From nobody Mon Feb 9 01:16:38 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=quarantine dis=quarantine) header.from=suse.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1637116163761754.709353125962; Tue, 16 Nov 2021 18:29:23 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-498-wvWaMQAJNcyf4fP98E5kkw-1; Tue, 16 Nov 2021 21:29:21 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7F7611808304; Wed, 17 Nov 2021 02:29:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6909519D9B; Wed, 17 Nov 2021 02:29:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 60FD94A703; Wed, 17 Nov 2021 02:29:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1AH2O6b6001968 for ; Tue, 16 Nov 2021 21:24:06 -0500 Received: by smtp.corp.redhat.com (Postfix) id E052C4010FEE; Wed, 17 Nov 2021 02:24:05 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D9DF440CFD0A for ; Wed, 17 Nov 2021 02:24:05 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BB5248007B1 for ; Wed, 17 Nov 2021 02:24:05 +0000 (UTC) Received: from de-smtp-delivery-102.mimecast.com (de-smtp-delivery-102.mimecast.com [194.104.109.102]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-157-IYGSSaFAOEOlY88ngiYoXw-1; Tue, 16 Nov 2021 21:24:04 -0500 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2053.outbound.protection.outlook.com [104.47.4.53]) (Using TLS) by relay.mimecast.com with ESMTP id de-mta-27-BMe42S1bNYitKpD8Lbzlfg-1; Wed, 17 Nov 2021 03:24:01 +0100 Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16) by AM9PR04MB7554.eurprd04.prod.outlook.com (2603:10a6:20b:2da::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.16; Wed, 17 Nov 2021 02:24:01 +0000 Received: from AM0PR04MB4899.eurprd04.prod.outlook.com ([fe80::c58b:de4e:3ba7:9ef6]) by AM0PR04MB4899.eurprd04.prod.outlook.com ([fe80::c58b:de4e:3ba7:9ef6%4]) with mapi id 15.20.4690.027; Wed, 17 Nov 2021 02:24:01 +0000 Received: from localhost (75.169.35.15) by AM6PR08CA0024.eurprd08.prod.outlook.com (2603:10a6:20b:b2::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19 via Frontend Transport; Wed, 17 Nov 2021 02:24:00 +0000 X-MC-Unique: wvWaMQAJNcyf4fP98E5kkw-1 X-MC-Unique: IYGSSaFAOEOlY88ngiYoXw-1 X-MC-Unique: BMe42S1bNYitKpD8Lbzlfg-1 From: Jim Fehlig To: libvir-list@redhat.com Subject: [RFC PATCH 1/3] libvirt: Introduce virDomainInjectLaunchSecret public API Date: Tue, 16 Nov 2021 19:23:52 -0700 Message-ID: <20211117022354.16174-2-jfehlig@suse.com> In-Reply-To: <20211117022354.16174-1-jfehlig@suse.com> References: <20211117022354.16174-1-jfehlig@suse.com> X-ClientProxiedBy: AM6PR08CA0024.eurprd08.prod.outlook.com (2603:10a6:20b:b2::36) To AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 64c51670-c2e0-4c7c-bfe6-08d9a971514e X-MS-TrafficTypeDiagnostic: AM9PR04MB7554: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: pBAgefO2h92MoaSZUq7vNH3H+wW+97zD2GRad+0rPAth+lP1ObFWZYyP6CfuR5w8qPJF/PfA1RRGcka/OFqg0llTOlbt1CEqyXcDHNUFCaLNe7U2TO/Shqb9bunlJRkEOBpOz+QcNKfvu+KyjBHXlreO6qouYPzFHTPj048VUzMcBm/ZdR0LNIPEy4sRVyjlenfxvhofYArmQwtCnwSr3Zw3HdDvEkz9ecsch4XHBTCXmyDdYClCzbBIYZZsSy/jvh8D7fJXnesfSgOkRSGI0hKrYBdO/xYMEGeH3R3qedHoHvQySRxR/t0YVU/EQ79g6tXpvb6zUIhzf7+TwF9wHr30NCbXSodu8gXAijM5UUwoZXjfXweKw6lYC7EF3JhIfInnOkKslfET3Zpbr+Ls86KBWB+GaMopTvXYNAOKjehwPYeykhlGgRheQIwcN7I7IR4BzBOgV6FwsYTx3b6drzFUlct71dijkXNPwtt1JsJ36Hhsq0CsyXdR6vKWu+eUxbnnCJbQ4JM9nyYf2NYf6gi19bThf5kE5SGaauV22uen/kDV0ykSZ/5ELn8zj8GbBoDu44S89cPQAlMZHra7isqdfxrgO7lN2rrnjAwhjW+SkKZbcgVziAsD/V5wglNxNoTM9rXkBpgk/FR4Wh9yQ0RiJdLemntxJfnizpU+s2kSL55E+j2MljHpXuMs4ss7 X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(8936002)(508600001)(66476007)(66946007)(86362001)(956004)(2616005)(6916009)(1076003)(6486002)(83380400001)(316002)(6666004)(2906002)(66556008)(38100700002)(8676002)(36756003)(26005)(186003)(5660300002)(6496006)(145543001); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?1SNa/AOyarcBoIQC6X3NzAu3pr6lZxt/uGba/Wzpk1w6oiQ4qp1Upphghtay?= =?us-ascii?Q?bIeBZRUHFf1KuSzFNlS8uYB5wClEqdkbf/6U+FmCEb2JE49qUhoOrdnzcmbY?= =?us-ascii?Q?s4s7qOnzk0XtNn6Q1+YTmFPqytd3JDbQJAj3AywdmxwEFXDnMKKL6+d+CVV7?= =?us-ascii?Q?HTIRQ/A9V+g1YcFEZInySU3SDhQpoWg49lGA5HuOEcKYpr/e757BIGwKQS4f?= =?us-ascii?Q?lWrsi8yrgSbeNXGU+Mi6cqNdgbyugnep3fNZEJcuDOAf1Jgqa7OYR2zHJ7AA?= =?us-ascii?Q?kRNsgFMlN/5hytDR15ygoYr9aLLUjPWPDcfXcycBs1fHQBa1jx4/5azPPGCq?= =?us-ascii?Q?E8+1/jbNBxM8g72jypx1ax00y/uxbMTmv6PlqjIpapcvCciv5AVP/OUI44Pn?= =?us-ascii?Q?JSKNPEN4q9RwLMPK57USA8gr0qFUIphJva70iv0cvkWhoXVr2p7DxP3HR1JC?= =?us-ascii?Q?BuOSPRifmlBw4g6CLgXRqzGqQXjQF6hvYea7C88osaK28ilcYfvXu0VsRcRy?= =?us-ascii?Q?N/fW/X5VeVSzHXOOW5cxAfJ5weMwRaitjAuUfPvpu2Pouqax7PaFVkTw2Zoq?= =?us-ascii?Q?unY7qCnsjaQNVKH38eI3HbwR05L4bHibERzqSO3PPtwpmxtO5nJsjZhhyjQP?= =?us-ascii?Q?2WSaEQlN0W8J1iIps81LkjBq9iBDo/ICGvXRvMW7o9eGs7gPNMcGacJ5yRUd?= =?us-ascii?Q?9ycxYFhXQDnR828JN4JcbytMX29ANuMT6izU9G1sMLVhvDjutyDdw4nDcwq0?= =?us-ascii?Q?3FBuw9C+d4H8YGBsKeaE3LMhtzoEX3dTh7Z3548qsCKNPzNoO7Jf1vWlK7A0?= =?us-ascii?Q?ZwDs9mMLEB0MzzQ8bmScf+CXGovbB6LqtrdSZJe4NrZ5F1DuXR7F2sZz3FRp?= =?us-ascii?Q?KolF7YQ00c/jL832sEUlNoxWMLwsC6WDASlA5OZV7X8rp/sL/KmBwJDXQmwG?= =?us-ascii?Q?jZvqUwTCk2fQemaC3D5v3iCu/fvQtXUnbqzjPOmSrnWN5wFmL+AU0QvD2qjL?= =?us-ascii?Q?2mtztZ39CZGq7JbwQCPdcqd6vwhvSxH9ZI7wzKebg0be7SzSdU8U0kdB1V+d?= =?us-ascii?Q?Zx3n/xYwzO1EQ171shtDihZ3Ub96JK63pDp2jvyHjzcV65bwke9fD4QMTtQ0?= =?us-ascii?Q?jgS67FxlzMqdPE96h/Ksw/fiXtMq5hKXtnBQYwuZMhgPkqMprcjOW0180zzd?= =?us-ascii?Q?KMdRJeOMT3u2BiD7czedcC8J8MBdBHpE5RYDRMIbfecZiwhGPA+MVKQW9Aeb?= =?us-ascii?Q?mGklBKx5NlmyElz7aNKbggcTwV1gktJbYXtXkEeYQmBYMvcmTCVgm+COO8tT?= =?us-ascii?Q?voQ88GGmOKHBP1pbrkkhGyWaIwNAhtvRkVjP8ygPRP0ob0f1m9UFGPLk93XW?= =?us-ascii?Q?vNJu1fu9G9CYD+S+NGV83Lb6jE2ef/22GretVbdyUby/7PIubMo/u/bP+UZ8?= =?us-ascii?Q?gBEU0wQyUz2ygCJtiFjwNDiwhbLgdf5wR9hrcegJfrabp+AhFbvV0mG5L2el?= =?us-ascii?Q?HL6LrriHK3fhFV2337W6fVhyp3b5vOQNu6kQx5JsaQ2FZ6lF4LEKFw3HY3io?= =?us-ascii?Q?Hj+cRabYJRtEnWjzj1l3ixRlIV3+aHjES+tKfVrYbKmshoyNx90i/zHz97nL?= =?us-ascii?Q?CFP1fptCop+bhrkWm5UOs6E=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 64c51670-c2e0-4c7c-bfe6-08d9a971514e X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 02:24:01.2688 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: X5o5ebsyHyZOwWtThOiCrJOBMGxUhdWoksjKma/XmuYm52jzloJxg70BEkkc0D+yqofttITn9jLV3ZvXAebi7w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7554 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 1AH2O6b6001968 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1637116165309100001 Content-Type: text/plain; charset="utf-8" An API inject a launch secret into the domain's memory. Signed-off-by: Jim Fehlig --- include/libvirt/libvirt-domain.h | 6 ++++ src/driver-hypervisor.h | 8 +++++ src/libvirt-domain.c | 50 ++++++++++++++++++++++++++++++++ src/libvirt_public.syms | 5 ++++ 4 files changed, 69 insertions(+) diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom= ain.h index 2f017c5b68..418ee4bd2d 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -5091,6 +5091,12 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr doma= in, int *nparams, unsigned int flags); =20 +int virDomainInjectLaunchSecret(virDomainPtr domain, + const char *secrethdr, + const char *secret, + unsigned long long injectaddr, + unsigned int flags); + typedef enum { VIR_DOMAIN_GUEST_INFO_USERS =3D (1 << 0), /* return active users */ VIR_DOMAIN_GUEST_INFO_OS =3D (1 << 1), /* return OS information */ diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index d642af8a37..a308754d5b 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -1333,6 +1333,13 @@ typedef int int *nparams, unsigned int flags); =20 +typedef int +(*virDrvDomainInjectLaunchSecret)(virDomainPtr domain, + const char *secrethdr, + const char *secret, + unsigned long long injectaddr, + unsigned int flags); + typedef virDomainCheckpointPtr (*virDrvDomainCheckpointCreateXML)(virDomainPtr domain, const char *xmlDesc, @@ -1661,6 +1668,7 @@ struct _virHypervisorDriver { virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU; virDrvNodeGetSEVInfo nodeGetSEVInfo; virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo; + virDrvDomainInjectLaunchSecret domainInjectLaunchSecret; virDrvDomainCheckpointCreateXML domainCheckpointCreateXML; virDrvDomainCheckpointGetXMLDesc domainCheckpointGetXMLDesc; virDrvDomainListAllCheckpoints domainListAllCheckpoints; diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index ce7cafde36..877c65c04f 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -12818,6 +12818,56 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr do= main, } =20 =20 +/** + * virDomainInjectLaunchSecret: + * @domain: a domain object + * @secrethdr: Base64 encoded secret header + * @secret: Base64 encoded secret + * @injectaddr: Domain memory address where the secret will be injected + * @flags: currently used, set to 0. + * + * Inject a launch secret in the domain's memory. secrethdr and secret are + * passed to the underlying hypervisor as is. injectaddr can be used to + * specify an address in the domain memory where the secret will be inject= ed. + * It can be set to 0 for the hypervisor default. + * + * Returns -1 in case of failure, 0 in case of success. + */ +int virDomainInjectLaunchSecret(virDomainPtr domain, + const char *secrethdr, + const char *secret, + unsigned long long injectaddr, + unsigned int flags) +{ + virConnectPtr conn =3D domain->conn; + + VIR_DOMAIN_DEBUG(domain, "secrethdr=3D%p, secret=3D%p injectaddr=3D%ll= u flags=3D0x%x", + secrethdr, secret, injectaddr, flags); + + virResetLastError(); + + virCheckDomainReturn(domain, -1); + virCheckNonNullArgGoto(secrethdr, error); + virCheckNonNullArgGoto(secret, error); + virCheckPositiveArgGoto(injectaddr, error); + virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->domainInjectLaunchSecret) { + int ret; + ret =3D conn->driver->domainInjectLaunchSecret(domain, secrethdr, + secret, injectaddr, f= lags); + if (ret < 0) + goto error; + return ret; + } + virReportUnsupportedError(); + + error: + virDispatchError(domain->conn); + return -1; +} + + /** * virDomainAgentSetResponseTimeout: * @domain: a domain object diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 788a967df7..c5e708d475 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -911,4 +911,9 @@ LIBVIRT_7.8.0 { virNetworkCreateXMLFlags; } LIBVIRT_7.7.0; =20 +LIBVIRT_7.10.0 { + global: + virDomainInjectLaunchSecret; +} LIBVIRT_7.8.0; + # .... define new API here using predicted next version number .... --=20 2.33.0