[libvirt] [PATCH v5 06/10] libvirt: add new public API to get launch security info

John Ferlan jferlan at redhat.com
Mon Apr 2 23:06:59 UTC 2018 


On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> The API can be used outside the libvirt to get the launch security
> information. When SEV is enabled, the API can be used to get the
> measurement of the launch process.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
> ---
>  include/libvirt/libvirt-domain.h | 17 ++++++++++++++
>  src/driver-hypervisor.h          |  7 ++++++
>  src/libvirt-domain.c             | 48 ++++++++++++++++++++++++++++++++++++++++
>  src/libvirt_public.syms          |  5 +++++
>  4 files changed, 77 insertions(+)
> 
> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
> index 12fd340..6870a1a 100644
> --- a/include/libvirt/libvirt-domain.h
> +++ b/include/libvirt/libvirt-domain.h
> @@ -4764,4 +4764,21 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
>                                  unsigned int action,
>                                  unsigned int flags);
>  
> +/**
> + * Launch Security API
> + */
> +
> +/**
> + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT:
> + *
> + * Macro represents the launch measurement of the SEV guest,
> + * as VIR_TYPED_PARAM_STRING.
> + */
> +#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"

syntax-check tells you that this is incorrectly spaced - should be "#
define"

> +
> +int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
> +                                   virTypedParameterPtr *params,
> +                                   int *nparams,
> +                                   unsigned int flags);
> +
>  #endif /* __VIR_LIBVIRT_DOMAIN_H__ */
> diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
> index ce0e2b2..b066413 100644
> --- a/src/driver-hypervisor.h
> +++ b/src/driver-hypervisor.h
> @@ -1283,6 +1283,12 @@ typedef int
>                                    unsigned int action,
>                                    unsigned int flags);
>  
> +typedef int
> +(*virDrvDomainGetLaunchSecurityInfo)(virDomainPtr domain,
> +                                     virTypedParameterPtr *params,
> +                                     int *nparams,
> +                                     unsigned int flags);
> +
>  
>  typedef struct _virHypervisorDriver virHypervisorDriver;
>  typedef virHypervisorDriver *virHypervisorDriverPtr;
> @@ -1528,6 +1534,7 @@ struct _virHypervisorDriver {
>      virDrvDomainSetVcpu domainSetVcpu;
>      virDrvDomainSetBlockThreshold domainSetBlockThreshold;
>      virDrvDomainSetLifecycleAction domainSetLifecycleAction;
> +    virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo;
>  };
>  
>  
> diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> index 63d2ae2..5b63a3c 100644
> --- a/src/libvirt-domain.c
> +++ b/src/libvirt-domain.c
> @@ -12101,3 +12101,51 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
>      virDispatchError(domain->conn);
>      return -1;
>  }
> +
> +/**
> + * virDomainGetLaunchSecurityInfo:
> + * @domain: a domain object
> + * @params: where to store security info
> + * @nparams: number of items in @params
> + * @flags: currently used, set to 0.
> + *
> + * Get the launch security info. In case of the SEV guest, this will
> + * return the launch measurement.
> + *
> + * Returns -1 in case of failure, 0 in case of success.
> + */
> +int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
> +                                   virTypedParameterPtr *params,
> +                                   int *nparams,
> +                                   unsigned int flags)
> +{
> +    virConnectPtr conn = domain->conn;
> +
> +    VIR_DOMAIN_DEBUG(domain, "params=%p, nparams=%p flags=0x%x",
> +                     params, nparams, flags);
> +
> +    virResetLastError();
> +
> +    virCheckDomainReturn(domain, -1);
> +    virCheckNonNullArgGoto(params, error);
> +    virCheckNonNullArgGoto(nparams, error);
> +    virCheckReadOnlyGoto(conn->flags, error);
> +
> +    if (VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn,
> +                                 VIR_DRV_FEATURE_TYPED_PARAM_STRING))
> +        flags |= VIR_TYPED_PARAM_STRING_OKAY;
> +
> +    if (conn->driver->domainGetLaunchSecurityInfo) {
> +        int ret;
> +        ret = conn->driver->domainGetLaunchSecurityInfo(domain, params,
> +                                                        nparams, flags);
> +        if (ret < 0)
> +            goto error;
> +        return ret;
> +    }
> +    virReportUnsupportedError();
> +
> + error:
> +    virDispatchError(domain->conn);
> +    return -1;
> +}
> diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
> index 95df3a0..caba286 100644
> --- a/src/libvirt_public.syms
> +++ b/src/libvirt_public.syms
> @@ -785,4 +785,9 @@ LIBVIRT_4.1.0 {
>          virStoragePoolLookupByTargetPath;
>  } LIBVIRT_3.9.0;
>  
> +LIBVIRT_4.2.0 {

It's 4.3.0 now...

Otherwise, I think this looks fine.

John


> +    global:
> +        virDomainGetLaunchSecurityInfo;
> +} LIBVIRT_4.1.0;
> +
>  # .... define new API here using predicted next version number ....
>

More information about the libvir-list mailing list