[PATCH 3/4] conf: add s390-pv as launch security type
Daniel Henrique Barboza
danielhb413 at gmail.com
Wed May 19 20:05:00 UTC 2021
On 5/19/21 4:34 PM, Daniel Henrique Barboza wrote:
>
>
> On 5/19/21 2:40 PM, Boris Fiuczynski wrote:
>> Add launch security type 's390-pv' as well as some tests.
>>
>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> ---
>> docs/schemas/domaincommon.rng | 1 +
>> src/conf/domain_conf.c | 8 +++++
>> src/conf/domain_conf.h | 1 +
>> src/qemu/qemu_command.c | 26 ++++++++++++++
>> src/qemu/qemu_namespace.c | 1 +
>> src/qemu/qemu_process.c | 1 +
>> src/qemu/qemu_validate.c | 8 +++++
>> .../launch-security-s390-pv-ignore-policy.xml | 24 +++++++++++++
>> .../launch-security-s390-pv.xml | 18 ++++++++++
>> .../launch-security-s390-pv-ignore-policy.xml | 1 +
>> tests/genericxml2xmltest.c | 2 ++
>> ...ty-s390-pv-ignore-policy.s390x-latest.args | 35 +++++++++++++++++++
>> .../launch-security-s390-pv-ignore-policy.xml | 33 +++++++++++++++++
>> .../launch-security-s390-pv.s390x-latest.args | 35 +++++++++++++++++++
>> .../launch-security-s390-pv.xml | 30 ++++++++++++++++
>> tests/qemuxml2argvtest.c | 3 ++
>> 16 files changed, 227 insertions(+)
>> create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
>> create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
>> create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
>> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
>> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
>> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
>> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
>>
>> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
>> index 3df13a0cf1..7c92e4c812 100644
>> --- a/docs/schemas/domaincommon.rng
>> +++ b/docs/schemas/domaincommon.rng
>> @@ -485,6 +485,7 @@
>> <attribute name="type">
>> <choice>
>> <value>sev</value>
>> + <value>s390-pv</value>
>> </choice>
>> </attribute>
>> <interleave>
>
> You added a new 's390-pv' security type, but down there you're using
> the new confidential-guest-support feature from QEMU 6.0 which is also
> valid for AMD and pSeries. I think you can do a little change in the idea
> of these patches while keeping most of it. Instead of calling this new
> support 's390-pv', call it 'confidential-guest-support' or 'CGS'.
>
> My reasoning is that the QEMU community (namely David Gibson, qemu-ppc
> maintainer) went into a lot of discussions back and forth to develop the
> confidential-guest-support machine option, based on what was at first AMD-SEV
> specific code, with the intention of make it easier for users to enable
> secure guests across machine types. I believe Libvirt should follow suit
> and do the same - a single option to enable secure guest supports for
> all guests, with any differences in the support being handled by each arch
> deep down in the driver.
>
> Otherwise, what will end up happening is that when someone (probably myself)
> come along with the secure guest support for pSeries (PEF), I will need to
> create yet another launch type 'ppc64-pef' to do basically the same thing you're
> already doing for s390x, which is adding '-machine confidential-guest-support=<>'
> in the QEMU command line. Same thing with AMD SEV, and with any other
> arch that QEMU might support with the confidential-guest-support option. We're
> going to add extra XML parsing code and docs to handle the same thing.
>
> Note that I'm not asking you to go ahead and implement the Libvirt support for
> all the 3 archs. What I'm asking is to change the name of the launch security
> type in the domain XML and docs to reflect that this will be the same type
> that all other archs that has confidential-guest-support will end up using.
Just remembered that there's an open bug related to the generic
confidential-guest-support implementation in Libvirt like I mentioned
above:
https://bugzilla.redhat.com/show_bug.cgi?id=1961032
Pavel, CCing you since you're the current assignee of the bug.
Daniel
>
>
> Thanks,
>
>
> Daniel
>
>
>
>
>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index 228de5d715..11ec8c8b0c 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -1393,6 +1393,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
>> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
>> "",
>> "sev",
>> + "s390-pv",
>> );
>> static virClass *virDomainObjClass;
>> @@ -14762,6 +14763,8 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
>> if (!sec->sev)
>> return NULL;
>> break;
>> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> + break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>> default:
>> @@ -26896,6 +26899,11 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
>> break;
>> }
>> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> + virBufferAsprintf(buf, "<launchSecurity type='%s'/>\n",
>> + virDomainLaunchSecurityTypeToString(sec->sectype));
>> + break;
>> +
>> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>> break;
>> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
>> index dd78f30ace..1d92065c7b 100644
>> --- a/src/conf/domain_conf.h
>> +++ b/src/conf/domain_conf.h
>> @@ -2631,6 +2631,7 @@ struct _virDomainKeyWrapDef {
>> typedef enum {
>> VIR_DOMAIN_LAUNCH_SECURITY_NONE,
>> VIR_DOMAIN_LAUNCH_SECURITY_SEV,
>> + VIR_DOMAIN_LAUNCH_SECURITY_PV,
>> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
>> } virDomainLaunchSecurity;
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index 10dcf11d5b..67024f99b9 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -6992,6 +6992,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
>> case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
>> virBufferAddLit(&buf, ",memory-encryption=sev0");
>> break;
>> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> + virBufferAddLit(&buf, ",confidential-guest-support=pv0");
>> + break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>> break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>> @@ -9879,6 +9882,26 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
>> }
>> +static int
>> +qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
>> +{
>> + g_autoptr(virJSONValue) props = NULL;
>> + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
>> + qemuDomainObjPrivate *priv = vm->privateData;
>> +
>> + if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest", "pv0",
>> + NULL) < 0)
>> + return -1;
>> +
>> + if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
>> + return -1;
>> +
>> + virCommandAddArg(cmd, "-object");
>> + virCommandAddArgBuffer(cmd, &buf);
>> + return 0;
>> +}
>> +
>> +
>> static int
>> qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
>> virDomainSecDef *sec)
>> @@ -9890,6 +9913,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
>> case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
>> return qemuBuildSEVCommandLine(vm, cmd, sec->sev);
>> break;
>> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> + return qemuBuildPVCommandLine(vm, cmd);
>> + break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>> break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>> diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
>> index 0dd1291c5d..7cc35986da 100644
>> --- a/src/qemu/qemu_namespace.c
>> +++ b/src/qemu/qemu_namespace.c
>> @@ -607,6 +607,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
>> VIR_DEBUG("Set up launch security for SEV");
>> break;
>> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>> break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
>> index a7d88015ba..cb94979b26 100644
>> --- a/src/qemu/qemu_process.c
>> +++ b/src/qemu/qemu_process.c
>> @@ -6637,6 +6637,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
>> switch ((virDomainLaunchSecurity) sec->sectype) {
>> case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
>> return qemuProcessPrepareSEVGuestInput(vm, sec);
>> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>> break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
>> index 78582a7c2a..0dea33d08c 100644
>> --- a/src/qemu/qemu_validate.c
>> +++ b/src/qemu/qemu_validate.c
>> @@ -1224,6 +1224,14 @@ qemuValidateDomainDef(const virDomainDef *def,
>> return -1;
>> }
>> break;
>> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
>> + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST)) {
>> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>> + _("S390 PV launch security is not supported with "
>> + "this QEMU binary"));
>> + return -1;
>> + }
>> + break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>> break;
>> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
>> diff --git a/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml b/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
>> new file mode 100644
>> index 0000000000..0c398cced8
>> --- /dev/null
>> +++ b/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
>> @@ -0,0 +1,24 @@
>> +<domain type='kvm'>
>> + <name>QEMUGuest1</name>
>> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
>> + <memory unit='KiB'>219100</memory>
>> + <currentMemory unit='KiB'>219100</currentMemory>
>> + <vcpu placement='static'>1</vcpu>
>> + <os>
>> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
>> + <boot dev='hd'/>
>> + </os>
>> + <clock offset='utc'/>
>> + <on_poweroff>destroy</on_poweroff>
>> + <on_reboot>restart</on_reboot>
>> + <on_crash>destroy</on_crash>
>> + <devices>
>> + </devices>
>> + <launchSecurity type='s390-pv'>
>> + <cbitpos>47</cbitpos>
>> + <reducedPhysBits>1</reducedPhysBits>
>> + <policy>0x0001</policy>
>> + <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
>> + <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
>> + </launchSecurity>
>> +</domain>
>> diff --git a/tests/genericxml2xmlindata/launch-security-s390-pv.xml b/tests/genericxml2xmlindata/launch-security-s390-pv.xml
>> new file mode 100644
>> index 0000000000..29c7fc152d
>> --- /dev/null
>> +++ b/tests/genericxml2xmlindata/launch-security-s390-pv.xml
>> @@ -0,0 +1,18 @@
>> +<domain type='kvm'>
>> + <name>QEMUGuest1</name>
>> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
>> + <memory unit='KiB'>219100</memory>
>> + <currentMemory unit='KiB'>219100</currentMemory>
>> + <vcpu placement='static'>1</vcpu>
>> + <os>
>> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
>> + <boot dev='hd'/>
>> + </os>
>> + <clock offset='utc'/>
>> + <on_poweroff>destroy</on_poweroff>
>> + <on_reboot>restart</on_reboot>
>> + <on_crash>destroy</on_crash>
>> + <devices>
>> + </devices>
>> + <launchSecurity type='s390-pv'/>
>> +</domain>
>> diff --git a/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml b/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
>> new file mode 120000
>> index 0000000000..075c72603d
>> --- /dev/null
>> +++ b/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
>> @@ -0,0 +1 @@
>> +../genericxml2xmlindata/launch-security-s390-pv.xml
>> \ No newline at end of file
>> diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c
>> index ac89422a32..eb15f66c3c 100644
>> --- a/tests/genericxml2xmltest.c
>> +++ b/tests/genericxml2xmltest.c
>> @@ -233,6 +233,8 @@ mymain(void)
>> DO_TEST("tseg");
>> DO_TEST("launch-security-sev");
>> + DO_TEST("launch-security-s390-pv");
>> + DO_TEST_DIFFERENT("launch-security-s390-pv-ignore-policy");
>> DO_TEST_DIFFERENT("cputune");
>> DO_TEST("device-backenddomain");
>> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
>> new file mode 100644
>> index 0000000000..c9d9b84dd3
>> --- /dev/null
>> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
>> @@ -0,0 +1,35 @@
>> +LC_ALL=C \
>> +PATH=/bin \
>> +HOME=/tmp/lib/domain--1-QEMUGuest1 \
>> +USER=test \
>> +LOGNAME=test \
>> +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
>> +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
>> +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
>> +/usr/bin/qemu-system-s390x \
>> +-name guest=QEMUGuest1,debug-threads=on \
>> +-S \
>> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
>> +-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram \
>> +-cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \
>> +-m 214 \
>> +-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
>> +-overcommit mem-lock=off \
>> +-smp 1,sockets=1,cores=1,threads=1 \
>> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
>> +-display none \
>> +-no-user-config \
>> +-nodefaults \
>> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
>> +-mon chardev=charmonitor,id=monitor,mode=control \
>> +-rtc base=utc \
>> +-no-shutdown \
>> +-boot strict=on \
>> +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
>> +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
>> +-device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
>> +-audiodev id=audio1,driver=none \
>> +-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
>> +-object '{"qom-type":"s390-pv-guest","id":"pv0"}' \
>> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
>> +-msg timestamp=on
>> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
>> new file mode 100644
>> index 0000000000..052d96dedb
>> --- /dev/null
>> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
>> @@ -0,0 +1,33 @@
>> +<domain type='kvm'>
>> + <name>QEMUGuest1</name>
>> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
>> + <memory unit='KiB'>219100</memory>
>> + <currentMemory unit='KiB'>219100</currentMemory>
>> + <vcpu placement='static'>1</vcpu>
>> + <os>
>> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
>> + <boot dev='hd'/>
>> + </os>
>> + <clock offset='utc'/>
>> + <on_poweroff>destroy</on_poweroff>
>> + <on_reboot>restart</on_reboot>
>> + <on_crash>destroy</on_crash>
>> + <devices>
>> + <emulator>/usr/bin/qemu-system-s390x</emulator>
>> + <disk type='block' device='disk'>
>> + <driver name='qemu' type='raw'/>
>> + <source dev='/dev/HostVG/QEMUGuest1'/>
>> + <target dev='hda' bus='virtio'/>
>> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
>> + </disk>
>> + <controller type='pci' index='0' model='pci-root'/>
>> + <memballoon model='virtio'>
>> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
>> + </memballoon>
>> + <panic model='s390'/>
>> + </devices>
>> + <launchSecurity type='s390-pv'>
>> + <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
>> + <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
>> + </launchSecurity>
>> +</domain>
>> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
>> new file mode 100644
>> index 0000000000..c9d9b84dd3
>> --- /dev/null
>> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
>> @@ -0,0 +1,35 @@
>> +LC_ALL=C \
>> +PATH=/bin \
>> +HOME=/tmp/lib/domain--1-QEMUGuest1 \
>> +USER=test \
>> +LOGNAME=test \
>> +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
>> +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
>> +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
>> +/usr/bin/qemu-system-s390x \
>> +-name guest=QEMUGuest1,debug-threads=on \
>> +-S \
>> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
>> +-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram \
>> +-cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \
>> +-m 214 \
>> +-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
>> +-overcommit mem-lock=off \
>> +-smp 1,sockets=1,cores=1,threads=1 \
>> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
>> +-display none \
>> +-no-user-config \
>> +-nodefaults \
>> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
>> +-mon chardev=charmonitor,id=monitor,mode=control \
>> +-rtc base=utc \
>> +-no-shutdown \
>> +-boot strict=on \
>> +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
>> +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
>> +-device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
>> +-audiodev id=audio1,driver=none \
>> +-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
>> +-object '{"qom-type":"s390-pv-guest","id":"pv0"}' \
>> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
>> +-msg timestamp=on
>> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv.xml b/tests/qemuxml2argvdata/launch-security-s390-pv.xml
>> new file mode 100644
>> index 0000000000..c40c2b4bf2
>> --- /dev/null
>> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv.xml
>> @@ -0,0 +1,30 @@
>> +<domain type='kvm'>
>> + <name>QEMUGuest1</name>
>> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
>> + <memory unit='KiB'>219100</memory>
>> + <currentMemory unit='KiB'>219100</currentMemory>
>> + <vcpu placement='static'>1</vcpu>
>> + <os>
>> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
>> + <boot dev='hd'/>
>> + </os>
>> + <clock offset='utc'/>
>> + <on_poweroff>destroy</on_poweroff>
>> + <on_reboot>restart</on_reboot>
>> + <on_crash>destroy</on_crash>
>> + <devices>
>> + <emulator>/usr/bin/qemu-system-s390x</emulator>
>> + <disk type='block' device='disk'>
>> + <driver name='qemu' type='raw'/>
>> + <source dev='/dev/HostVG/QEMUGuest1'/>
>> + <target dev='hda' bus='virtio'/>
>> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
>> + </disk>
>> + <controller type='pci' index='0' model='pci-root'/>
>> + <memballoon model='virtio'>
>> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
>> + </memballoon>
>> + <panic model='s390'/>
>> + </devices>
>> + <launchSecurity type='s390-pv'/>
>> +</domain>
>> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
>> index 594a01de45..f1475dc700 100644
>> --- a/tests/qemuxml2argvtest.c
>> +++ b/tests/qemuxml2argvtest.c
>> @@ -3498,6 +3498,9 @@ mymain(void)
>> DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0");
>> DO_TEST_CAPS_VER_PARSE_ERROR("launch-security-sev-missing-policy", "2.12.0");
>> + DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv", "s390x");
>> + DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv-ignore-policy", "s390x");
>> +
>> DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
>> DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
>> DO_TEST_CAPS_LATEST_PARSE_ERROR("vhost-user-fs-readonly");
>>
More information about the libvir-list
mailing list