On Thu, Feb 06, 2025 at 11:11:11AM -0600, Praveen K Paladugu wrote:
> Enable SEV-SNP support for ch guests.
>
> Co-Authored-by: Smit Gardhariya <[email protected]>
> Signed-off-by: Praveen K Paladugu <[email protected]>
> ---
> src/ch/ch_monitor.c | 70 +++++++++++++++++++++++++++++++++++++--------
> 1 file changed, 58 insertions(+), 12 deletions(-)
>
> diff --git a/src/ch/ch_monitor.c b/src/ch/ch_monitor.c
> index bedcde2dde..55f0353fa9 100644
> --- a/src/ch/ch_monitor.c
> +++ b/src/ch/ch_monitor.c
> @@ -130,29 +130,56 @@ static int
> virCHMonitorBuildPayloadJson(virJSONValue *content, virDomainDef *vmdef)
> {
> g_autoptr(virJSONValue) payload = virJSONValueNewObject();
> -
> + g_autofree unsigned char *tmp = NULL;
> + size_t len;
> + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
> + g_autofree char *host_data = NULL;
> + const size_t host_data_len = 32;
All these 5 vars are only used within the lower 'if' scope, so
lets move them there....
>
> if (vmdef->os.kernel == NULL) {
> - virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> - _("Kernel image path in this domain is not defined"));
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("Kernel image path is not defined. With sev_snp=on,
> pass an igvm path"));
> return -1;
> - } else {
> - if (virJSONValueObjectAppendString(payload, "kernel",
> vmdef->os.kernel) < 0)
> - return -1;
> }
>
> - if (vmdef->os.cmdline) {
> - if (virJSONValueObjectAppendString(payload, "cmdline",
> vmdef->os.cmdline) < 0)
> + if (vmdef->sec &&
> + vmdef->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP) {
> + if (virJSONValueObjectAppendString(payload, "igvm",
> vmdef->os.kernel) < 0)
> return -1;
> - }
>
> - if (vmdef->os.initrd != NULL) {
> - if (virJSONValueObjectAppendString(payload, "initramfs",
> vmdef->os.initrd) < 0)
> + if (vmdef->sec->data.sev_snp.host_data) {
> + /* Libvirt provided host_data is base64 encoded and
> cloud-hypervisor
> + requires host_data as hex encoded. Base64 decode and hex
> encode
> + before sending to cloud-hypervisor.*/
> + tmp = g_base64_decode(vmdef->sec->data.sev_snp.host_data, &len);
> + if (len != host_data_len) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + _("Invalid host_data provdied. Expected
> '%1$ld' bytes"),
> + host_data_len);
> + return -1;
> + }
> +
> + while (len > 0) {
> + virBufferAsprintf(&buf, "%02x", tmp[host_data_len-len]);
> + len--;
> + }
> +
> + host_data = virBufferContentAndReset(&buf);
The idea of converting a byte array to a hex string is generally
useful, so preferrably add a helper to src/util/virstring.h
char *virStringFormatHex(uint8_t *buf, size_t len);
> + if (virJSONValueObjectAppendString(payload, "host_data",
> + host_data) < 0)
> + return -1;
> + }
> + } else {
> + if (virJSONValueObjectAdd(&payload,
> + "s:kernel", vmdef->os.kernel,
> + "S:cmdline", vmdef->os.cmdline,
> + "S:initramfs", vmdef->os.initrd,
> + NULL) < 0)
> return -1;
> }
>
> if (virJSONValueObjectAppend(content, "payload", &payload) < 0)
> - return -1;
> + return -1;
>
> return 0;
> }
> @@ -426,6 +453,23 @@ virCHMonitorBuildDevicesJson(virJSONValue *content,
> return 0;
> }
>
> +static int
> +virCHMonitorBuildPlatformJson(virJSONValue *content, virDomainDef *vmdef)
> +{
> + g_autoptr(virJSONValue) platform = virJSONValueNewObject();
> +
> + if (vmdef->sec &&
> + vmdef->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP) {
> + if (virJSONValueObjectAppendBoolean(platform, "sev_snp", 1) < 0)
> + return -1;
> +
> + if (virJSONValueObjectAppend(content, "platform", &platform) < 0)
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> static int
> virCHMonitorBuildVMJson(virCHDriver *driver, virDomainDef *vmdef,
> char **jsonstr)
> @@ -454,6 +498,8 @@ virCHMonitorBuildVMJson(virCHDriver *driver, virDomainDef
> *vmdef,
> return -1;
> }
>
> + if (virCHMonitorBuildPlatformJson(content, vmdef) < 0)
> + return -1;
>
> if (virCHMonitorBuildDisksJson(content, vmdef) < 0)
> return -1;
> --
> 2.47.0
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
