[libvirt] [libvirt-go-xml PATCH v2 0/2] Add support for domain launch security
since v1: - added a launch security subtype for SEV to avoid having a 'type' XML attribute Erik Skultety (2): Add support for domain launch security Add support for SEV in domain capabilities XML domain.go | 162 ++++++++++++++++++++++++++++++++++++++++++++++++- domain_capabilities.go | 7 +++ 2 files changed, 168 insertions(+), 1 deletion(-) -- 2.14.4
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain.go | 162 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 161 insertions(+), 1 deletion(-) diff --git a/domain.go b/domain.go index aeeb24a..c910962 100644 --- a/domain.go +++ b/domain.go @@ -1863,6 +1863,18 @@ type DomainFeatureCapability struct { State string `xml:"state,attr,omitempty"` } +type DomainLaunchSecurity struct { + SEV *DomainLaunchSecuritySEV `xml:"-"` +} + +type DomainLaunchSecuritySEV struct { + CBitPos *uint `xml:"cbitpos"` + ReducedPhysBits *uint `xml:"reducedPhysBits"` + Policy *uint `xml:"policy"` + DHCert string `xml:"dhCert"` + Session string `xml:"sesion"` +} + type DomainFeatureCapabilities struct { Policy string `xml:"policy,attr,omitempty"` AuditControl *DomainFeatureCapability `xml:"audit_control"` @@ -2182,7 +2194,8 @@ type Domain struct { QEMUCommandline *DomainQEMUCommandline LXCNamespace *DomainLXCNamespace VMWareDataCenterPath *DomainVMWareDataCenterPath - KeyWrap *DomainKeyWrap `xml:"keywrap"` + KeyWrap *DomainKeyWrap `xml:"keywrap"` + LaunchSecurity *DomainLaunchSecurity `xml:"launchSecurity"` } func (d *Domain) Unmarshal(doc string) error { @@ -4864,3 +4877,150 @@ func (d *DomainCPU) Marshal() (string, error) { } return string(doc), nil } + +func (a *DomainLaunchSecuritySEV) MarshalXML (e *xml.Encoder, start xml.StartElement) error { + e.EncodeToken(start) + cbitpos := xml.StartElement{ + Name: xml.Name{Local: "cbitpos"}, + } + e.EncodeToken(cbitpos) + e.EncodeToken(xml.CharData(fmt.Sprintf("%d", *a.CBitPos))) + e.EncodeToken(cbitpos.End()) + + reducedPhysBits := xml.StartElement{ + Name: xml.Name{Local: "reducedPhysBits"}, + } + e.EncodeToken(reducedPhysBits) + e.EncodeToken(xml.CharData(fmt.Sprintf("%d", *a.ReducedPhysBits))) + e.EncodeToken(reducedPhysBits.End()) + + if a.Policy != nil { + policy := xml.StartElement{ + Name: xml.Name{Local: "policy"}, + } + e.EncodeToken(policy) + e.EncodeToken(xml.CharData(fmt.Sprintf("0x%04x", *a.Policy))) + e.EncodeToken(policy.End()) + } + + dhcert := xml.StartElement{ + Name: xml.Name{Local: "dhCert"}, + } + e.EncodeToken(dhcert) + e.EncodeToken(xml.CharData(fmt.Sprintf("%s", a.DHCert))) + e.EncodeToken(dhcert.End()) + + session := xml.StartElement{ + Name: xml.Name{Local: "session"}, + } + e.EncodeToken(session) + e.EncodeToken(xml.CharData(fmt.Sprintf("%s", a.Session))) + e.EncodeToken(session.End()) + + e.EncodeToken(start.End()) + + return nil +} + +func (a *DomainLaunchSecuritySEV) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error { + for { + tok, err := d.Token() + if err == io.EOF { + break + } + if err != nil { + return err + } + + switch tok := tok.(type) { + case xml.StartElement: + if tok.Name.Local == "policy" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + if err := unmarshalUintAttr(string(data), &a.Policy, 16); err != nil { + return err + } + } + } else if tok.Name.Local == "cbitpos" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + if err := unmarshalUintAttr(string(data), &a.CBitPos, 10); err != nil { + return err + } + } + } else if tok.Name.Local == "reducedPhysBits" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + if err := unmarshalUintAttr(string(data), &a.ReducedPhysBits, 10); err != nil { + return err + } + } + } else if tok.Name.Local == "dhCert" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + a.DHCert = string(data) + } + } else if tok.Name.Local == "session" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + a.Session = string(data) + } + } + } + } + return nil +} + +func (a *DomainLaunchSecurity) MarshalXML(e *xml.Encoder, start xml.StartElement) error { + + if a.SEV != nil { + start.Attr = append(start.Attr, xml.Attr{ + xml.Name{Local: "type"}, "sev", + }) + return e.EncodeElement(a.SEV, start) + } else { + return nil + } + +} + +func (a *DomainLaunchSecurity) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error { + var typ string + for _, attr := range start.Attr { + if attr.Name.Local == "type" { + typ = attr.Value + } + } + + if typ == "" { + d.Skip() + return nil + } + + if typ == "sev" { + a.SEV = &DomainLaunchSecuritySEV{} + return d.DecodeElement(a.SEV, &start) + } + + return nil +} -- 2.14.4
On Mon, Jun 18, 2018 at 09:05:59AM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain.go | 162 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 161 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Daniel P. Berrangé --- domain_capabilities.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/domain_capabilities.go b/domain_capabilities.go index 3f5a752..0faa06a 100644 --- a/domain_capabilities.go +++ b/domain_capabilities.go @@ -106,6 +106,7 @@ type DomainCapsFeatures struct { GIC *DomainCapsFeatureGIC `xml:"gic"` VMCoreInfo *DomainCapsFeatureVMCoreInfo `xml:"vmcoreinfo"` GenID *DomainCapsFeatureGenID `xml:"genid"` + SEV *DomainCapsFeatureSEV `xml:"sev"` } type DomainCapsFeatureGIC struct { @@ -121,6 +122,12 @@ type DomainCapsFeatureGenID struct { Supported string `xml:"supported,attr"` } +type DomainCapsFeatureSEV struct { + Supported string `xml:"supported,attr"` + CBitPos uint `xml:"cbitpos,omitempty"` + ReducedPhysBits uint `xml:"reducedPhysBits,omitempty"` +} + func (c *DomainCaps) Unmarshal(doc string) error { return xml.Unmarshal([]byte(doc), c) } -- 2.14.4
On Mon, Jun 18, 2018 at 09:06:00AM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Daniel P. Berrangé
Lost my email address here. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
--- domain_capabilities.go | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/domain_capabilities.go b/domain_capabilities.go index 3f5a752..0faa06a 100644 --- a/domain_capabilities.go +++ b/domain_capabilities.go @@ -106,6 +106,7 @@ type DomainCapsFeatures struct { GIC *DomainCapsFeatureGIC `xml:"gic"` VMCoreInfo *DomainCapsFeatureVMCoreInfo `xml:"vmcoreinfo"` GenID *DomainCapsFeatureGenID `xml:"genid"` + SEV *DomainCapsFeatureSEV `xml:"sev"` }
type DomainCapsFeatureGIC struct { @@ -121,6 +122,12 @@ type DomainCapsFeatureGenID struct { Supported string `xml:"supported,attr"` }
+type DomainCapsFeatureSEV struct { + Supported string `xml:"supported,attr"` + CBitPos uint `xml:"cbitpos,omitempty"` + ReducedPhysBits uint `xml:"reducedPhysBits,omitempty"` +} + func (c *DomainCaps) Unmarshal(doc string) error { return xml.Unmarshal([]byte(doc), c) } -- 2.14.4
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Mon, Jun 18, 2018 at 01:15:54PM +0100, Daniel P. Berrangé wrote:
On Mon, Jun 18, 2018 at 09:06:00AM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Daniel P. Berrangé
Lost my email address here.
Oops, fixed. Thanks a lot for your help and guidance introducing the bindings. Erik
participants (2)
-
Daniel P. Berrangé -
Erik Skultety