render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
Blob Blame History Raw
From 085b955a75c49585d94fd5a19d6ac37833bb05cb Mon Sep 17 00:00:00 2001
Message-Id: <085b955a75c49585d94fd5a19d6ac37833bb05cb@dist-git>
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Wed, 24 Jun 2020 13:16:20 +0200
Subject: [PATCH] tools: Secure guest check on s390 in virt-host-validate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add checking in virt-host-validate for secure guest support
on s390 for IBM Secure Execution.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 0254ceab82f5e1f7b505730586d8c8337ecc5920)

https://bugzilla.redhat.com/show_bug.cgi?id=1848997
https://bugzilla.redhat.com/show_bug.cgi?id=1850351

Conflicts:
	tools/virt-host-validate-common.c
	tools/virt-host-validate-common.h
            - unrelated commit 4653a5194c1 was not backported

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Message-Id: <744e4ceb0760fe10ab0d82de24a78c280482d90d.1592996194.git.jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 tools/virt-host-validate-common.c | 64 ++++++++++++++++++++++++++++++-
 tools/virt-host-validate-common.h |  4 ++
 tools/virt-host-validate-qemu.c   |  4 ++
 3 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index bce0f14917..e59469a49b 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -39,7 +39,8 @@ VIR_ENUM_IMPL(virHostValidateCPUFlag,
               VIR_HOST_VALIDATE_CPU_FLAG_LAST,
               "vmx",
               "svm",
-              "sie");
+              "sie",
+              "158");
 
 static bool quiet;
 
@@ -209,7 +210,8 @@ virBitmapPtr virHostValidateGetCPUFlags(void)
          * on the architecture, so check possible prefixes */
         if (!STRPREFIX(line, "flags") &&
             !STRPREFIX(line, "Features") &&
-            !STRPREFIX(line, "features"))
+            !STRPREFIX(line, "features") &&
+            !STRPREFIX(line, "facilities"))
             continue;
 
         /* fgets() includes the trailing newline in the output buffer,
@@ -411,3 +413,61 @@ int virHostValidateIOMMU(const char *hvname,
     virHostMsgPass();
     return 0;
 }
+
+
+int virHostValidateSecureGuests(const char *hvname,
+                                virHostValidateLevel level)
+{
+    virBitmapPtr flags;
+    bool hasFac158 = false;
+    virArch arch = virArchFromHost();
+    g_autofree char *cmdline = NULL;
+    static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
+
+    flags = virHostValidateGetCPUFlags();
+
+    if (flags && virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158))
+        hasFac158 = true;
+
+    virBitmapFree(flags);
+
+    virHostMsgCheck(hvname, "%s", _("for secure guest support"));
+    if (ARCH_IS_S390(arch)) {
+        if (hasFac158) {
+            if (!virFileIsDir("/sys/firmware/uv")) {
+                virHostMsgFail(level, "IBM Secure Execution not supported by "
+                                      "the currently used kernel");
+                return 0;
+            }
+
+            if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
+                return -1;
+
+            /* we're prefix matching rather than equality matching here, because
+             * kernel would treat even something like prot_virt='yFOO' as
+             * enabled
+             */
+            if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kIBMValues,
+                                           G_N_ELEMENTS(kIBMValues),
+                                           VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
+                                           VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX)) {
+                virHostMsgPass();
+                return 1;
+            } else {
+                virHostMsgFail(level,
+                               "IBM Secure Execution appears to be disabled "
+                               "in kernel. Add prot_virt=1 to kernel cmdline "
+                               "arguments");
+            }
+        } else {
+            virHostMsgFail(level, "Hardware or firmware does not provide "
+                                  "support for IBM Secure Execution");
+        }
+    } else {
+        virHostMsgFail(level,
+                       "Unknown if this platform has Secure Guest support");
+        return -1;
+    }
+
+    return 0;
+}
diff --git a/tools/virt-host-validate-common.h b/tools/virt-host-validate-common.h
index 1b7e93e520..1653c9c95b 100644
--- a/tools/virt-host-validate-common.h
+++ b/tools/virt-host-validate-common.h
@@ -38,6 +38,7 @@ typedef enum {
     VIR_HOST_VALIDATE_CPU_FLAG_VMX = 0,
     VIR_HOST_VALIDATE_CPU_FLAG_SVM,
     VIR_HOST_VALIDATE_CPU_FLAG_SIE,
+    VIR_HOST_VALIDATE_CPU_FLAG_FACILITY_158,
 
     VIR_HOST_VALIDATE_CPU_FLAG_LAST,
 } virHostValidateCPUFlag;
@@ -83,3 +84,6 @@ int virHostValidateCGroupControllers(const char *hvname,
 
 int virHostValidateIOMMU(const char *hvname,
                          virHostValidateLevel level);
+
+int virHostValidateSecureGuests(const char *hvname,
+                                virHostValidateLevel level);
diff --git a/tools/virt-host-validate-qemu.c b/tools/virt-host-validate-qemu.c
index ff3c1f0231..b38b0fbd6a 100644
--- a/tools/virt-host-validate-qemu.c
+++ b/tools/virt-host-validate-qemu.c
@@ -112,5 +112,9 @@ int virHostValidateQEMU(void)
                              VIR_HOST_VALIDATE_WARN) < 0)
         ret = -1;
 
+    if (virHostValidateSecureGuests("QEMU",
+                                    VIR_HOST_VALIDATE_WARN) < 0)
+        ret = -1;
+
     return ret;
 }
-- 
2.27.0