From nobody Mon Feb 9 10:33:18 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.25 as permitted sender) client-ip=209.132.183.25; envelope-from=libvir-list-bounces@redhat.com; helo=mx4-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.25 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) by mx.zohomail.com with SMTPS id 1486383903222292.83165674014754; Mon, 6 Feb 2017 04:25:03 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v16CLYmn014312; Mon, 6 Feb 2017 07:21:34 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v16CLDCI017467 for ; Mon, 6 Feb 2017 07:21:13 -0500 Received: from beluga.usersys.redhat.com (dhcp129-94.brq.redhat.com [10.34.129.94]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v16CL6xA013739; Mon, 6 Feb 2017 07:21:13 -0500 From: Erik Skultety To: libvir-list@redhat.com Date: Mon, 6 Feb 2017 13:19:48 +0100 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-loop: libvir-list@redhat.com Cc: Erik Skultety Subject: [libvirt] [PATCH 06/16] security: dac: Enable labeling of vfio mediated devices X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Label the VFIO IOMMU devices under /dev/vfio/ referenced by the symlinks in the sysfs (e.g. /sys/class/mdev_bus//iommu_group) which what qemu actually gets formatted on the command line. Signed-off-by: Erik Skultety --- src/security/security_dac.c | 58 +++++++++++++++++++++++++++++++++++++++++= ++-- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index ecce1d3..93cb66f 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -33,6 +33,7 @@ #include "virfile.h" #include "viralloc.h" #include "virlog.h" +#include "virmdev.h" #include "virpci.h" #include "virusb.h" #include "virscsi.h" @@ -856,6 +857,15 @@ virSecurityDACSetHostLabel(virSCSIVHostDevicePtr dev A= TTRIBUTE_UNUSED, =20 =20 static int +virSecurityDACSetMediatedDevLabel(virMediatedDevicePtr dev ATTRIBUTE_UNUSE= D, + const char *file, + void *opaque) +{ + return virSecurityDACSetHostdevLabelHelper(file, opaque); +} + + +static int virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, @@ -867,7 +877,9 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, virDomainHostdevSubsysPCIPtr pcisrc =3D &dev->source.subsys.u.pci; virDomainHostdevSubsysSCSIPtr scsisrc =3D &dev->source.subsys.u.scsi; virDomainHostdevSubsysSCSIVHostPtr hostsrc =3D &dev->source.subsys.u.s= csi_host; + virDomainHostdevSubsysMediatedDevPtr mdevsrc =3D &dev->source.subsys.u= .mdev; int ret =3D -1; + virMediatedDevicePtr mdev =3D NULL; =20 if (!priv->dynamicOwnership) return 0; @@ -964,13 +976,26 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr m= gr, break; } =20 - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: { + char *vfio_dev =3D NULL; + if (!(mdev =3D virMediatedDeviceNew(&mdevsrc->addr, mdevsrc->uuids= tr))) + goto done; + + if (!(vfio_dev =3D virMediatedDeviceGetIOMMUGroupDev(mdev))) + goto done; + + ret =3D virSecurityDACSetMediatedDevLabel(mdev, vfio_dev, &cbdata); + VIR_FREE(vfio_dev); + break; + } + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: ret =3D 0; break; } =20 done: + virMediatedDeviceFree(mdev); return ret; } =20 @@ -1018,6 +1043,15 @@ virSecurityDACRestoreHostLabel(virSCSIVHostDevicePtr= dev ATTRIBUTE_UNUSED, return virSecurityDACRestoreFileLabel(priv, file); } =20 +static int +virSecurityDACRestoreMediatedDevLabel(virMediatedDevicePtr dev ATTRIBUTE_U= NUSED, + const char *file, + void *opaque) +{ + virSecurityManagerPtr mgr =3D opaque; + virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); + return virSecurityDACRestoreFileLabel(priv, file); +} =20 static int virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr, @@ -1032,6 +1066,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerP= tr mgr, virDomainHostdevSubsysPCIPtr pcisrc =3D &dev->source.subsys.u.pci; virDomainHostdevSubsysSCSIPtr scsisrc =3D &dev->source.subsys.u.scsi; virDomainHostdevSubsysSCSIVHostPtr hostsrc =3D &dev->source.subsys.u.s= csi_host; + virDomainHostdevSubsysMediatedDevPtr mdevsrc =3D &dev->source.subsys.u= .mdev; int ret =3D -1; =20 secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); @@ -1120,7 +1155,26 @@ virSecurityDACRestoreHostdevLabel(virSecurityManager= Ptr mgr, break; } =20 - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: { + char *vfiodev =3D NULL; + virMediatedDevicePtr mdev =3D virMediatedDeviceNew(&mdevsrc->addr, + mdevsrc->uuidstr); + + if (!mdev) + goto done; + + if (!(vfiodev =3D virMediatedDeviceGetIOMMUGroupDev(mdev))) { + virMediatedDeviceFree(mdev); + goto done; + } + + ret =3D virSecurityDACRestoreMediatedDevLabel(mdev, vfiodev, mgr); + + VIR_FREE(vfiodev); + virMediatedDeviceFree(mdev); + break; + } + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: ret =3D 0; break; --=20 2.10.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list