167 lines
5.5 KiB
Diff
167 lines
5.5 KiB
Diff
From 00ca6e3be3959169559c5bc44dd929d0f313b014 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <00ca6e3be3959169559c5bc44dd929d0f313b014@dist-git>
|
|
From: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
|
|
Date: Wed, 24 Jun 2020 13:16:18 +0200
|
|
Subject: [PATCH] qemu: Check if s390 secure guest support is enabled
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
This patch introduces a common function to verify if the
|
|
availability of the so-called Secure Guest feature on the host
|
|
has changed in order to invalidate the qemu capabilities cache.
|
|
It can be used as an entry point for verification on different
|
|
architectures.
|
|
|
|
For s390 the verification consists of:
|
|
- checking if /sys/firmware/uv is available: meaning the HW
|
|
facility is available and the host OS supports it;
|
|
- checking if the kernel cmdline contains 'prot_virt=1': meaning
|
|
the host OS wants to use the feature.
|
|
|
|
Whenever the availability of the feature does not match the secure
|
|
guest flag in the cache then libvirt will re-build it in order to
|
|
pick up the new set of capabilities available.
|
|
|
|
Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
|
|
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
|
|
Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
|
|
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
|
|
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
|
(cherry picked from commit b611b620ceaf940017ba4d0b8b0638869c751509)
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1848997
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1850351
|
|
|
|
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
Message-Id: <3b91df0693526810b255db4ddc9af3484d655cbf.1592996194.git.jdenemar@redhat.com>
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
---
|
|
src/qemu/qemu_capabilities.c | 61 ++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 61 insertions(+)
|
|
|
|
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
|
|
index 7609f44efb..8a4b43c269 100644
|
|
--- a/src/qemu/qemu_capabilities.c
|
|
+++ b/src/qemu/qemu_capabilities.c
|
|
@@ -23,6 +23,7 @@
|
|
|
|
#include "qemu_capabilities.h"
|
|
#include "viralloc.h"
|
|
+#include "virarch.h"
|
|
#include "vircrypto.h"
|
|
#include "virlog.h"
|
|
#include "virerror.h"
|
|
@@ -642,6 +643,7 @@ struct _virQEMUCaps {
|
|
|
|
bool usedQMP;
|
|
bool kvmSupportsNesting;
|
|
+ bool kvmSupportsSecureGuest;
|
|
|
|
char *binary;
|
|
time_t ctime;
|
|
@@ -1837,6 +1839,7 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)
|
|
ret->invalidation = qemuCaps->invalidation;
|
|
ret->usedQMP = qemuCaps->usedQMP;
|
|
ret->kvmSupportsNesting = qemuCaps->kvmSupportsNesting;
|
|
+ ret->kvmSupportsSecureGuest = qemuCaps->kvmSupportsSecureGuest;
|
|
|
|
ret->ctime = qemuCaps->ctime;
|
|
|
|
@@ -4233,6 +4236,9 @@ virQEMUCapsLoadCache(virArch hostArch,
|
|
if (virXPathBoolean("boolean(./kvmSupportsNesting)", ctxt) > 0)
|
|
qemuCaps->kvmSupportsNesting = true;
|
|
|
|
+ if (virXPathBoolean("boolean(./kvmSupportsSecureGuest)", ctxt) > 0)
|
|
+ qemuCaps->kvmSupportsSecureGuest = true;
|
|
+
|
|
ret = 0;
|
|
cleanup:
|
|
VIR_FREE(str);
|
|
@@ -4467,6 +4473,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)
|
|
if (qemuCaps->kvmSupportsNesting)
|
|
virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
|
|
|
|
+ if (qemuCaps->kvmSupportsSecureGuest)
|
|
+ virBufferAddLit(&buf, "<kvmSupportsSecureGuest/>\n");
|
|
+
|
|
virBufferAdjustIndent(&buf, -2);
|
|
virBufferAddLit(&buf, "</qemuCaps>\n");
|
|
|
|
@@ -4506,6 +4515,49 @@ virQEMUCapsSaveFile(void *data,
|
|
}
|
|
|
|
|
|
+/*
|
|
+ * Check whether IBM Secure Execution (S390) is enabled
|
|
+ */
|
|
+static bool
|
|
+virQEMUCapsKVMSupportsSecureGuestS390(void)
|
|
+{
|
|
+
|
|
+ g_autofree char *cmdline = NULL;
|
|
+ static const char *kValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
|
|
+
|
|
+ if (!virFileIsDir("/sys/firmware/uv"))
|
|
+ return false;
|
|
+
|
|
+ if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
|
|
+ return false;
|
|
+
|
|
+ /* we're prefix matching rather than equality matching here, because kernel
|
|
+ * would treat even something like prot_virt='yFOO' as enabled */
|
|
+ if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kValues,
|
|
+ G_N_ELEMENTS(kValues),
|
|
+ VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
|
|
+ VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX))
|
|
+ return true;
|
|
+
|
|
+ return false;
|
|
+}
|
|
+
|
|
+
|
|
+/*
|
|
+ * Check whether the secure guest functionality is enabled.
|
|
+ * See the specific architecture function for details on the verifications made.
|
|
+ */
|
|
+static bool
|
|
+virQEMUCapsKVMSupportsSecureGuest(void)
|
|
+{
|
|
+ virArch arch = virArchFromHost();
|
|
+
|
|
+ if (ARCH_IS_S390(arch))
|
|
+ return virQEMUCapsKVMSupportsSecureGuestS390();
|
|
+ return false;
|
|
+}
|
|
+
|
|
+
|
|
/* Check the kernel module parameters 'nested' file to determine if enabled
|
|
*
|
|
* Intel: 'kvm_intel' uses 'Y'
|
|
@@ -4685,6 +4737,13 @@ virQEMUCapsIsValid(void *data,
|
|
qemuCaps->binary, qemuCaps->kvmSupportsNesting);
|
|
return false;
|
|
}
|
|
+
|
|
+ if (virQEMUCapsKVMSupportsSecureGuest() != qemuCaps->kvmSupportsSecureGuest) {
|
|
+ VIR_DEBUG("Outdated capabilities for '%s': kvm kernel secure guest "
|
|
+ "value changed from %d",
|
|
+ qemuCaps->binary, qemuCaps->kvmSupportsSecureGuest);
|
|
+ return false;
|
|
+ }
|
|
}
|
|
|
|
return true;
|
|
@@ -5166,6 +5225,8 @@ virQEMUCapsNewForBinaryInternal(virArch hostArch,
|
|
qemuCaps->kernelVersion = g_strdup(kernelVersion);
|
|
|
|
qemuCaps->kvmSupportsNesting = virQEMUCapsKVMSupportsNesting();
|
|
+
|
|
+ qemuCaps->kvmSupportsSecureGuest = virQEMUCapsKVMSupportsSecureGuest();
|
|
}
|
|
|
|
return qemuCaps;
|
|
--
|
|
2.27.0
|
|
|