[libvirt] [PATCH v2 0/4] Enable support for s390 crypto key mgmt operations
I've taken Tony's patches from here: https://www.redhat.com/archives/libvir-list/2015-April/msg01395.html polished them a bit, and resend. Tony Krowiak (4): libvirt: docs: XML to enable/disable protected key mgmt ops libvirt: conf: parse XML for protected key management ops libvirt: qemu: enable/disable protected key management ops libvirt: tests: test protected key mgmt ops support docs/formatdomain.html.in | 37 +++++ docs/schemas/domaincommon.rng | 24 ++++ src/conf/domain_conf.c | 156 +++++++++++++++++++++ src/conf/domain_conf.h | 17 +++ src/libvirt_private.syms | 2 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 73 ++++++++++ tests/qemuargv2xmltest.c | 6 + .../qemuxml2argv-machine-aeskeywrap-off-argv.args | 6 + .../qemuxml2argv-machine-aeskeywrap-off-argv.xml | 27 ++++ .../qemuxml2argv-machine-aeskeywrap-off-cap.args | 7 + .../qemuxml2argv-machine-aeskeywrap-off-cap.xml | 28 ++++ .../qemuxml2argv-machine-aeskeywrap-off-caps.args | 7 + .../qemuxml2argv-machine-aeskeywrap-off-caps.xml | 28 ++++ .../qemuxml2argv-machine-aeskeywrap-on-argv.args | 6 + .../qemuxml2argv-machine-aeskeywrap-on-argv.xml | 27 ++++ .../qemuxml2argv-machine-aeskeywrap-on-cap.args | 7 + .../qemuxml2argv-machine-aeskeywrap-on-cap.xml | 28 ++++ .../qemuxml2argv-machine-aeskeywrap-on-caps.args | 7 + .../qemuxml2argv-machine-aeskeywrap-on-caps.xml | 27 ++++ .../qemuxml2argv-machine-deakeywrap-off-argv.args | 6 + .../qemuxml2argv-machine-deakeywrap-off-argv.xml | 27 ++++ .../qemuxml2argv-machine-deakeywrap-off-cap.args | 7 + .../qemuxml2argv-machine-deakeywrap-off-cap.xml | 28 ++++ .../qemuxml2argv-machine-deakeywrap-off-caps.args | 7 + .../qemuxml2argv-machine-deakeywrap-off-caps.xml | 28 ++++ .../qemuxml2argv-machine-deakeywrap-on-argv.args | 6 + .../qemuxml2argv-machine-deakeywrap-on-argv.xml | 27 ++++ .../qemuxml2argv-machine-deakeywrap-on-cap.args | 7 + .../qemuxml2argv-machine-deakeywrap-on-cap.xml | 28 ++++ .../qemuxml2argv-machine-deakeywrap-on-caps.args | 7 + .../qemuxml2argv-machine-deakeywrap-on-caps.xml | 28 ++++ .../qemuxml2argv-machine-keywrap-none-argv.args | 6 + .../qemuxml2argv-machine-keywrap-none-argv.xml | 24 ++++ .../qemuxml2argv-machine-keywrap-none-caps.args | 7 + .../qemuxml2argv-machine-keywrap-none-caps.xml | 25 ++++ .../qemuxml2argv-machine-keywrap-none.args | 7 + .../qemuxml2argv-machine-keywrap-none.xml | 25 ++++ tests/qemuxml2argvtest.c | 81 +++++++++++ 40 files changed, 907 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.xml -- 2.3.6
From: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Two new domain configuration XML elements have been added to enable/disable the protected key management operations for a guest: <domain> ... <keywrap> <cipher name='aes|dea' state='on|off'/> </keywrap> ... </domain> Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Viktor Mihajlovski <mihajlov@de.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/formatdomain.html.in | 37 +++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 24 ++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index e0b6ba7..db3c81c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6227,6 +6227,43 @@ qemu-kvm -net nic,model=? /dev/null being on a file system that lacks security labeling. </p> + <h3><a name="keywrap" shape="rect" id="keywrap">Key Wrap</a></h3> + + <p>The content of the optional <code>keywrap</code> element specifies + whether the guest will be allowed to perform the S390 cryptographic key + management operations. A clear key can be protected by encrypting it + under a unique wrapping key that is generated for each guest VM running + on the host. Two variations of wrapping keys are generated: one version + for encrypting protected keys using the DEA/TDEA algorithm, and another + version for keys encrypted using the AES algorithm. If a + <code>keywrap</code> element is not included, the guest will be granted + access to both AES and DEA/TDEA key wrapping by default.</p> + + <pre xml:space="preserve"> +<domain> + ... + <keywrap> + <cipher name='aes' state='off'/> + <keywrap/> + ... +</domain> +</pre> + <p>At least one <code>cipher</code> element must be nested within the + <code>keywrap</code> element.</p> + <dl><dt><code>cipher</code></dt> + <dd>The <code>name</code> attribute identifies the algorithm + for encrypting a protected key. The values supported for this attribute + are <code>aes</code> for encryption under the AES wrapping key, or + <code>dea</code> for encryption under the DEA/TDEA wrapping key. The + <code>state</code> attribute indicates whether the cryptographic key + management operations should be turned on for the specified encryption + algorithm. The value can be set to <code>on</code> or <code>off</code>. + A default state of <code>on</code> will be assumed if a + <code>cipher</code> element is not included for the AES or DEA/TDEA + encryption algorithm. + </dd></dl> + + Note: DEA/TDEA is synonymous with DES/TDES. <h2><a name="examples">Example configs</a></h2> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index c151e92..1e67776 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -67,6 +67,9 @@ <optional> <ref name='qemucmdline'/> </optional> + <optional> + <ref name='keywrap'/> + </optional> </interleave> </element> </define> @@ -382,6 +385,27 @@ </element> </define> + <define name="keywrap"> + <element name="keywrap"> + <oneOrMore> + <element name="cipher"> + <attribute name="name"> + <choice> + <value>aes</value> + <value>dea</value> + </choice> + </attribute> + <attribute name="state"> + <choice> + <value>on</value> + <value>off</value> + </choice> + </attribute> + </element> + </oneOrMore> + </element> + </define> + <!-- The Identifiers can be: - an optional id attribute with a number on the domain element -- 2.3.6
On Fri, May 15, 2015 at 04:43:27PM +0200, Michal Privoznik wrote:
From: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Two new domain configuration XML elements have been added to enable/disable
They haven't been added yet :) This should be squashed in with the patch implementing XML parsing and formatting of the attributes.
the protected key management operations for a guest:
<domain> ... <keywrap> <cipher name='aes|dea' state='on|off'/> </keywrap> ... </domain>
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Viktor Mihajlovski <mihajlov@de.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/formatdomain.html.in | 37 +++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 24 ++++++++++++++++++++++++ 2 files changed, 61 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index e0b6ba7..db3c81c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6227,6 +6227,43 @@ qemu-kvm -net nic,model=? /dev/null being on a file system that lacks security labeling. </p>
+ <h3><a name="keywrap" shape="rect" id="keywrap">Key Wrap</a></h3>
Is the shape attribute needed here? We don't use it for other 'a name's.
+ + <p>The content of the optional <code>keywrap</code> element specifies + whether the guest will be allowed to perform the S390 cryptographic key + management operations. A clear key can be protected by encrypting it + under a unique wrapping key that is generated for each guest VM running + on the host. Two variations of wrapping keys are generated: one version + for encrypting protected keys using the DEA/TDEA algorithm, and another + version for keys encrypted using the AES algorithm. If a + <code>keywrap</code> element is not included, the guest will be granted + access to both AES and DEA/TDEA key wrapping by default.</p> + + <pre xml:space="preserve">
Same question about this attribute.
+<domain> + ... + <keywrap> + <cipher name='aes' state='off'/> + <keywrap/>
The / needs to be before the tag name.
+ ... +</domain> +</pre> + <p>At least one <code>cipher</code> element must be nested within the + <code>keywrap</code> element.</p> + <dl><dt><code>cipher</code></dt> + <dd>The <code>name</code> attribute identifies the algorithm + for encrypting a protected key. The values supported for this attribute + are <code>aes</code> for encryption under the AES wrapping key, or + <code>dea</code> for encryption under the DEA/TDEA wrapping key. The + <code>state</code> attribute indicates whether the cryptographic key + management operations should be turned on for the specified encryption + algorithm. The value can be set to <code>on</code> or <code>off</code>. + A default state of <code>on</code> will be assumed if a + <code>cipher</code> element is not included for the AES or DEA/TDEA + encryption algorithm. + </dd></dl> + + Note: DEA/TDEA is synonymous with DES/TDES. <h2><a name="examples">Example configs</a></h2>
<p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index c151e92..1e67776 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -67,6 +67,9 @@ <optional> <ref name='qemucmdline'/> </optional> + <optional> + <ref name='keywrap'/> + </optional> </interleave> </element> </define> @@ -382,6 +385,27 @@ </element> </define>
+ <define name="keywrap"> + <element name="keywrap"> + <oneOrMore> + <element name="cipher"> + <attribute name="name"> + <choice> + <value>aes</value> + <value>dea</value> + </choice> + </attribute> + <attribute name="state">
+ <choice> + <value>on</value> + <value>off</value> + </choice>
<ref name='virOnOff'/> can be used here
+ </attribute> + </element> + </oneOrMore> + </element> + </define> + <!-- The Identifiers can be: - an optional id attribute with a number on the domain element
ACK with the attributes removed. (and squashing it with the XML parser/formatter) Jan
From: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Parse the domain configuration XML elements that enable/disable access to the protected key management operations for a guest: <domain> ... <keywrap> <cipher name='aes|dea' state='on|off'/> </keywrap> ... </domain> Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_conf.c | 156 +++++++++++++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 17 ++++++ src/libvirt_private.syms | 2 + 3 files changed, 175 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index f3b706e..ee8b474 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -477,6 +477,11 @@ VIR_ENUM_IMPL(virDomainSoundModel, VIR_DOMAIN_SOUND_MODEL_LAST, "ich9", "usb") +VIR_ENUM_IMPL(virDomainKeyWrapCipherName, + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_LAST, + "aes", + "dea") + VIR_ENUM_IMPL(virDomainMemballoonModel, VIR_DOMAIN_MEMBALLOON_MODEL_LAST, "virtio", "xen", @@ -834,6 +839,131 @@ virDomainXMLOptionClassDispose(void *obj) (xmlopt->config.privFree)(xmlopt->config.priv); } +/** + * virDomainKeyWrapCipherDefParseXML: + * + * @def Domain definition + * @node An XML cipher node + * @ctxt The XML context + * + * Parse the attributes from the cipher node and store the state + * attribute in @def. + * + * A cipher node has the form of + * + * <cipher name='aes|dea' state='on|off'/> + * + * Returns: 0 if the parse succeeded + * -1 otherwise + */ +static int +virDomainKeyWrapCipherDefParseXML(virDomainKeyWrapDefPtr keywrap, + xmlNodePtr node, + xmlXPathContextPtr ctxt) +{ + + char *name = NULL; + char *state = NULL; + int state_type; + int name_type; + int ret = -1; + xmlNodePtr oldnode = ctxt->node; + + ctxt->node = node; + if (!(name = virXPathString("string(./@name)", ctxt))) { + virReportError(VIR_ERR_CONF_SYNTAX, "%s", + _("missing name for cipher")); + goto cleanup; + } + + if ((name_type = virDomainKeyWrapCipherNameTypeFromString(name)) < 0) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("%s is not a supported cipher name"), name); + goto cleanup; + } + + if (!(state = virXPathString("string(./@state)", ctxt))) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("missing state for cipher named %s"), name); + goto cleanup; + } + + if ((state_type = virTristateSwitchTypeFromString(state)) < 0) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("%s is not a supported cipher state"), state); + goto cleanup; + } + + switch ((virDomainKeyWrapCipherName) name_type) { + case VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES: + if (keywrap->aes != VIR_TRISTATE_SWITCH_ABSENT) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("A domain definition can have no more than " + "one cipher node with name %s"), + virDomainKeyWrapCipherNameTypeToString(name_type)); + + goto cleanup; + } + keywrap->aes = state_type; + break; + + case VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_DEA: + if (keywrap->dea != VIR_TRISTATE_SWITCH_ABSENT) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("A domain definition can have no more than " + "one cipher node with name %s"), + virDomainKeyWrapCipherNameTypeToString(name_type)); + + goto cleanup; + } + keywrap->dea = state_type; + break; + + case VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_LAST: + break; + } + + ret = 0; + + cleanup: + VIR_FREE(name); + VIR_FREE(state); + ctxt->node = oldnode; + return ret; +} + +static int +virDomainKeyWrapDefParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt) +{ + size_t i; + int ret = -1; + xmlNodePtr *nodes = NULL; + int n; + + if (!(n = virXPathNodeSet("./keywrap/cipher", ctxt, &nodes))) + return 0; + + if (VIR_ALLOC(def->keywrap) < 0) + goto cleanup; + + for (i = 0; i < n; i++) { + if (virDomainKeyWrapCipherDefParseXML(def->keywrap, nodes[i], ctxt) < 0) + goto cleanup; + } + + if (!def->keywrap->aes && + !def->keywrap->dea) + VIR_FREE(def->keywrap); + + ret = 0; + + cleanup: + if (ret < 0) + VIR_FREE(def->keywrap); + VIR_FREE(nodes); + return ret; +} + /** * virDomainXMLOptionNew: @@ -2361,6 +2491,8 @@ void virDomainDefFree(virDomainDefPtr def) virDomainShmemDefFree(def->shmems[i]); VIR_FREE(def->shmems); + VIR_FREE(def->keywrap); + if (def->namespaceData && def->ns.free) (def->ns.free)(def->namespaceData); @@ -15535,6 +15667,9 @@ virDomainDefParseXML(xmlDocPtr xml, VIR_FREE(tmp); } + if (virDomainKeyWrapDefParseXML(def, ctxt) < 0) + goto error; + /* Extract custom metadata */ if ((node = virXPathNode("./metadata[1]", ctxt)) != NULL) def->metadata = xmlCopyNode(node, 1); @@ -20588,6 +20723,24 @@ virDomainLoaderDefFormat(virBufferPtr buf, } } +static void +virDomainKeyWrapDefFormat(virBufferPtr buf, virDomainKeyWrapDefPtr keywrap) +{ + virBufferAddLit(buf, "<keywrap>\n"); + virBufferAdjustIndent(buf, 2); + + if (keywrap->aes) + virBufferAsprintf(buf, "<cipher name='aes' state='%s'/>\n", + virTristateSwitchTypeToString(keywrap->aes)); + + if (keywrap->dea) + virBufferAsprintf(buf, "<cipher name='dea' state='%s'/>\n", + virTristateSwitchTypeToString(keywrap->dea)); + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</keywrap>\n"); +} + static bool virDomainDefHasCapabilitiesFeatures(virDomainDefPtr def) { @@ -21490,6 +21643,9 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error; } + if (def->keywrap) + virDomainKeyWrapDefFormat(buf, def->keywrap); + virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "</domain>\n"); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 8312c20..7b29008 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2119,6 +2119,13 @@ struct _virDomainPowerManagement { int s4; }; +typedef struct _virDomainKeyWrapDef virDomainKeyWrapDef; +typedef virDomainKeyWrapDef *virDomainKeyWrapDefPtr; +struct _virDomainKeyWrapDef { + int aes; /* enum virTristateSwitch */ + int dea; /* enum virTristateSwitch */ +}; + /* * Guest VM main configuration * @@ -2255,6 +2262,8 @@ struct _virDomainDef { void *namespaceData; virDomainXMLNamespace ns; + virDomainKeyWrapDefPtr keywrap; + /* Application-specific custom metadata */ xmlNodePtr metadata; }; @@ -2264,6 +2273,13 @@ void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size); unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def); typedef enum { + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES, + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_DEA, + + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_LAST +} virDomainKeyWrapCipherName; + +typedef enum { VIR_DOMAIN_TAINT_CUSTOM_ARGV, /* Custom ARGV passthrough from XML */ VIR_DOMAIN_TAINT_CUSTOM_MONITOR, /* Custom monitor commands issued */ VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, /* Running with undesirably high privileges */ @@ -2951,6 +2967,7 @@ VIR_ENUM_DECL(virDomainChrTcpProtocol) VIR_ENUM_DECL(virDomainChrSpicevmc) VIR_ENUM_DECL(virDomainSoundCodec) VIR_ENUM_DECL(virDomainSoundModel) +VIR_ENUM_DECL(virDomainKeyWrapCipherName) VIR_ENUM_DECL(virDomainMemballoonModel) VIR_ENUM_DECL(virDomainSmbiosMode) VIR_ENUM_DECL(virDomainWatchdogModel) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index f80fc70..afd0cb6 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -329,6 +329,8 @@ virDomainIOThreadIDDefFree; virDomainIOThreadIDDel; virDomainIOThreadIDFind; virDomainIOThreadSchedDelId; +virDomainKeyWrapCipherNameTypeFromString; +virDomainKeyWrapCipherNameTypeToString; virDomainLeaseDefFree; virDomainLeaseIndex; virDomainLeaseInsert; -- 2.3.6
On Fri, May 15, 2015 at 04:43:28PM +0200, Michal Privoznik wrote:
From: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Parse the domain configuration XML elements that enable/disable access to the protected key management operations for a guest:
<domain> ... <keywrap> <cipher name='aes|dea' state='on|off'/> </keywrap> ... </domain>
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_conf.c | 156 +++++++++++++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 17 ++++++ src/libvirt_private.syms | 2 + 3 files changed, 175 insertions(+)
ACK after squashing it together with the previous patch. Jan
On 05/15/2015 10:43 AM, Michal Privoznik wrote: ... Coverity complaint...
+static int +virDomainKeyWrapDefParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt) +{ + size_t i; + int ret = -1; + xmlNodePtr *nodes = NULL; + int n; + + if (!(n = virXPathNodeSet("./keywrap/cipher", ctxt, &nodes)))
Can return a negative number...
+ return 0; + + if (VIR_ALLOC(def->keywrap) < 0) + goto cleanup; + + for (i = 0; i < n; i++) {
Causing this to run a long time. I'll append something to my current on list Coverity patches to resolve. John
+ if (virDomainKeyWrapCipherDefParseXML(def->keywrap, nodes[i], ctxt) < 0) + goto cleanup; + } + + if (!def->keywrap->aes && + !def->keywrap->dea) + VIR_FREE(def->keywrap); + + ret = 0; + + cleanup: + if (ret < 0) + VIR_FREE(def->keywrap); + VIR_FREE(nodes); + return ret; +} +
/** * virDomainXMLOptionNew: @@ -2361,6 +2491,8 @@ void virDomainDefFree(virDomainDefPtr def) virDomainShmemDefFree(def->shmems[i]); VIR_FREE(def->shmems);
+ VIR_FREE(def->keywrap); + if (def->namespaceData && def->ns.free) (def->ns.free)(def->namespaceData);
@@ -15535,6 +15667,9 @@ virDomainDefParseXML(xmlDocPtr xml, VIR_FREE(tmp); }
+ if (virDomainKeyWrapDefParseXML(def, ctxt) < 0) + goto error; + /* Extract custom metadata */ if ((node = virXPathNode("./metadata[1]", ctxt)) != NULL) def->metadata = xmlCopyNode(node, 1); @@ -20588,6 +20723,24 @@ virDomainLoaderDefFormat(virBufferPtr buf, } }
+static void +virDomainKeyWrapDefFormat(virBufferPtr buf, virDomainKeyWrapDefPtr keywrap) +{ + virBufferAddLit(buf, "<keywrap>\n"); + virBufferAdjustIndent(buf, 2); + + if (keywrap->aes) + virBufferAsprintf(buf, "<cipher name='aes' state='%s'/>\n", + virTristateSwitchTypeToString(keywrap->aes)); + + if (keywrap->dea) + virBufferAsprintf(buf, "<cipher name='dea' state='%s'/>\n", + virTristateSwitchTypeToString(keywrap->dea)); + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</keywrap>\n"); +} + static bool virDomainDefHasCapabilitiesFeatures(virDomainDefPtr def) { @@ -21490,6 +21643,9 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error; }
+ if (def->keywrap) + virDomainKeyWrapDefFormat(buf, def->keywrap); + virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "</domain>\n");
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 8312c20..7b29008 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2119,6 +2119,13 @@ struct _virDomainPowerManagement { int s4; };
+typedef struct _virDomainKeyWrapDef virDomainKeyWrapDef; +typedef virDomainKeyWrapDef *virDomainKeyWrapDefPtr; +struct _virDomainKeyWrapDef { + int aes; /* enum virTristateSwitch */ + int dea; /* enum virTristateSwitch */ +}; + /* * Guest VM main configuration * @@ -2255,6 +2262,8 @@ struct _virDomainDef { void *namespaceData; virDomainXMLNamespace ns;
+ virDomainKeyWrapDefPtr keywrap; + /* Application-specific custom metadata */ xmlNodePtr metadata; }; @@ -2264,6 +2273,13 @@ void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size); unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def);
typedef enum { + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES, + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_DEA, + + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_LAST +} virDomainKeyWrapCipherName; + +typedef enum { VIR_DOMAIN_TAINT_CUSTOM_ARGV, /* Custom ARGV passthrough from XML */ VIR_DOMAIN_TAINT_CUSTOM_MONITOR, /* Custom monitor commands issued */ VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, /* Running with undesirably high privileges */ @@ -2951,6 +2967,7 @@ VIR_ENUM_DECL(virDomainChrTcpProtocol) VIR_ENUM_DECL(virDomainChrSpicevmc) VIR_ENUM_DECL(virDomainSoundCodec) VIR_ENUM_DECL(virDomainSoundModel) +VIR_ENUM_DECL(virDomainKeyWrapCipherName) VIR_ENUM_DECL(virDomainMemballoonModel) VIR_ENUM_DECL(virDomainSmbiosMode) VIR_ENUM_DECL(virDomainWatchdogModel) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index f80fc70..afd0cb6 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -329,6 +329,8 @@ virDomainIOThreadIDDefFree; virDomainIOThreadIDDel; virDomainIOThreadIDFind; virDomainIOThreadSchedDelId; +virDomainKeyWrapCipherNameTypeFromString; +virDomainKeyWrapCipherNameTypeToString; virDomainLeaseDefFree; virDomainLeaseIndex; virDomainLeaseInsert;
From: Tony Krowiak <aekrowia@us.ibm.com> Introduces two new -machine option parameters to the QEMU command to enable/disable the CPACF protected key management operations for a guest: aes-key-wrap='on|off' dea-key-wrap='on|off' The QEMU code maps the corresponding domain configuration elements to the QEMU -machine option parameters to create the QEMU command: <cipher name='aes' state='on'> --> aes-key-wrap=on <cipher name='aes' state='off'> --> aes-key-wrap=off <cipher name='dea' state='on'> --> dea-key-wrap=on <cipher name='dea' state='off'> --> dea-key-wrap=off Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com> Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 4 +++ src/qemu/qemu_capabilities.h | 2 ++ src/qemu/qemu_command.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 25c15bf..2757636 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -281,6 +281,8 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "pc-dimm", "machine-vmport-opt", /* 185 */ + "aes-key-wrap", + "dea-key-wrap", ); @@ -2523,6 +2525,8 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] = { { "msg", "timestamp", QEMU_CAPS_MSG_TIMESTAMP }, { "numa", NULL, QEMU_CAPS_NUMA }, { "drive", "throttling.bps-total-max", QEMU_CAPS_DRIVE_IOTUNE_MAX}, + { "machine", "aes-key-wrap", QEMU_CAPS_AES_KEY_WRAP }, + { "machine", "dea-key-wrap", QEMU_CAPS_DEA_KEY_WRAP }, }; static int diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 81557b7..4da9637 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -225,6 +225,8 @@ typedef enum { QEMU_CAPS_QXL_VGA_VGAMEM = 183, /* -device qxl-vga.vgamem_mb */ QEMU_CAPS_DEVICE_PC_DIMM = 184, /* pc-dimm device */ QEMU_CAPS_MACHINE_VMPORT_OPT = 185, /* -machine xxx,vmport=on/off/auto */ + QEMU_CAPS_AES_KEY_WRAP = 186, /* -machine aes_key_wrap */ + QEMU_CAPS_DEA_KEY_WRAP = 187, /* -machine dea_key_wrap */ QEMU_CAPS_LAST, /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2939f8d..98fc5f8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -38,6 +38,7 @@ #include "virnetdevbridge.h" #include "virstring.h" #include "virtime.h" +#include "virutil.h" #include "viruuid.h" #include "c-ctype.h" #include "domain_nwfilter.h" @@ -7286,6 +7287,39 @@ qemuBuildObsoleteAccelArg(virCommandPtr cmd, return 0; } +static bool +qemuAppendKeyWrapMachineParm(virBuffer *buf, virQEMUCapsPtr qemuCaps, + int flag, const char *pname, int pstate) +{ + if (pstate != VIR_TRISTATE_SWITCH_ABSENT) { + if (!virQEMUCapsGet(qemuCaps, flag)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("%s is not available with this QEMU binary"), pname); + return false; + } + + virBufferAsprintf(buf, ",%s=%s", pname, + virTristateSwitchTypeToString(pstate)); + } + + return true; +} + +static bool +qemuAppendKeyWrapMachineParms(virBuffer *buf, virQEMUCapsPtr qemuCaps, + const virDomainKeyWrapDef *keywrap) +{ + if (!qemuAppendKeyWrapMachineParm(buf, qemuCaps, QEMU_CAPS_AES_KEY_WRAP, + "aes-key-wrap", keywrap->aes)) + return false; + + if (!qemuAppendKeyWrapMachineParm(buf, qemuCaps, QEMU_CAPS_DEA_KEY_WRAP, + "dea-key-wrap", keywrap->dea)) + return false; + + return true; +} + static int qemuBuildMachineArgStr(virCommandPtr cmd, const virDomainDef *def, @@ -7320,6 +7354,13 @@ qemuBuildMachineArgStr(virCommandPtr cmd, } obsoleteAccel = true; + + if (def->keywrap) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("key wrap support is not available " + "with this QEMU binary")); + return -1; + } } else { virBuffer buf = VIR_BUFFER_INITIALIZER; virTristateSwitch vmport = def->features[VIR_DOMAIN_FEATURE_VMPORT]; @@ -7378,6 +7419,12 @@ qemuBuildMachineArgStr(virCommandPtr cmd, } } + if (def->keywrap && + !qemuAppendKeyWrapMachineParms(&buf, qemuCaps, def->keywrap)) { + virBufferFreeAndReset(&buf); + return -1; + } + virCommandAddArgBuffer(cmd, &buf); } @@ -12806,6 +12853,32 @@ qemuParseCommandLine(virCapsPtr qemuCaps, } else if (STRPREFIX(param, "accel=kvm")) { def->virtType = VIR_DOMAIN_VIRT_KVM; def->features[VIR_DOMAIN_FEATURE_PAE] = VIR_TRISTATE_SWITCH_ON; + } else if (STRPREFIX(param, "aes-key-wrap=")) { + if (STREQ(arg, "-M")) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("aes-key-wrap is not supported with " + "this QEMU binary")); + goto error; + } + param += strlen("aes-key-wrap="); + if (!def->keywrap && VIR_ALLOC(def->keywrap) < 0) + goto error; + def->keywrap->aes = virTristateSwitchTypeFromString(param); + if (def->keywrap->aes < 0) + def->keywrap->aes = VIR_TRISTATE_SWITCH_ABSENT; + } else if (STRPREFIX(param, "dea-key-wrap=")) { + if (STREQ(arg, "-M")) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("dea-key-wrap is not supported with " + "this QEMU binary")); + goto error; + } + param += strlen("dea-key-wrap="); + if (!def->keywrap && VIR_ALLOC(def->keywrap) < 0) + goto error; + def->keywrap->dea = virTristateSwitchTypeFromString(param); + if (def->keywrap->dea < 0) + def->keywrap->dea = VIR_TRISTATE_SWITCH_ABSENT; } } virStringFreeList(list); -- 2.3.6
On Fri, May 15, 2015 at 04:43:29PM +0200, Michal Privoznik wrote:
From: Tony Krowiak <aekrowia@us.ibm.com>
Introduces two new -machine option parameters to the QEMU command to enable/disable the CPACF protected key management operations for a guest:
aes-key-wrap='on|off' dea-key-wrap='on|off'
The QEMU code maps the corresponding domain configuration elements to the QEMU -machine option parameters to create the QEMU command:
<cipher name='aes' state='on'> --> aes-key-wrap=on <cipher name='aes' state='off'> --> aes-key-wrap=off <cipher name='dea' state='on'> --> dea-key-wrap=on <cipher name='dea' state='off'> --> dea-key-wrap=off
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com> Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 4 +++ src/qemu/qemu_capabilities.h | 2 ++ src/qemu/qemu_command.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+)
So the difference to v1 is that they are no longer turned on by default if QEMU supports it. (I hope I did not miss anything else; it would have been helpful if you listed the important changes) I agree that this should not be done on XML parsing as was done in v1. Would it make sense to treat the missing option (STATE_ABSENT) as 'turn it on if qemu supports it'?
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2939f8d..98fc5f8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -38,6 +38,7 @@ #include "virnetdevbridge.h" #include "virstring.h" #include "virtime.h" +#include "virutil.h"
Why is this include needed?
#include "viruuid.h" #include "c-ctype.h" #include "domain_nwfilter.h" @@ -7286,6 +7287,39 @@ qemuBuildObsoleteAccelArg(virCommandPtr cmd, return 0; }
+static bool +qemuAppendKeyWrapMachineParm(virBuffer *buf, virQEMUCapsPtr qemuCaps, + int flag, const char *pname, int pstate) +{ + if (pstate != VIR_TRISTATE_SWITCH_ABSENT) { + if (!virQEMUCapsGet(qemuCaps, flag)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("%s is not available with this QEMU binary"), pname); + return false; + }
Can't we allow state='off' with QEMU that does not support it? You have an ACK from me with the include removed. Please wait for feedback from the author before pushing. Jan
On Fri, May 15, 2015 at 04:43:29PM +0200, Michal Privoznik wrote:
From: Tony Krowiak <aekrowia@us.ibm.com>
Introduces two new -machine option parameters to the QEMU command to enable/disable the CPACF protected key management operations for a guest:
aes-key-wrap='on|off' dea-key-wrap='on|off'
The QEMU code maps the corresponding domain configuration elements to the QEMU -machine option parameters to create the QEMU command:
<cipher name='aes' state='on'> --> aes-key-wrap=on <cipher name='aes' state='off'> --> aes-key-wrap=off <cipher name='dea' state='on'> --> dea-key-wrap=on <cipher name='dea' state='off'> --> dea-key-wrap=off
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com> Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 4 +++ src/qemu/qemu_capabilities.h | 2 ++ src/qemu/qemu_command.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+)
So the difference to v1 is that they are no longer turned on by default if QEMU supports it. (I hope I did not miss anything else; it would have been helpful if you listed the important changes)
I agree that this should not be done on XML parsing as was done in v1. Would it make sense to treat the missing option (STATE_ABSENT) as 'turn it on if qemu supports it'? Some background: My original design was similar to Michal's in that if key wrapping was not configured for the guest in the domain XML, then the machine options would not be inserted into the QEMU command line. Our internal reviewers commented
On 05/15/2015 12:23 PM, Ján Tomko wrote: that there should be default values for libvirt that match the QEMU defaults, so I did exactly as you suggested here, inserting default values into the QEMU command line on STATE_ABSENT. Our internal reviewers then pointed out that the dumpxml command would return a configuration that did not match that of the running guest, so I added the XML post parsing piece to set default values into virDomainDef if QEMU supports the key wrapping machine options. In any case, I'm not married to any of these ideas, so you have my ACK pending Jan's suggestions.
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2939f8d..98fc5f8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -38,6 +38,7 @@ #include "virnetdevbridge.h" #include "virstring.h" #include "virtime.h" +#include "virutil.h" Why is this include needed?
I believe that this is no longer needed and is a remnant of an earlier iteration that I failed to remove. My bad.
#include "viruuid.h" #include "c-ctype.h" #include "domain_nwfilter.h" @@ -7286,6 +7287,39 @@ qemuBuildObsoleteAccelArg(virCommandPtr cmd, return 0; }
+static bool +qemuAppendKeyWrapMachineParm(virBuffer *buf, virQEMUCapsPtr qemuCaps, + int flag, const char *pname, int pstate) +{ + if (pstate != VIR_TRISTATE_SWITCH_ABSENT) { + if (!virQEMUCapsGet(qemuCaps, flag)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("%s is not available with this QEMU binary"), pname); + return false; + } Can't we allow state='off' with QEMU that does not support it?
We can certainly bypass the appending of the machine option if state='off', but if I am not mistaken, sending a machine option to QEMU that it does not support will cause QEMU to throw an error. I think it is wisest to inform the user of a configuration error here.
You have an ACK from me with the include removed. Please wait for feedback from the author before pushing.
Jan
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Fri, May 15, 2015 at 04:43:29PM +0200, Michal Privoznik wrote:
From: Tony Krowiak <aekrowia@us.ibm.com>
Introduces two new -machine option parameters to the QEMU command to enable/disable the CPACF protected key management operations for a guest:
aes-key-wrap='on|off' dea-key-wrap='on|off'
The QEMU code maps the corresponding domain configuration elements to the QEMU -machine option parameters to create the QEMU command:
<cipher name='aes' state='on'> --> aes-key-wrap=on <cipher name='aes' state='off'> --> aes-key-wrap=off <cipher name='dea' state='on'> --> dea-key-wrap=on <cipher name='dea' state='off'> --> dea-key-wrap=off
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com> Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 4 +++ src/qemu/qemu_capabilities.h | 2 ++ src/qemu/qemu_command.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+)
So the difference to v1 is that they are no longer turned on by default if QEMU supports it. (I hope I did not miss anything else; it would have been helpful if you listed the important changes)
I agree that this should not be done on XML parsing as was done in v1. Would it make sense to treat the missing option (STATE_ABSENT) as 'turn it on if qemu supports it'?
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2939f8d..98fc5f8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -38,6 +38,7 @@ #include "virnetdevbridge.h" #include "virstring.h" #include "virtime.h" +#include "virutil.h" Why is this include needed?
#include "viruuid.h" #include "c-ctype.h" #include "domain_nwfilter.h" @@ -7286,6 +7287,39 @@ qemuBuildObsoleteAccelArg(virCommandPtr cmd, return 0; }
+static bool +qemuAppendKeyWrapMachineParm(virBuffer *buf, virQEMUCapsPtr qemuCaps, + int flag, const char *pname, int pstate) +{ + if (pstate != VIR_TRISTATE_SWITCH_ABSENT) { + if (!virQEMUCapsGet(qemuCaps, flag)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("%s is not available with this QEMU binary"), pname); + return false; + } Can't we allow state='off' with QEMU that does not support it?
You have an ACK from me with the include removed. Please wait for feedback from the author before pushing. These changes will break the test cases, so they will need to be updated to reflect
On 05/15/2015 12:23 PM, Ján Tomko wrote: these changes before pushing.
Jan
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
From: Tony Krowiak <aekrowia@us.ibm.com> Test the support for enabling/disabling CPACF protected key management operations for a guest. Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- tests/qemuargv2xmltest.c | 6 ++ .../qemuxml2argv-machine-aeskeywrap-off-argv.args | 6 ++ .../qemuxml2argv-machine-aeskeywrap-off-argv.xml | 27 ++++++++ .../qemuxml2argv-machine-aeskeywrap-off-cap.args | 7 ++ .../qemuxml2argv-machine-aeskeywrap-off-cap.xml | 28 ++++++++ .../qemuxml2argv-machine-aeskeywrap-off-caps.args | 7 ++ .../qemuxml2argv-machine-aeskeywrap-off-caps.xml | 28 ++++++++ .../qemuxml2argv-machine-aeskeywrap-on-argv.args | 6 ++ .../qemuxml2argv-machine-aeskeywrap-on-argv.xml | 27 ++++++++ .../qemuxml2argv-machine-aeskeywrap-on-cap.args | 7 ++ .../qemuxml2argv-machine-aeskeywrap-on-cap.xml | 28 ++++++++ .../qemuxml2argv-machine-aeskeywrap-on-caps.args | 7 ++ .../qemuxml2argv-machine-aeskeywrap-on-caps.xml | 27 ++++++++ .../qemuxml2argv-machine-deakeywrap-off-argv.args | 6 ++ .../qemuxml2argv-machine-deakeywrap-off-argv.xml | 27 ++++++++ .../qemuxml2argv-machine-deakeywrap-off-cap.args | 7 ++ .../qemuxml2argv-machine-deakeywrap-off-cap.xml | 28 ++++++++ .../qemuxml2argv-machine-deakeywrap-off-caps.args | 7 ++ .../qemuxml2argv-machine-deakeywrap-off-caps.xml | 28 ++++++++ .../qemuxml2argv-machine-deakeywrap-on-argv.args | 6 ++ .../qemuxml2argv-machine-deakeywrap-on-argv.xml | 27 ++++++++ .../qemuxml2argv-machine-deakeywrap-on-cap.args | 7 ++ .../qemuxml2argv-machine-deakeywrap-on-cap.xml | 28 ++++++++ .../qemuxml2argv-machine-deakeywrap-on-caps.args | 7 ++ .../qemuxml2argv-machine-deakeywrap-on-caps.xml | 28 ++++++++ .../qemuxml2argv-machine-keywrap-none-argv.args | 6 ++ .../qemuxml2argv-machine-keywrap-none-argv.xml | 24 +++++++ .../qemuxml2argv-machine-keywrap-none-caps.args | 7 ++ .../qemuxml2argv-machine-keywrap-none-caps.xml | 25 +++++++ .../qemuxml2argv-machine-keywrap-none.args | 7 ++ .../qemuxml2argv-machine-keywrap-none.xml | 25 +++++++ tests/qemuxml2argvtest.c | 81 ++++++++++++++++++++++ 32 files changed, 592 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.xml diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c index d6df116..ea85913 100644 --- a/tests/qemuargv2xmltest.c +++ b/tests/qemuargv2xmltest.c @@ -292,6 +292,12 @@ mymain(void) DO_TEST_FULL("qemu-ns-no-env", FLAG_EXPECT_WARNING); + DO_TEST("machine-aeskeywrap-on-argv"); + DO_TEST("machine-aeskeywrap-off-argv"); + DO_TEST("machine-deakeywrap-on-argv"); + DO_TEST("machine-deakeywrap-off-argv"); + DO_TEST("machine-keywrap-none-argv"); + virObjectUnref(driver.config); virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.args new file mode 100644 index 0000000..4ef9fc0 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,aes-key-wrap=off \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=virtio,index=0,id=drive-virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.xml new file mode 100644 index 0000000..0975d4a --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-argv.xml @@ -0,0 +1,27 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='aes' state='off'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.args new file mode 100644 index 0000000..80caba7 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,aes-key-wrap=off \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.xml new file mode 100644 index 0000000..a0c0037 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-cap.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='aes' state='off'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.args new file mode 100644 index 0000000..80caba7 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,aes-key-wrap=off \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.xml new file mode 100644 index 0000000..a0c0037 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-off-caps.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='aes' state='off'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.args new file mode 100644 index 0000000..2b238d5 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,aes-key-wrap=on \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=virtio,index=0,id=drive-virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.xml new file mode 100644 index 0000000..8aa8f8e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-argv.xml @@ -0,0 +1,27 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='aes' state='on'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.args new file mode 100644 index 0000000..6f6366b --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,aes-key-wrap=on \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.xml new file mode 100644 index 0000000..768eed1 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-cap.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='aes' state='on'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.args new file mode 100644 index 0000000..6f6366b --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,aes-key-wrap=on \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.xml new file mode 100644 index 0000000..1702e6e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-aeskeywrap-on-caps.xml @@ -0,0 +1,27 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='aes' state='on'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.args new file mode 100644 index 0000000..f38c914 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,dea-key-wrap=off \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=virtio,index=0,id=drive-virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.xml new file mode 100644 index 0000000..90b6d9f --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-argv.xml @@ -0,0 +1,27 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='dea' state='off'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.args new file mode 100644 index 0000000..e379f15 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,dea-key-wrap=off \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.xml new file mode 100644 index 0000000..dbc22fc --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-cap.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='dea' state='off'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.args new file mode 100644 index 0000000..e379f15 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,dea-key-wrap=off \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.xml new file mode 100644 index 0000000..dbc22fc --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-off-caps.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='dea' state='off'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.args new file mode 100644 index 0000000..f64e57f --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,dea-key-wrap=on \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=virtio,index=0,id=drive-virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.xml new file mode 100644 index 0000000..76a6a51 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-argv.xml @@ -0,0 +1,27 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='dea' state='on'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.args new file mode 100644 index 0000000..9c4b513 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,dea-key-wrap=on \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.xml new file mode 100644 index 0000000..c0a063b --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-cap.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='dea' state='on'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.args new file mode 100644 index 0000000..9c4b513 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg,dea-key-wrap=on \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.xml new file mode 100644 index 0000000..c0a063b --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-deakeywrap-on-caps.xml @@ -0,0 +1,28 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> + <keywrap> + <cipher name='dea' state='on'/> + </keywrap> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.args new file mode 100644 index 0000000..9264ec4 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=virtio,index=0,id=drive-virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.xml new file mode 100644 index 0000000..0a963a1 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-argv.xml @@ -0,0 +1,24 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + </disk> + <memballoon model='none'/> + </devices> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.args new file mode 100644 index 0000000..f4bd156 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.xml new file mode 100644 index 0000000..9727686 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none-caps.xml @@ -0,0 +1,25 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.args b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.args new file mode 100644 index 0000000..f4bd156 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.args @@ -0,0 +1,7 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x -S \ +-machine s390-ccw-virtio,accel=tcg \ +-m 214 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \ +-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-virtio-disk0 \ +-device virtio-blk-ccw,devno=fe.0.0000,drive=drive-virtio-disk0,id=virtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.xml new file mode 100644 index 0000000..9727686 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-machine-keywrap-none.xml @@ -0,0 +1,25 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='vda' bus='virtio'/> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> + </disk> + <memballoon model='none'/> + </devices> +</domain> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index e67d909..1d42c0a 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1574,6 +1574,87 @@ mymain(void) DO_TEST("memory-hotplug-dimm-addr", QEMU_CAPS_DEVICE_PC_DIMM, QEMU_CAPS_NUMA, QEMU_CAPS_DEVICE, QEMU_CAPS_OBJECT_MEMORY_RAM); + DO_TEST("machine-aeskeywrap-on-caps", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_AES_KEY_WRAP, + QEMU_CAPS_DEA_KEY_WRAP, QEMU_CAPS_DRIVE, + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-on-caps", QEMU_CAPS_MACHINE_OPT, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-on-caps", NONE); + + DO_TEST("machine-aeskeywrap-on-cap", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_AES_KEY_WRAP, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-on-cap", QEMU_CAPS_MACHINE_OPT, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-on-cap", NONE); + + DO_TEST("machine-aeskeywrap-off-caps", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_AES_KEY_WRAP, QEMU_CAPS_DEA_KEY_WRAP, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-off-caps", QEMU_CAPS_MACHINE_OPT, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-off-caps", NONE); + + DO_TEST("machine-aeskeywrap-off-cap", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_AES_KEY_WRAP, QEMU_CAPS_DRIVE, + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-off-cap", QEMU_CAPS_MACHINE_OPT, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-aeskeywrap-off-cap", NONE); + + DO_TEST("machine-deakeywrap-on-caps", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_AES_KEY_WRAP, QEMU_CAPS_DEA_KEY_WRAP, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-on-caps", QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_DRIVE, + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-on-caps", NONE); + + DO_TEST("machine-deakeywrap-on-cap", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_DEA_KEY_WRAP, QEMU_CAPS_DRIVE, + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-on-cap", QEMU_CAPS_MACHINE_OPT, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-on-cap", NONE); + + DO_TEST("machine-deakeywrap-off-caps", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_AES_KEY_WRAP, QEMU_CAPS_DEA_KEY_WRAP, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-off-caps", QEMU_CAPS_MACHINE_OPT, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-off-caps", NONE); + + DO_TEST("machine-deakeywrap-off-cap", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_DEA_KEY_WRAP, QEMU_CAPS_DRIVE, + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-off-cap", QEMU_CAPS_MACHINE_OPT, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST_FAILURE("machine-deakeywrap-off-cap", NONE); + + DO_TEST("machine-keywrap-none-caps", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_AES_KEY_WRAP, QEMU_CAPS_DEA_KEY_WRAP, + QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE, + QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + DO_TEST("machine-keywrap-none", + QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_DRIVE, QEMU_CAPS_VIRTIO_SCSI, + QEMU_CAPS_DEVICE, QEMU_CAPS_VIRTIO_CCW, QEMU_CAPS_VIRTIO_S390); + virObjectUnref(driver.config); virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); -- 2.3.6
On Fri, May 15, 2015 at 04:43:30PM +0200, Michal Privoznik wrote:
From: Tony Krowiak <aekrowia@us.ibm.com>
Test the support for enabling/disabling CPACF protected key management operations for a guest.
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
ACK, this should be squashed with the patch adding the qemu command line formatting. Jan
On 15.05.2015 16:43, Michal Privoznik wrote:
I've taken Tony's patches from here:
https://www.redhat.com/archives/libvir-list/2015-April/msg01395.html
polished them a bit, and resend.
Tony Krowiak (4): libvirt: docs: XML to enable/disable protected key mgmt ops libvirt: conf: parse XML for protected key management ops libvirt: qemu: enable/disable protected key management ops libvirt: tests: test protected key mgmt ops support
Thank you guys, I've fixed all the nits and pushed. Michal
participants (4)
-
John Ferlan -
Ján Tomko -
Michal Privoznik -
Tony Krowiak