From nobody Mon Apr 29 04:12:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 154453944909170.17930992377012;
 Tue, 11 Dec 2018 06:44:09 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id BE49B13AB3;
	Tue, 11 Dec 2018 14:44:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7B12D600D6;
	Tue, 11 Dec 2018 14:44:06 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1EC26181B9E7;
	Tue, 11 Dec 2018 14:44:06 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wBBEi3ha001035 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 11 Dec 2018 09:44:03 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 156826012B; Tue, 11 Dec 2018 14:44:03 +0000 (UTC)
Received: from beluga.usersys.redhat.com (unknown [10.43.2.166])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 673B0600D6;
	Tue, 11 Dec 2018 14:44:02 +0000 (UTC)
From: Erik Skultety <eskultet@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 11 Dec 2018 15:43:49 +0100
Message-Id: 
 <a7459813d2fa8d51b56412eb9ff50321f4940919.1544539092.git.eskultet@redhat.com>
In-Reply-To: <cover.1544539092.git.eskultet@redhat.com>
References: <cover.1544539092.git.eskultet@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Erik Skultety <eskultet@redhat.com>
Subject: [libvirt] [PATCH 1/2] qemu: process: SEV: Assume libDir to be the
	directory to create files in
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
 Tue, 11 Dec 2018 14:44:07 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Since SEV operates on a per domain basis, it's very likely that all
SEV launch-related data will be created under
/var/lib/libvirt/qemu/<domain_name>. Therefore, when calling into
qemuProcessSEVCreateFile we can assume @libDir as the directory prefix
rather than passing it explicitly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
 src/qemu/qemu_process.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 2f8e19d29d..db3c095f09 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6040,14 +6040,15 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver,
=20
=20
 static int
-qemuProcessSEVCreateFile(const char *configDir,
+qemuProcessSEVCreateFile(virDomainObjPtr vm,
                          const char *name,
                          const char *data)
 {
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
     char *configFile;
     int ret =3D -1;
=20
-    if (!(configFile =3D virFileBuildPath(configDir, name, ".base64")))
+    if (!(configFile =3D virFileBuildPath(priv->libDir, name, ".base64")))
         return -1;
=20
     if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) {
@@ -6084,12 +6085,12 @@ qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
     }
=20
     if (sev->dh_cert) {
-        if (qemuProcessSEVCreateFile(priv->libDir, "dh_cert", sev->dh_cert=
) < 0)
+        if (qemuProcessSEVCreateFile(vm, "dh_cert", sev->dh_cert) < 0)
             return -1;
     }
=20
     if (sev->session) {
-        if (qemuProcessSEVCreateFile(priv->libDir, "session", sev->session=
) < 0)
+        if (qemuProcessSEVCreateFile(vm, "session", sev->session) < 0)
             return -1;
     }
=20
--=20
2.19.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 04:12:16 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1544539449093924.4885112720491;
 Tue, 11 Dec 2018 06:44:09 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id F288858E59;
	Tue, 11 Dec 2018 14:44:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A940A5C219;
	Tue, 11 Dec 2018 14:44:06 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 597203F602;
	Tue, 11 Dec 2018 14:44:06 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wBBEi4wQ001045 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 11 Dec 2018 09:44:04 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 126316012B; Tue, 11 Dec 2018 14:44:04 +0000 (UTC)
Received: from beluga.usersys.redhat.com (unknown [10.43.2.166])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 62FCA600D6;
	Tue, 11 Dec 2018 14:44:03 +0000 (UTC)
From: Erik Skultety <eskultet@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 11 Dec 2018 15:43:50 +0100
Message-Id: 
 <e747290f37ef7c99a214f52e68ab67f894db2a79.1544539092.git.eskultet@redhat.com>
In-Reply-To: <cover.1544539092.git.eskultet@redhat.com>
References: <cover.1544539092.git.eskultet@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Erik Skultety <eskultet@redhat.com>
Subject: [libvirt] [PATCH 2/2] qemu: process: SEV: Relabel guest owner's SEV
	files created before start
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
 Tue, 11 Dec 2018 14:44:07 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Before launching a SEV guest we take the base64-encoded guest owner's
data specified in launchSecurity and create files with the same content
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
need to pass these files on to QEMU which then uses them to communicate
with the SEV firmware, except when it doesn't have permissions to open
those files since we don't relabel them.

https://bugzilla.redhat.com/show_bug.cgi?id=3D1658112

Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
 src/qemu/qemu_process.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index db3c095f09..dd815f5b80 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6045,6 +6045,7 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
                          const char *data)
 {
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virQEMUDriverPtr driver =3D priv->driver;
     char *configFile;
     int ret =3D -1;
=20
@@ -6057,6 +6058,9 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
         goto cleanup;
     }
=20
+    if (qemuSecurityDomainSetPathLabel(driver, vm, configFile, true) < 0)
+        goto cleanup;
+
     ret =3D 0;
  cleanup:
     VIR_FREE(configFile);
--=20
2.19.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list