From nobody Mon Feb  9 02:50:10 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 171888265993885.42259189398555;
 Thu, 20 Jun 2024 04:24:19 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id D88BFBAB; Thu, 20 Jun 2024 07:24:18 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 46C70C5E;
	Thu, 20 Jun 2024 07:23:04 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 33337B24; Thu, 20 Jun 2024 07:22:58 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 881B8B08
	for <devel@lists.libvirt.org>; Thu, 20 Jun 2024 07:22:57 -0400 (EDT)
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-393-XHUms4APNIW3Y9Xj-GS8KQ-1; Thu,
 20 Jun 2024 07:22:55 -0400
Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 2CF0719560A1
	for <devel@lists.libvirt.org>; Thu, 20 Jun 2024 11:22:55 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 63DB41955F2D
	for <devel@lists.libvirt.org>; Thu, 20 Jun 2024 11:22:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1718882577;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=6tn3XAf/58QVdf0Zm3pl3k9DXKdaahscEpKetLy6h20=;
	b=guuNjB05WkgYjG9Mw5Qtzff6Jg/Uucp2oMU5pEkIOtovceqySegojiNlyyI62f4DXVAtwo
	+4Xdqz9FO3Pfl5LFd9a4HXT9LHPBD4sJKuS+8CUrDR+E7P0Nkr4cZcJJasF9YY+r1MMwut
	NPvwV8O8UpB3xfRO9mqZvzMHlNJgff8=
X-MC-Unique: XHUms4APNIW3Y9Xj-GS8KQ-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 02/12] conf: Move some members of virDomainSEVDef into
 virDomainSEVCommonDef
Date: Thu, 20 Jun 2024 13:22:39 +0200
Message-ID: 
 <ac41aa8b1c97ac06017f11a4267640fb24280418.1718882351.git.mprivozn@redhat.com>
In-Reply-To: <cover.1718882351.git.mprivozn@redhat.com>
References: <cover.1718882351.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: DMKMX57FFH5AZPO7POW6W5DR5SDYHKI7
X-Message-ID-Hash: DMKMX57FFH5AZPO7POW6W5DR5SDYHKI7
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/DMKMX57FFH5AZPO7POW6W5DR5SDYHKI7/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1718882660881100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Some parts of SEV are to be shared with SEV SNP. In order to
reuse XML parsing / formatting code cleanly, let's move those
common bits into a new struct (virDomainSEVCommonDef) and adjust
rest of the code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/conf/domain_conf.c            | 55 +++++++++++++++++++++----------
 src/conf/domain_conf.h            | 13 +++++---
 src/conf/schemas/domaincommon.rng | 24 ++++++++------
 src/conf/virconftypes.h           |  2 ++
 src/qemu/qemu_command.c           |  8 ++---
 src/qemu/qemu_process.c           | 12 +++----
 src/qemu/qemu_validate.c          |  2 +-
 7 files changed, 74 insertions(+), 42 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 2f1e99865b..9179cc18bb 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -13621,8 +13621,8 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
=20
=20
 static int
-virDomainSEVDefParseXML(virDomainSEVDef *def,
-                        xmlXPathContextPtr ctxt)
+virDomainSEVCommonDefParseXML(virDomainSEVCommonDef *def,
+                              xmlXPathContextPtr ctxt)
 {
     int rc;
=20
@@ -13630,12 +13630,6 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
                                &def->kernel_hashes) < 0)
         return -1;
=20
-    if (virXPathUIntBase("string(./policy)", ctxt, 16, &def->policy) < 0) {
-        virReportError(VIR_ERR_XML_ERROR, "%s",
-                       _("failed to get launch security policy"));
-        return -1;
-    }
-
     /* the following attributes are platform dependent and if missing, we =
can
      * autofill them from domain capabilities later
      */
@@ -13658,6 +13652,23 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
         return -1;
     }
=20
+    return 0;
+}
+
+
+static int
+virDomainSEVDefParseXML(virDomainSEVDef *def,
+                        xmlXPathContextPtr ctxt)
+{
+    if (virDomainSEVCommonDefParseXML(&def->common, ctxt) < 0)
+        return -1;
+
+    if (virXPathUIntBase("string(./policy)", ctxt, 16, &def->policy) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("failed to get launch security policy"));
+        return -1;
+    }
+
     def->dh_cert =3D virXPathString("string(./dhCert)", ctxt);
     def->session =3D virXPathString("string(./session)", ctxt);
=20
@@ -26641,6 +26652,24 @@ virDomainKeyWrapDefFormat(virBuffer *buf, virDomai=
nKeyWrapDef *keywrap)
 }
=20
=20
+static void
+virDomainSEVCommonDefFormat(virBuffer *attrBuf,
+                            virBuffer *childBuf,
+                            virDomainSEVCommonDef *def)
+{
+    if (def->kernel_hashes !=3D VIR_TRISTATE_BOOL_ABSENT)
+        virBufferAsprintf(attrBuf, " kernelHashes=3D'%s'",
+                          virTristateBoolTypeToString(def->kernel_hashes));
+
+    if (def->haveCbitpos)
+        virBufferAsprintf(childBuf, "<cbitpos>%d</cbitpos>\n", def->cbitpo=
s);
+
+    if (def->haveReducedPhysBits)
+        virBufferAsprintf(childBuf, "<reducedPhysBits>%d</reducedPhysBits>=
\n",
+                          def->reduced_phys_bits);
+}
+
+
 static void
 virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
 {
@@ -26657,16 +26686,8 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSec=
Def *sec)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV: {
         virDomainSEVDef *sev =3D &sec->data.sev;
=20
-        if (sev->kernel_hashes !=3D VIR_TRISTATE_BOOL_ABSENT)
-            virBufferAsprintf(&attrBuf, " kernelHashes=3D'%s'",
-                              virTristateBoolTypeToString(sev->kernel_hash=
es));
+        virDomainSEVCommonDefFormat(&attrBuf, &childBuf, &sev->common);
=20
-        if (sev->haveCbitpos)
-            virBufferAsprintf(&childBuf, "<cbitpos>%d</cbitpos>\n", sev->c=
bitpos);
-
-        if (sev->haveReducedPhysBits)
-            virBufferAsprintf(&childBuf, "<reducedPhysBits>%d</reducedPhys=
Bits>\n",
-                              sev->reduced_phys_bits);
         virBufferAsprintf(&childBuf, "<policy>0x%04x</policy>\n", sev->pol=
icy);
         virBufferEscapeString(&childBuf, "<dhCert>%s</dhCert>\n", sev->dh_=
cert);
=20
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index cdab6ef2da..c6c3c2e2a5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2866,10 +2866,7 @@ typedef enum {
 } virDomainLaunchSecurity;
=20
=20
-struct _virDomainSEVDef {
-    char *dh_cert;
-    char *session;
-    unsigned int policy;
+struct _virDomainSEVCommonDef {
     bool haveCbitpos;
     unsigned int cbitpos;
     bool haveReducedPhysBits;
@@ -2877,6 +2874,14 @@ struct _virDomainSEVDef {
     virTristateBool kernel_hashes;
 };
=20
+
+struct _virDomainSEVDef {
+    virDomainSEVCommonDef common;
+    char *dh_cert;
+    char *session;
+    unsigned int policy;
+};
+
 struct _virDomainSecDef {
     virDomainLaunchSecurity sectype;
     union {
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom=
mon.rng
index a46a824f88..9a7649df1c 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -524,6 +524,19 @@
     </element>
   </define>
=20
+  <define name=3D"launchSecuritySEVCommon">
+    <optional>
+      <element name=3D"cbitpos">
+        <data type=3D"unsignedInt"/>
+      </element>
+    </optional>
+    <optional>
+      <element name=3D"reducedPhysBits">
+        <data type=3D"unsignedInt"/>
+      </element>
+    </optional>
+  </define>
+
   <define name=3D"launchSecuritySEV">
     <attribute name=3D"type">
       <value>sev</value>
@@ -534,16 +547,7 @@
       </attribute>
     </optional>
     <interleave>
-      <optional>
-        <element name=3D"cbitpos">
-          <data type=3D"unsignedInt"/>
-        </element>
-      </optional>
-      <optional>
-        <element name=3D"reducedPhysBits">
-          <data type=3D"unsignedInt"/>
-        </element>
-      </optional>
+      <ref name=3D"launchSecuritySEVCommon"/>
       <element name=3D"policy">
         <ref name=3D"hexuint"/>
       </element>
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 0779bc224b..34bb1e262f 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -210,6 +210,8 @@ typedef struct _virDomainResctrlMonDef virDomainResctrl=
MonDef;
=20
 typedef struct _virDomainResourceDef virDomainResourceDef;
=20
+typedef struct _virDomainSEVCommonDef virDomainSEVCommonDef;
+
 typedef struct _virDomainSEVDef virDomainSEVDef;
=20
 typedef struct _virDomainSecDef virDomainSecDef;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 2d0eddc79e..a32cb8f8e9 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9728,7 +9728,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand =
*cmd,
     g_autofree char *sessionpath =3D NULL;
=20
     VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d",
-              sev->policy, sev->cbitpos, sev->reduced_phys_bits);
+              sev->policy, sev->common.cbitpos, sev->common.reduced_phys_b=
its);
=20
     if (sev->dh_cert)
         dhpath =3D g_strdup_printf("%s/dh_cert.base64", priv->libDir);
@@ -9737,12 +9737,12 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virComman=
d *cmd,
         sessionpath =3D g_strdup_printf("%s/session.base64", priv->libDir);
=20
     if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
-                                     "u:cbitpos", sev->cbitpos,
-                                     "u:reduced-phys-bits", sev->reduced_p=
hys_bits,
+                                     "u:cbitpos", sev->common.cbitpos,
+                                     "u:reduced-phys-bits", sev->common.re=
duced_phys_bits,
                                      "u:policy", sev->policy,
                                      "S:dh-cert-file", dhpath,
                                      "S:session-file", sessionpath,
-                                     "T:kernel-hashes", sev->kernel_hashes,
+                                     "T:kernel-hashes", sev->common.kernel=
_hashes,
                                      NULL) < 0)
         return -1;
=20
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index ae6594e10e..9886a11245 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6569,14 +6569,14 @@ qemuProcessUpdateSEVInfo(virDomainObj *vm)
      * mandatory on QEMU cmdline
      */
     sevCaps =3D virQEMUCapsGetSEVCapabilities(qemuCaps);
-    if (!sev->haveCbitpos) {
-        sev->cbitpos =3D sevCaps->cbitpos;
-        sev->haveCbitpos =3D true;
+    if (!sev->common.haveCbitpos) {
+        sev->common.cbitpos =3D sevCaps->cbitpos;
+        sev->common.haveCbitpos =3D true;
     }
=20
-    if (!sev->haveReducedPhysBits) {
-        sev->reduced_phys_bits =3D sevCaps->reduced_phys_bits;
-        sev->haveReducedPhysBits =3D true;
+    if (!sev->common.haveReducedPhysBits) {
+        sev->common.reduced_phys_bits =3D sevCaps->reduced_phys_bits;
+        sev->common.haveReducedPhysBits =3D true;
     }
=20
     return 0;
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index b82d937a0d..a00ec8e940 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1318,7 +1318,7 @@ qemuValidateDomainDef(const virDomainDef *def,
                 return -1;
             }
=20
-            if (def->sec->data.sev.kernel_hashes !=3D VIR_TRISTATE_BOOL_AB=
SENT &&
+            if (def->sec->data.sev.common.kernel_hashes !=3D VIR_TRISTATE_=
BOOL_ABSENT &&
                 !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHE=
S)) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                _("SEV measured direct kernel boot is not s=
upported with this QEMU binary"));
--=20
2.44.2