February 2025 - Devel - libvirt List Archives

[RFC PATCH v2 3/6] src: Add ARM CCA support in domain schema
by Akio Kakuno 28 Feb '25

28 Feb '25

- Add ARM CCA support in domain schema files. Signed-off-by: Akio Kakuno <fj3333bs(a)fujitsu.com> --- src/conf/domain_conf.c | 9 +++ src/conf/schemas/domaincaps.rng | 14 ++++ src/conf/schemas/domaincommon.rng | 14 ++++ src/qemu/qemu_capabilities.c | 113 ++++++++++++++++++++++++++++++ src/qemu/qemu_capabilities.h | 3 + 5 files changed, 153 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 231073e472..91cc8a5869 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -13883,6 +13883,14 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def, } +static void +virDomainCCADefParseXML(virDomainCCADef *def, + xmlXPathContextPtr ctxt) +{ + def->measurement_algo = virXPathString("string(./measurement-algo)", ctxt); +} + + static virDomainSecDef * virDomainSecDefParseXML(xmlNodePtr lsecNode, xmlXPathContextPtr ctxt) @@ -13909,6 +13917,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + virDomainCCADefParseXML(&sec->data.cca, ctxt); break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng index 3559d2ae05..4826900258 100644 --- a/src/conf/schemas/domaincaps.rng +++ b/src/conf/schemas/domaincaps.rng @@ -363,6 +363,9 @@ <optional> <ref name="sgx"/> </optional> + <optional> + <ref name="cca"/> + </optional> <optional> <ref name="hyperv"/> </optional> @@ -481,6 +484,17 @@ </element> </define> + <define name="cca"> + <element name="cca"> + <ref name="supported"/> + <optional> + <element name="measurement-algo"> + <text/> + </element> + </optional> + </element> + </define> + <define name="hyperv"> <element name="hyperv"> <ref name="supported"/> diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng index 7121519ca3..b340381295 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -528,6 +528,9 @@ <value>s390-pv</value> </attribute> </group> + <group> + <ref name="launchSecurityCCA"/> + </group> </choice> </element> </define> @@ -623,6 +626,17 @@ </optional> </interleave> </define> + + <define name="launchSecurityCCA"> + <attribute name="type"> + <value>cca</value> + </attribute> + <optional> + <element name="measurement-algo"> + <data type="string"/> + </element> + </optional> + </define> <!-- Enable or disable perf events for the domain. For each of the events the following rules apply: diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 4534f18a24..523fe05289 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1962,6 +1962,34 @@ virQEMUCapsSGXInfoCopy(virSGXCapability **dst, } +static void +virQEMUCapsCCAInfoCopy(virCCACapability **dst, + virCCACapability *src) +{ + g_autoptr(virCCACapability) tmp = NULL; + size_t i; + + if (!src) { + *dst = NULL; + return; + } + + tmp = g_new0(virCCACapability, 1); + + tmp->nCcaMeasurementAlgo = src->nCcaMeasurementAlgo; + + if (tmp->nCcaMeasurementAlgo != 0) { + tmp->ccaMeasurementAlgo = g_new0(char *, tmp->nCcaMeasurementAlgo); + + for (i = 0; i < tmp->nCcaMeasurementAlgo; i++) { + tmp->ccaMeasurementAlgo[i] = g_strdup(src->ccaMeasurementAlgo[i]); + } + } + + *dst = g_steal_pointer(&tmp); +} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccel *dst, virQEMUCapsAccel *src) @@ -2037,6 +2065,9 @@ virQEMUCaps *virQEMUCapsNewCopy(virQEMUCaps *qemuCaps) if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities, qemuCaps->sgxCapabilities); + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_CCA_GUEST)) + virQEMUCapsCCAInfoCopy(&ret->ccaCapabilities, qemuCaps->ccaCapabilities); + ret->hypervCapabilities = g_memdup(qemuCaps->hypervCapabilities, sizeof(virDomainCapsFeatureHyperv)); @@ -2678,6 +2709,13 @@ virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps) } +virCCACapability * +virQEMUCapsGetCCACapabilities(virQEMUCaps *qemuCaps) +{ + return qemuCaps->ccaCapabilities; +} + + static int virQEMUCapsProbeQMPObjectTypes(virQEMUCaps *qemuCaps, qemuMonitor *mon) @@ -4563,6 +4601,38 @@ virQEMUCapsParseSGXInfo(virQEMUCaps *qemuCaps, } +static int +virQEMUCapsParseCCAInfo(virQEMUCaps *qemuCaps, + xmlXPathContextPtr ctxt) +{ + g_autofree xmlNodePtr *nodes = NULL; + size_t i; + int n; + + if ((n = virXPathNodeSet("./cca", ctxt, &nodes)) < 0) + return -1; + + if (n > 0) { + g_autoptr(virCCACapability) tmp = g_new0(virCCACapability, 1); + tmp->ccaMeasurementAlgo = g_new0(char *, n); + + for (i = 0; i < n; i++) { + char *malgo = NULL; + if (!(malgo = virXMLPropString(nodes[i], "measurement-algo"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing CCA measurement-algo in QEMU capabilities cache")); + return -1; + } + + tmp->ccaMeasurementAlgo[i] = g_strdup(malgo); + } + tmp->nCcaMeasurementAlgo = n; + qemuCaps->ccaCapabilities = g_steal_pointer(&tmp); + } + return 0; +} + + static int virQEMUCapsParseHypervCapabilities(virQEMUCaps *qemuCaps, xmlXPathContextPtr ctxt) @@ -4883,6 +4953,9 @@ virQEMUCapsLoadCache(virArch hostArch, if (virQEMUCapsParseSGXInfo(qemuCaps, ctxt) < 0) return -1; + if (virQEMUCapsParseCCAInfo(qemuCaps, ctxt) < 0) + return -1; + if (virQEMUCapsParseHypervCapabilities(qemuCaps, ctxt) < 0) return -1; @@ -5123,6 +5196,23 @@ virQEMUCapsFormatSGXInfo(virQEMUCaps *qemuCaps, } +static void +virQEMUCapsFormatCCAInfo(virQEMUCaps *qemuCaps, virBuffer *buf) +{ + virCCACapability *cca = virQEMUCapsGetCCACapabilities(qemuCaps); + size_t i; + size_t n; + + n = cca->nCcaMeasurementAlgo; + + if (n != 0) { + for (i = 0; i < n; i++) { + virBufferAsprintf(buf, "<cca measurement-algo='%s'/>\n", cca->ccaMeasurementAlgo[i]); + } + } +} + + static void virQEMUCapsFormatHypervCapabilities(virQEMUCaps *qemuCaps, virBuffer *buf) @@ -5231,6 +5321,9 @@ virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) if (qemuCaps->sgxCapabilities) virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->ccaCapabilities) + virQEMUCapsFormatCCAInfo(qemuCaps, &buf); + if (qemuCaps->hypervCapabilities) virQEMUCapsFormatHypervCapabilities(qemuCaps, &buf); @@ -6757,6 +6850,8 @@ virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps, if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) && virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT)) VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_PV); + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_CCA_GUEST)) + VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_CCA); if (launchSecurity->sectype.values == 0) { launchSecurity->supported = VIR_TRISTATE_BOOL_NO; @@ -6954,6 +7049,23 @@ virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCaps *qemuCaps, } +/** + * virQEMUCapsFillDomainFeatureCCACaps: + * @qemuCaps: QEMU capabilities + * @domCaps: domain capabilities + * + * Take the information about CCA capabilities that has been obtained + * using the 'query-cca-capabilities' QMP command and stored in @qemuCaps + * and convert it to a form suitable for @domCaps. + */ +static void +virQEMUCapsFillDomainFeatureCCACaps(virQEMUCaps *qemuCaps, + virDomainCaps *domCaps) +{ + virQEMUCapsCCAInfoCopy(&domCaps->cca, qemuCaps->ccaCapabilities); +} + + static void virQEMUCapsFillDomainFeatureHypervCaps(virQEMUCaps *qemuCaps, virDomainCaps *domCaps) @@ -7024,6 +7136,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, virQEMUCapsFillDomainFeatureS390PVCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeaturePS2Caps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainFeatureCCACaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureHypervCaps(qemuCaps, domCaps); virQEMUCapsFillDomainDeviceCryptoCaps(qemuCaps, crypto); virQEMUCapsFillDomainLaunchSecurity(qemuCaps, launchSecurity); diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 21081d5fbc..effee475f6 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -931,6 +931,9 @@ virQEMUCapsGetSEVCapabilities(virQEMUCaps *qemuCaps); virSGXCapability * virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps); +virCCACapability * +virQEMUCapsGetCCACapabilities(virQEMUCaps *qemuCaps); + bool virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps) G_NO_INLINE; -- 2.34.1

1 0

[RFC PATCH v2 2/6] src: Add ARM CCA support in domain capabilities command
by Akio Kakuno 28 Feb '25

28 Feb '25

- Add ARM CCA support in domain capabilies XML schema. [Capability example] - Execution results of 'virsh domcapability" on qemu <domaincapabilities> ... <features> ... </sgx> <cca supported='yes'> <enum name='measurement-algo'> <value>sha256</value> <value>sha512</value> </enum> </cca> <hyperv supported='yes'> ... </features> </domaincapabilities> Signed-off-by: Akio Kakuno <fj3333bs(a)fujitsu.com> --- docs/formatdomaincaps.rst | 27 +++++++++- src/conf/domain_capabilities.c | 48 +++++++++++++++++ src/conf/domain_capabilities.h | 6 +++ src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 28 ++++++++++ src/qemu/qemu_monitor.c | 10 ++++ src/qemu/qemu_monitor.h | 3 ++ src/qemu/qemu_monitor_json.c | 98 ++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++ 9 files changed, 224 insertions(+), 1 deletion(-) diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst index ed95af4fee..fbf7db12e6 100644 --- a/docs/formatdomaincaps.rst +++ b/docs/formatdomaincaps.rst @@ -734,6 +734,12 @@ capabilities. All features occur as children of the main ``features`` element. <section node='1' size='262144' unit='KiB'/> </sections> </sgx> + <cca supported='yes'> + <enum name='measurement-algo'> + <value>sha256</value> + <value>sha512</value> + </enum> + </cca> <hyperv supported='yes'> <enum name='features'> <value>relaxed</value> @@ -861,6 +867,24 @@ document store. In order to use SGX with libvirt have a look at `SGX in domain X ``sections`` The sections of the SGX enclave page cache (called EPC). +CCA capabilities +^^^^^^^^^^^^^^^^ + +Arm Confidential Compute Architecture (CCA) capabilities are exposed under the +``cca`` element. + +Arm CCA is a system solution comprised of hardware and software components that +maximizes the security of data on devices and in the cloud. +CCA enhances the virtualization capabilities of the platform by separating the +management of resources from access to those resources. + +For more details on the CCA feature, please follow resources in the CCA developer's +document store. In order to use CCA with libvirt have a look at `CCA in domain +XML <formatdomain.html#launch-security>`__ + +``measurement-algo`` + Options for the ``measurement-algo`` used to describe blob hashes. + Hyper-V Enlightenments ^^^^^^^^^^^^^^^^^^^^^^ @@ -882,4 +906,5 @@ The ``sectype`` enum corresponds to ``type`` attribute of ``<launchSecurity/>`` element as documented in `Launch Security <formatdomain.html#launch-security>`__. :since:`(Since 10.5.0)` For additional information on individual types, see sections above: `s390-pv capability`_ for -S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP. +S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP, `CCA capabilities`_ +for Arm CCA. diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index ab715b19d8..cae6730061 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -90,6 +90,25 @@ virSGXCapabilitiesFree(virSGXCapability *cap) } +void +virCCACapabilitiesFree(virCCACapability *cap) +{ + size_t i; + + if (!cap) + return; + + if (cap->nCcaMeasurementAlgo) + for (i = 0; i < cap->nCcaMeasurementAlgo; i++) + g_free(cap->ccaMeasurementAlgo[i]); + + if (cap->ccaMeasurementAlgo) + g_free(cap->ccaMeasurementAlgo); + + g_free(cap); +} + + static void virDomainCapsDispose(void *obj) { @@ -103,6 +122,7 @@ virDomainCapsDispose(void *obj) virCPUDefFree(caps->cpu.hostModel); virSEVCapabilitiesFree(caps->sev); virSGXCapabilitiesFree(caps->sgx); + virCCACapabilitiesFree(caps->cca); g_free(caps->hyperv); values = &caps->os.loader.values; @@ -774,6 +794,33 @@ virDomainCapsFeatureSGXFormat(virBuffer *buf, virBufferAddLit(buf, "</sgx>\n"); } +static void +virDomainCapsFeatureCCAFormat(virBuffer *buf, + const virCCACapability *cca) +{ + size_t i; + + if (!cca) { + virBufferAddLit(buf, "<cca supported='no'/>\n"); + return; + } + + virBufferAddLit(buf, "<cca supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + + virBufferAddLit(buf, "<enum name='measurement-algo'>\n"); + virBufferAdjustIndent(buf, 2); + for (i = 0; i < cca->nCcaMeasurementAlgo; i++) { + virBufferAsprintf(buf, "<value>%s</value>\n", + cca->ccaMeasurementAlgo[i]); + } + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</enum>\n"); + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</cca>\n"); +} + static void virDomainCapsFeatureHypervFormat(virBuffer *buf, const virDomainCapsFeatureHyperv *hyperv) @@ -821,6 +868,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); + virDomainCapsFeatureCCAFormat(&childBuf, caps->cca); virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv); virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity); diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 93e2cc2931..b55f860e7b 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -315,6 +315,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapability *sev; virSGXCapability *sgx; + virCCACapability *cca; virDomainCapsFeatureHyperv *hyperv; virDomainCapsLaunchSecurity launchSecurity; /* add new domain features here */ @@ -375,3 +376,8 @@ void virSGXCapabilitiesFree(virSGXCapability *capabilities); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); + +void +virCCACapabilitiesFree(virCCACapability *capabilities); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virCCACapability, virCCACapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 33b93cbd3e..bf525c50d9 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -208,6 +208,7 @@ virDomainAuditVcpu; # conf/domain_capabilities.h +virCCACapabilitiesFree; virDomainCapsCPUModelsAdd; virDomainCapsCPUModelsCopy; virDomainCapsCPUModelsGet; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b0283c0119..4534f18a24 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -3651,6 +3651,32 @@ virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemuCaps, } +static int +virQEMUCapsProbeQMPCCACapabilities(virQEMUCaps *qemuCaps, + qemuMonitor *mon) +{ + int rc = -1; + virCCACapability *caps = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CCA_GUEST)) + return 0; + + if ((rc = qemuMonitorGetCCACapabilities(mon, &caps)) < 0) + return -1; + + /* CCA isn't actually supported */ + if (rc == 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_CCA_GUEST); + return 0; + } + + virCCACapabilitiesFree(qemuCaps->ccaCapabilities); + qemuCaps->ccaCapabilities = caps; + return 0; +} + + + /* * Filter for features which should never be passed to QEMU. Either because * QEMU never supported them or they were dropped as they never did anything @@ -5757,6 +5783,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps, return -1; if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPCCACapabilities(qemuCaps, mon) < 0) + return -1; virQEMUCapsInitProcessCaps(qemuCaps); diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index ec2f166785..53908d8bf8 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3483,6 +3483,16 @@ qemuMonitorGetSGXCapabilities(qemuMonitor *mon, } +int +qemuMonitorGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetCCACapabilities(mon, capabilities); +} + + int qemuMonitorNBDServerStart(qemuMonitor *mon, const virStorageNetHostDef *server, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index c74892c4dc..8a37376f97 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -846,6 +846,9 @@ int qemuMonitorGetSEVCapabilities(qemuMonitor *mon, int qemuMonitorGetSGXCapabilities(qemuMonitor *mon, virSGXCapability **capabilities); +int qemuMonitorGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_RESUME = 1 << 0, /* resume failed post-copy migration */ QEMU_MONITOR_MIGRATION_FLAGS_LAST diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 9f417d27c6..ebe5f87d36 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6213,6 +6213,104 @@ qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, } +static int +qemuMonitorJSONGetCCAMeasurementAlgo(qemuMonitor *mon, + size_t *numalgo, + char ***malgo) +{ + g_autoptr(virJSONValue) cmd = NULL; + g_autoptr(virJSONValue) reply = NULL; + virJSONValue *caps; + virJSONValue *malgolist = NULL; + g_auto(GStrv) list = NULL; + size_t i; + size_t n = 0; + + if (!(cmd = qemuMonitorJSONMakeCommand("query-cca-capabilities", + NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + /* If the 'query-cca-capabilities' QMP command was not available + * we simply successfully return zero capabilities. + * This is the current QEMU (=9.1.91) and all non-ARM architectures */ + if (qemuMonitorJSONHasError(reply, "CommandNotFound")) + return 0; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (!(caps = qemuMonitorJSONGetReply(cmd, reply, VIR_JSON_TYPE_OBJECT))) + return -1; + + if ((malgolist = virJSONValueObjectGetArray(caps, "sections"))) { + n = virJSONValueArraySize(malgolist); + + /* If the received array is empty, an error is returned. */ + if (n == 0) + return -1; + + list = g_new0(char *, n + 1); + + for (i = 0; i < n; i++) { + virJSONValue *cap = virJSONValueArrayGet(malgolist, i); + const char *measurement_algo = NULL; + + if (!cap || virJSONValueGetType(cap) != VIR_JSON_TYPE_OBJECT) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing entry in CCA capabilities list")); + return -1; + } + + if (!(measurement_algo = virJSONValueObjectGetString(cap, "measurement-algo"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-cca-capabilities reply was missing 'measurement-algo' field")); + return -1; + } + + list[i] = g_strdup(measurement_algo); + } + } + + *numalgo = n; + *malgo = g_steal_pointer(&list); + return 1; +} + + +/** + * qemuMonitorJSONGetCCACapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a CCA capability structure to be filled + * + * Returns -1 on error, 0 if CCA is not supported, and 1 if CCA is supported on + * the platform. + */ +int +qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities) +{ + g_autoptr(virCCACapability) capability = NULL; + int ret = 0; + + *capabilities = NULL; + capability = g_new0(virCCACapability, 1); + + ret = qemuMonitorJSONGetCCAMeasurementAlgo(mon, + &capability->nCcaMeasurementAlgo, + &capability->ccaMeasurementAlgo); + + if (ret > 0) + *capabilities = g_steal_pointer(&capability); + + return ret; +} + + static virJSONValue * qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port) diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 2f5a021f56..d422e84e88 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -168,6 +168,10 @@ int qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, virSEVCapability **capabilities); +int +qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitor *mon, unsigned int flags, -- 2.34.1

1 0

[RFC PATCH v2 1/6] src: Add ARM CCA support in qemu driver to launch VM
by Akio Kakuno 28 Feb '25

28 Feb '25

- Add ARM CCA support to the qemu driver for aarch64 systems. [XML example] <domain> ... <launchsecurity type='cca'> <measurement-algo>sha256</measurement-algo> </launchsecurity> ... </domain> Signed-off-by: Akio Kakuno <fj3333bs(a)fujitsu.com> --- docs/formatdomain.rst | 28 ++++++++++++++++++++++++++++ src/conf/domain_capabilities.h | 6 ++++++ src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 7 +++++++ src/conf/domain_validate.c | 1 + src/conf/virconftypes.h | 2 ++ src/qemu/qemu_capabilities.c | 4 ++++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_cgroup.c | 2 ++ src/qemu/qemu_command.c | 32 ++++++++++++++++++++++++++++++++ src/qemu/qemu_driver.c | 2 ++ src/qemu/qemu_firmware.c | 1 + src/qemu/qemu_namespace.c | 2 ++ src/qemu/qemu_process.c | 4 ++++ src/qemu/qemu_validate.c | 4 ++++ src/security/security_dac.c | 2 ++ 16 files changed, 105 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 620daae9af..917e7e2cf5 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -9185,6 +9185,34 @@ The ``<launchSecurity/>`` element then accepts the following child elements: the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. +The contents of the ``<launchSecurity type='cca'>`` element is used to create +RealmVM using the Arm CCA feature (Confidential Compute Architecture). +CCA :since:`Since 11.0.0` enhances the virtualization capabilities of the +platform by separating the management of resources from access to those resources. +This is achieved by extending the TrustZone of Cortex-A's Normal and Secure +world concepts and adding the Realm world and the underlying Root world. +The Secure Monitor runs in the root world and manages the transition between +these security states. For more information see the Learn the architecture - +Arm Confidential Compute Architecture software stack: +`<https://developer.arm.com/documentation/den0127/latest>`__ + +:: + + <domain> + ... + <launchSecurity type='cca'> + <measurement-algo>sha256</measurement-algo> + </launchSecurity> + ... + </domain> + +The ``<launchSecurity/>`` element accepts the following attributes: + +``measurement-algo`` + The optional ``measurement-algo`` element determines algorithm used to + describe blob hashes. + + Example configs =============== diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 69dd1a15c1..93e2cc2931 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -240,6 +240,12 @@ struct _virSGXCapability { virSGXSection *sgxSections; }; +typedef struct _virCCACapability virCCACapability; +struct _virCCACapability { + size_t nCcaMeasurementAlgo; + char **ccaMeasurementAlgo; +}; + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_MODEL_LAST); STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_TYPE_LAST); STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_BACKEND_LAST); diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3f88a77a8f..231073e472 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1529,6 +1529,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, "sev", "sev-snp", "s390-pv", + "cca", ); VIR_ENUM_IMPL(virDomainPstoreBackend, @@ -3881,6 +3882,9 @@ virDomainSecDefFree(virDomainSecDef *def) g_free(def->data.sev_snp.id_auth); g_free(def->data.sev_snp.host_data); break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + g_free(def->data.cca.measurement_algo); + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -13904,6 +13908,8 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: default: @@ -27181,6 +27187,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec) break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 9f7c28343f..f088227e4d 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2895,6 +2895,7 @@ typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_SEV, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP, VIR_DOMAIN_LAUNCH_SECURITY_PV, + VIR_DOMAIN_LAUNCH_SECURITY_CCA, VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2929,11 +2930,17 @@ struct _virDomainSEVSNPDef { }; +struct _virDomainCCADef { + char *measurement_algo; +}; + + struct _virDomainSecDef { virDomainLaunchSecurity sectype; union { virDomainSEVDef sev; virDomainSEVSNPDef sev_snp; + virDomainCCADef cca; } data; }; diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 6aed74dd8d..b8fcbbd367 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -1860,6 +1860,7 @@ virDomainDefLaunchSecurityValidate(const virDomainDef *def) case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_SEV: case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: break; } diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 59be61cea4..6e23d09983 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -216,6 +216,8 @@ typedef struct _virDomainSEVDef virDomainSEVDef; typedef struct _virDomainSEVSNPDef virDomainSEVSNPDef; +typedef struct _virDomainCCADef virDomainCCADef; + typedef struct _virDomainSecDef virDomainSecDef; typedef struct _virDomainShmemDef virDomainShmemDef; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 53aa64a009..b0283c0119 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -725,6 +725,7 @@ VIR_ENUM_IMPL(virQEMUCaps, /* 470 */ "migrate-incoming.exit-on-error", /* QEMU_CAPS_MIGRATE_INCOMING_EXIT_ON_ERROR */ + "rme-guest", /* QEMU_CAPS_CCA_GUEST */ ); @@ -810,6 +811,8 @@ struct _virQEMUCaps { virSGXCapability *sgxCapabilities; + virCCACapability *ccaCapabilities; + virDomainCapsFeatureHyperv *hypervCapabilities; /* Capabilities which may differ depending on the accelerator. */ @@ -1413,6 +1416,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "virtio-sound-device", QEMU_CAPS_DEVICE_VIRTIO_SOUND }, { "sev-snp-guest", QEMU_CAPS_SEV_SNP_GUEST }, { "acpi-erst", QEMU_CAPS_DEVICE_ACPI_ERST }, + { "rme-guest", QEMU_CAPS_CCA_GUEST }, }; diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 398749a136..21081d5fbc 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -704,6 +704,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ /* 470 */ QEMU_CAPS_MIGRATE_INCOMING_EXIT_ON_ERROR, /* exit-on-error argument of migrate-incoming command */ + QEMU_CAPS_CCA_GUEST, /* -object rme-guest */ QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f3c85d65e8..3825a68930 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -864,6 +864,8 @@ qemuSetupDevicesCgroup(virDomainObj *vm) if (qemuSetupSEVCgroup(vm) < 0) return -1; break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 1f28de6194..e2dd99fca8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6924,6 +6924,9 @@ qemuBuildMachineCommandLine(virCommand *cmd, case VIR_DOMAIN_LAUNCH_SECURITY_PV: virBufferAddLit(&buf, ",confidential-guest-support=lsec0"); break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + virBufferAddLit(&buf, ",confidential-guest-support=rme0"); + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); @@ -9679,6 +9682,32 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd) } +static int +qemuBuildCCACommandLine(virDomainObj *vm, virCommand *cmd, + virDomainCCADef *cca) +{ + g_autoptr(virJSONValue) props = NULL; + qemuDomainObjPrivate *priv = vm->privateData; + + VIR_DEBUG("measurement_algorithm=%s", cca->measurement_algo); + + if (cca->measurement_algo) { + if (qemuMonitorCreateObjectProps(&props, "rme-guest", "rme0", + "S:measurement-algorithm", cca->measurement_algo, + NULL) < 0) + return -1; + } else { + if (qemuMonitorCreateObjectProps(&props, "rme-guest", "rme0", NULL) < 0) + return -1; + } + + if (qemuBuildObjectCommandlineFromJSON(cmd, props, priv->qemuCaps) < 0) + return -1; + + return 0; +} + + static int qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, virDomainSecDef *sec) @@ -9696,6 +9725,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, case VIR_DOMAIN_LAUNCH_SECURITY_PV: return qemuBuildPVCommandLine(vm, cmd); break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + return qemuBuildCCACommandLine(vm, cmd, &sec->data.cca); + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index d2eddbd9ae..1c779ff619 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -19155,6 +19155,8 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain, if (qemuDomainGetSEVInfo(vm, params, nparams, flags) < 0) goto cleanup; break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c index 2d0ec0b4fa..c670ad11b0 100644 --- a/src/qemu/qemu_firmware.c +++ b/src/qemu/qemu_firmware.c @@ -1371,6 +1371,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def, } break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 59421ec9d1..61c575e96a 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -664,6 +664,8 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm, VIR_DEBUG("Set up launch security for SEV"); break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 6db48b0e7b..c82e359e25 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6845,6 +6845,8 @@ qemuProcessPrepareDomain(virQEMUDriver *driver, if (qemuProcessUpdateSEVInfo(vm) < 0) return -1; break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: @@ -6917,6 +6919,8 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm) return qemuProcessPrepareSEVGuestInput(vm); case VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP: break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + return 0; case VIR_DOMAIN_LAUNCH_SECURITY_PV: return 0; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 086c66b602..26d0f9dada 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1368,6 +1368,10 @@ qemuValidateDomainDef(const virDomainDef *def, return -1; } break; + + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 0505f4e4a3..6364d3fffc 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2017,6 +2017,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, rc = -1; break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -2258,6 +2259,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, return -1; break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: -- 2.34.1

1 0

[RFC PATCH v2 0/6] RFC: Add Arm CCA support for getting capability information and running Realm VM
by Akio Kakuno 28 Feb '25

28 Feb '25

Hi, all. This patch adds Arm CCA support to qemu driver for aarch64 system. CCA is an abbreviation for Arm Confidential Compute Architecture feature, it enhances the virtualization capabilities of the platform by separating the management of resources from access to those resources. We are not yet at the stage where we can merge this patch as host linux/qemu suppor is no yet merged, but I would like to receive reviews and comments on the overall direction. [summary] At this stage, all you can do is getting the CCA capability with the virsh domcapabilities command and start the CCA VM with the virsh create command. capability info uses qemu QMP to query qemu options. The option that exists now is for selecting a hash algorithm. qemu QMP sections currently only contains a single member, but is wrapped in sections for expansion. [Capability example] Execution results of 'virsh domcapability" on qemu <domaincapabilities> ... <features> ... </sgx> <cca supported='yes'> <enum name='measurement-algo'> <value>sha256</value> <value>sha512</value> </enum> </cca> <hyperv supported='yes'> ... </features> </domaincapabilities> [XML example] <domain> ... <launchsecurity type='cca'> <measurement-algo>sha256</measurement-algo> </launchsecurity> ... </domain> [limitations/tests] To obtain capability info, it is necessary to support the qemu QMP command, which qemu does not yet support. We added a QMP command to retrieve CCA info for test (See "[software version]" below). Also, I think we should check whether CPUFW supports CCA or not in qemu_firmware.c, but it is not yet implemented. We have confirmed that the added tests (qemucapabilitiestest, domaincapstest and qemuxmlconftest) and the CCA VM startup test (starting the CCA VM from the virsh create command) passed. The "personalization-value" and "measurement-log" parameters that exist in the current LinaroQEMU cca/v3 branch will not be specified as CCA VM startup parameters with the virsh create command. [software version] I followed the steps in Linaro's blog below. https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/Building+an… The Qemu used was enhanced with CCA QMP command and found at: https://github.com/Kazuhiro-Abe-fj/linaro_qemu/tree/cca-qmp which is based on Linaro QEMU (cca/v3) https://git.codelinaro.org/linaro/dcap/qemu/-/tree/cca/v3?ref_type=heads Changes in v2: Split the patch into different features. Fixed two string memory leaks. String storage has been changed from pointer movement to memory copying, preventing double freeing. Added a test case to qemuconftest. Fixed an issue where communication with QMP did not work properly. Fixed an issue where <cca support="yes"> was output to the cache file when using virsh with a qemu binary that does not support QMP. RFC v1: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/V4S5… Signed-off-by: Akio Kakuno fj3333bs(a)fujitsu.com Akio Kakuno (6): src: Add ARM CCA support in qemu driver to launch VM src: Add ARM CCA support in domain capabilities command src: Add ARM CCA support in domain schema qemucapabilitiestest: Adds Arm CCA support domaincapstest: Adds Arm CCA support qemuxmlconftest: Adds Arm CCA support docs/formatdomain.rst | 28 + docs/formatdomaincaps.rst | 27 +- src/conf/domain_capabilities.c | 48 + src/conf/domain_capabilities.h | 12 + src/conf/domain_conf.c | 16 + src/conf/domain_conf.h | 7 + src/conf/domain_validate.c | 1 + src/conf/schemas/domaincaps.rng | 14 + src/conf/schemas/domaincommon.rng | 14 + src/conf/virconftypes.h | 2 + src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 145 + src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_cgroup.c | 2 + src/qemu/qemu_command.c | 32 + src/qemu/qemu_driver.c | 2 + src/qemu/qemu_firmware.c | 1 + src/qemu/qemu_monitor.c | 10 + src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 98 + src/qemu/qemu_monitor_json.h | 4 + src/qemu/qemu_namespace.c | 2 + src/qemu/qemu_process.c | 4 + src/qemu/qemu_validate.c | 4 + src/security/security_dac.c | 2 + .../qemu_9.1.0-virt.aarch64.xml | 243 + tests/domaincapsdata/qemu_9.1.0.aarch64.xml | 243 + .../caps_9.1.0_aarch64.replies | 36222 ++++++++++++++++ .../caps_9.1.0_aarch64.xml | 540 + .../launch-security-cca.aarch64-latest.args | 30 + .../launch-security-cca.aarch64-latest.xml | 24 + tests/qemuxmlconfdata/launch-security-cca.xml | 16 + tests/qemuxmlconftest.c | 2 + 33 files changed, 37802 insertions(+), 1 deletion(-) create mode 100644 tests/domaincapsdata/qemu_9.1.0-virt.aarch64.xml create mode 100644 tests/domaincapsdata/qemu_9.1.0.aarch64.xml create mode 100644 tests/qemucapabilitiesdata/caps_9.1.0_aarch64.replies create mode 100644 tests/qemucapabilitiesdata/caps_9.1.0_aarch64.xml create mode 100644 tests/qemuxmlconfdata/launch-security-cca.aarch64-latest.args create mode 100644 tests/qemuxmlconfdata/launch-security-cca.aarch64-latest.xml create mode 100644 tests/qemuxmlconfdata/launch-security-cca.xml -- 2.34.1

1 0

Re: [PATCH 2/2] tests: Add capabilities for QEMU 10.0 (unreleased) on aarch64
by Matt Ochs 28 Feb '25

28 Feb '25

Thanks for updating this Andrea! Tested-by: Matthew R. Ochs <mochs(a)nvidia.com>

1 0

[PATCH] NEWS: Document crasher fix in crash in qemuDomainCheckCPU
by Jiri Denemark 28 Feb '25

28 Feb '25

Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- NEWS.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index ee4eac183e..cf16d894f6 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -85,6 +85,13 @@ v11.1.0 (unreleased) adds corresponding devices into a per-domain profile so that AppArmor does not deny QEMU access to them. + * qemu: Fix crash when starting a domain on a host with unknown host CPU + + On hosts where we cannot detect a host CPU model (mostly aarch64 hosts) + starting a domain with a custom CPU model caused a crash of virtqemud. + + The bug was introduced in libvirt-10.9.0 + v11.0.0 (2025-01-15) ==================== -- 2.48.1

2 2

[PATCH 0/2] tests: Add capabilities for QEMU 10.0 on aarch64
by Andrea Bolognani 28 Feb '25

28 Feb '25

Andrea Bolognani (2): tests: Use collie instead of borzoi for aarch64 tests tests: Add capabilities for QEMU 10.0 (unreleased) on aarch64 .../qemu_10.0.0-virt.aarch64.xml | 238 + tests/domaincapsdata/qemu_10.0.0.aarch64.xml | 238 + .../caps_10.0.0_aarch64.replies | 37374 ++++++++++++++++ .../caps_10.0.0_aarch64.xml | 552 + ...arch64-cpu-passthrough.aarch64-latest.args | 5 +- .../aarch64-kvm-32-on-64.aarch64-latest.args | 5 +- .../aarch64-noacpi-acpi.aarch64-latest.err | 2 +- tests/qemuxmlconfdata/aarch64-noacpi-acpi.xml | 2 +- ...usb-minimal.aarch64-latest.abi-update.args | 3 +- ...ousb-minimal.aarch64-latest.abi-update.xml | 2 +- .../aarch64-nousb-minimal.aarch64-latest.args | 3 +- .../aarch64-nousb-minimal.aarch64-latest.xml | 2 +- .../qemuxmlconfdata/aarch64-nousb-minimal.xml | 2 +- .../aarch64-virt-graphics.aarch64-latest.args | 5 +- ...h64-virt-headless-mmio.aarch64-latest.args | 5 +- .../aarch64-virt-headless.aarch64-latest.args | 5 +- .../aarch64-virt-virtio.aarch64-latest.args | 5 +- ...o-pci-manual-addresses.aarch64-latest.args | 5 +- .../arm-vexpressa9-basic.aarch64-latest.args | 1 - .../arm-vexpressa9-basic.aarch64-latest.xml | 3 - .../arm-vexpressa9-nodevs.aarch64-latest.args | 1 - .../arm-vexpressa9-nodevs.aarch64-latest.xml | 3 - .../arm-vexpressa9-virtio.aarch64-latest.args | 6 +- .../arm-vexpressa9-virtio.aarch64-latest.xml | 3 - .../disk-arm-virtio-sd.aarch64-latest.args | 1 - .../disk-arm-virtio-sd.aarch64-latest.xml | 3 - ...mware-auto-efi-aarch64.aarch64-latest.args | 5 +- ...-loader-raw.aarch64-latest.abi-update.args | 5 +- ...-efi-format-loader-raw.aarch64-latest.args | 5 +- ...i-aarch64-legacy-paths.aarch64-latest.args | 5 +- ...anual-efi-acpi-aarch64.aarch64-latest.args | 5 +- ...ual-efi-noacpi-aarch64.aarch64-latest.args | 5 +- .../pvpanic-pci-aarch64.aarch64-latest.args | 5 +- ...pci-no-address-aarch64.aarch64-latest.args | 5 +- ...default-fallback-nousb.aarch64-latest.args | 3 +- ...-default-fallback-nousb.aarch64-latest.xml | 2 +- ...ntroller-default-nousb.aarch64-latest.args | 3 +- ...ontroller-default-nousb.aarch64-latest.xml | 2 +- .../usb-controller-default-nousb.xml | 2 +- ...ault-unavailable-nousb.aarch64-latest.args | 3 +- ...fault-unavailable-nousb.aarch64-latest.xml | 2 +- .../virtio-iommu-aarch64.aarch64-latest.args | 5 +- tests/qemuxmlconftest.c | 2 +- 43 files changed, 38456 insertions(+), 82 deletions(-) create mode 100644 tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml create mode 100644 tests/domaincapsdata/qemu_10.0.0.aarch64.xml create mode 100644 tests/qemucapabilitiesdata/caps_10.0.0_aarch64.replies create mode 100644 tests/qemucapabilitiesdata/caps_10.0.0_aarch64.xml -- 2.48.1

1 3

[PATCH] NEWS: Document features/improvements/bug fixes I've participated in
by Michal Privoznik 27 Feb '25

27 Feb '25

There are some features/improvements/bug fixes I've either contributed or reviewed/merged. Document them for upcoming release. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- NEWS.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 7984f358f3..ee4eac183e 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -72,6 +72,19 @@ v11.1.0 (unreleased) * **Bug fixes** + * tools: ssh-proxy: Check if domain is running before connecting to it + + If domain is not running but has a static CID configured for its VSOCK then + the ssh-proxy parsed it anyways. This may have resulted in mistakenly + connecting to a different domain. Domain status is checked before parsing + its CID. + + * apparmor: Allow SGX if configured + + If domain has ``<memory model='sgx-epc'\>`` configured then libvirt now + adds corresponding devices into a per-domain profile so that AppArmor does + not deny QEMU access to them. + v11.0.0 (2025-01-15) ==================== -- 2.45.3

2 1

[libvirt PATCH] qemu: snapshot: error out early when reverting snapshot for VM with non-file disk
by Pavel Hrdina 27 Feb '25

27 Feb '25

Before this patch the code would start the revert process by destroying the VM and preparing to revert where it would fail with following error: error: unsupported configuration: source for disk 'sdb' is not a regular file; refusing to generate external snapshot name and leaving user with offline VM even if it was running. Make the check before we start the revert process to not destroy VMs. Resolves: https://issues.redhat.com/browse/RHEL-30971 Resolves: https://issues.redhat.com/browse/RHEL-79928 Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- src/qemu/qemu_snapshot.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c index f7d6272907..c5f70f5b10 100644 --- a/src/qemu/qemu_snapshot.c +++ b/src/qemu/qemu_snapshot.c @@ -2205,6 +2205,8 @@ qemuSnapshotRevertValidate(virDomainObj *vm, virDomainSnapshotDef *snapdef, unsigned int flags) { + size_t i; + if (!vm->persistent && snapdef->state != VIR_DOMAIN_SNAPSHOT_RUNNING && snapdef->state != VIR_DOMAIN_SNAPSHOT_PAUSED && @@ -2232,6 +2234,17 @@ qemuSnapshotRevertValidate(virDomainObj *vm, } } + for (i = 0; i < snap->def->dom->ndisks; i++) { + virDomainDiskDef *disk = snap->def->dom->disks[i]; + + if (disk->src->type != VIR_STORAGE_TYPE_FILE) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, + _("source disk for '%1$s' is not a regural file, reverting to snapshot is not supported"), + disk->dst); + return -1; + } + } + return 0; } -- 2.48.1

2 3

Entering freeze for libvirt-11.1.0
by Jiri Denemark 27 Feb '25

27 Feb '25

I have just tagged v11.1.0-rc1 in the repository and pushed signed tarballs to https://download.libvirt.org/ Please give the release candidate some testing and in case you find a serious issue which should have a fix in the upcoming release, feel free to reply to this thread to make sure the issue is more visible. If you have not done so yet, please update NEWS.rst to document any significant change you made since the last release. Thanks, Jirka

1 1