From edca47fccf52a51b84b5321d584b105ba082e120 Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Thu, 26 Dec 2024 21:46:00 +0800
Subject: [PATCH 1/2] conf: qemu: Fix some code about Reuse ASID for Hygon CSV

Fix 3 issues:
1. The `user-id` was not the member of Capabilities from the Qemu VMM.
2. Memory leak on `user-id` element.
3. The debug log for `user-id` breaks the native code.

Fixes: f313104440 ("conf: qemu: add libvirt support reuse id for hygon CSV")
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 include/libvirt/libvirt-host.h | 9 ---------
 src/conf/domain_capabilities.c | 3 ---
 src/conf/domain_capabilities.h | 1 -
 src/conf/domain_conf.c         | 1 +
 src/qemu/qemu_capabilities.c   | 1 -
 src/qemu/qemu_command.c        | 8 +++++---
 src/qemu/qemu_driver.c         | 4 ----
 7 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index e173553925..3112f2b676 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -587,15 +587,6 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
  */
 # define VIR_NODE_SEV_MAX_ES_GUESTS "max-es-guests"
 
-/**
- * VIR_NODE_SEV_USER_ID:
- *
- * Macro represents the user id string,enable reuse asid feature
- *
- * Since: 9.10.0
- */
-# define VIR_NODE_SEV_USER_ID "user-id"
-
 int virNodeGetSEVInfo (virConnectPtr conn,
                        virTypedParameterPtr *params,
                        int *nparams,
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 51adc4897c..f6e09dc584 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -654,9 +654,6 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
     if (sev->cpu0_id != NULL)
         virBufferAsprintf(buf, "<cpu0Id>%s</cpu0Id>\n", sev->cpu0_id);
 
-    if (sev->user_id != NULL)
-        virBufferAsprintf(buf, "<userid>%s</userid>\n", sev->user_id);
-
     virBufferAdjustIndent(buf, -2);
     virBufferAddLit(buf, "</sev>\n");
 }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 20cff8571d..01bcfa2e39 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -213,7 +213,6 @@ struct _virSEVCapability {
     unsigned int reduced_phys_bits;
     unsigned int max_guests;
     unsigned int max_es_guests;
-    char *user_id;
 };
 
 typedef struct _virSGXSection virSGXSection;
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index dd0cb9d548..49c8a92c12 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3821,6 +3821,7 @@ virDomainSecDefFree(virDomainSecDef *def)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
         g_free(def->data.sev.dh_cert);
         g_free(def->data.sev.session);
+        g_free(def->data.sev.user_id);
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 9552997004..ae44328042 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4857,7 +4857,6 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virBuffer *buf)
     virBufferAsprintf(buf, "<cbitpos>%u</cbitpos>\n", sev->cbitpos);
     virBufferAsprintf(buf, "<reducedPhysBits>%u</reducedPhysBits>\n",
                       sev->reduced_phys_bits);
-    virBufferEscapeString(buf, "<userid>%s</userid>\n", sev->user_id);
     virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh);
     virBufferEscapeString(buf, "<certChain>%s</certChain>\n",
                           sev->cert_chain);
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 579774a8c0..b75f4179d1 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9672,9 +9672,11 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     g_autofree char *dhpath = NULL;
     g_autofree char *sessionpath = NULL;
 
-    VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d user_id=%s",
-              sev->policy, sev->cbitpos, sev->reduced_phys_bits,
-              sev->user_id ? : "(nil)");
+    VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
+              sev->policy, sev->cbitpos, sev->reduced_phys_bits);
+
+    if (sev->user_id)
+        VIR_DEBUG("user_id=%s", sev->user_id);
 
     if (sev->dh_cert)
         dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 66c8e1dae3..d00d2a27c6 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -18968,10 +18968,6 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
                               sev->max_es_guests) < 0)
         goto cleanup;
 
-    if (virTypedParamsAddString(&sevParams, &n, &maxpar,
-                    VIR_NODE_SEV_USER_ID, sev->user_id) < 0)
-        goto cleanup;
-
     *params = g_steal_pointer(&sevParams);
     *nparams = n;
     return 0;
-- 
Gitee


From 9aff3fc1d2e435facac45662543fbeb638306c22 Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Wed, 13 Nov 2024 16:12:57 +0800
Subject: [PATCH 2/2] conf: qemu: support provide inject secret for Hygon CSV

csv xml format:
<launchSecurity type='sev'>
  <policy>0x0001</policy>
  <cbitpos>47</cbitpos>
  <reducePhysBits>5</reducedPhysBits>
  <dhCert>U2FsdGVkX1+rW6B/JbYqNA==</dhCert>
  <session>5aeG4mH2E/OqN1a3uT8hfg==</session>
  <secretHeader>gW3E30rG/I3L1nD/YfG+DA==</secretHeader>
  <secret>zP1oY9W7ZcPFtL0QeN11vQ==</secret>
</launchSecurity>

Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 src/conf/domain_conf.c  |  8 ++++++++
 src/conf/domain_conf.h  |  2 ++
 src/qemu/qemu_command.c | 10 ++++++++++
 src/qemu/qemu_process.c | 10 ++++++++++
 4 files changed, 30 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 49c8a92c12..d18e19bb75 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3822,6 +3822,8 @@ virDomainSecDefFree(virDomainSecDef *def)
         g_free(def->data.sev.dh_cert);
         g_free(def->data.sev.session);
         g_free(def->data.sev.user_id);
+        g_free(def->data.sev.secret_header);
+        g_free(def->data.sev.secret);
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -13488,6 +13490,8 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
     def->dh_cert = virXPathString("string(./dhCert)", ctxt);
     def->session = virXPathString("string(./session)", ctxt);
     def->user_id = virXPathString("string(./userid)", ctxt);
+    def->secret_header = virXPathString("string(./secretHeader)", ctxt);
+    def->secret = virXPathString("string(./secret)", ctxt);
 
     return 0;
 }
@@ -26532,6 +26536,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
 
         if (sev->user_id)
             virBufferEscapeString(&childBuf, "<userid>%s</userid>\n", sev->user_id);
+        if (sev->secret_header)
+            virBufferEscapeString(&childBuf, "<secretHeader>%s</secretHeader>\n", sev->secret_header);
+        if (sev->secret)
+            virBufferEscapeString(&childBuf, "<secret>%s</secret>\n", sev->secret);
 
         break;
     }
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 6681eb37b4..63f88bdfdb 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2861,6 +2861,8 @@ struct _virDomainSEVDef {
     unsigned int reduced_phys_bits;
     virTristateBool kernel_hashes;
     char *user_id;
+    char *secret_header;
+    char *secret;
 };
 
 struct _virDomainSecDef {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b75f4179d1..e34b7a09d2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9671,6 +9671,8 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     qemuDomainObjPrivate *priv = vm->privateData;
     g_autofree char *dhpath = NULL;
     g_autofree char *sessionpath = NULL;
+    g_autofree char *secretheaderpath = NULL;
+    g_autofree char *secretpath = NULL;
 
     VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
               sev->policy, sev->cbitpos, sev->reduced_phys_bits);
@@ -9684,6 +9686,12 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     if (sev->session)
         sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
 
+    if (sev->secret_header)
+        secretheaderpath = g_strdup_printf("%s/secret_header.base64", priv->libDir);
+
+    if (sev->secret)
+        secretpath = g_strdup_printf("%s/secret.base64", priv->libDir);
+
     if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
                                      "u:cbitpos", sev->cbitpos,
                                      "u:reduced-phys-bits", sev->reduced_phys_bits,
@@ -9692,6 +9700,8 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
                                      "S:dh-cert-file", dhpath,
                                      "S:session-file", sessionpath,
                                      "T:kernel-hashes", sev->kernel_hashes,
+                                     "S:secret-header-file", secretheaderpath,
+                                     "S:secret-file", secretpath,
                                      NULL) < 0)
         return -1;
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index fc05b4b24f..cf7ae8bbfa 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6729,6 +6729,16 @@ qemuProcessPrepareSEVGuestInput(virDomainObj *vm)
             return -1;
     }
 
+    if (sev->secret_header) {
+        if (qemuProcessSEVCreateFile(vm, "secret_header", sev->secret_header) < 0)
+            return -1;
+    }
+
+    if (sev->secret) {
+        if (qemuProcessSEVCreateFile(vm, "secret", sev->secret) < 0)
+            return -1;
+    }
+
     return 0;
 }
 
-- 
Gitee