From nobody Fri Mar 29 13:45:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602758769; cv=none; d=zohomail.com; s=zohoarc; b=dLufC1La4A7OctsmE3Z4rh8iLBnVllRMVMuZ9U2y+a9OtWYyu9/XXe6RFSg8mU9L+MZQ4uCvGrWfjeN9gyaxR/0fKCB6JcvdnphhTdoKu0TNfjt3AVrqKwyznpzlZtREqLavLZ+E/cA6NIzNcJ/9wcDMNGdcUeqcb1LmYPinXwM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602758769; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=xldheiEdoYTqFgN7CkjaQoR8QtkEimFkBFp4RC41D74=; b=iyQPKbPudnPgIkbREPO2p+n2O62K8M4VRawt+nT/FBfezM8lE1YNDiglagbdIeMNQRp0xfsG++gTTcYrb96FDFMx9tgkB5A1Jnb75qeiwvkDUhNm4ZW69v56xhLn4EE6cBUnHE0TzQqkCnwa/NosLxHohwYHsxAQML1hAes6pb0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1602758769846235.43937901202457; Thu, 15 Oct 2020 03:46:09 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-13-xCb2aFu_NZO_FXFtqWpDEA-1; Thu, 15 Oct 2020 06:46:06 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 510D8803638; Thu, 15 Oct 2020 10:46:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0821110013DB; Thu, 15 Oct 2020 10:45:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B1F8B92F39; Thu, 15 Oct 2020 10:45:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 09FAjs9i004174 for ; Thu, 15 Oct 2020 06:45:54 -0400 Received: by smtp.corp.redhat.com (Postfix) id D97161002382; Thu, 15 Oct 2020 10:45:54 +0000 (UTC) Received: from nautilus.redhat.com (unknown [10.40.192.115]) by smtp.corp.redhat.com (Postfix) with ESMTP id A912510013D7; Thu, 15 Oct 2020 10:45:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602758768; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=xldheiEdoYTqFgN7CkjaQoR8QtkEimFkBFp4RC41D74=; b=E3oiN/fT/ln/p6o30K+YS9BJ8c9yUKPfGsCoo27Aphe2AuKI0PNvww8gjhIffb5CA1ZZcS n9BBndpE/pfRN0IWYhgBWrs8ni9FxqKqsbL9uH2C2Q728ggSNky0w66xT83joIOTuLZhXs RJkWPli4iYaoSuuuBN9bXyic+NjXyCA= X-MC-Unique: xCb2aFu_NZO_FXFtqWpDEA-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt PATCH v2 1/4] qemu_process: sev: Drop an unused variable Date: Thu, 15 Oct 2020 12:45:45 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , brijesh.singh@amd.com, dgilbert@redhat.com, Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Erik Skultety Reviewed-by: Daniel Henrique Barboza --- src/qemu/qemu_process.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 5bc76a75e3..f71bb21f09 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6394,9 +6394,8 @@ static int qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm) { qemuDomainObjPrivatePtr priv =3D vm->privateData; - virDomainDefPtr def =3D vm->def; virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; - virDomainSEVDefPtr sev =3D def->sev; + virDomainSEVDefPtr sev =3D vm->def->sev; =20 if (!sev) return 0; --=20 2.26.2 From nobody Fri Mar 29 13:45:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602758771; cv=none; d=zohomail.com; s=zohoarc; b=R+DrlkIuJjGgHbYhypKgquTUXaxscz7c49YBknCIF+KstzGX15vEJaeXCWIMJsgMbFXEnSIdqBRvUKWRcvkrlvDTC5DcZQcRbCJu5ixTX0bNf4UD1qTiXVU6xYqu3mDy46fPGBfQ6VTjw0i5F0CMVG9r9WBisB35mP71yUqWCXA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602758771; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=LfBOjGs5GI4jvoVNht+rmrMRhLLMYq5yJdAWrOnVaE0=; b=nOekt3Ro1s6eI1CAQXk3nlrz0JfLA0WS0p31kSkMgjAhCrDV3TuI+mXaDEOvrIOyFtNkCIpiB/510/ZOcbDAc9L/6x/Tvu/UhPh/W/iv/6xk+FgaU5lpZDCEgladHtd7nDYUYkT6BAvnYqpAu4Dm7DxwhXdICtY9Pm0/uzX5Ykg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1602758771015918.3849278918078; Thu, 15 Oct 2020 03:46:11 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-352-iZS27NBkNWiCNRvGuxD-Bg-1; Thu, 15 Oct 2020 06:46:07 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 16EB49CC07; Thu, 15 Oct 2020 10:46:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E05E06EF65; Thu, 15 Oct 2020 10:46:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5A25A58100; Thu, 15 Oct 2020 10:46:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 09FAjuP8004190 for ; Thu, 15 Oct 2020 06:45:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3F00910013D7; Thu, 15 Oct 2020 10:45:56 +0000 (UTC) Received: from nautilus.redhat.com (unknown [10.40.192.115]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3733F1002382; Thu, 15 Oct 2020 10:45:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602758769; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=LfBOjGs5GI4jvoVNht+rmrMRhLLMYq5yJdAWrOnVaE0=; b=aJ69sdaqcsYikG4ScqkGvL9NQdrAstrI69KA2H0X4daVyxoE+vb0MReYBtq2XwH3GIQBqy QuWZcBZ1GQiqm/5Z1XZhWuCos1q7qTFGRafKJckeqO2VIDgKLtRf6UeYuihU1scVrDRmsg +Wgxevzm9wOuNAgBC5Y094zTxFYQgOg= X-MC-Unique: iZS27NBkNWiCNRvGuxD-Bg-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt PATCH v2 2/4] qemu: process: Move SEV capability check to qemuValidateDomainDef Date: Thu, 15 Oct 2020 12:45:46 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: brijesh.singh@amd.com, dgilbert@redhat.com, Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Checks such as this one should be done at domain def validation time, not before starting the QEMU process. As for this change, existing domains will see some QEMU error when starting as opposed to a libvirt error that this QEMU binary doesn't support SEV, but that's okay, we never guaranteed error messages to remain the same. Signed-off-by: Erik Skultety Reviewed-by: Daniel Henrique Barboza --- src/qemu/qemu_process.c | 9 --------- src/qemu/qemu_validate.c | 8 ++++++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index f71bb21f09..16d6f54f66 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6393,8 +6393,6 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm, static int qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm) { - qemuDomainObjPrivatePtr priv =3D vm->privateData; - virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; virDomainSEVDefPtr sev =3D vm->def->sev; =20 if (!sev) @@ -6402,13 +6400,6 @@ qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm) =20 VIR_DEBUG("Preparing SEV guest"); =20 - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Domain %s asked for 'sev' launch but this " - "QEMU does not support SEV feature"), vm->def->n= ame); - return -1; - } - if (sev->dh_cert) { if (qemuProcessSEVCreateFile(vm, "dh_cert", sev->dh_cert) < 0) return -1; diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 28eae76cca..949a5a59b7 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1034,6 +1034,14 @@ qemuValidateDomainDef(const virDomainDef *def, return -1; } =20 + if (def->sev && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("SEV launch security is not supported with " + "this QEMU binary")); + return -1; + } + return 0; } =20 --=20 2.26.2 From nobody Fri Mar 29 13:45:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602758777; cv=none; d=zohomail.com; s=zohoarc; b=Zz15ov9WBkToiZ5FMTnevpzHFAX8s6lOLmq4xjnqbNGfUDl16OEtas2PyXLwc92P0FMYiyW+Ki0v8OT7LPqB2yNe3dRSfZj/vLHJCIwMIMlvCnp1S887sWRORWvIrXiP+R82FiHu6lkVFOZLn1Jx7FGLuKrkqSpWPdBvNC//MxA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602758777; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=K1co0w7UU+/eDru8ydGBC7tWPb0Iy1YVSW0UtAjcpSo=; b=TBP/gaAQr01kG8tTRJxL++TuJ+iQOuatAqDlgmu35w/htW9OiwwiKKOFQgykzqmro9jzhViCxVqiUoKcSkmxv6zKo6lUg26v0oqvtGRifLXFV9R/8bArJPe+WqK0MECWfHdMbsi3L70wnV7DTR2Z6SUCNpPER9SrWnEtCF1GESs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1602758777921444.9169777054809; Thu, 15 Oct 2020 03:46:17 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-236-p3n0n93OPKiF1ZaGiPyKXw-1; Thu, 15 Oct 2020 06:46:14 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3174B10866AD; Thu, 15 Oct 2020 10:46:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0A1E5610F3; Thu, 15 Oct 2020 10:46:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C07A51826D37; Thu, 15 Oct 2020 10:46:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 09FAjv5u004204 for ; Thu, 15 Oct 2020 06:45:57 -0400 Received: by smtp.corp.redhat.com (Postfix) id 98FDB1002382; Thu, 15 Oct 2020 10:45:57 +0000 (UTC) Received: from nautilus.redhat.com (unknown [10.40.192.115]) by smtp.corp.redhat.com (Postfix) with ESMTP id 90F8010013D7; Thu, 15 Oct 2020 10:45:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602758776; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=K1co0w7UU+/eDru8ydGBC7tWPb0Iy1YVSW0UtAjcpSo=; b=KYl8oCzzzr8uoykfCuR6Y6n2DGDIKeCS/TLpjzt9mFtsoZn25B2IesDyX0OakVAWDr4nsP /LCu1B2ScBASouYMVMPd+1CqBEPxFijdo382Odzr7zI/6C3py0GpS0LUiZ1z9ZebEBuZXU AyOuK9EST8l3wxzIvGyttyOY9vbC/Kc= X-MC-Unique: p3n0n93OPKiF1ZaGiPyKXw-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt PATCH v2 3/4] qemu: process: sev: Fill missing 'cbitpos' & 'reducedPhysBits' from caps Date: Thu, 15 Oct 2020 12:45:47 +0200 Message-Id: <85874af72003b8d4dc11f290d429bdf012bb5c48.1602758656.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: brijesh.singh@amd.com, dgilbert@redhat.com, Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" These XML attributes have been mandatory since the introduction of SEV support to libvirt. This design decision was based on QEMU's requirement for these to be mandatory for migration purposes, as differences in these values across platforms must result in the pre-migration checks failing (not that migration with SEV works at the time of this patch). This patch enables autofill of these attributes right before launching QEMU and thus updating the live XML. Signed-off-by: Erik Skultety Reviewed-by: Daniel Henrique Barboza --- src/conf/domain_conf.h | 2 ++ src/qemu/qemu_process.c | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 902dd58112..cd344716a3 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2491,7 +2491,9 @@ struct _virDomainSEVDef { char *dh_cert; char *session; unsigned int policy; + bool haveCbitpos; unsigned int cbitpos; + bool haveReducedPhysBits; unsigned int reduced_phys_bits; }; =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 16d6f54f66..6422881a33 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6233,6 +6233,33 @@ qemuProcessPrepareAllowReboot(virDomainObjPtr vm) } =20 =20 +static int +qemuProcessUpdateSEVInfo(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSEVDefPtr sev =3D vm->def->sev; + virSEVCapabilityPtr sevCaps =3D NULL; + + /* if platform specific info like 'cbitpos' and 'reducedPhysBits' have + * not been supplied, we need to autofill them from caps now as both a= re + * mandatory on QEMU cmdline + */ + sevCaps =3D virQEMUCapsGetSEVCapabilities(qemuCaps); + if (!sev->haveCbitpos) { + sev->cbitpos =3D sevCaps->cbitpos; + sev->haveCbitpos =3D true; + } + + if (!sev->haveReducedPhysBits) { + sev->reduced_phys_bits =3D sevCaps->reduced_phys_bits; + sev->haveReducedPhysBits =3D true; + } + + return 0; +} + + /** * qemuProcessPrepareDomain: * @driver: qemu driver @@ -6361,6 +6388,12 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, for (i =3D 0; i < vm->def->nshmems; i++) qemuDomainPrepareShmemChardev(vm->def->shmems[i]); =20 + if (vm->def->sev) { + VIR_DEBUG("Updating SEV platform info"); + if (qemuProcessUpdateSEVInfo(vm) < 0) + return -1; + } + return 0; } =20 --=20 2.26.2 From nobody Fri Mar 29 13:45:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602758790; cv=none; d=zohomail.com; s=zohoarc; b=MdMktsaf34UB64TvMmeFDc8IvOojOcT4mA2HlNUbnx8uppGFGnPIRwyiqDL8O45T17b+fN3D+jiY8wkymDTr+tY/M0/oIskq/QQhQg60MQGie7ARwPGoufuLgzaz3m/EKhNCs73fRUDYqQFwPVpeKpQVQbk+E6mlbngvDq0NOmU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602758790; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=FtsSn9plQhgEDTKs4l1/1OqkKrcsxZrqunLoscNHH8k=; b=TPvvakn2+fMg3pWSEwJdsXGPIxJtRhnD4Y1NJI+WzyYHYnwDGILrctSpMIcFn9nMcUxiuNVXzaHGWtDJrAMWTK5ZQEixplQEpD/rckTY9AvMkKLoiyJbtxpmiCcqgpnvAmRHKObdNpTQT3GwLkdBFOk2HA9r267DjtCe14/qZME= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1602758790668168.69241272650345; Thu, 15 Oct 2020 03:46:30 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-304-lntLMozhOiGZMkw5uc4gPg-1; Thu, 15 Oct 2020 06:46:27 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C634918BE172; Thu, 15 Oct 2020 10:46:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A5D676EF68; Thu, 15 Oct 2020 10:46:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6BDF21826D39; Thu, 15 Oct 2020 10:46:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 09FAjxkN004222 for ; Thu, 15 Oct 2020 06:45:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2588F100238C; Thu, 15 Oct 2020 10:45:59 +0000 (UTC) Received: from nautilus.redhat.com (unknown [10.40.192.115]) by smtp.corp.redhat.com (Postfix) with ESMTP id EAB5D10013D7; Thu, 15 Oct 2020 10:45:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602758789; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=FtsSn9plQhgEDTKs4l1/1OqkKrcsxZrqunLoscNHH8k=; b=GIFi8cz7zvQAmnwwDf7XCiEf+ulWpECBCbKO1cZQfW7dcnTpTJ3g4nhfXFx/AyFTkoLzpM ayr4O54KllHyPFUB9d0t81KAXvYLO2Wg3H2jG+aqwrFJBHKaJPN+jg9z5uEOil3otOq4oZ 4z8ioiu4GUYyajAFFrfLkuJ6XkSdY2A= X-MC-Unique: lntLMozhOiGZMkw5uc4gPg-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt PATCH v2 4/4] conf: domain: sev: Make 'cbitpos' & 'reducedPhysBits' attrs optional Date: Thu, 15 Oct 2020 12:45:48 +0200 Message-Id: <0473b4d52c0b61b6c83565022cae6515ca57e5f4.1602758656.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , brijesh.singh@amd.com, dgilbert@redhat.com, Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" These XML attributes have been mandatory since the introduction of SEV support to libvirt. This design decision was based on QEMU's requirement for these to be mandatory for migration purposes, as differences in these values across platforms must result in the pre-migration checks failing (not that migration with SEV works at the time of this patch). Expecting the user to specify these is cumbersome and the same XML cannot be re-used across different revisions of SEV. Since we have SEV platform information saved in QEMU capabilities, we can make the attributes optional and should fill them in automatically in the QEMU driver right before starting it. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/57 Signed-off-by: Erik Skultety Reviewed-by: Daniel Henrique Barboza --- docs/schemas/domaincommon.rng | 16 ++++--- src/conf/domain_conf.c | 46 ++++++++++++------- ...v-missing-platform-info.x86_64-2.12.0.args | 37 +++++++++++++++ ...nch-security-sev-missing-platform-info.xml | 35 ++++++++++++++ tests/qemuxml2argvtest.c | 1 + 5 files changed, 113 insertions(+), 22 deletions(-) create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-plat= form-info.x86_64-2.12.0.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-plat= form-info.xml diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index c26408c400..ae25b9b1bc 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -467,12 +467,16 @@ sev - - - - - - + + + + + + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index bbe59f61d0..efa5ac527b 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -16764,6 +16764,7 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, virDomainSEVDefPtr def; unsigned long policy; g_autofree char *type =3D NULL; + int rc =3D -1; =20 def =3D g_new0(virDomainSEVDef, 1); =20 @@ -16788,25 +16789,35 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode, goto error; } =20 - if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("failed to get launch security cbitpos")); - goto error; - } - - if (virXPathUInt("string(./reducedPhysBits)", ctxt, - &def->reduced_phys_bits) < 0) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("failed to get launch security reduced-phys-bits"= )); - goto error; - } - if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", _("failed to get launch security policy")); goto error; } =20 + /* the following attributes are platform dependent and if missing, we = can + * autofill them from domain capabilities later + */ + rc =3D virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos); + if (rc =3D=3D 0) { + def->haveCbitpos =3D true; + } else if (rc =3D=3D -2) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("Invalid format for launch security cbitpos")); + goto error; + } + + rc =3D virXPathUInt("string(./reducedPhysBits)", ctxt, + &def->reduced_phys_bits); + if (rc =3D=3D 0) { + def->haveReducedPhysBits =3D true; + } else if (rc =3D=3D -2) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("Invalid format for launch security " + "reduced-phys-bits")); + goto error; + } + def->policy =3D policy; def->dh_cert =3D virXPathString("string(./dhCert)", ctxt); def->session =3D virXPathString("string(./session)", ctxt); @@ -28958,9 +28969,12 @@ virDomainSEVDefFormat(virBufferPtr buf, virDomainS= EVDefPtr sev) virDomainLaunchSecurityTypeToString(sev->sectype)); virBufferAdjustIndent(buf, 2); =20 - virBufferAsprintf(buf, "%d\n", sev->cbitpos); - virBufferAsprintf(buf, "%d\n", - sev->reduced_phys_bits); + if (sev->haveCbitpos) + virBufferAsprintf(buf, "%d\n", sev->cbitpos); + + if (sev->haveReducedPhysBits) + virBufferAsprintf(buf, "%d\n", + sev->reduced_phys_bits); virBufferAsprintf(buf, "0x%04x\n", sev->policy); if (sev->dh_cert) virBufferEscapeString(buf, "%s\n", sev->dh_cert); diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-in= fo.x86_64-2.12.0.args b/tests/qemuxml2argvdata/launch-security-sev-missing-= platform-info.x86_64-2.12.0.args new file mode 100644 index 0000000000..378c3b681c --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_= 64-2.12.0.args @@ -0,0 +1,37 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt= ion=3Dsev0 \ +-m 214 \ +-realtime mlock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot strict=3Don \ +-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-hd,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-0,b= ootindex=3D1 \ +-object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x= 1,\ +dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ +session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-in= fo.xml b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x= ml new file mode 100644 index 0000000000..41ec4cb872 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.xml @@ -0,0 +1,35 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + + + + + + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 8aa791d9f7..f9b02b232f 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3316,6 +3316,7 @@ mymain(void) DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x"); =20 DO_TEST_CAPS_VER("launch-security-sev", "2.12.0"); + DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0"= ); =20 DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory"); DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages"); --=20 2.26.2