libvirt/SOURCES/libvirt-tools-Secure-guest-check-on-s390-in-virt-host-validate.patch

From 085b955a75c49585d94fd5a19d6ac37833bb05cb Mon Sep 17 00:00:00 2001
Message-Id: <085b955a75c49585d94fd5a19d6ac37833bb05cb@dist-git>
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Wed, 24 Jun 2020 13:16:20 +0200
Subject: [PATCH] tools: Secure guest check on s390 in virt-host-validate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add checking in virt-host-validate for secure guest support
on s390 for IBM Secure Execution.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 0254ceab82f5e1f7b505730586d8c8337ecc5920)

https://bugzilla.redhat.com/show_bug.cgi?id=1848997
https://bugzilla.redhat.com/show_bug.cgi?id=1850351

Conflicts:
	tools/virt-host-validate-common.c
	tools/virt-host-validate-common.h
            - unrelated commit 4653a5194c1 was not backported

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Message-Id: <744e4ceb0760fe10ab0d82de24a78c280482d90d.1592996194.git.jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 tools/virt-host-validate-common.c | 64 ++++++++++++++++++++++++++++++-
 tools/virt-host-validate-common.h |  4 ++
 tools/virt-host-validate-qemu.c   |  4 ++
 3 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index bce0f14917..e59469a49b 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -39,7 +39,8 @@ VIR_ENUM_IMPL(virHostValidateCPUFlag,
               VIR_HOST_VALIDATE_CPU_FLAG_LAST,
               "vmx",
               "svm",
-              "sie");
+              "sie",
+              "158");
 
 static bool quiet;
 
@@ -209,7 +210,8 @@ virBitmapPtr virHostValidateGetCPUFlags(void)
          * on the architecture, so check possible prefixes */
         if (!STRPREFIX(line, "flags") &&
             !STRPREFIX(line, "Features") &&
-            !STRPREFIX(line, "features"))
+            !STRPREFIX(line, "features") &&
+            !STRPREFIX(line, "facilities"))
             continue;
 
         /* fgets() includes the trailing newline in the output buffer,
@@ -411,3 +413,61 @@ int virHostValidateIOMMU(const char *hvname,
     virHostMsgPass();
     return 0;
 }
+
+
+int virHostValidateSecureGuests(const char *hvname,
+                                virHostValidateLevel level)
+{
+    virBitmapPtr flags;
+    bool hasFac158 = false;
+    virArch arch = virArchFromHost();
+    g_autofree char *cmdline = NULL;
+    static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
+
+    flags = virHostValidateGetCPUFlags();
+
+    if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158))
+        hasFac158 = true;
+
+    virBitmapFree(flags);
+
+    virHostMsgCheck(hvname, "%s", _("for secure guest support"));
+    if (ARCH_IS_S390(arch)) {
+        if (hasFac158) {
+            if (!virFileIsDir("/sys/firmware/uv")) {
+                virHostMsgFail(level, "IBM Secure Execution not supported by "
+                                      "the currently used kernel");
+                return 0;
+            }
+
+            if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
+                return -1;
+
+            /* we're prefix matching rather than equality matching here, because
+             * kernel would treat even something like prot_virt='yFOO' as
+             * enabled
+             */
+            if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kIBMValues,
+                                           G_N_ELEMENTS(kIBMValues),
+                                           VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
+                                           VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX)) {
+                virHostMsgPass();
+                return 1;
+            } else {
+                virHostMsgFail(level,
+                               "IBM Secure Execution appears to be disabled "
+                               "in kernel. Add prot_virt=1 to kernel cmdline "
+                               "arguments");
+            }
+        } else {
+            virHostMsgFail(level, "Hardware or firmware does not provide "
+                                  "support for IBM Secure Execution");
+        }
+    } else {
+        virHostMsgFail(level,
+                       "Unknown if this platform has Secure Guest support");
+        return -1;
+    }
+
+    return 0;
+}
diff --git a/tools/virt-host-validate-common.h b/tools/virt-host-validate-common.h
index 1b7e93e520..1653c9c95b 100644
--- a/tools/virt-host-validate-common.h
+++ b/tools/virt-host-validate-common.h
@@ -38,6 +38,7 @@ typedef enum {
     VIR_HOST_VALIDATE_CPU_FLAG_VMX = 0,
     VIR_HOST_VALIDATE_CPU_FLAG_SVM,
     VIR_HOST_VALIDATE_CPU_FLAG_SIE,
+    VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158,
 
     VIR_HOST_VALIDATE_CPU_FLAG_LAST,
 } virHostValidateCPUFlag;
@@ -83,3 +84,6 @@ int virHostValidateCGroupControllers(const char *hvname,
 
 int virHostValidateIOMMU(const char *hvname,
                          virHostValidateLevel level);
+
+int virHostValidateSecureGuests(const char *hvname,
+                                virHostValidateLevel level);
diff --git a/tools/virt-host-validate-qemu.c b/tools/virt-host-validate-qemu.c
index ff3c1f0231..b38b0fbd6a 100644
--- a/tools/virt-host-validate-qemu.c
+++ b/tools/virt-host-validate-qemu.c
@@ -112,5 +112,9 @@ int virHostValidateQEMU(void)
                              VIR_HOST_VALIDATE_WARN) < 0)
         ret = -1;
 
+    if (virHostValidateSecureGuests("QEMU",
+                                    VIR_HOST_VALIDATE_WARN) < 0)
+        ret = -1;
+
     return ret;
 }
-- 
2.27.0
import libvirt-6.0.0-27.module+el8.3.0+7602+4b93512e 2020-08-27 18:56:47 +00:00			`From 085b955a75c49585d94fd5a19d6ac37833bb05cb Mon Sep 17 00:00:00 2001`
			`Message-Id: <085b955a75c49585d94fd5a19d6ac37833bb05cb@dist-git>`
			`From: Boris Fiuczynski <fiuczy@linux.ibm.com>`
			`Date: Wed, 24 Jun 2020 13:16:20 +0200`
			`Subject: [PATCH] tools: Secure guest check on s390 in virt-host-validate`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Add checking in virt-host-validate for secure guest support`
			`on s390 for IBM Secure Execution.`

			`Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>`
			`Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>`
			`Reviewed-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>`
			`Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>`
			`Reviewed-by: Erik Skultety <eskultet@redhat.com>`
			`(cherry picked from commit 0254ceab82f5e1f7b505730586d8c8337ecc5920)`

			`https://bugzilla.redhat.com/show_bug.cgi?id=1848997`
			`https://bugzilla.redhat.com/show_bug.cgi?id=1850351`

			`Conflicts:`
			`tools/virt-host-validate-common.c`
			`tools/virt-host-validate-common.h`
			`- unrelated commit 4653a5194c1 was not backported`

			`Signed-off-by: Jiri Denemark <jdenemar@redhat.com>`
			`Message-Id: <744e4ceb0760fe10ab0d82de24a78c280482d90d.1592996194.git.jdenemar@redhat.com>`
			`Reviewed-by: Ján Tomko <jtomko@redhat.com>`
			`---`
			`tools/virt-host-validate-common.c \| 64 ++++++++++++++++++++++++++++++-`
			`tools/virt-host-validate-common.h \| 4 ++`
			`tools/virt-host-validate-qemu.c \| 4 ++`
			`3 files changed, 70 insertions(+), 2 deletions(-)`

			`diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c`
			`index bce0f14917..e59469a49b 100644`
			`--- a/tools/virt-host-validate-common.c`
			`+++ b/tools/virt-host-validate-common.c`
			`@@ -39,7 +39,8 @@ VIR_ENUM_IMPL(virHostValidateCPUFlag,`
			`VIR_HOST_VALIDATE_CPU_FLAG_LAST,`
			`"vmx",`
			`"svm",`
			`- "sie");`
			`+ "sie",`
			`+ "158");`

			`static bool quiet;`

			`@@ -209,7 +210,8 @@ virBitmapPtr virHostValidateGetCPUFlags(void)`
			`* on the architecture, so check possible prefixes */`
			`if (!STRPREFIX(line, "flags") &&`
			`!STRPREFIX(line, "Features") &&`
			`- !STRPREFIX(line, "features"))`
			`+ !STRPREFIX(line, "features") &&`
			`+ !STRPREFIX(line, "facilities"))`
			`continue;`

			`/* fgets() includes the trailing newline in the output buffer,`
			`@@ -411,3 +413,61 @@ int virHostValidateIOMMU(const char *hvname,`
			`virHostMsgPass();`
			`return 0;`
			`}`
			`+`
			`+`
			`+int virHostValidateSecureGuests(const char *hvname,`
			`+ virHostValidateLevel level)`
			`+{`
			`+ virBitmapPtr flags;`
			`+ bool hasFac158 = false;`
			`+ virArch arch = virArchFromHost();`
			`+ g_autofree char *cmdline = NULL;`
			`+ static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};`
			`+`
			`+ flags = virHostValidateGetCPUFlags();`
			`+`
			`+ if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158))`
			`+ hasFac158 = true;`
			`+`
			`+ virBitmapFree(flags);`
			`+`
			`+ virHostMsgCheck(hvname, "%s", _("for secure guest support"));`
			`+ if (ARCH_IS_S390(arch)) {`
			`+ if (hasFac158) {`
			`+ if (!virFileIsDir("/sys/firmware/uv")) {`
			`+ virHostMsgFail(level, "IBM Secure Execution not supported by "`
			`+ "the currently used kernel");`
			`+ return 0;`
			`+ }`
			`+`
			`+ if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)`
			`+ return -1;`
			`+`
			`+ /* we're prefix matching rather than equality matching here, because`
			`+ * kernel would treat even something like prot_virt='yFOO' as`
			`+ * enabled`
			`+ */`
			`+ if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kIBMValues,`
			`+ G_N_ELEMENTS(kIBMValues),`
			`+ VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST \|`
			`+ VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX)) {`
			`+ virHostMsgPass();`
			`+ return 1;`
			`+ } else {`
			`+ virHostMsgFail(level,`
			`+ "IBM Secure Execution appears to be disabled "`
			`+ "in kernel. Add prot_virt=1 to kernel cmdline "`
			`+ "arguments");`
			`+ }`
			`+ } else {`
			`+ virHostMsgFail(level, "Hardware or firmware does not provide "`
			`+ "support for IBM Secure Execution");`
			`+ }`
			`+ } else {`
			`+ virHostMsgFail(level,`
			`+ "Unknown if this platform has Secure Guest support");`
			`+ return -1;`
			`+ }`
			`+`
			`+ return 0;`
			`+}`
			`diff --git a/tools/virt-host-validate-common.h b/tools/virt-host-validate-common.h`
			`index 1b7e93e520..1653c9c95b 100644`
			`--- a/tools/virt-host-validate-common.h`
			`+++ b/tools/virt-host-validate-common.h`
			`@@ -38,6 +38,7 @@ typedef enum {`
			`VIR_HOST_VALIDATE_CPU_FLAG_VMX = 0,`
			`VIR_HOST_VALIDATE_CPU_FLAG_SVM,`
			`VIR_HOST_VALIDATE_CPU_FLAG_SIE,`
			`+ VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158,`

			`VIR_HOST_VALIDATE_CPU_FLAG_LAST,`
			`} virHostValidateCPUFlag;`
			`@@ -83,3 +84,6 @@ int virHostValidateCGroupControllers(const char *hvname,`

			`int virHostValidateIOMMU(const char *hvname,`
			`virHostValidateLevel level);`
			`+`
			`+int virHostValidateSecureGuests(const char *hvname,`
			`+ virHostValidateLevel level);`
			`diff --git a/tools/virt-host-validate-qemu.c b/tools/virt-host-validate-qemu.c`
			`index ff3c1f0231..b38b0fbd6a 100644`
			`--- a/tools/virt-host-validate-qemu.c`
			`+++ b/tools/virt-host-validate-qemu.c`
			`@@ -112,5 +112,9 @@ int virHostValidateQEMU(void)`
			`VIR_HOST_VALIDATE_WARN) < 0)`
			`ret = -1;`

			`+ if (virHostValidateSecureGuests("QEMU",`
			`+ VIR_HOST_VALIDATE_WARN) < 0)`
			`+ ret = -1;`
			`+`
			`return ret;`
			`}`
			`--`
			`2.27.0`