[libvirt] [libvirt-go PATCH 0/2] Add bindings for recent libvirt SEV APIs
*** BLURB HERE *** Erik Skultety (2): Add support for AMD SEV launch security info Add support for AMD SEV platform info connect.go | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ connect_compat.go | 12 +++++++++++ connect_compat.h | 7 +++++++ domain.go | 41 ++++++++++++++++++++++++++++++++++++++ domain_compat.go | 13 ++++++++++++ domain_compat.h | 6 ++++++ 6 files changed, 138 insertions(+) -- 2.14.4
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain.go | 41 +++++++++++++++++++++++++++++++++++++++++ domain_compat.go | 13 +++++++++++++ domain_compat.h | 6 ++++++ 3 files changed, 60 insertions(+) diff --git a/domain.go b/domain.go index a3049aa..6499cfa 100644 --- a/domain.go +++ b/domain.go @@ -4573,3 +4573,44 @@ func (d *Domain) SetLifecycleAction(lifecycleType uint32, action uint32, flags u return nil } + +type DomainLaunchSecurityParameters struct { + SevMeasurementSet bool + SevMeasurement string +} + +func getDomainLaunchSecurityFieldInfo(params *DomainLaunchSecurityParameters) map[string]typedParamsFieldInfo { + return map[string]typedParamsFieldInfo{ + C.VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT: typedParamsFieldInfo{ + set: ¶ms.SevMeasurementSet, + s: ¶ms.SevMeasurement, + }, + } +} + +// See also https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainGetLaunchSecur... +func (d *Domain) GetLaunchSecurityInfo(flags uint32) (*DomainLaunchSecurityParameters, error) { + if C.LIBVIR_VERSION_NUMBER < 4005000 { + return nil, GetNotImplementedError("virDomainGetLaunchSecurityInfo") + } + + params := &DomainLaunchSecurityParameters{} + info := getDomainLaunchSecurityFieldInfo(params) + + var cparams *C.virTypedParameter + var nparams C.int + + ret := C.virDomainGetLaunchSecurityInfoCompat(d.ptr, (*C.virTypedParameterPtr)(unsafe.Pointer(&cparams)), &nparams, C.uint(flags)) + if ret == -1 { + return nil, GetLastError() + } + + defer C.virTypedParamsFree(cparams, nparams) + + _, err := typedParamsUnpackLen(cparams, int(nparams), info) + if err != nil { + return nil, err + } + + return params, nil +} diff --git a/domain_compat.go b/domain_compat.go index a46a9c7..73a6db9 100644 --- a/domain_compat.go +++ b/domain_compat.go @@ -367,5 +367,18 @@ int virDomainDetachDeviceAliasCompat(virDomainPtr domain, return virDomainDetachDeviceAlias(domain, alias, flags); #endif } + +int virDomainGetLaunchSecurityInfoCompat(virDomainPtr domain, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ +#if LIBVIR_VERSION_NUMBER < 4005000 + assert(0); // Caller should have checked version +#else + return virDomainGetLaunchSecurityInfo(domain, params, nparams, flags); +#endif +} + */ import "C" diff --git a/domain_compat.h b/domain_compat.h index 55d7e13..5c93ef5 100644 --- a/domain_compat.h +++ b/domain_compat.h @@ -1035,5 +1035,11 @@ int virDomainDetachDeviceAliasCompat(virDomainPtr domain, const char *alias, unsigned int flags); +/* 4.5.0 */ + +int virDomainGetLaunchSecurityInfoCompat(virDomainPtr domain, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags); #endif /* LIBVIRT_GO_DOMAIN_COMPAT_H__ */ -- 2.14.4
On Thu, Jun 14, 2018 at 04:30:00PM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain.go | 41 +++++++++++++++++++++++++++++++++++++++++ domain_compat.go | 13 +++++++++++++ domain_compat.h | 6 ++++++ 3 files changed, 60 insertions(+)
diff --git a/domain.go b/domain.go index a3049aa..6499cfa 100644 --- a/domain.go +++ b/domain.go @@ -4573,3 +4573,44 @@ func (d *Domain) SetLifecycleAction(lifecycleType uint32, action uint32, flags u
return nil } + +type DomainLaunchSecurityParameters struct { + SevMeasurementSet bool + SevMeasurement string +}
Since we just changed main libvirt code to use "SEV" instead of "Sev", lets use SEV here too.
+ +func getDomainLaunchSecurityFieldInfo(params *DomainLaunchSecurityParameters) map[string]typedParamsFieldInfo { + return map[string]typedParamsFieldInfo{ + C.VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT: typedParamsFieldInfo{ + set: ¶ms.SevMeasurementSet, + s: ¶ms.SevMeasurement, + }, + } +} + +// See also https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainGetLaunchSecur... +func (d *Domain) GetLaunchSecurityInfo(flags uint32) (*DomainLaunchSecurityParameters, error) { + if C.LIBVIR_VERSION_NUMBER < 4005000 { + return nil, GetNotImplementedError("virDomainGetLaunchSecurityInfo") + } + + params := &DomainLaunchSecurityParameters{} + info := getDomainLaunchSecurityFieldInfo(params) + + var cparams *C.virTypedParameter + var nparams C.int + + ret := C.virDomainGetLaunchSecurityInfoCompat(d.ptr, (*C.virTypedParameterPtr)(unsafe.Pointer(&cparams)), &nparams, C.uint(flags)) + if ret == -1 { + return nil, GetLastError() + } + + defer C.virTypedParamsFree(cparams, nparams) + + _, err := typedParamsUnpackLen(cparams, int(nparams), info) + if err != nil { + return nil, err + } + + return params, nil +} diff --git a/domain_compat.go b/domain_compat.go index a46a9c7..73a6db9 100644 --- a/domain_compat.go +++ b/domain_compat.go @@ -367,5 +367,18 @@ int virDomainDetachDeviceAliasCompat(virDomainPtr domain, return virDomainDetachDeviceAlias(domain, alias, flags); #endif } + +int virDomainGetLaunchSecurityInfoCompat(virDomainPtr domain, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ +#if LIBVIR_VERSION_NUMBER < 4005000 + assert(0); // Caller should have checked version +#else + return virDomainGetLaunchSecurityInfo(domain, params, nparams, flags); +#endif +} + */ import "C" diff --git a/domain_compat.h b/domain_compat.h index 55d7e13..5c93ef5 100644 --- a/domain_compat.h +++ b/domain_compat.h @@ -1035,5 +1035,11 @@ int virDomainDetachDeviceAliasCompat(virDomainPtr domain, const char *alias, unsigned int flags);
+/* 4.5.0 */ + +int virDomainGetLaunchSecurityInfoCompat(virDomainPtr domain, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags);
#endif /* LIBVIRT_GO_DOMAIN_COMPAT_H__ */
With the s/Sev/SEV/, then Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- connect.go | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ connect_compat.go | 12 +++++++++++ connect_compat.h | 7 +++++++ 3 files changed, 78 insertions(+) diff --git a/connect.go b/connect.go index e3e643e..8bb5fe6 100644 --- a/connect.go +++ b/connect.go @@ -2765,3 +2765,62 @@ func (c *Connect) GetAllDomainStats(doms []*Domain, statsTypes DomainStatsTypes, return stats, nil } + +type NodeSEVParameters struct { + PdhSet bool + Pdh string + CertChainSet bool + CertChain string + CbitposSet bool + Cbitpos uint + ReducedPhysBitsSet bool + ReducedPhysBits uint +} + +func getNodeSEVFieldInfo(params *NodeSEVParameters) map[string]typedParamsFieldInfo { + return map[string]typedParamsFieldInfo{ + C.VIR_NODE_SEV_PDH: typedParamsFieldInfo{ + set: ¶ms.PdhSet, + s: ¶ms.Pdh, + }, + C.VIR_NODE_SEV_CERT_CHAIN: typedParamsFieldInfo{ + set: ¶ms.CertChainSet, + s: ¶ms.CertChain, + }, + C.VIR_NODE_SEV_CBITPOS: typedParamsFieldInfo{ + set: ¶ms.CbitposSet, + ui: ¶ms.Cbitpos, + }, + C.VIR_NODE_SEV_REDUCED_PHYS_BITS: typedParamsFieldInfo{ + set: ¶ms.ReducedPhysBitsSet, + ui: ¶ms.ReducedPhysBits, + }, + } +} + +// See also https://libvirt.org/html/libvirt-libvirt-host.html#virNodeGetSEVInfo +func (c *Connect) GetSEVInfo(flags uint32) (*NodeSEVParameters, error) { + if C.LIBVIR_VERSION_NUMBER < 4005000 { + return nil, GetNotImplementedError("virNodeGetSEVInfo") + } + + params := &NodeSEVParameters{} + info := getNodeSEVFieldInfo(params) + + var cparams *C.virTypedParameter + var nparams C.int + + ret := C.virNodeGetSEVInfoCompat(c.ptr, (*C.virTypedParameterPtr)(unsafe.Pointer(&cparams)), &nparams, C.uint(flags)) + if ret == -1 { + return nil, GetLastError() + } + + defer C.virTypedParamsFree(cparams, nparams) + + _, err := typedParamsUnpackLen(cparams, int(nparams), info) + if err != nil { + return nil, err + } + + return params, nil +} diff --git a/connect_compat.go b/connect_compat.go index 617bc4a..544def2 100644 --- a/connect_compat.go +++ b/connect_compat.go @@ -157,5 +157,17 @@ int virConnectCompareHypervisorCPUCompat(virConnectPtr conn, #endif } +int virNodeGetSEVInfoCompat(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ +#if LIBVIR_VERSION_NUMBER < 4005000 + assert(0); // Caller should have checked version +#else + return virNodeGetSEVInfo(conn, params, nparams, flags); +#endif +} + */ import "C" diff --git a/connect_compat.h b/connect_compat.h index 432ed0c..cd6d678 100644 --- a/connect_compat.h +++ b/connect_compat.h @@ -236,4 +236,11 @@ int virConnectCompareHypervisorCPUCompat(virConnectPtr conn, const char *xmlCPU, unsigned int flags); +/* 4.5.0 */ + +int virNodeGetSEVInfoCompat(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags); + #endif /* LIBVIRT_GO_CONNECT_COMPAT_H__ */ -- 2.14.4
On Thu, Jun 14, 2018 at 04:30:01PM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- connect.go | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ connect_compat.go | 12 +++++++++++ connect_compat.h | 7 +++++++ 3 files changed, 78 insertions(+)
diff --git a/connect.go b/connect.go index e3e643e..8bb5fe6 100644 --- a/connect.go +++ b/connect.go @@ -2765,3 +2765,62 @@ func (c *Connect) GetAllDomainStats(doms []*Domain, statsTypes DomainStatsTypes,
return stats, nil } + +type NodeSEVParameters struct { + PdhSet bool + Pdh string
Lets s/Pdh/PDH/ since its an acronym
+ CertChainSet bool + CertChain string + CbitposSet bool + Cbitpos uint
and s/Cbitpos/CBitPos/
+ ReducedPhysBitsSet bool + ReducedPhysBits uint +} + +func getNodeSEVFieldInfo(params *NodeSEVParameters) map[string]typedParamsFieldInfo { + return map[string]typedParamsFieldInfo{ + C.VIR_NODE_SEV_PDH: typedParamsFieldInfo{ + set: ¶ms.PdhSet, + s: ¶ms.Pdh, + }, + C.VIR_NODE_SEV_CERT_CHAIN: typedParamsFieldInfo{ + set: ¶ms.CertChainSet, + s: ¶ms.CertChain, + }, + C.VIR_NODE_SEV_CBITPOS: typedParamsFieldInfo{ + set: ¶ms.CbitposSet, + ui: ¶ms.Cbitpos, + }, + C.VIR_NODE_SEV_REDUCED_PHYS_BITS: typedParamsFieldInfo{ + set: ¶ms.ReducedPhysBitsSet, + ui: ¶ms.ReducedPhysBits, + },
Miinor nitpick on indentation - just run gofmt over it
diff --git a/connect_compat.go b/connect_compat.go index 617bc4a..544def2 100644 --- a/connect_compat.go +++ b/connect_compat.go @@ -157,5 +157,17 @@ int virConnectCompareHypervisorCPUCompat(virConnectPtr conn, #endif }
+int virNodeGetSEVInfoCompat(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags)
Indent here too, though gofmt probably won't fix this since it is C code layer
+{ +#if LIBVIR_VERSION_NUMBER < 4005000 + assert(0); // Caller should have checked version +#else + return virNodeGetSEVInfo(conn, params, nparams, flags); +#endif +} + */ import "C"
With the few nitpicks fixed Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Thu, Jun 14, 2018 at 04:52:04PM +0100, Daniel P. Berrangé wrote:
On Thu, Jun 14, 2018 at 04:30:01PM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- connect.go | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ connect_compat.go | 12 +++++++++++ connect_compat.h | 7 +++++++ 3 files changed, 78 insertions(+)
diff --git a/connect.go b/connect.go index e3e643e..8bb5fe6 100644 --- a/connect.go +++ b/connect.go @@ -2765,3 +2765,62 @@ func (c *Connect) GetAllDomainStats(doms []*Domain, statsTypes DomainStatsTypes,
return stats, nil } + +type NodeSEVParameters struct { + PdhSet bool + Pdh string
Lets s/Pdh/PDH/ since its an acronym
+ CertChainSet bool + CertChain string + CbitposSet bool + Cbitpos uint
and s/Cbitpos/CBitPos/
+ ReducedPhysBitsSet bool + ReducedPhysBits uint +} + +func getNodeSEVFieldInfo(params *NodeSEVParameters) map[string]typedParamsFieldInfo { + return map[string]typedParamsFieldInfo{ + C.VIR_NODE_SEV_PDH: typedParamsFieldInfo{ + set: ¶ms.PdhSet, + s: ¶ms.Pdh, + }, + C.VIR_NODE_SEV_CERT_CHAIN: typedParamsFieldInfo{ + set: ¶ms.CertChainSet, + s: ¶ms.CertChain, + }, + C.VIR_NODE_SEV_CBITPOS: typedParamsFieldInfo{ + set: ¶ms.CbitposSet, + ui: ¶ms.Cbitpos, + }, + C.VIR_NODE_SEV_REDUCED_PHYS_BITS: typedParamsFieldInfo{ + set: ¶ms.ReducedPhysBitsSet, + ui: ¶ms.ReducedPhysBits, + },
Miinor nitpick on indentation - just run gofmt over it
diff --git a/connect_compat.go b/connect_compat.go index 617bc4a..544def2 100644 --- a/connect_compat.go +++ b/connect_compat.go @@ -157,5 +157,17 @@ int virConnectCompareHypervisorCPUCompat(virConnectPtr conn, #endif }
+int virNodeGetSEVInfoCompat(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags)
Indent here too, though gofmt probably won't fix this since it is C code layer
+{ +#if LIBVIR_VERSION_NUMBER < 4005000 + assert(0); // Caller should have checked version +#else + return virNodeGetSEVInfo(conn, params, nparams, flags); +#endif +} + */ import "C"
With the few nitpicks fixed
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Fixed and pushed, thanks. Erik
participants (2)
-
Daniel P. Berrangé -
Erik Skultety