[libvirt] [libvirt-go-xml PATCH 0/2] Add support for the AMD SEV feature
*** BLURB HERE *** Erik Skultety (2): Add support for domain launch security Add support for SEV in domain capabilities XML domain.go | 135 ++++++++++++++++++++++++++++++++++++++++++++++++- domain_capabilities.go | 7 +++ 2 files changed, 141 insertions(+), 1 deletion(-) -- 2.14.4
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain.go | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 134 insertions(+), 1 deletion(-) diff --git a/domain.go b/domain.go index aeeb24a..27e2fdc 100644 --- a/domain.go +++ b/domain.go @@ -1863,6 +1863,15 @@ type DomainFeatureCapability struct { State string `xml:"state,attr,omitempty"` } +type DomainLaunchSecurity struct { + Sectype string `xml:"type,attr"` + Cbitpos *uint `xml:"cbitpos"` + ReducedPhysBits *uint `xml:"reducedPhysBits"` + Policy *uint `xml:"policy"` + DhCert string `xml:"dhCert"` + Session string `xml:"sesion"` +} + type DomainFeatureCapabilities struct { Policy string `xml:"policy,attr,omitempty"` AuditControl *DomainFeatureCapability `xml:"audit_control"` @@ -2182,7 +2191,8 @@ type Domain struct { QEMUCommandline *DomainQEMUCommandline LXCNamespace *DomainLXCNamespace VMWareDataCenterPath *DomainVMWareDataCenterPath - KeyWrap *DomainKeyWrap `xml:"keywrap"` + KeyWrap *DomainKeyWrap `xml:"keywrap"` + LaunchSecurity *DomainLaunchSecurity `xml:"launchSecurity"` } func (d *Domain) Unmarshal(doc string) error { @@ -4864,3 +4874,126 @@ func (d *DomainCPU) Marshal() (string, error) { } return string(doc), nil } + +func (a *DomainLaunchSecurity) MarshalXML(e *xml.Encoder, start xml.StartElement) error { + start.Attr = append(start.Attr, xml.Attr{ + xml.Name{Local: "type"}, "sev", + }) + + e.EncodeToken(start) + cbitpos := xml.StartElement{ + Name: xml.Name{Local: "cbitpos"}, + } + e.EncodeToken(cbitpos) + e.EncodeToken(xml.CharData(fmt.Sprintf("%d", *a.Cbitpos))) + e.EncodeToken(cbitpos.End()) + + reducedPhysBits := xml.StartElement{ + Name: xml.Name{Local: "reducedPhysBits"}, + } + e.EncodeToken(reducedPhysBits) + e.EncodeToken(xml.CharData(fmt.Sprintf("%d", *a.ReducedPhysBits))) + e.EncodeToken(reducedPhysBits.End()) + + if a.Policy != nil { + policy := xml.StartElement{ + Name: xml.Name{Local: "policy"}, + } + e.EncodeToken(policy) + e.EncodeToken(xml.CharData(fmt.Sprintf("0x%04x", *a.Policy))) + e.EncodeToken(policy.End()) + } + + dhcert := xml.StartElement{ + Name: xml.Name{Local: "dhCert"}, + } + e.EncodeToken(dhcert) + e.EncodeToken(xml.CharData(fmt.Sprintf("%s", a.DhCert))) + e.EncodeToken(dhcert.End()) + + session := xml.StartElement{ + Name: xml.Name{Local: "session"}, + } + e.EncodeToken(session) + e.EncodeToken(xml.CharData(fmt.Sprintf("%s", a.Session))) + e.EncodeToken(session.End()) + + e.EncodeToken(start.End()) + + return nil +} + +func (a *DomainLaunchSecurity) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error { + for _, attr := range start.Attr { + if attr.Name.Local == "type" { + a.Sectype = attr.Value + } + } + + for { + tok, err := d.Token() + if err == io.EOF { + break + } + if err != nil { + return err + } + + switch tok := tok.(type) { + case xml.StartElement: + if tok.Name.Local == "policy" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + if err := unmarshalUintAttr(string(data), &a.Policy, 16); err != nil { + return err + } + } + } else if tok.Name.Local == "cbitpos" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + if err := unmarshalUintAttr(string(data), &a.Cbitpos, 10); err != nil { + return err + } + } + } else if tok.Name.Local == "reducedPhysBits" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + if err := unmarshalUintAttr(string(data), &a.ReducedPhysBits, 10); err != nil { + return err + } + } + } else if tok.Name.Local == "dhCert" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + a.DhCert = string(data) + } + } else if tok.Name.Local == "session" { + data, err := d.Token() + if err != nil { + return err + } + switch data := data.(type) { + case xml.CharData: + a.Session = string(data) + } + } + } + } + return nil +} -- 2.14.4
On Thu, Jun 14, 2018 at 04:30:29PM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain.go | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 134 insertions(+), 1 deletion(-)
diff --git a/domain.go b/domain.go index aeeb24a..27e2fdc 100644 --- a/domain.go +++ b/domain.go @@ -1863,6 +1863,15 @@ type DomainFeatureCapability struct { State string `xml:"state,attr,omitempty"` }
+type DomainLaunchSecurity struct { + Sectype string `xml:"type,attr"` + Cbitpos *uint `xml:"cbitpos"`
s/Cbitpos/CBitPos/
+ ReducedPhysBits *uint `xml:"reducedPhysBits"` + Policy *uint `xml:"policy"` + DhCert string `xml:"dhCert"`
s/DhCert/DHCert/ since 'dh' is an acronym
+ Session string `xml:"sesion"` +} + type DomainFeatureCapabilities struct { Policy string `xml:"policy,attr,omitempty"` AuditControl *DomainFeatureCapability `xml:"audit_control"` @@ -2182,7 +2191,8 @@ type Domain struct { QEMUCommandline *DomainQEMUCommandline LXCNamespace *DomainLXCNamespace VMWareDataCenterPath *DomainVMWareDataCenterPath - KeyWrap *DomainKeyWrap `xml:"keywrap"` + KeyWrap *DomainKeyWrap `xml:"keywrap"` + LaunchSecurity *DomainLaunchSecurity `xml:"launchSecurity"` }
func (d *Domain) Unmarshal(doc string) error {
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Thu, Jun 14, 2018 at 04:54:43PM +0100, Daniel P. Berrangé wrote:
On Thu, Jun 14, 2018 at 04:30:29PM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain.go | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 134 insertions(+), 1 deletion(-)
diff --git a/domain.go b/domain.go index aeeb24a..27e2fdc 100644 --- a/domain.go +++ b/domain.go @@ -1863,6 +1863,15 @@ type DomainFeatureCapability struct { State string `xml:"state,attr,omitempty"` }
+type DomainLaunchSecurity struct { + Sectype string `xml:"type,attr"`
Oh, actually I forgot that I aim to avoid ever exposing "type" attributes in the XML - they are a sign that we need to use a union. IOW, we would want type DomainLaunchSecurity struct { SEV *DomainLaunchSecuritySEV } And DomainLaunchSecuritySEV would contain the rest of the fields below - this requires more magic MarshalXML/UnmarshalXML helpers to create/serialize the SEV struct depending on 'type' value. If you want a simple example of how this is done which is a good fit with DomainLaunchSecurity, take a look at NetworkForwardAddress and NetworkForwardAddressPCI structs, in the network.go file, and their corresponding MarshalXML/UnmarshalXML methods.
+ Cbitpos *uint `xml:"cbitpos"`
s/Cbitpos/CBitPos/
+ ReducedPhysBits *uint `xml:"reducedPhysBits"` + Policy *uint `xml:"policy"` + DhCert string `xml:"dhCert"`
s/DhCert/DHCert/ since 'dh' is an acronym
+ Session string `xml:"sesion"` +} + type DomainFeatureCapabilities struct { Policy string `xml:"policy,attr,omitempty"` AuditControl *DomainFeatureCapability `xml:"audit_control"` @@ -2182,7 +2191,8 @@ type Domain struct { QEMUCommandline *DomainQEMUCommandline LXCNamespace *DomainLXCNamespace VMWareDataCenterPath *DomainVMWareDataCenterPath - KeyWrap *DomainKeyWrap `xml:"keywrap"` + KeyWrap *DomainKeyWrap `xml:"keywrap"` + LaunchSecurity *DomainLaunchSecurity `xml:"launchSecurity"` }
func (d *Domain) Unmarshal(doc string) error {
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain_capabilities.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/domain_capabilities.go b/domain_capabilities.go index 3f5a752..4844fd9 100644 --- a/domain_capabilities.go +++ b/domain_capabilities.go @@ -106,6 +106,7 @@ type DomainCapsFeatures struct { GIC *DomainCapsFeatureGIC `xml:"gic"` VMCoreInfo *DomainCapsFeatureVMCoreInfo `xml:"vmcoreinfo"` GenID *DomainCapsFeatureGenID `xml:"genid"` + SEV *DomainCapsFeatureSEV `xml:"sev"` } type DomainCapsFeatureGIC struct { @@ -121,6 +122,12 @@ type DomainCapsFeatureGenID struct { Supported string `xml:"supported,attr"` } +type DomainCapsFeatureSEV struct { + Supported string `xml:"supported,attr"` + Cbitpos uint `xml:"cbitpos,omitempty"` + ReducedPhysBits uint `xml:"reducedPhysBits,omitempty"` +} + func (c *DomainCaps) Unmarshal(doc string) error { return xml.Unmarshal([]byte(doc), c) } -- 2.14.4
On Thu, Jun 14, 2018 at 04:30:30PM +0200, Erik Skultety wrote:
Signed-off-by: Erik Skultety <eskultet@redhat.com> --- domain_capabilities.go | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/domain_capabilities.go b/domain_capabilities.go index 3f5a752..4844fd9 100644 --- a/domain_capabilities.go +++ b/domain_capabilities.go @@ -106,6 +106,7 @@ type DomainCapsFeatures struct { GIC *DomainCapsFeatureGIC `xml:"gic"` VMCoreInfo *DomainCapsFeatureVMCoreInfo `xml:"vmcoreinfo"` GenID *DomainCapsFeatureGenID `xml:"genid"` + SEV *DomainCapsFeatureSEV `xml:"sev"` }
type DomainCapsFeatureGIC struct { @@ -121,6 +122,12 @@ type DomainCapsFeatureGenID struct { Supported string `xml:"supported,attr"` }
+type DomainCapsFeatureSEV struct { + Supported string `xml:"supported,attr"` + Cbitpos uint `xml:"cbitpos,omitempty"`
s/Cbitpos/CBitPos/
+ ReducedPhysBits uint `xml:"reducedPhysBits,omitempty"` +} +
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (2)
-
Daniel P. Berrangé -
Erik Skultety