[PATCH 3/3] qemu: Implement the virDomainSetLaunchSecurityState API

Daniel P. Berrangé berrange at redhat.com
Mon Dec 6 11:01:42 UTC 2021 

On Fri, Dec 03, 2021 at 05:44:24PM -0700, Jim Fehlig wrote:
> On 12/3/21 08:10, Daniel P. Berrangé wrote:
> > On Tue, Nov 30, 2021 at 04:52:00PM -0700, Jim Fehlig wrote:
> > > Set a launch secret in guest memory using the sev-inject-launch-secret
> > > QMP API. Only supported for SEV-enabled guests.
> > > 
> > > Signed-off-by: Jim Fehlig <jfehlig at suse.com>
> > > ---
> > >   src/qemu/qemu_driver.c       | 78 ++++++++++++++++++++++++++++++++++++
> > >   src/qemu/qemu_monitor.c      | 12 ++++++
> > >   src/qemu/qemu_monitor.h      |  6 +++
> > >   src/qemu/qemu_monitor_json.c | 34 ++++++++++++++++
> > >   src/qemu/qemu_monitor_json.h |  5 +++
> > >   5 files changed, 135 insertions(+)
> > > 
> > > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> > > index 4e680bc0a7..b6ee41b29e 100644
> > > --- a/src/qemu/qemu_driver.c
> > > +++ b/src/qemu/qemu_driver.c
> > > @@ -20056,6 +20056,83 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
> > >       return ret;
> > >   }
> > > +
> > > +static int
> > > +qemuDomainSetLaunchSecurityState(virDomainPtr domain,
> > > +                                 virTypedParameterPtr params,
> > > +                                 int nparams,
> > > +                                 unsigned int flags)
> > > +{
> > > +    virQEMUDriver *driver = domain->conn->privateData;
> > > +    virDomainObj *vm;
> > > +    int ret = -1;
> > > +    size_t i;
> > > +    g_autofree char *secrethdr = NULL;
> > > +    g_autofree char *secret = NULL;
> > > +    long long setaddr = -1;
> > 
> > unsigned, but would need to defaut to 0 then i guess.
> 
> As Peter mentioned, 0 may be a valid injection address
> 
> https://listman.redhat.com/archives/libvir-list/2021-November/msg00463.html
> 
> The address in optional in the qemu API, in which case it is retrieved from
> ovmf IIUC. I used a signed variable here to distinguish between user not
> providing an address and providing one, including a valid value of 0.

In terms of the API / RPC we can already distinguish the two
scenarios.

 - If there is a parameter for the address with a value of 0,
   then it is an explicit address

 - If there is no parameter set at all, then we rely no the
   ovmf magic lookup.

All we're missing is a way to distinguish the two scenarios when inside
the QEMU driver. That's doable with just a 'bool hasSetaddr' parameter,
which defaults to false, and gets set to true, if-and-only-if the
VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS param is present.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list