Backport CVM fixes from upstream

0001-Fix-CVM-detection-on-Azure-with-TDX.patch

@@ -0,0 +1,97 @@
+From 059cbff66740ef74cd663f88c5f96a80a8d6d6ea Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Jul 2024 10:46:46 +0100
+Subject: [PATCH] Fix CVM detection on Azure with TDX
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The current TDX support was tested on Azure, however, since that time
+they now block the CPUID leaf we were using. Instead it is required to
+issue the Azure specific CPUID calls as we were already doing for SNP.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ virt-what-cvm.c   | 14 +++++++++-----
+ virt-what-cvm.pod |  4 ++--
+ 2 files changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/virt-what-cvm.c b/virt-what-cvm.c
+index 52b3426bc..0daa6ac35 100644
+--- a/virt-what-cvm.c
++++ b/virt-what-cvm.c
+@@ -92,6 +92,7 @@ static bool dodebug = false;
+ 
+ #define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf
+ #define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
++#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
+ 
+ #if defined(__x86_64__)
+ 
+@@ -147,7 +148,7 @@ msr (off_t index)
+ }
+ 
+ static bool
+-cpu_sig_amd_hyperv (void)
++cpu_sig_cvm_hyperv (uint32_t isoltype)
+ {
+   uint32_t eax, ebx, ecx, edx;
+   char sig[13];
+@@ -175,8 +176,7 @@ cpu_sig_amd_hyperv (void)
+     ebx = ecx = edx = 0;
+     cpuid(&eax, &ebx, &ecx, &edx);
+ 
+-    if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) ==
+-	CPUID_HYPERV_ISOLATION_TYPE_SNP) {
++    if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) {
+       return true;
+     }
+   }
+@@ -212,7 +212,7 @@ cpu_sig_amd (void)
+   if (!(eax & (1 << 1))) {
+     debug ("No sev in CPUID, try hyperv CPUID\n");
+ 
+-    if (cpu_sig_amd_hyperv ()) {
++    if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_SNP)) {
+       puts ("amd-sev-snp");
+       puts ("hyperv-hcl");
+     } else {
+@@ -252,8 +252,12 @@ cpu_sig_intel (void)
+   memset (sig, 0, sizeof sig);
+   cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig, true);
+ 
+-  if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
++  if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) {
+     puts ("intel-tdx");
++  } else if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_TDX)) {
++    puts ("intel-tdx");
++    puts ("hyperv-hcl");
++  }
+ }
+ 
+ static bool
+diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
+index 0f9076569..70213abd7 100644
+--- a/virt-what-cvm.pod
++++ b/virt-what-cvm.pod
+@@ -50,7 +50,7 @@ Status: tested on Fedora 38 QEMU+KVM SEV-SNP (devel snapshot)
+ 
+ This is a confidential guest running with Intel TDX technology
+ 
+-Status: tested on Microsoft Azure TDX CVM (preview)
++Status: tested on Microsoft Azure TDX CVM
+ 
+ =item B<hyperv-hcl>
+ 
+@@ -58,7 +58,7 @@ This is a confidential guest running unenlightened under the
+ HyperV (Azure) HCL (Host Compatibility Layer). This will be
+ paired with B<amd-sev-snp>.
+ 
+-Status: tested on Microsoft Azure SEV-SNP CVM
++Status: tested on Microsoft Azure SEV-SNP & TDX CVM
+ 
+ =back
+ 
+-- 
+2.43.0
+

0002-Add-support-for-detecting-protected-virtualization-o.patch

@@ -0,0 +1,65 @@
+From 037689fbe95e403b050c1eb736ebc8fdc2e601a5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 2 Aug 2024 16:07:46 +0100
+Subject: [PATCH] Add support for detecting protected virtualization on s390x
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ virt-what-cvm.c   | 21 ++++++++++++++++++++-
+ virt-what-cvm.pod |  5 +++++
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/virt-what-cvm.c b/virt-what-cvm.c
+index 0daa6ac35..320df478b 100644
+--- a/virt-what-cvm.c
++++ b/virt-what-cvm.c
+@@ -295,7 +295,26 @@ cpu_sig (void)
+     cpu_sig_intel ();
+ }
+ 
+-#else /* !x86_64 */
++#elif defined(__s390x__)
++
++#define SYSFS_PROT_VIRT "/sys/firmware/uv/prot_virt_guest"
++
++static void
++cpu_sig (void)
++{
++  int fd = open("/sys/firmware/uv/prot_virt_guest", O_RDONLY);
++  char c;
++  if (fd < 0)
++    return;
++
++  if (read(fd, &c, 1) == 1 && c == '1')
++    puts("s390-protvirt");
++
++  close(fd);
++}
++
++
++#else /* ! x86_64 && ! s390x */
+ 
+ static void
+ cpu_sig (void)
+diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
+index 70213abd7..00e21cb70 100644
+--- a/virt-what-cvm.pod
++++ b/virt-what-cvm.pod
+@@ -60,6 +60,11 @@ paired with B<amd-sev-snp>.
+ 
+ Status: tested on Microsoft Azure SEV-SNP & TDX CVM
+ 
++=item B<s390x-protvirt>
++
++This is a confidential guest running on s390x with the
++Protected Virtualization (Secure Execution) technology
++
+ =back
+ 
+ =head1 EXIT STATUS
+-- 
+2.43.0
+

copy-patches.sh

@@ -8,7 +8,7 @@ set -e
 #   ./copy-patches.sh
 
 project=virt-what
-rhel_version=9.1
+rhel_version=10.0
 
 # Check we're in the right directory.
 if [ ! -f $project.spec ]; then

virt-what.spec

@@ -1,6 +1,6 @@
 Name:           virt-what
 Version:        1.26
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Detect if we are running in a virtual machine
 License:        GPL-2.0-or-later
 
@@ -10,6 +10,13 @@ Source0:        http://people.redhat.com/~rjones/virt-what/files/%{name}-%{versi
 # Maintainer script which helps with handling patches.
 Source1:        copy-patches.sh
 
+# Patches are maintained in the following repository:
+# http://git.annexia.org/?p=virt-what.git;a=shortlog;h=refs/heads/rhel-10.0
+
+# Patches.
+Patch0001:     0001-Fix-CVM-detection-on-Azure-with-TDX.patch
+Patch0002:     0002-Add-support-for-detecting-protected-virtualization-o.patch
+
 BuildRequires:  gcc
 BuildRequires:  make
 BuildRequires:  git
@@ -113,6 +120,9 @@ fi
 
 
 %changelog
+* Mon Aug 12 2024 Richard W.M. Jones <rjones@redhat.com> - 1.26-2
+- Backport CVM fixes from upstream
+
 * Tue Jul 02 2024 Richard W.M. Jones <rjones@redhat.com> - 1.26-1
 - New upstream version 1.26
 - Add new binary virt-what-cvm (for confidential VMs).