[PATCH v3 5/6] conf: add s390-pv as launch security type

Boris Fiuczynski fiuczy at linux.ibm.com
Fri Jul 2 13:46:43 UTC 2021


On 6/25/21 12:00 PM, Pavel Hrdina wrote:
> On Tue, Jun 22, 2021 at 03:10:48PM +0200, Boris Fiuczynski wrote:
>> Add launch security type 's390-pv' as well as some tests.
>>
>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> Reviewed-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
>> ---
>>   docs/schemas/domaincommon.rng                 |  1 +
>>   src/conf/domain_conf.c                        |  8 +++++
>>   src/conf/domain_conf.h                        |  1 +
>>   src/qemu/qemu_command.c                       | 26 ++++++++++++++
>>   src/qemu/qemu_firmware.c                      |  1 +
>>   src/qemu/qemu_namespace.c                     |  1 +
>>   src/qemu/qemu_process.c                       |  1 +
>>   src/qemu/qemu_validate.c                      |  9 +++++
>>   .../launch-security-s390-pv-ignore-policy.xml | 24 +++++++++++++
>>   .../launch-security-s390-pv.xml               | 18 ++++++++++
>>   .../launch-security-s390-pv-ignore-policy.xml |  1 +
>>   tests/genericxml2xmltest.c                    |  2 ++
>>   ...ty-s390-pv-ignore-policy.s390x-latest.args | 35 +++++++++++++++++++
>>   .../launch-security-s390-pv-ignore-policy.xml | 33 +++++++++++++++++
>>   .../launch-security-s390-pv.s390x-latest.args | 35 +++++++++++++++++++
>>   .../launch-security-s390-pv.xml               | 30 ++++++++++++++++
>>   tests/qemuxml2argvtest.c                      |  3 ++
>>   17 files changed, 229 insertions(+)
>>   create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
>>   create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
>>   create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
>>   create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
>>   create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
>>   create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
>>   create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
>>

<snip>

>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index 4135a8444a..3ab803f7ce 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -6975,6 +6975,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
>>                   virBufferAddLit(&buf, ",memory-encryption=sev0");
>>               }
>>               break;
>> +        case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> +            virBufferAddLit(&buf, ",confidential-guest-support=pv0");
>> +            break;
> 
> This could be possible shared for all launchSecurity types as well but
> it can be done as followup. That would mean using for example lsec0
> instead of sev0, pv0, somethingelse0 and so on. It's just an id which
> can be anything.
> 

I will add an follow-up patch which changes the id to a common id 'lsec0'.


>>           case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>>               break;
>>           case VIR_DOMAIN_LAUNCH_SECURITY_LAST:

<snip/>

>> diff --git a/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml b/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
>> new file mode 100644
>> index 0000000000..0c398cced8
>> --- /dev/null
>> +++ b/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
>> @@ -0,0 +1,24 @@
>> +<domain type='kvm'>
>> +  <name>QEMUGuest1</name>
>> +  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
>> +  <memory unit='KiB'>219100</memory>
>> +  <currentMemory unit='KiB'>219100</currentMemory>
>> +  <vcpu placement='static'>1</vcpu>
>> +  <os>
>> +    <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
>> +    <boot dev='hd'/>
>> +  </os>
>> +  <clock offset='utc'/>
>> +  <on_poweroff>destroy</on_poweroff>
>> +  <on_reboot>restart</on_reboot>
>> +  <on_crash>destroy</on_crash>
>> +  <devices>
>> +  </devices>
>> +  <launchSecurity type='s390-pv'>
>> +    <cbitpos>47</cbitpos>
>> +    <reducedPhysBits>1</reducedPhysBits>
>> +    <policy>0x0001</policy>
>> +    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
>> +    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
> 
> I thing we should not ignore invalid XML bits and error out instead.


This would result in s390-pv checking for the existence of any child 
elements and if there is a child fail.
If other launchSecurity types come along with new or shared child 
elements checking for SEV and the new types would have to added/changed.
Wouldn't that get messy quickly?


> 
>> +  </launchSecurity>
>> +</domain>
>> diff --git a/tests/genericxml2xmlindata/launch-security-s390-pv.xml b/tests/genericxml2xmlindata/launch-security-s390-pv.xml
>> new file mode 100644
>> index 0000000000..29c7fc152d
>> --- /dev/null
>> +++ b/tests/genericxml2xmlindata/launch-security-s390-pv.xml
>> @@ -0,0 +1,18 @@
>> +<domain type='kvm'>
>> +  <name>QEMUGuest1</name>
>> +  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
>> +  <memory unit='KiB'>219100</memory>
>> +  <currentMemory unit='KiB'>219100</currentMemory>
>> +  <vcpu placement='static'>1</vcpu>
>> +  <os>
>> +    <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
>> +    <boot dev='hd'/>
>> +  </os>
>> +  <clock offset='utc'/>
>> +  <on_poweroff>destroy</on_poweroff>
>> +  <on_reboot>restart</on_reboot>
>> +  <on_crash>destroy</on_crash>
>> +  <devices>
>> +  </devices>
>> +  <launchSecurity type='s390-pv'/>
>> +</domain>
>> diff --git a/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml b/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
>> new file mode 120000
>> index 0000000000..075c72603d
>> --- /dev/null
>> +++ b/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
>> @@ -0,0 +1 @@
>> +../genericxml2xmlindata/launch-security-s390-pv.xml
>> \ No newline at end of file
>> diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c
>> index ac89422a32..eb15f66c3c 100644
>> --- a/tests/genericxml2xmltest.c
>> +++ b/tests/genericxml2xmltest.c
>> @@ -233,6 +233,8 @@ mymain(void)
>>       DO_TEST("tseg");
>>   
>>       DO_TEST("launch-security-sev");
>> +    DO_TEST("launch-security-s390-pv");
>> +    DO_TEST_DIFFERENT("launch-security-s390-pv-ignore-policy");
>>   
>>       DO_TEST_DIFFERENT("cputune");
>>       DO_TEST("device-backenddomain");
>> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
>> new file mode 100644
>> index 0000000000..c9d9b84dd3
>> --- /dev/null
>> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
>> @@ -0,0 +1,35 @@
>> +LC_ALL=C \
>> +PATH=/bin \
>> +HOME=/tmp/lib/domain--1-QEMUGuest1 \
>> +USER=test \
>> +LOGNAME=test \
>> +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
>> +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
>> +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
>> +/usr/bin/qemu-system-s390x \
>> +-name guest=QEMUGuest1,debug-threads=on \
>> +-S \
>> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
>> +-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram \
>> +-cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \
>> +-m 214 \
>> +-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
>> +-overcommit mem-lock=off \
>> +-smp 1,sockets=1,cores=1,threads=1 \
>> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
>> +-display none \
>> +-no-user-config \
>> +-nodefaults \
>> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
>> +-mon chardev=charmonitor,id=monitor,mode=control \
>> +-rtc base=utc \
>> +-no-shutdown \
>> +-boot strict=on \
>> +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
>> +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
>> +-device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
>> +-audiodev id=audio1,driver=none \
>> +-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
>> +-object '{"qom-type":"s390-pv-guest","id":"pv0"}' \
>> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
>> +-msg timestamp=on
>> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
>> new file mode 100644
>> index 0000000000..052d96dedb
>> --- /dev/null
>> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
>> @@ -0,0 +1,33 @@
>> +<domain type='kvm'>
>> +  <name>QEMUGuest1</name>
>> +  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
>> +  <memory unit='KiB'>219100</memory>
>> +  <currentMemory unit='KiB'>219100</currentMemory>
>> +  <vcpu placement='static'>1</vcpu>
>> +  <os>
>> +    <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
>> +    <boot dev='hd'/>
>> +  </os>
>> +  <clock offset='utc'/>
>> +  <on_poweroff>destroy</on_poweroff>
>> +  <on_reboot>restart</on_reboot>
>> +  <on_crash>destroy</on_crash>
>> +  <devices>
>> +    <emulator>/usr/bin/qemu-system-s390x</emulator>
>> +    <disk type='block' device='disk'>
>> +      <driver name='qemu' type='raw'/>
>> +      <source dev='/dev/HostVG/QEMUGuest1'/>
>> +      <target dev='hda' bus='virtio'/>
>> +      <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
>> +    </disk>
>> +    <controller type='pci' index='0' model='pci-root'/>
>> +    <memballoon model='virtio'>
>> +      <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
>> +    </memballoon>
>> +    <panic model='s390'/>
>> +  </devices>
>> +  <launchSecurity type='s390-pv'>
>> +    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
>> +    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
> 
> This doesn't look correct, we should not format dhCert or session with
> s390-pv because based on the patches they are not used at all.

Isn't this the same issue as before about unsued elements being ignored?

> 
> Pavel
> 
>> +  </launchSecurity>
>> +</domain>

<snip/>


-- 
Mit freundlichen Grüßen/Kind regards
    Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294





More information about the libvir-list mailing list