systemd/1035-confidential-virt-add-detection-for-s390x-target.patch

From f47239f3e5aed9d7887aac1b15021f5c63996378 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 Aug 2024 11:03:10 +0100
Subject: [PATCH] confidential-virt: add detection for s390x target
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The s390x platform provides confidential VMs using the "Secure Execution"
technology, which is also referred to as "Protected Virtualization" or
just "prot virt" in Linux / QEMU.

This can be detected through a simple sysfs attribute.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)

Related: RHEL-50651
---
 src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++-----
 src/basic/confidential-virt.h |  1 +
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
index 5c96b449b1..746aa8c313 100644
--- a/src/basic/confidential-virt.c
+++ b/src/basic/confidential-virt.c
@@ -11,6 +11,7 @@
 
 #include "confidential-virt.h"
 #include "fd-util.h"
+#include "fileio.h"
 #include "missing_threads.h"
 #include "string-table.h"
 #include "utf8.h"
@@ -269,6 +270,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
 
         return CONFIDENTIAL_VIRTUALIZATION_NONE;
 }
+#elif defined(__s390x__)
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
+        _cleanup_free_ char *s = NULL;
+        size_t readsize;
+        int r;
+
+        r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
+        if (r < 0) {
+                log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
+                return CONFIDENTIAL_VIRTUALIZATION_NONE;
+        }
+
+        if (readsize >= 1 && s[0] == '1')
+                return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
+
+        return CONFIDENTIAL_VIRTUALIZATION_NONE;
+}
+
 #else /* ! x86_64 */
 static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
         log_debug("No confidential virtualization detection on this architecture");
@@ -286,11 +305,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {
 }
 
 static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
-        [CONFIDENTIAL_VIRTUALIZATION_NONE]    = "none",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV]     = "sev",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV_ES]  = "sev-es",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
-        [CONFIDENTIAL_VIRTUALIZATION_TDX]     = "tdx",
+        [CONFIDENTIAL_VIRTUALIZATION_NONE]     = "none",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV]      = "sev",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV_ES]   = "sev-es",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP]  = "sev-snp",
+        [CONFIDENTIAL_VIRTUALIZATION_TDX]      = "tdx",
+        [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
 };
 
 DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h
index c02f3b2321..f92e3e883d 100644
--- a/src/basic/confidential-virt.h
+++ b/src/basic/confidential-virt.h
@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
         CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
         CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
         CONFIDENTIAL_VIRTUALIZATION_TDX,
+        CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
 
         _CONFIDENTIAL_VIRTUALIZATION_MAX,
         _CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,
systemd-252-43 Resolves: RHEL-50103,RHEL-50651 2024-08-22 08:49:16 +00:00			`From f47239f3e5aed9d7887aac1b15021f5c63996378 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>`
			`Date: Fri, 2 Aug 2024 11:03:10 +0100`
			`Subject: [PATCH] confidential-virt: add detection for s390x target`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`The s390x platform provides confidential VMs using the "Secure Execution"`
			`technology, which is also referred to as "Protected Virtualization" or`
			`just "prot virt" in Linux / QEMU.`

			`This can be detected through a simple sysfs attribute.`

			`Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>`
			`(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)`

			`Related: RHEL-50651`
			`---`
			`src/basic/confidential-virt.c \| 30 +++++++++++++++++++++++++-----`
			`src/basic/confidential-virt.h \| 1 +`
			`2 files changed, 26 insertions(+), 5 deletions(-)`

			`diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c`
			`index 5c96b449b1..746aa8c313 100644`
			`--- a/src/basic/confidential-virt.c`
			`+++ b/src/basic/confidential-virt.c`
			`@@ -11,6 +11,7 @@`

			`#include "confidential-virt.h"`
			`#include "fd-util.h"`
			`+#include "fileio.h"`
			`#include "missing_threads.h"`
			`#include "string-table.h"`
			`#include "utf8.h"`
			`@@ -269,6 +270,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)`

			`return CONFIDENTIAL_VIRTUALIZATION_NONE;`
			`}`
			`+#elif defined(__s390x__)`
			`+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {`
			`+ _cleanup_free_ char *s = NULL;`
			`+ size_t readsize;`
			`+ int r;`
			`+`
			`+ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);`
			`+ if (r < 0) {`
			`+ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");`
			`+ return CONFIDENTIAL_VIRTUALIZATION_NONE;`
			`+ }`
			`+`
			`+ if (readsize >= 1 && s[0] == '1')`
			`+ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;`
			`+`
			`+ return CONFIDENTIAL_VIRTUALIZATION_NONE;`
			`+}`
			`+`
			`#else /* ! x86_64 */`
			`static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {`
			`log_debug("No confidential virtualization detection on this architecture");`
			`@@ -286,11 +305,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {`
			`}`

			`static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {`
			`- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",`
			`- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",`
			`- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",`
			`- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",`
			`- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",`
			`+ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",`
			`+ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",`
			`+ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",`
			`+ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",`
			`+ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",`
			`+ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",`
			`};`

			`DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);`
			`diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h`
			`index c02f3b2321..f92e3e883d 100644`
			`--- a/src/basic/confidential-virt.h`
			`+++ b/src/basic/confidential-virt.h`
			`@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {`
			`CONFIDENTIAL_VIRTUALIZATION_SEV_ES,`
			`CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,`
			`CONFIDENTIAL_VIRTUALIZATION_TDX,`
			`+ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,`

			`_CONFIDENTIAL_VIRTUALIZATION_MAX,`
			`_CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,`