgm+COO8tT?=
	=?us-ascii?Q?voQ88GGmOKHBP1pbrkkhGyWaIwNAhtvRkVjP8ygPRP0ob0f1m9UFGPLk93XW?=
	=?us-ascii?Q?vNJu1fu9G9CYD+S+NGV83Lb6jE2ef/22GretVbdyUby/7PIubMo/u/bP+UZ8?=
	=?us-ascii?Q?gBEU0wQyUz2ygCJtiFjwNDiwhbLgdf5wR9hrcegJfrabp+AhFbvV0mG5L2el?=
	=?us-ascii?Q?HL6LrriHK3fhFV2337W6fVhyp3b5vOQNu6kQx5JsaQ2FZ6lF4LEKFw3HY3io?=
	=?us-ascii?Q?Hj+cRabYJRtEnWjzj1l3ixRlIV3+aHjES+tKfVrYbKmshoyNx90i/zHz97nL?=
	=?us-ascii?Q?CFP1fptCop+bhrkWm5UOs6E=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 64c51670-c2e0-4c7c-bfe6-08d9a971514e
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 02:24:01.2688 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 X5o5ebsyHyZOwWtThOiCrJOBMGxUhdWoksjKma/XmuYm52jzloJxg70BEkkc0D+yqofttITn9jLV3ZvXAebi7w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7554
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1AH2O6b6001968
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1637116165309100001
Content-Type: text/plain; charset="utf-8"

An API inject a launch secret into the domain's memory.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 include/libvirt/libvirt-domain.h |  6 ++++
 src/driver-hypervisor.h          |  8 +++++
 src/libvirt-domain.c             | 50 ++++++++++++++++++++++++++++++++
 src/libvirt_public.syms          |  5 ++++
 4 files changed, 69 insertions(+)

diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom=
ain.h
index 2f017c5b68..418ee4bd2d 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -5091,6 +5091,12 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr doma=
in,
                                    int *nparams,
                                    unsigned int flags);
=20
+int virDomainInjectLaunchSecret(virDomainPtr domain,
+                                const char *secrethdr,
+                                const char *secret,
+                                unsigned long long injectaddr,
+                                unsigned int flags);
+
 typedef enum {
     VIR_DOMAIN_GUEST_INFO_USERS =3D (1 << 0), /* return active users */
     VIR_DOMAIN_GUEST_INFO_OS =3D (1 << 1), /* return OS information */
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index d642af8a37..a308754d5b 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1333,6 +1333,13 @@ typedef int
                                         int *nparams,
                                         unsigned int flags);
=20
+typedef int
+(*virDrvDomainInjectLaunchSecret)(virDomainPtr domain,
+                                  const char *secrethdr,
+                                  const char *secret,
+                                  unsigned long long injectaddr,
+                                  unsigned int flags);
+
 typedef virDomainCheckpointPtr
 (*virDrvDomainCheckpointCreateXML)(virDomainPtr domain,
                                    const char *xmlDesc,
@@ -1661,6 +1668,7 @@ struct _virHypervisorDriver {
     virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
     virDrvNodeGetSEVInfo nodeGetSEVInfo;
     virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo;
+    virDrvDomainInjectLaunchSecret domainInjectLaunchSecret;
     virDrvDomainCheckpointCreateXML domainCheckpointCreateXML;
     virDrvDomainCheckpointGetXMLDesc domainCheckpointGetXMLDesc;
     virDrvDomainListAllCheckpoints domainListAllCheckpoints;
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index ce7cafde36..877c65c04f 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -12818,6 +12818,56 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr do=
main,
 }
=20
=20
+/**
+ * virDomainInjectLaunchSecret:
+ * @domain: a domain object
+ * @secrethdr: Base64 encoded secret header
+ * @secret: Base64 encoded secret
+ * @injectaddr: Domain memory address where the secret will be injected
+ * @flags: currently used, set to 0.
+ *
+ * Inject a launch secret in the domain's memory. secrethdr and secret are
+ * passed to the underlying hypervisor as is. injectaddr can be used to
+ * specify an address in the domain memory where the secret will be inject=
ed.
+ * It can be set to 0 for the hypervisor default.
+ *
+ * Returns -1 in case of failure, 0 in case of success.
+ */
+int virDomainInjectLaunchSecret(virDomainPtr domain,
+                                const char *secrethdr,
+                                const char *secret,
+                                unsigned long long injectaddr,
+                                unsigned int flags)
+{
+    virConnectPtr conn =3D domain->conn;
+
+    VIR_DOMAIN_DEBUG(domain, "secrethdr=3D%p, secret=3D%p injectaddr=3D%ll=
u flags=3D0x%x",
+                     secrethdr, secret, injectaddr, flags);
+
+    virResetLastError();
+
+    virCheckDomainReturn(domain, -1);
+    virCheckNonNullArgGoto(secrethdr, error);
+    virCheckNonNullArgGoto(secret, error);
+    virCheckPositiveArgGoto(injectaddr, error);
+    virCheckReadOnlyGoto(conn->flags, error);
+
+    if (conn->driver->domainInjectLaunchSecret) {
+        int ret;
+        ret =3D conn->driver->domainInjectLaunchSecret(domain, secrethdr,
+                                                     secret, injectaddr, f=
lags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+    virReportUnsupportedError();
+
+ error:
+    virDispatchError(domain->conn);
+    return -1;
+}
+
+
 /**
  * virDomainAgentSetResponseTimeout:
  * @domain: a domain object
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 788a967df7..c5e708d475 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -911,4 +911,9 @@ LIBVIRT_7.8.0 {
         virNetworkCreateXMLFlags;
 } LIBVIRT_7.7.0;
=20
+LIBVIRT_7.10.0 {
+    global:
+        virDomainInjectLaunchSecret;
+} LIBVIRT_7.8.0;
+
 # .... define new API here using predicted next version number ....
--=20
2.33.0


From nobody Tue Apr 23 18:19:01 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1637116261400951.3140376343915;
 Tue, 16 Nov 2021 18:31:01 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-122-BSxcHcb0M_eOMretGmSnyA-1; Tue, 16 Nov 2021 21:30:56 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9D5DA180830B;
	Wed, 17 Nov 2021 02:30:51 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7EE6D5BAE6;
	Wed, 17 Nov 2021 02:30:51 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 42C294E58F;
	Wed, 17 Nov 2021 02:30:51 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1AH2OD8N002004 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 16 Nov 2021 21:24:13 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 970241121318; Wed, 17 Nov 2021 02:24:13 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 91B9A1121314
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:09 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 024D985A5AA
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:09 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) (Using TLS) by
	relay.mimecast.com with ESMTP id us-mta-380-Cae_oYgONGO1HPFbIxBJJA-1;
	Tue, 16 Nov 2021 21:24:07 -0500
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
	(mail-am5eur02lp2052.outbound.protection.outlook.com [104.47.4.52])
	(Using TLS) by relay.mimecast.com with ESMTP id
	de-mta-23-eYGFI4n_NTqcrnhGHh2Ppg-1; Wed, 17 Nov 2021 03:24:05 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7554.eurprd04.prod.outlook.com (2603:10a6:20b:2da::23)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.16;
	Wed, 17 Nov 2021 02:24:04 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6%4]) with mapi id 15.20.4690.027;
	Wed, 17 Nov 2021 02:24:04 +0000
Received: from localhost (75.169.35.15) by
	AM6PR08CA0020.eurprd08.prod.outlook.com (2603:10a6:20b:b2::32)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.19
	via Frontend Transport; Wed, 17 Nov 2021 02:24:04 +0000
X-MC-Unique: BSxcHcb0M_eOMretGmSnyA-1
X-MC-Unique: Cae_oYgONGO1HPFbIxBJJA-1
X-MC-Unique: eYGFI4n_NTqcrnhGHh2Ppg-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [RFC PATCH 2/3] remote: Implement domain inject launch secret API
Date: Tue, 16 Nov 2021 19:23:53 -0700
Message-ID: <20211117022354.16174-3-jfehlig@suse.com>
In-Reply-To: <20211117022354.16174-1-jfehlig@suse.com>
References: <20211117022354.16174-1-jfehlig@suse.com>
X-ClientProxiedBy: AM6PR08CA0020.eurprd08.prod.outlook.com
	(2603:10a6:20b:b2::32) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1b69ff15-0591-4c65-f631-08d9a9715352
X-MS-TrafficTypeDiagnostic: AM9PR04MB7554:
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB7554475A45463BF3CC248B35C69A9@AM9PR04MB7554.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:270
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 YyUM8GjEyX6nXVZU57xTwJDkKZqg3r6PaedF8tNhAJvF7l+xBYGIUy6NaYOjSh8Z0dK0yjK8tujHwXswB4fQtK8bQlexmGJMxzCVWOg41VkTE8nzto3jpKSjuLNHivmOEKqCc88tILBqwCW4b9+EmituenKP96BnBK1y4C+cec+3IJxyPjAJn/E4WK1eyRc8JxgzP4mz3wmS4q6Vnx6KoaFQaiUp+3NHgm0iaRP1KxGrO28hR306ZE4s0HlrINMyzTN3pCVgW4wc9NU6tKC3h64hn5hHjKcS91pEZFEVjtLbOUnO9pSAkhTRYzd+N8DT/n6l1MRZ1pfPLFmj1qYjIITJeIWVjVK0jBnIusg886haXG9eID9o8hzhG+rOnFEnCLOavnZRn+M0hUxHi7F+TrIP6U9gsIL9yZytHP0KVPinrr96dYEcvTiypVSKaJWLwn1J/S8iTPXpnU9TvNM9/Gp1xONl8JHn5H/eo1ngrwoj239/LtwOHZEqbSOVCi15n3VqCoYZGZ/WGRjDMOrGSnvjAG5R0LJhoukreSrxHI35gxUu04qMG+sVlJAdxbIbg++a+td1k3to34DTF2/ekgfgsXnzCFso4/TqoDi2C5zw6maobJT7ga7bTRun8gm6QM/UJKd2SNQe6A2f/9PAb823yy92LYOMDBMerGPAMA3qUxkgdEbxDQyEDGvuQHQH
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(8936002)(508600001)(66476007)(66946007)(86362001)(956004)(2616005)(6916009)(1076003)(6486002)(83380400001)(316002)(6666004)(2906002)(66556008)(38100700002)(8676002)(36756003)(26005)(186003)(5660300002)(6496006)(219293001);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?KbM0PPzM6B2KurAkfId/l4cVgf0O20AIAdBmdjRqMqQysF6s2EAXiVSde+gy?=
	=?us-ascii?Q?DsDVlnCupibIoSgvW0pdYLJT4BQ92u3RoDPfH3Sv0aYGROSGJaGYwe5RPBHC?=
	=?us-ascii?Q?2yXiT4bxhd2xkJSsvZxKkgk2wn+TEDV8UkMr1JXlCM7VDjD2ANqAmS0UjfE+?=
	=?us-ascii?Q?EzXsJttAxz1sE6a9JG+6O8lkYf25bfGo1Jn3OCYM0QU/8lTFbXVTQZnOvw8Y?=
	=?us-ascii?Q?Oa+697zhjrY+S5hlrVreKJxKDFb/UVphfBLiJ0U9S0nPmF5Sfbnl6HgLdg/M?=
	=?us-ascii?Q?psNmWcuJmNcMLBNWUTI+zwUja+63kvV5k+Xdfvtnk2VhROkgm0IIwMj9K3WH?=
	=?us-ascii?Q?/3zGu/V5mySaLvgA1846+7yV9aWjmqQoP8S3LyC7ydYuWBgvXmBvvAcV21Ab?=
	=?us-ascii?Q?dCwyAMLF/bNcoddIEaMXr0E7WnQlvNZ/eQqPDoLiio+gSa58RyPewY4CCPtt?=
	=?us-ascii?Q?hmOLnc+X1VITRdLC7go9bmG67n3eZ/x0npDVwoGZTa5ryopNAggyRPywv3+a?=
	=?us-ascii?Q?TrIPbRsVxsDWIpMvWlNfVb6zF/2+tlXQNpqIkP5WysNig7mib7qxJUBp5v0M?=
	=?us-ascii?Q?u/m6Yuqk4JF+We8DO3PHiqjD6yys0Q1wosWzhd5VMEKJaG6zVizYmDd6vwUY?=
	=?us-ascii?Q?DmcNutNeleVnGqALyf7GSU5A92XjOlswAl3TjR3GmDRd74DOu/rjGlKU4ajm?=
	=?us-ascii?Q?2sI0IdVrANPRWvONnmgASZlDR8KiPHz/Co0MO/r9xLIIzjQoe6JFvJzzI/ea?=
	=?us-ascii?Q?9HAAwRFxHlZTnr1tIufReVQynuUJ/kl2/bbta/Ar7cSbxkSSJjK/1DmeNjXr?=
	=?us-ascii?Q?J9gWpN2+tLcs/u+jadSQ56m56pnwuu5Gky6BGjb7aihqSsrbDOnYOb1SDCtc?=
	=?us-ascii?Q?uNL12+O5l4faXERArwYximMivGOf0EP4SfEEhnCZAysk96HLNDCtTaU8gX+k?=
	=?us-ascii?Q?N+RT+0zknn/mieEKSuPW/jqnBV6cIyk4zwrEfK7k93nrcnkMKG+VNRFXB6/t?=
	=?us-ascii?Q?8mh+/Wla9VnWqUwUj3p1qFJxE5qti1DoZf13ROKeWMxEpKqSjly/4Yu8pUOT?=
	=?us-ascii?Q?mFdsDOYhTztB53rJ1CoobE8f2UNJHS7BsqqzuWZWMSIMhNjT2VWF/r86JlXT?=
	=?us-ascii?Q?2DiL/4UyxFDyxaH6ctDTE8mFg81kul9gdK2UfxRq/0/DMKMz+X+7bVnsOn4i?=
	=?us-ascii?Q?G6BFP2MFAOv4mznc0o4gIMnyrFD7W3OtPmvcnoq6T7hfd3QPtTWesahbcVN8?=
	=?us-ascii?Q?qqFM1xy99Rsc8RWc9+7vWpIb9LSevptY3r6NEoqc85RHzqGjdIEvKtQ/z8Ro?=
	=?us-ascii?Q?Qyrc3y1qHdKbJMQRCGcv872sDvtqDt/uaud2ZcVKCMGBiNHKTb0ghWfaji2q?=
	=?us-ascii?Q?B9CXDN8I/ESDqDoTtlKeMdG6Dby+0/2j0C4IhrEJ8NsOr7h0D0z2BQ0b0sg2?=
	=?us-ascii?Q?BN/Jk2c+YzfgsreeoLBO2v4eKn9NUzSicRrwpQWPoigSa7Sbkh5isPO6dztg?=
	=?us-ascii?Q?bN99fwrdbfjyjEs6jsGHsphhMXe/35Tz6EscIqL4xjprysxqV+PGN70YImIJ?=
	=?us-ascii?Q?AAnEGZO+EW+Z0D1zZ65kDGVpy+VlSOtPQaUUZbBdWkq8ptSmkc/nmwcGrysv?=
	=?us-ascii?Q?bo9rBdkHJ6j+LPIrmtLgsPk=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1b69ff15-0591-4c65-f631-08d9a9715352
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 02:24:04.6958 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 y9DGv+xX8gGJ87KVRLmV5rccLX2Pa9xCO2klnnsJ+pD5eVyWlDmv9LN73GmAo4lwPMPpoqBcEwiadNzKWwsiVw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7554
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1AH2OD8N002004
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1637116263560100001
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 src/remote/remote_daemon_dispatch.c | 27 ++++++++++++++++++++++++
 src/remote/remote_driver.c          | 32 +++++++++++++++++++++++++++++
 src/remote/remote_protocol.x        | 16 ++++++++++++++-
 src/remote_protocol-structs         |  8 ++++++++
 4 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon=
_dispatch.c
index 689001889e..f2f7b35f53 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -3451,6 +3451,33 @@ remoteDispatchDomainGetLaunchSecurityInfo(virNetServ=
er *server G_GNUC_UNUSED,
     return rv;
 }
=20
+static int
+remoteDispatchDomainInjectLaunchSecret(virNetServer *server G_GNUC_UNUSED,
+                                       virNetServerClient *client,
+                                       virNetMessage *msg G_GNUC_UNUSED,
+                                       struct virNetMessageError *rerr,
+                                       remote_domain_inject_launch_secret_=
args *args)
+{
+    int rv =3D -1;
+    virConnectPtr conn =3D remoteGetHypervisorConn(client);
+    virDomainPtr dom =3D NULL;
+
+    if (!conn)
+        goto cleanup;
+
+    if (!(dom =3D get_nonnull_domain(conn, args->dom)))
+        goto cleanup;
+
+    rv =3D virDomainInjectLaunchSecret(dom, args->secrethdr, args->secret,
+                                     args->injectaddr, args->flags);
+
+ cleanup:
+    if (rv < 0)
+        virNetMessageSaveError(rerr);
+    virObjectUnref(dom);
+    return rv;
+}
+
 static int
 remoteDispatchDomainGetPerfEvents(virNetServer *server G_GNUC_UNUSED,
                                   virNetServerClient *client,
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 235c406a5a..4fbb3c5bad 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1893,6 +1893,37 @@ remoteDomainGetLaunchSecurityInfo(virDomainPtr domai=
n,
     return rv;
 }
=20
+static int
+remoteDomainInjectLaunchSecret(virDomainPtr domain,
+                               const char *secrethdr,
+                               const char *secret,
+                               unsigned long long injectaddr,
+                               unsigned int flags)
+{
+    int rv =3D -1;
+    struct private_data *priv =3D domain->conn->privateData;
+    remote_domain_inject_launch_secret_args args;
+
+    remoteDriverLock(priv);
+
+    make_nonnull_domain(&args.dom, domain);
+    args.secrethdr =3D (char *) secrethdr;
+    args.secret =3D (char *) secret;
+    args.injectaddr =3D injectaddr;
+    args.flags =3D flags;
+
+    if (call(domain->conn, priv, 0, REMOTE_PROC_DOMAIN_INJECT_LAUNCH_SECRE=
T,
+             (xdrproc_t) xdr_remote_domain_inject_launch_secret_args, (cha=
r *) &args,
+             (xdrproc_t) xdr_void, (char *) NULL) =3D=3D -1)
+        goto done;
+
+    rv =3D 0;
+
+ done:
+    remoteDriverUnlock(priv);
+    return rv;
+}
+
 static int
 remoteDomainGetPerfEvents(virDomainPtr domain,
                           virTypedParameterPtr *params,
@@ -8574,6 +8605,7 @@ static virHypervisorDriver hypervisor_driver =3D {
     .domainAuthorizedSSHKeysSet =3D remoteDomainAuthorizedSSHKeysSet, /* 6=
.10.0 */
     .domainGetMessages =3D remoteDomainGetMessages, /* 7.1.0 */
     .domainStartDirtyRateCalc =3D remoteDomainStartDirtyRateCalc, /* 7.2.0=
 */
+    .domainInjectLaunchSecret =3D remoteDomainInjectLaunchSecret, /* 7.10.=
0 */
 };
=20
 static virNetworkDriver network_driver =3D {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 60010778ca..fb0da81e9a 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -3900,6 +3900,14 @@ struct remote_domain_event_memory_device_size_change=
_msg {
     unsigned hyper size;
 };
=20
+struct remote_domain_inject_launch_secret_args {
+    remote_nonnull_domain dom;
+    remote_nonnull_string secrethdr;
+    remote_nonnull_string secret;
+    unsigned hyper injectaddr;
+    unsigned int flags;
+};
+
 /*----- Protocol. -----*/
=20
 /* Define the program number, protocol version and procedure numbers here.=
 */
@@ -6905,5 +6913,11 @@ enum remote_procedure {
      * @generate: both
      * @acl: none
      */
-    REMOTE_PROC_DOMAIN_EVENT_MEMORY_DEVICE_SIZE_CHANGE =3D 438
+    REMOTE_PROC_DOMAIN_EVENT_MEMORY_DEVICE_SIZE_CHANGE =3D 438,
+
+    /**
+     * @generate: none
+     * @acl: domain:write
+     */
+    REMOTE_PROC_DOMAIN_INJECT_LAUNCH_SECRET =3D 439
 };
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index dbef4ace79..c9e26b0ce1 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -3241,6 +3241,13 @@ struct remote_domain_event_memory_device_size_change=
_msg {
         remote_nonnull_string      alias;
         uint64_t                   size;
 };
+struct remote_domain_inject_launch_secret_args {
+        remote_nonnull_domain      dom;
+        remote_nonnull_string      secrethdr;
+        remote_nonnull_string      secret;
+        uint64_t                   injectaddr;
+        u_int                      flags;
+};
 enum remote_procedure {
         REMOTE_PROC_CONNECT_OPEN =3D 1,
         REMOTE_PROC_CONNECT_CLOSE =3D 2,
@@ -3680,4 +3687,5 @@ enum remote_procedure {
         REMOTE_PROC_NODE_DEVICE_IS_ACTIVE =3D 436,
         REMOTE_PROC_NETWORK_CREATE_XML_FLAGS =3D 437,
         REMOTE_PROC_DOMAIN_EVENT_MEMORY_DEVICE_SIZE_CHANGE =3D 438,
+        REMOTE_PROC_DOMAIN_INJECT_LAUNCH_SECRET =3D 439,
 };
--=20
2.33.0


From nobody Tue Apr 23 18:19:02 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1637116180593641.0526652660683;
 Tue, 16 Nov 2021 18:29:40 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-593-WPSMaZR5OFOs6ogSzW1mjw-1; Tue, 16 Nov 2021 21:29:38 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 21E848042F0;
	Wed, 17 Nov 2021 02:29:33 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EC5A85C25D;
	Wed, 17 Nov 2021 02:29:32 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C48BC1832DD4;
	Wed, 17 Nov 2021 02:29:32 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1AH2ODmg002005 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 16 Nov 2021 21:24:13 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 971181121319; Wed, 17 Nov 2021 02:24:13 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 91E901121315
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:12 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 803CD8011A5
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:12 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) (Using TLS) by
	relay.mimecast.com with ESMTP id us-mta-424-Gzjgy4maNjWZa3kv3B5rFg-1;
	Tue, 16 Nov 2021 21:24:10 -0500
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
	(mail-am5eur02lp2056.outbound.protection.outlook.com [104.47.4.56])
	(Using TLS) by relay.mimecast.com with ESMTP id
	de-mta-29-UxtELwP3NMW5YuGZPkaRug-1; Wed, 17 Nov 2021 03:24:08 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7554.eurprd04.prod.outlook.com (2603:10a6:20b:2da::23)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.16;
	Wed, 17 Nov 2021 02:24:07 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6%4]) with mapi id 15.20.4690.027;
	Wed, 17 Nov 2021 02:24:07 +0000
Received: from localhost (75.169.35.15) by
	AM6PR08CA0003.eurprd08.prod.outlook.com (2603:10a6:20b:b2::15)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19
	via Frontend Transport; Wed, 17 Nov 2021 02:24:07 +0000
X-MC-Unique: WPSMaZR5OFOs6ogSzW1mjw-1
X-MC-Unique: Gzjgy4maNjWZa3kv3B5rFg-1
X-MC-Unique: UxtELwP3NMW5YuGZPkaRug-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [RFC PATCH 3/3] qemu: Implement the virDomainInjectLaunchSecret API
Date: Tue, 16 Nov 2021 19:23:54 -0700
Message-ID: <20211117022354.16174-4-jfehlig@suse.com>
In-Reply-To: <20211117022354.16174-1-jfehlig@suse.com>
References: <20211117022354.16174-1-jfehlig@suse.com>
X-ClientProxiedBy: AM6PR08CA0003.eurprd08.prod.outlook.com
	(2603:10a6:20b:b2::15) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 2a54accf-7dee-4329-e616-08d9a9715527
X-MS-TrafficTypeDiagnostic: AM9PR04MB7554:
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB75540FABBC221EF462E110F0C69A9@AM9PR04MB7554.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:43
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 i6VX56GJxdTFN2PFXRnLfVfOszldLMTzrZMzWjkY/tZlfklHzSWzMKqWJUgizcYEC2QUiUm8aIT2rFKOPTCx24LXrBBu0zJypDqeyRcdRXvhmUNAV1z1CGR5lm9mGAzETgYcZbIxbAkRsgftxWSDQmKMmGjKZ7KgzqiACs64Zps7Tc5iYgy8aEsr3V+xv78ZJxzy/jTABBBwPcFlaZxklndRKXqxvDO38e2OUnF+N/7oxOoZtp01mBNOippQBUoJbdbIIKg3GVSUGpzZMwbMKz2yKTqoVsmLKiG2xBbpJnrWpUdJZcjIM0OQo699QxQ62E/ppynuS2bMb8AnXkpPIxL5w09Yxz+uOIBRnVVly1ua0rw8HYEVhAm1xFdlO9JEwqe9CDi+5HFc+jvKOSqMuVlTBTIWICdcdHziXlcxXt7Skef7zz/8xqNY1wbQ1LBFL3v4CliSkfhO/JFQkHZxyYkk6gz4RpCER0G2nO+Ml9jawBBGLI4k8d9WCGi3IObcdj2IoVCKVCRdFaWkmwbq1m+HaEZJUe0o0CfYNpULLvtHVFvH2MXdkEZN1oQnzpbkM2t8Fen9lYOB7LeVjaasqWZ6sqbCfbIlvrdnPQloQQwFfR/Twkq0mMW4tPbDgrDiMTtFP+09JG4EKknjQkI9NK8Dq12Fz3LgFOQ1DE1mwilgTOhvBny5uc/tzVRaSKd3
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(8936002)(508600001)(66476007)(66946007)(86362001)(956004)(2616005)(6916009)(1076003)(6486002)(83380400001)(316002)(6666004)(2906002)(66556008)(38100700002)(8676002)(36756003)(26005)(186003)(5660300002)(6496006)(145543001);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?6Aob1FjsuDI38By+Ll1kXJ/utSEDSCACfo2JryQtzG+2yP0/AfFh01qpk6Su?=
	=?us-ascii?Q?FqZ+DyEdKCrFBCNI+JzzzWlunGcQ5LrxAKmmY+r+W2czbfEOYpgPZUpr2Kpi?=
	=?us-ascii?Q?yzkVTdwE+Npoaiai9wE2bloa3UhbX9ycQCE909UafUH0TnH9xaAya7uOwP+u?=
	=?us-ascii?Q?SEJxpfGbIUxBnPKbv8EO5Ymb7Y+jw+2pc/59MNGJNOiiTRGU0XePUP8uAAYZ?=
	=?us-ascii?Q?cTtF1pLOUTGuE2q+aFvo3qXq7hUEqoSRW1jiH54v4R44xjQEB01/ZE6hT3Rb?=
	=?us-ascii?Q?QwCAmUZV913RsiZCJs1jPVgEnRFRr/ldMk5m7BOn5GgHM+DCdKI/q6Qak3Bc?=
	=?us-ascii?Q?Fr4p3X45oRvC2Q8pK9eTxuPJjNnIL/Y7KuPBK5ykKZ8U662PuI/l9omtlnFs?=
	=?us-ascii?Q?Ith9+ryYsR8CYfvx2q5fX1eMOABWxKYNLHRIG458rPZr+SnDfdH4HQCSY0cL?=
	=?us-ascii?Q?lO1Pob65i5/iBbkfzhx813N0kdWEadV67VK1DWSl3OetqSaQK9/hxpCkcv4y?=
	=?us-ascii?Q?C1h42bKQWKLfNGYEgOJ9g6LKScu7X+iwB9ndkmsAPiX7w6llFoW3dMDlyP6q?=
	=?us-ascii?Q?lVUWS4rzzMUujsktUdpXM3DF8aCjBImO/XYI19VvkCimdD3cR+/delgUp0nh?=
	=?us-ascii?Q?dB4lABxmYIRkFWAc98X/2Q/bMFmbedYdikCWB8O39oDpDLstW9ArkgVTgWDU?=
	=?us-ascii?Q?qmVYTpOTG3/ZzvmNEFRs4QF9dkLPSLZaPYLbwkA0UQUz29Bt9B9U2kG1UcRl?=
	=?us-ascii?Q?S5qF9MAieSuekTSTAaWwfsgMKQJLhLT+813caciqHtmvfLY2w2q2FkonBvXE?=
	=?us-ascii?Q?N48+ezPEHJAn8JMznYTDtyDQPmKcODmElaYsr7Fv9MvOpQ+84gegyjg5UNVG?=
	=?us-ascii?Q?JIUO3qXPBFp9E5TCHzxCHakHuPE9dzBPFTkNqOnJgoIY++8cqzjyV4fNf2hR?=
	=?us-ascii?Q?2kOqL3Vg5QpudGFArzrGf0okISKU9tevnQWJC60hwrM8O3Ob2y9lAV+r3nQj?=
	=?us-ascii?Q?+AvasAe6JSmfMWRtL4FANQ0/47cBcylWiwORiLHOno7b+fHdbPRRwxCG5ON9?=
	=?us-ascii?Q?eUzFddk1E3h5gcWG7Tu9VnBJgnYMUlmkDrlkb4MT6n+/LQU5TwRvdbt4iCI7?=
	=?us-ascii?Q?5SiJBJnbirXXYZHHUUBbRtmnN4AJvS8OSIOvXLzzZNMC3zLipV8g5UtriXUa?=
	=?us-ascii?Q?YOkDRJunXDK0wYZWZIskD3ImnnjzEEUbzTJJ/TsiL0Z3fgwQKTHJns/40/D9?=
	=?us-ascii?Q?BsmPC+cL5wp30dj+XBwxbJJIVmGcp5W7yTmB37rKHqe1Qejp9OI6tfXmACd3?=
	=?us-ascii?Q?EmxFXG5ORZhQAygHH67eaihcmHHqhQQLSjarPwcvGIoMdVzUFWgjcmBwPRrU?=
	=?us-ascii?Q?3PKyrxSlfqx67PPEW48H+ZkBzkRll96uQRZJtcPQ8kH7V5i+dO/tsnuCicvc?=
	=?us-ascii?Q?8xd37lCBGj0seI3THWHCfeh1Qhx6YAUXSQSUkMLYLwHEL0vvBS+9NkCmQG8Q?=
	=?us-ascii?Q?9cE7+8tFlIPcE3Oaq6qmwRlESnirsBdshk8u0AIr62sUnnHVrarSGx9VTfau?=
	=?us-ascii?Q?EnfFFhWygg/Mx5DSnS5mS20+4bNz99FbHZ1/wcl0/FR04KnRJpcKV+V3S+aw?=
	=?us-ascii?Q?FB3AAkqstWkCrSNWZH2mp6k=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2a54accf-7dee-4329-e616-08d9a9715527
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 02:24:07.7860 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 P54PnPH7lof+FtFlva1/usniNGzNmYHvXRav9vh0zd8z2N4lvUUVou77oPAAgAhqee0QldAB+QwQ4woEMfjSAA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7554
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1AH2ODmg002005
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1637116181554100001
Content-Type: text/plain; charset="utf-8"

Inject a launch secret in domain memory using the sev-inject-launch-secret
QMP API. Only supported for SEV-enabed domains.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 src/qemu/qemu_driver.c       | 53 ++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_monitor.c      | 12 ++++++++
 src/qemu/qemu_monitor.h      |  6 ++++
 src/qemu/qemu_monitor_json.c | 34 +++++++++++++++++++++++
 src/qemu/qemu_monitor_json.h |  5 ++++
 5 files changed, 110 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d954635dde..58e3f08afe 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20104,6 +20104,58 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domai=
n,
     return ret;
 }
=20
+
+static int
+qemuDomainInjectLaunchSecret(virDomainPtr domain,
+                             const char *secrethdr,
+                             const char *secret,
+                             unsigned long long injectaddr,
+                             unsigned int flags)
+{
+    virQEMUDriver *driver =3D domain->conn->privateData;
+    virDomainObj *vm;
+    int ret =3D -1;
+
+    virCheckFlags(0, -1);
+
+    if (!(vm =3D qemuDomainObjFromDomain(domain)))
+        goto cleanup;
+
+    if (virDomainInjectLaunchSecretEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
+    /* Currently only SEV is supported */
+    if (!vm->def->sec ||
+        vm->def->sec->sectype !=3D VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("injecting a launch secret is only supported in S=
EV-enabled domains"));
+        goto cleanup;
+    }
+
+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+        goto cleanup;
+
+    if (qemuDomainObjEnterMonitorAsync(driver, vm, QEMU_ASYNC_JOB_NONE) < =
0)
+        goto endjob;
+
+    if (qemuMonitorInjectLaunchSecret(QEMU_DOMAIN_PRIVATE(vm)->mon,
+                                      secrethdr, secret, injectaddr) < 0)
+        goto endjob;
+
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
+        goto endjob;
+
+    ret =3D 0;
+
+ endjob:
+    qemuDomainObjEndJob(driver, vm);
+
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return ret;
+}
+
+
 static const unsigned int qemuDomainGetGuestInfoSupportedTypes =3D
     VIR_DOMAIN_GUEST_INFO_USERS |
     VIR_DOMAIN_GUEST_INFO_OS |
@@ -20981,6 +21033,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D=
 {
     .domainAuthorizedSSHKeysSet =3D qemuDomainAuthorizedSSHKeysSet, /* 6.1=
0.0 */
     .domainGetMessages =3D qemuDomainGetMessages, /* 7.1.0 */
     .domainStartDirtyRateCalc =3D qemuDomainStartDirtyRateCalc, /* 7.2.0 */
+    .domainInjectLaunchSecret =3D qemuDomainInjectLaunchSecret, /* 7.10.0 =
*/
 };
=20
=20
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 810dac209d..c64469a03b 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4383,6 +4383,18 @@ qemuMonitorGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+int
+qemuMonitorInjectLaunchSecret(qemuMonitor *mon,
+                              const char *secrethdr,
+                              const char *secret,
+                              unsigned long long injectaddr)
+{
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONInjectLaunchSecret(mon, secrethdr, secret, injec=
taddr);
+}
+
+
 int
 qemuMonitorGetPRManagerInfo(qemuMonitor *mon,
                             GHashTable **retinfo)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 0dd7b1c4e2..2dec2b57bb 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1445,6 +1445,12 @@ int qemuMonitorBlockdevMediumInsert(qemuMonitor *mon,
 char *
 qemuMonitorGetSEVMeasurement(qemuMonitor *mon);
=20
+int
+qemuMonitorInjectLaunchSecret(qemuMonitor *mon,
+                              const char *secrethdr,
+                              const char *secret,
+                              unsigned long long injectaddr);
+
 typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo;
 struct _qemuMonitorPRManagerInfo {
     bool connected;
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 4669b9135d..69aef078ec 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -8124,6 +8124,40 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+/**
+ * The function is used to inject a launch secret in an SEV guest.
+ *
+ * Example JSON:
+ *
+ * { "execute" : "sev-inject-launch-secret",
+ *   "data": { "packet-header": "str", "secret": "str", "gpa": "uint64" } }
+ */
+int
+qemuMonitorJSONInjectLaunchSecret(qemuMonitor *mon,
+                                  const char *secrethdr,
+                                  const char *secret,
+                                  unsigned long long injectaddr)
+{
+    g_autoptr(virJSONValue) cmd =3D NULL;
+    g_autoptr(virJSONValue) reply =3D NULL;
+
+    if (!(cmd =3D qemuMonitorJSONMakeCommand("sev-inject-launch-secret",
+                                           "s:packet-header", secrethdr,
+                                           "s:secret", secret,
+                                           "U:gpa", injectaddr,
+                                           NULL)))
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        return -1;
+
+    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 /*
  * Example return data
  *
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index f7fb13f56c..95758cdc6e 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -368,6 +368,11 @@ int qemuMonitorJSONSystemWakeup(qemuMonitor *mon);
=20
 char *qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon);
=20
+int qemuMonitorJSONInjectLaunchSecret(qemuMonitor *mon,
+                                      const char *secrethdr,
+                                      const char *secret,
+                                      unsigned long long injectaddr);
+
 int qemuMonitorJSONGetVersion(qemuMonitor *mon,
                               int *major,
                               int *minor,
--=20
2.33.0