[libvirt] [PATCH v5 08/10] qemu_driver: add support to launch security info
John Ferlan
jferlan at redhat.com
Mon Apr 2 23:29:45 UTC 2018
s/qemu_driver/qemu
s/add/Add/
On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> This patch implement the internal driver API for launch event into
s/implement/implements/
> qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
> to get the measurement of memory encrypted through launch sequence.
>
> Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
> ---
> src/qemu/qemu_driver.c | 66 ++++++++++++++++++++++++++++++++++++++++++++
> src/qemu/qemu_monitor.c | 8 ++++++
> src/qemu/qemu_monitor.h | 3 ++
> src/qemu/qemu_monitor_json.c | 32 +++++++++++++++++++++
> src/qemu/qemu_monitor_json.h | 2 ++
> 5 files changed, 111 insertions(+)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 072eb54..898aaf0 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -21332,6 +21332,71 @@ qemuDomainSetLifecycleAction(virDomainPtr dom,
> return ret;
> }
>
2 blank lines...
static int
qemuDomainGetSevMeasurement(type arg,
type arg...)
> +static int qemuDomainGetSevMeasurement(virQEMUDriverPtr driver,
> + virDomainObjPtr vm,
> + virTypedParameterPtr *params,
> + int *nparams,
> + unsigned int flags)
> +{
> + int ret = -1;
> + char *tmp;
> + int maxpar = 0;
> +
> + virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
> +
> + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
> + return -1;
If we don't get a job, no need to EndJob
> +
> + if (qemuDomainObjEnterMonitorAsync(driver, vm, QEMU_ASYNC_JOB_NONE) < 0)
> + goto endjob;
> +
> + tmp = qemuMonitorGetSevMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
> + if (tmp == NULL)
> + goto endjob;
> +
> + if (qemuDomainObjExitMonitor(driver, vm) < 0)
> + goto endjob;
> +
> + if (virTypedParamsAddString(params, nparams, &maxpar,
> + VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT,
> + tmp) < 0)
> + goto endjob;
> +
> + ret = 0;
> +
> + endjob:
> + qemuDomainObjEndJob(driver, vm);
> + return ret;
> +}
> +
> +
Could use some intro comments (inputs, outputs, etc)
> +static int
> +qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
> + virTypedParameterPtr *params,
> + int *nparams,
> + unsigned int flags)
> +{
> + virQEMUDriverPtr driver = domain->conn->privateData;
> + virDomainObjPtr vm;
> + int ret = -1;
> +
> + if (!(vm = qemuDomObjFromDomain(domain)))
> + goto cleanup;
> +
> + if (virDomainGetLaunchSecurityInfoEnsureACL(domain->conn, vm->def) < 0)
> + goto cleanup;
> +
> + if (vm->def->sev) {
> + if (qemuDomainGetSevMeasurement(driver, vm, params, nparams, flags) < 0)
> + goto cleanup;
> + }
> +
> + ret = 0;
> +
> + cleanup:
> + virDomainObjEndAPI(&vm);
> + return ret;
> +}
>
> static virHypervisorDriver qemuHypervisorDriver = {
> .name = QEMU_DRIVER_NAME,
> @@ -21552,6 +21617,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
> .domainSetVcpu = qemuDomainSetVcpu, /* 3.1.0 */
> .domainSetBlockThreshold = qemuDomainSetBlockThreshold, /* 3.2.0 */
> .domainSetLifecycleAction = qemuDomainSetLifecycleAction, /* 3.9.0 */
> + .domainGetLaunchSecurityInfo = qemuDomainGetLaunchSecurityInfo, /* 4.2.0 */
4.3.0 now...
> };
>
>
> diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
> index 44c2dff..877aaa56 100644
> --- a/src/qemu/qemu_monitor.c
> +++ b/src/qemu/qemu_monitor.c
> @@ -4417,3 +4417,11 @@ qemuMonitorSetWatchdogAction(qemuMonitorPtr mon,
>
> return qemuMonitorJSONSetWatchdogAction(mon, action);
> }
> +
> +char *
> +qemuMonitorGetSevMeasurement(qemuMonitorPtr mon)
> +{
> + QEMU_CHECK_MONITOR_NULL(mon);
> +
> + return qemuMonitorJSONGetSevMeasurement(mon);
> +}
> diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
> index efd3427..c475b73 100644
> --- a/src/qemu/qemu_monitor.h
> +++ b/src/qemu/qemu_monitor.h
> @@ -1188,4 +1188,7 @@ virJSONValuePtr qemuMonitorQueryNamedBlockNodes(qemuMonitorPtr mon);
>
> int qemuMonitorSetWatchdogAction(qemuMonitorPtr mon,
> const char *action);
> +char *
> +qemuMonitorGetSevMeasurement(qemuMonitorPtr mon);
> +
> #endif /* QEMU_MONITOR_H */
> diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
> index e67f7b7..be5731b 100644
> --- a/src/qemu/qemu_monitor_json.c
> +++ b/src/qemu/qemu_monitor_json.c
> @@ -7960,3 +7960,35 @@ qemuMonitorJSONSetWatchdogAction(qemuMonitorPtr mon,
> virJSONValueFree(reply);
> return ret;
> }
2 blank lines
Could also use some json output expections - you'll see some of the
functions provide some comments... could add a few here too.
John
> +> +char *
> +qemuMonitorJSONGetSevMeasurement(qemuMonitorPtr mon)
> +{
> + const char *tmp;
> + char *measurement = NULL;
> + virJSONValuePtr cmd;
> + virJSONValuePtr reply = NULL;
> + virJSONValuePtr data;
> +
> + if (!(cmd = qemuMonitorJSONMakeCommand("query-sev-launch-measure", NULL)))
> + return NULL;
> +
> + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
> + goto cleanup;
> +
> + if (qemuMonitorJSONCheckError(cmd, reply) < 0)
> + goto cleanup;
> +
> + data = virJSONValueObjectGetObject(reply, "return");
> +
> + if (!(tmp = virJSONValueObjectGetString(data, "data")))
> + goto cleanup;
> +
> + if (VIR_STRDUP(measurement, tmp) < 0)
> + goto cleanup;
> +
> + cleanup:
> + virJSONValueFree(cmd);
> + virJSONValueFree(reply);
> + return measurement;
> +}
> diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
> index f30ff1f..7d5e1f0 100644
> --- a/src/qemu/qemu_monitor_json.h
> +++ b/src/qemu/qemu_monitor_json.h
> @@ -342,6 +342,8 @@ int qemuMonitorJSONGetBlockIoThrottle(qemuMonitorPtr mon,
>
> int qemuMonitorJSONSystemWakeup(qemuMonitorPtr mon);
>
> +char *qemuMonitorJSONGetSevMeasurement(qemuMonitorPtr mon);
> +
> int qemuMonitorJSONGetVersion(qemuMonitorPtr mon,
> int *major,
> int *minor,
>
More information about the libvir-list
mailing list