From nobody Thu May 2 21:21:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534345415182460.5057221833449; Wed, 15 Aug 2018 08:03:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8934930820C0; Wed, 15 Aug 2018 15:03:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4206C60BE7; Wed, 15 Aug 2018 15:03:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 936A218037ED; Wed, 15 Aug 2018 15:03:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7FF2Nu0006296 for ; Wed, 15 Aug 2018 11:02:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id F13542027047; Wed, 15 Aug 2018 15:02:22 +0000 (UTC) Received: from beluga.usersys.redhat.com (unknown [10.43.2.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 70D342026D7E; Wed, 15 Aug 2018 15:02:22 +0000 (UTC) From: Erik Skultety To: libvir-list@redhat.com Date: Wed, 15 Aug 2018 17:02:05 +0200 Message-Id: <8edd4edda23bdaddfee8bc0d67f1495f7f3dc8ff.1534344913.git.eskultet@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Erik Skultety Subject: [libvirt] [PATCH 1/4] tests: sev: Test launch-security with specific QEMU version X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Wed, 15 Aug 2018 15:03:33 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In order to test SEV we need real QEMU capabilities. Ideally, this would be tested with -latest capabilities, however, our capabilities are currently tied to Intel HW, even the 2.12.0 containing SEV were edited by hand, so we can only use that one for now, as splitting the capabilities according to the vendor is a refactor for another day. The need for real capabilities comes from the extended SEV platform data (PDH, cbitpos, etc.) we'll need to cache/parse. Signed-off-by: Erik Skultety Tested-by: Brijesh Singh --- ...ev.args =3D> launch-security-sev.x86_64-2.12.0.args} | 19 ++++++++++++-= ------ tests/qemuxml2argvtest.c | 4 +--- 2 files changed, 13 insertions(+), 10 deletions(-) rename tests/qemuxml2argvdata/{launch-security-sev.args =3D> launch-securi= ty-sev.x86_64-2.12.0.args} (54%) diff --git a/tests/qemuxml2argvdata/launch-security-sev.args b/tests/qemuxm= l2argvdata/launch-security-sev.x86_64-2.12.0.args similarity index 54% rename from tests/qemuxml2argvdata/launch-security-sev.args rename to tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args index 219a242e51..6da068e1a5 100644 --- a/tests/qemuxml2argvdata/launch-security-sev.args +++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args @@ -5,25 +5,30 @@ USER=3Dtest \ LOGNAME=3Dtest \ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-x86_64 \ --name QEMUGuest1 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt= ion=3Dsev0 \ -m 214 \ +-realtime mlock=3Doff \ -smp 1,sockets=3D1,cores=3D1,threads=3D1 \ -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ -display none \ -no-user-config \ -nodefaults \ --chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ -server,nowait \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ -mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ -rtc base=3Dutc \ -no-shutdown \ -no-acpi \ --usb \ +-boot strict=3Don \ +-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ -drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ --device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0,\ -bootindex=3D1 \ +-device ide-hd,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-0,b= ootindex=3D1 \ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x= 1,\ dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ -session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 +session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 8a7b82a1f2..395f78bfbd 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2940,9 +2940,7 @@ mymain(void) DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw", "s390x"); DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x"); =20 - DO_TEST("launch-security-sev", - QEMU_CAPS_KVM, - QEMU_CAPS_SEV_GUEST); + DO_TEST_CAPS_VER("launch-security-sev", "2.12.0"); =20 if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL) virFileDeleteTree(fakerootdir); --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 21:21:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534345421122969.8807590383017; Wed, 15 Aug 2018 08:03:41 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 728A381DFC; Wed, 15 Aug 2018 15:03:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E22B2015AC6; Wed, 15 Aug 2018 15:03:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4DCC4A46C; Wed, 15 Aug 2018 15:03:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7FF2NFf006304 for ; Wed, 15 Aug 2018 11:02:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id BE118202704B; Wed, 15 Aug 2018 15:02:23 +0000 (UTC) Received: from beluga.usersys.redhat.com (unknown [10.43.2.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3D4D32026D7E; Wed, 15 Aug 2018 15:02:23 +0000 (UTC) From: Erik Skultety To: libvir-list@redhat.com Date: Wed, 15 Aug 2018 17:02:06 +0200 Message-Id: <800ce3e0da8accedff6496b7acfc4804f0139797.1534344913.git.eskultet@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Erik Skultety Subject: [libvirt] [PATCH 2/4] qemu: Define and use a auto cleanup function with virSEVCapability X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 15 Aug 2018 15:03:39 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Keep with the recent effort of replacing as many explicit *Free functions with their automatic equivalents. Signed-off-by: Erik Skultety Tested-by: Brijesh Singh --- src/conf/domain_capabilities.h | 4 ++++ src/qemu/qemu_capabilities.c | 12 ++++-------- src/qemu/qemu_monitor_json.c | 11 ++++++----- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 755de1365f..45ebc436b9 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -25,6 +25,7 @@ =20 # include "internal.h" # include "domain_conf.h" +# include "viralloc.h" =20 typedef const char * (*virDomainCapsValToStr)(int value); =20 @@ -215,4 +216,7 @@ char * virDomainCapsFormat(virDomainCapsPtr const caps); =20 void virSEVCapabilitiesFree(virSEVCapability *capabilities); + +VIR_DEFINE_AUTOPTR_FUNC(virSEVCapability, virSEVCapabilitiesFree); + #endif /* __DOMAIN_CAPABILITIES_H__ */ diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index e6e199b2c6..c17d26801e 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -5263,9 +5263,8 @@ static int virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps, virDomainCapsPtr domCaps) { - virSEVCapability *sev; virSEVCapability *cap =3D qemuCaps->sevCapabilities; - int ret =3D -1; + VIR_AUTOPTR(virSEVCapability) sev =3D NULL; =20 if (!cap) return 0; @@ -5274,19 +5273,16 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr = qemuCaps, return -1; =20 if (VIR_STRDUP(sev->pdh, cap->pdh) < 0) - goto cleanup; + return -1; =20 if (VIR_STRDUP(sev->cert_chain, cap->cert_chain) < 0) - goto cleanup; + return -1; =20 sev->cbitpos =3D cap->cbitpos; sev->reduced_phys_bits =3D cap->reduced_phys_bits; VIR_STEAL_PTR(domCaps->sev, sev); =20 - ret =3D 0; - cleanup: - virSEVCapabilitiesFree(sev); - return ret; + return 0; } =20 =20 diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 2921f110a9..3f99f39120 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6443,9 +6443,11 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, virJSONValuePtr cmd; virJSONValuePtr reply =3D NULL; virJSONValuePtr caps; - virSEVCapability *capability =3D NULL; - const char *pdh =3D NULL, *cert_chain =3D NULL; - unsigned int cbitpos, reduced_phys_bits; + const char *pdh =3D NULL; + const char *cert_chain =3D NULL; + unsigned int cbitpos; + unsigned int reduced_phys_bits; + VIR_AUTOPTR(virSEVCapability) capability =3D NULL; =20 *capabilities =3D NULL; =20 @@ -6476,7 +6478,7 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, } =20 if (virJSONValueObjectGetNumberUint(caps, "reduced-phys-bits", - &reduced_phys_bits) < 0) { + &reduced_phys_bits) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("query-sev-capabilities reply was missing" " 'reduced-phys-bits' field")); @@ -6512,7 +6514,6 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, ret =3D 0; =20 cleanup: - virSEVCapabilitiesFree(capability); virJSONValueFree(cmd); virJSONValueFree(reply); =20 --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 21:21:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534345396785324.7878337097403; Wed, 15 Aug 2018 08:03:16 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6C4FD356C9; Wed, 15 Aug 2018 15:03:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5498B10694FF; Wed, 15 Aug 2018 15:03:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C3A774A460; Wed, 15 Aug 2018 15:03:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7FF2OqC006311 for ; Wed, 15 Aug 2018 11:02:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id CBAEB202704B; Wed, 15 Aug 2018 15:02:24 +0000 (UTC) Received: from beluga.usersys.redhat.com (unknown [10.43.2.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 094612026D7E; Wed, 15 Aug 2018 15:02:23 +0000 (UTC) From: Erik Skultety To: libvir-list@redhat.com Date: Wed, 15 Aug 2018 17:02:07 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Erik Skultety Subject: [libvirt] [PATCH 3/4] qemu: Fix probing of AMD SEV support X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 15 Aug 2018 15:03:14 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" So the procedure to detect SEV support works like this: 1) we detect that sev-guest is among the QOM types and set the cap flag 2) we probe the monitor for SEV support - this is tricky, because QEMU with compiled SEV support will always report -object sev-guest and query-sev-capabilities command, that however doesn't mean SEV is supported 3) depending on what the monitor returned, we either keep or clear the capability flag for SEV Commit a349c6c21c6 added an explicit check for "GenericError" in the monitor reply to prevent libvirtd to spam logs about missing 'query-sev-capabilities' command. At the same time though, it returned success in this case which means that we didn't clear the capability flag afterwards and happily formatted SEV into qemuCaps. Signed-off-by: Erik Skultety Tested-by: Brijesh Singh --- src/qemu/qemu_monitor_json.c | 9 +++++---- tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 1 - 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 3f99f39120..b0963ed887 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6459,11 +6459,12 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mo= n, goto cleanup; =20 /* Both -object sev-guest and query-sev-capabilities can be present - * even if SEV is not available */ - if (qemuMonitorJSONHasError(reply, "GenericError")) { - ret =3D 0; + * even if SEV is not available. We have to check for "GenericError" f= irst, + * in order not to spam libvirtd logs. + * NOTE: We return failure here too so that the capability gets cleared + * later */ + if (qemuMonitorJSONHasError(reply, "GenericError")) goto cleanup; - } =20 if (qemuMonitorJSONCheckError(cmd, reply) < 0) goto cleanup; diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_3.0.0.x86_64.xml index efddcbc6a5..2b47337449 100644 --- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml @@ -211,7 +211,6 @@ - --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 21:21:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534345415892512.921669987178; Wed, 15 Aug 2018 08:03:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4BE2C81102; Wed, 15 Aug 2018 15:03:33 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 049A75D9D1; Wed, 15 Aug 2018 15:03:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8C7B94A469; Wed, 15 Aug 2018 15:03:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7FF2PGw006319 for ; Wed, 15 Aug 2018 11:02:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9975E2027047; Wed, 15 Aug 2018 15:02:25 +0000 (UTC) Received: from beluga.usersys.redhat.com (unknown [10.43.2.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 187852026D7E; Wed, 15 Aug 2018 15:02:24 +0000 (UTC) From: Erik Skultety To: libvir-list@redhat.com Date: Wed, 15 Aug 2018 17:02:08 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Erik Skultety Subject: [libvirt] [PATCH 4/4] qemu: caps: Format SEV platform data into qemuCaps cache X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 15 Aug 2018 15:03:34 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since we're not saving the platform-specific data into a cache, we're not going to populate the structure, which in turn will cause a crash upon calling virNodeGetSEVInfo because of a NULL pointer dereference. Ultimately, we should start caching this data along with host-specific capabilities like NUMA and SELinux stuff into a separate cache, but for the time being, this is a semi-proper fix for a potential crash. Backtrace (requires libvirtd restart to load qemu caps from cache): https://bugzilla.redhat.com/show_bug.cgi?id=3D1612009 Signed-off-by: Erik Skultety Tested-by: Brijesh Singh --- src/qemu/qemu_capabilities.c | 100 ++++++++++++++++++= ++++ tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml | 5 +- tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 6 ++ 3 files changed, 110 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index c17d26801e..9de12f9263 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1570,6 +1570,25 @@ virQEMUCapsHostCPUDataClear(virQEMUCapsHostCPUDataPt= r cpuData) } =20 =20 +static int +virQEMUCapsSEVInfoCopy(virSEVCapabilityPtr *dst, + virSEVCapabilityPtr src) +{ + VIR_AUTOPTR(virSEVCapability) tmp =3D NULL; + + if (VIR_ALLOC(tmp) < 0 || + VIR_STRDUP(tmp->pdh, src->pdh) < 0 || + VIR_STRDUP(tmp->cert_chain, src->cert_chain) < 0) + return -1; + + tmp->cbitpos =3D src->cbitpos; + tmp->reduced_phys_bits =3D src->reduced_phys_bits; + + VIR_STEAL_PTR(*dst, tmp); + return 0; +} + + virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps) { virQEMUCapsPtr ret =3D virQEMUCapsNew(); @@ -1632,6 +1651,11 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qem= uCaps) for (i =3D 0; i < qemuCaps->ngicCapabilities; i++) ret->gicCapabilities[i] =3D qemuCaps->gicCapabilities[i]; =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && + virQEMUCapsSEVInfoCopy(&ret->sevCapabilities, + qemuCaps->sevCapabilities) < 0) + goto error; + return ret; =20 error: @@ -3342,6 +3366,58 @@ virQEMUCapsCachePrivFree(void *privData) } =20 =20 +static int +virQEMUCapsParseSEVInfo(virQEMUCapsPtr qemuCaps, xmlXPathContextPtr ctxt) +{ + VIR_AUTOPTR(virSEVCapability) sev =3D NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) + return 0; + + if (virXPathBoolean("boolean(./sev)", ctxt) =3D=3D 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SEV platform data in QEMU " + "capabilities cache")); + return -1; + } + + if (VIR_ALLOC(sev) < 0) + return -1; + + if (virXPathUInt("string(./sev/cbitpos)", ctxt, &sev->cbitpos) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SEV cbitpos information " + "in QEMU capabilities cache")); + return -1; + } + + if (virXPathUInt("string(./sev/reducedPhysBits)", ctxt, + &sev->reduced_phys_bits) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SEV reducedPhysBits informa= tion " + "in QEMU capabilities cache")); + return -1; + } + + if (!(sev->pdh =3D virXPathString("string(./sev/pdh)", ctxt))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SEV pdh information " + "in QEMU capabilities cache")); + return -1; + } + + if (!(sev->cert_chain =3D virXPathString("string(./sev/certChain)", ct= xt))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SEV certChain information " + "in QEMU capabilities cache")); + return -1; + } + + VIR_STEAL_PTR(qemuCaps->sevCapabilities, sev); + return 0; +} + + /* * Parsing a doc that looks like * @@ -3590,6 +3666,9 @@ virQEMUCapsLoadCache(virArch hostArch, } VIR_FREE(nodes); =20 + if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0) + goto cleanup; + virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM); virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU); =20 @@ -3707,6 +3786,24 @@ virQEMUCapsFormatCPUModels(virQEMUCapsPtr qemuCaps, } =20 =20 +static void +virQEMUCapsFormatSEVInfo(virQEMUCapsPtr qemuCaps, virBufferPtr buf) +{ + virSEVCapabilityPtr sev =3D virQEMUCapsGetSEVCapabilities(qemuCaps); + + virBufferAddLit(buf, "\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "%u\n", sev->cbitpos); + virBufferAsprintf(buf, "%u\n", + sev->reduced_phys_bits); + virBufferEscapeString(buf, "%s\n", sev->pdh); + virBufferEscapeString(buf, "%s\n", + sev->cert_chain); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); +} + + char * virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) { @@ -3788,6 +3885,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) emulated ? "yes" : "no"); } =20 + if (qemuCaps->sevCapabilities) + virQEMUCapsFormatSEVInfo(qemuCaps, &buf); + virBufferAdjustIndent(&buf, -2); virBufferAddLit(&buf, "\n"); =20 diff --git a/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml b/tests/doma= incapsschemadata/qemu_2.12.0.x86_64.xml index 7a1be4c093..a8d6a4d629 100644 --- a/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml +++ b/tests/domaincapsschemadata/qemu_2.12.0.x86_64.xml @@ -142,6 +142,9 @@ - + + 47 + 1 + diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemu= capabilitiesdata/caps_2.12.0.x86_64.xml index d34d762ca8..d134e5632d 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml @@ -1253,4 +1253,10 @@ + + 47 + 1 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAA= A + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list