From 00ca6e3be3959169559c5bc44dd929d0f313b014 Mon Sep 17 00:00:00 2001

Message-Id: <00ca6e3be3959169559c5bc44dd929d0f313b014@dist-git>

From: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>

Date: Wed, 24 Jun 2020 13:16:18 +0200

Subject: [PATCH] qemu: Check if s390 secure guest support is enabled

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

This patch introduces a common function to verify if the

availability of the so-called Secure Guest feature on the host

has changed in order to invalidate the qemu capabilities cache.

It can be used as an entry point for verification on different

architectures.

For s390 the verification consists of:

- checking if /sys/firmware/uv is available: meaning the HW

facility is available and the host OS supports it;

- checking if the kernel cmdline contains 'prot_virt=1': meaning

the host OS wants to use the feature.

Whenever the availability of the feature does not match the secure

guest flag in the cache then libvirt will re-build it in order to

pick up the new set of capabilities available.

Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>

Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>

Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>

Reviewed-by: Erik Skultety <eskultet@redhat.com>

(cherry picked from commit b611b620ceaf940017ba4d0b8b0638869c751509)

https://bugzilla.redhat.com/show_bug.cgi?id=1848997

https://bugzilla.redhat.com/show_bug.cgi?id=1850351

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Message-Id: <3b91df0693526810b255db4ddc9af3484d655cbf.1592996194.git.jdenemar@redhat.com>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

---

 src/qemu/qemu_capabilities.c | 61 ++++++++++++++++++++++++++++++++++++

 1 file changed, 61 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c

index 7609f44efb..8a4b43c269 100644

--- a/src/qemu/qemu_capabilities.c

+++ b/src/qemu/qemu_capabilities.c

@@ -23,6 +23,7 @@

 #include "qemu_capabilities.h"

 #include "viralloc.h"

+#include "virarch.h"

 #include "vircrypto.h"

 #include "virlog.h"

 #include "virerror.h"

@@ -642,6 +643,7 @@ struct _virQEMUCaps {

     bool usedQMP;

     bool kvmSupportsNesting;

+    bool kvmSupportsSecureGuest;

     char *binary;

     time_t ctime;

@@ -1837,6 +1839,7 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)

     ret->invalidation = qemuCaps->invalidation;

     ret->usedQMP = qemuCaps->usedQMP;

     ret->kvmSupportsNesting = qemuCaps->kvmSupportsNesting;

+    ret->kvmSupportsSecureGuest = qemuCaps->kvmSupportsSecureGuest;

     ret->ctime = qemuCaps->ctime;

@@ -4233,6 +4236,9 @@ virQEMUCapsLoadCache(virArch hostArch,

     if (virXPathBoolean("boolean(./kvmSupportsNesting)", ctxt) > 0)

         qemuCaps->kvmSupportsNesting = true;

+    if (virXPathBoolean("boolean(./kvmSupportsSecureGuest)", ctxt) > 0)

+        qemuCaps->kvmSupportsSecureGuest = true;

+

     ret = 0;

  cleanup:

     VIR_FREE(str);

@@ -4467,6 +4473,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps)

     if (qemuCaps->kvmSupportsNesting)

         virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");

+    if (qemuCaps->kvmSupportsSecureGuest)

+        virBufferAddLit(&buf, "<kvmSupportsSecureGuest/>\n");

+

     virBufferAdjustIndent(&buf, -2);

     virBufferAddLit(&buf, "</qemuCaps>\n");

@@ -4506,6 +4515,49 @@ virQEMUCapsSaveFile(void *data,

 }

+/*

+ * Check whether IBM Secure Execution (S390) is enabled

+ */

+static bool

+virQEMUCapsKVMSupportsSecureGuestS390(void)

+{

+

+    g_autofree char *cmdline = NULL;

+    static const char *kValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};

+

+    if (!virFileIsDir("/sys/firmware/uv"))

+        return false;

+

+    if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)

+        return false;

+

+    /* we're prefix matching rather than equality matching here, because kernel

+     * would treat even something like prot_virt='yFOO' as enabled */

+    if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kValues,

+                                   G_N_ELEMENTS(kValues),

+                                   VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |

+                                   VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX))

+        return true;

+

+    return false;

+}

+

+

+/*

+ * Check whether the secure guest functionality is enabled.

+ * See the specific architecture function for details on the verifications made.

+ */

+static bool

+virQEMUCapsKVMSupportsSecureGuest(void)

+{

+    virArch arch = virArchFromHost();

+

+    if (ARCH_IS_S390(arch))

+        return virQEMUCapsKVMSupportsSecureGuestS390();

+    return false;

+}

+

+

 /* Check the kernel module parameters 'nested' file to determine if enabled

  *

  *   Intel: 'kvm_intel' uses 'Y'

@@ -4685,6 +4737,13 @@ virQEMUCapsIsValid(void *data,

                      qemuCaps->binary, qemuCaps->kvmSupportsNesting);

             return false;

         }

+

+        if (virQEMUCapsKVMSupportsSecureGuest() != qemuCaps->kvmSupportsSecureGuest) {

+            VIR_DEBUG("Outdated capabilities for '%s': kvm kernel secure guest "

+                      "value changed from %d",

+                      qemuCaps->binary, qemuCaps->kvmSupportsSecureGuest);

+            return false;

+        }

     }

     return true;

@@ -5166,6 +5225,8 @@ virQEMUCapsNewForBinaryInternal(virArch hostArch,

         qemuCaps->kernelVersion = g_strdup(kernelVersion);

         qemuCaps->kvmSupportsNesting = virQEMUCapsKVMSupportsNesting();

+

+        qemuCaps->kvmSupportsSecureGuest = virQEMUCapsKVMSupportsSecureGuest();

     }

     return qemuCaps;

-- 

2.27.0