NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

conf: Move some members of virDomainSEVDef into virDomainSEVCommonDef

Browse Source 
Some parts of SEV are to be shared with SEV SNP. In order to
reuse XML parsing / formatting code cleanly, let's move those
common bits into a new struct (virDomainSEVCommonDef) and adjust
rest of the code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Michal Privoznik 2024-06-11 12:12:08 +02:00
parent 66efdfabd9
commit d2cad18ca3
7 changed files with 74 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
src/conf/domain_conf.c
View File

@ -13621,8 +13621,8 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
static int static int
virDomainSEVDefParseXML(virDomainSEVDef *def, virDomainSEVCommonDefParseXML(virDomainSEVCommonDef *def,
xmlXPathContextPtr ctxt) xmlXPathContextPtr ctxt)
{ {
int rc; int rc;
@ -13630,12 +13630,6 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
&def->kernel_hashes) < 0) &def->kernel_hashes) < 0)
return -1; return -1;
if (virXPathUIntBase("string(./policy)", ctxt, 16, &def->policy) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("failed to get launch security policy"));
return -1;
}
/* the following attributes are platform dependent and if missing, we can /* the following attributes are platform dependent and if missing, we can
* autofill them from domain capabilities later * autofill them from domain capabilities later
*/ */
@ -13658,6 +13652,23 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
return -1; return -1;
} }
return 0;
}
static int
virDomainSEVDefParseXML(virDomainSEVDef *def,
xmlXPathContextPtr ctxt)
{
if (virDomainSEVCommonDefParseXML(&def->common, ctxt) < 0)
return -1;
if (virXPathUIntBase("string(./policy)", ctxt, 16, &def->policy) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("failed to get launch security policy"));
return -1;
}
def->dh_cert = virXPathString("string(./dhCert)", ctxt); def->dh_cert = virXPathString("string(./dhCert)", ctxt);
def->session = virXPathString("string(./session)", ctxt); def->session = virXPathString("string(./session)", ctxt);
@ -26641,6 +26652,24 @@ virDomainKeyWrapDefFormat(virBuffer *buf, virDomainKeyWrapDef *keywrap)
} }
static void
virDomainSEVCommonDefFormat(virBuffer *attrBuf,
virBuffer *childBuf,
virDomainSEVCommonDef *def)
{
if (def->kernel_hashes != VIR_TRISTATE_BOOL_ABSENT)
virBufferAsprintf(attrBuf, " kernelHashes='%s'",
virTristateBoolTypeToString(def->kernel_hashes));
if (def->haveCbitpos)
virBufferAsprintf(childBuf, "<cbitpos>%d</cbitpos>\n", def->cbitpos);
if (def->haveReducedPhysBits)
virBufferAsprintf(childBuf, "<reducedPhysBits>%d</reducedPhysBits>\n",
def->reduced_phys_bits);
}
static void static void
virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec) virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
{ {
@ -26657,16 +26686,8 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
case VIR_DOMAIN_LAUNCH_SECURITY_SEV: { case VIR_DOMAIN_LAUNCH_SECURITY_SEV: {
virDomainSEVDef *sev = &sec->data.sev; virDomainSEVDef *sev = &sec->data.sev;
if (sev->kernel_hashes != VIR_TRISTATE_BOOL_ABSENT) virDomainSEVCommonDefFormat(&attrBuf, &childBuf, &sev->common);
virBufferAsprintf(&attrBuf, " kernelHashes='%s'",
virTristateBoolTypeToString(sev->kernel_hashes));
if (sev->haveCbitpos)
virBufferAsprintf(&childBuf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
if (sev->haveReducedPhysBits)
virBufferAsprintf(&childBuf, "<reducedPhysBits>%d</reducedPhysBits>\n",
sev->reduced_phys_bits);
virBufferAsprintf(&childBuf, "<policy>0x%04x</policy>\n", sev->policy); virBufferAsprintf(&childBuf, "<policy>0x%04x</policy>\n", sev->policy);
virBufferEscapeString(&childBuf, "<dhCert>%s</dhCert>\n", sev->dh_cert); virBufferEscapeString(&childBuf, "<dhCert>%s</dhCert>\n", sev->dh_cert);

13
src/conf/domain_conf.h
View File

@ -2866,10 +2866,7 @@ typedef enum {
} virDomainLaunchSecurity; } virDomainLaunchSecurity;
struct _virDomainSEVDef { struct _virDomainSEVCommonDef {
char *dh_cert;
char *session;
unsigned int policy;
bool haveCbitpos; bool haveCbitpos;
unsigned int cbitpos; unsigned int cbitpos;
bool haveReducedPhysBits; bool haveReducedPhysBits;
@ -2877,6 +2874,14 @@ struct _virDomainSEVDef {
virTristateBool kernel_hashes; virTristateBool kernel_hashes;
}; };
struct _virDomainSEVDef {
virDomainSEVCommonDef common;
char *dh_cert;
char *session;
unsigned int policy;
};
struct _virDomainSecDef { struct _virDomainSecDef {
virDomainLaunchSecurity sectype; virDomainLaunchSecurity sectype;
union { union {

24
src/conf/schemas/domaincommon.rng
View File

@ -524,6 +524,19 @@
</element> </element>
</define> </define>
<define name="launchSecuritySEVCommon">
<optional>
<element name="cbitpos">
<data type="unsignedInt"/>
</element>
</optional>
<optional>
<element name="reducedPhysBits">
<data type="unsignedInt"/>
</element>
</optional>
</define>
<define name="launchSecuritySEV"> <define name="launchSecuritySEV">
<attribute name="type"> <attribute name="type">
<value>sev</value> <value>sev</value>
@ -534,16 +547,7 @@
</attribute> </attribute>
</optional> </optional>
<interleave> <interleave>
<optional> <ref name="launchSecuritySEVCommon"/>
<element name="cbitpos">
<data type="unsignedInt"/>
</element>
</optional>
<optional>
<element name="reducedPhysBits">
<data type="unsignedInt"/>
</element>
</optional>
<element name="policy"> <element name="policy">
<ref name="hexuint"/> <ref name="hexuint"/>
</element> </element>

2
src/conf/virconftypes.h
View File

@ -210,6 +210,8 @@ typedef struct _virDomainResctrlMonDef virDomainResctrlMonDef;
typedef struct _virDomainResourceDef virDomainResourceDef; typedef struct _virDomainResourceDef virDomainResourceDef;
typedef struct _virDomainSEVCommonDef virDomainSEVCommonDef;
typedef struct _virDomainSEVDef virDomainSEVDef; typedef struct _virDomainSEVDef virDomainSEVDef;
typedef struct _virDomainSecDef virDomainSecDef; typedef struct _virDomainSecDef virDomainSecDef;

8
src/qemu/qemu_command.c
View File

@ -9728,7 +9728,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
g_autofree char *sessionpath = NULL; g_autofree char *sessionpath = NULL;
VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d", VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
sev->policy, sev->cbitpos, sev->reduced_phys_bits); sev->policy, sev->common.cbitpos, sev->common.reduced_phys_bits);
if (sev->dh_cert) if (sev->dh_cert)
dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir); dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir);
@ -9737,12 +9737,12 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
sessionpath = g_strdup_printf("%s/session.base64", priv->libDir); sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0", if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
"u:cbitpos", sev->cbitpos, "u:cbitpos", sev->common.cbitpos,
"u:reduced-phys-bits", sev->reduced_phys_bits, "u:reduced-phys-bits", sev->common.reduced_phys_bits,
"u:policy", sev->policy, "u:policy", sev->policy,
"S:dh-cert-file", dhpath, "S:dh-cert-file", dhpath,
"S:session-file", sessionpath, "S:session-file", sessionpath,
"T:kernel-hashes", sev->kernel_hashes, "T:kernel-hashes", sev->common.kernel_hashes,
NULL) < 0) NULL) < 0)
return -1; return -1;

12
src/qemu/qemu_process.c
View File

@ -6569,14 +6569,14 @@ qemuProcessUpdateSEVInfo(virDomainObj *vm)
* mandatory on QEMU cmdline * mandatory on QEMU cmdline
*/ */
sevCaps = virQEMUCapsGetSEVCapabilities(qemuCaps); sevCaps = virQEMUCapsGetSEVCapabilities(qemuCaps);
if (!sev->haveCbitpos) { if (!sev->common.haveCbitpos) {
sev->cbitpos = sevCaps->cbitpos; sev->common.cbitpos = sevCaps->cbitpos;
sev->haveCbitpos = true; sev->common.haveCbitpos = true;
} }
if (!sev->haveReducedPhysBits) { if (!sev->common.haveReducedPhysBits) {
sev->reduced_phys_bits = sevCaps->reduced_phys_bits; sev->common.reduced_phys_bits = sevCaps->reduced_phys_bits;
sev->haveReducedPhysBits = true; sev->common.haveReducedPhysBits = true;
} }
return 0; return 0;

2
src/qemu/qemu_validate.c
View File

@ -1318,7 +1318,7 @@ qemuValidateDomainDef(const virDomainDef *def,
return -1; return -1;
} }
if (def->sec->data.sev.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT && if (def->sec->data.sev.common.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT &&
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) { !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("SEV measured direct kernel boot is not supported with this QEMU binary")); _("SEV measured direct kernel boot is not supported with this QEMU binary"));