1. Patchew
  2. Libvirt
  3. [libvirt] [libvirt-go-xml PATCH 0/2] Add support for the AMD SEV feature
  4. View patch

[libvirt] [libvirt-go-xml PATCH 1/2] Add support for domain launch security

Erik Skultety posted 2 patches 7 years, 7 months ago
[libvirt] [libvirt-go-xml PATCH 1/2] Add support for domain launch security
Posted by Erik Skultety 7 years, 7 months ago 
Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
 domain.go | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 134 insertions(+), 1 deletion(-)

diff --git a/domain.go b/domain.go
index aeeb24a..27e2fdc 100644
--- a/domain.go
+++ b/domain.go
@@ -1863,6 +1863,15 @@ type DomainFeatureCapability struct {
 	State string `xml:"state,attr,omitempty"`
 }
 
+type DomainLaunchSecurity struct {
+	Sectype         string `xml:"type,attr"`
+	Cbitpos         *uint  `xml:"cbitpos"`
+	ReducedPhysBits *uint  `xml:"reducedPhysBits"`
+	Policy          *uint  `xml:"policy"`
+	DhCert          string `xml:"dhCert"`
+	Session         string `xml:"sesion"`
+}
+
 type DomainFeatureCapabilities struct {
 	Policy         string                   `xml:"policy,attr,omitempty"`
 	AuditControl   *DomainFeatureCapability `xml:"audit_control"`
@@ -2182,7 +2191,8 @@ type Domain struct {
 	QEMUCommandline      *DomainQEMUCommandline
 	LXCNamespace         *DomainLXCNamespace
 	VMWareDataCenterPath *DomainVMWareDataCenterPath
-	KeyWrap              *DomainKeyWrap `xml:"keywrap"`
+	KeyWrap              *DomainKeyWrap        `xml:"keywrap"`
+	LaunchSecurity       *DomainLaunchSecurity `xml:"launchSecurity"`
 }
 
 func (d *Domain) Unmarshal(doc string) error {
@@ -4864,3 +4874,126 @@ func (d *DomainCPU) Marshal() (string, error) {
 	}
 	return string(doc), nil
 }
+
+func (a *DomainLaunchSecurity) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
+	start.Attr = append(start.Attr, xml.Attr{
+		xml.Name{Local: "type"}, "sev",
+	})
+
+	e.EncodeToken(start)
+	cbitpos := xml.StartElement{
+		Name: xml.Name{Local: "cbitpos"},
+	}
+	e.EncodeToken(cbitpos)
+	e.EncodeToken(xml.CharData(fmt.Sprintf("%d", *a.Cbitpos)))
+	e.EncodeToken(cbitpos.End())
+
+	reducedPhysBits := xml.StartElement{
+		Name: xml.Name{Local: "reducedPhysBits"},
+	}
+	e.EncodeToken(reducedPhysBits)
+	e.EncodeToken(xml.CharData(fmt.Sprintf("%d", *a.ReducedPhysBits)))
+	e.EncodeToken(reducedPhysBits.End())
+
+	if a.Policy != nil {
+		policy := xml.StartElement{
+			Name: xml.Name{Local: "policy"},
+		}
+		e.EncodeToken(policy)
+		e.EncodeToken(xml.CharData(fmt.Sprintf("0x%04x", *a.Policy)))
+		e.EncodeToken(policy.End())
+	}
+
+	dhcert := xml.StartElement{
+		Name: xml.Name{Local: "dhCert"},
+	}
+	e.EncodeToken(dhcert)
+	e.EncodeToken(xml.CharData(fmt.Sprintf("%s", a.DhCert)))
+	e.EncodeToken(dhcert.End())
+
+	session := xml.StartElement{
+		Name: xml.Name{Local: "session"},
+	}
+	e.EncodeToken(session)
+	e.EncodeToken(xml.CharData(fmt.Sprintf("%s", a.Session)))
+	e.EncodeToken(session.End())
+
+	e.EncodeToken(start.End())
+
+	return nil
+}
+
+func (a *DomainLaunchSecurity) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
+	for _, attr := range start.Attr {
+		if attr.Name.Local == "type" {
+			a.Sectype = attr.Value
+		}
+	}
+
+	for {
+		tok, err := d.Token()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return err
+		}
+
+		switch tok := tok.(type) {
+		case xml.StartElement:
+			if tok.Name.Local == "policy" {
+				data, err := d.Token()
+				if err != nil {
+					return err
+				}
+				switch data := data.(type) {
+				case xml.CharData:
+					if err := unmarshalUintAttr(string(data), &a.Policy, 16); err != nil {
+						return err
+					}
+				}
+			} else if tok.Name.Local == "cbitpos" {
+				data, err := d.Token()
+				if err != nil {
+					return err
+				}
+				switch data := data.(type) {
+				case xml.CharData:
+					if err := unmarshalUintAttr(string(data), &a.Cbitpos, 10); err != nil {
+						return err
+					}
+				}
+			} else if tok.Name.Local == "reducedPhysBits" {
+				data, err := d.Token()
+				if err != nil {
+					return err
+				}
+				switch data := data.(type) {
+				case xml.CharData:
+					if err := unmarshalUintAttr(string(data), &a.ReducedPhysBits, 10); err != nil {
+						return err
+					}
+				}
+			} else if tok.Name.Local == "dhCert" {
+				data, err := d.Token()
+				if err != nil {
+					return err
+				}
+				switch data := data.(type) {
+				case xml.CharData:
+					a.DhCert = string(data)
+				}
+			} else if tok.Name.Local == "session" {
+				data, err := d.Token()
+				if err != nil {
+					return err
+				}
+				switch data := data.(type) {
+				case xml.CharData:
+					a.Session = string(data)
+				}
+			}
+		}
+	}
+	return nil
+}
-- 
2.14.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-go-xml PATCH 1/2] Add support for domain launch security
Posted by Daniel P. Berrangé 7 years, 7 months ago 
On Thu, Jun 14, 2018 at 04:30:29PM +0200, Erik Skultety wrote:
> Signed-off-by: Erik Skultety <eskultet@redhat.com>
> ---
>  domain.go | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 134 insertions(+), 1 deletion(-)
> 
> diff --git a/domain.go b/domain.go
> index aeeb24a..27e2fdc 100644
> --- a/domain.go
> +++ b/domain.go
> @@ -1863,6 +1863,15 @@ type DomainFeatureCapability struct {
>  	State string `xml:"state,attr,omitempty"`
>  }
>  
> +type DomainLaunchSecurity struct {
> +	Sectype         string `xml:"type,attr"`
> +	Cbitpos         *uint  `xml:"cbitpos"`

s/Cbitpos/CBitPos/

> +	ReducedPhysBits *uint  `xml:"reducedPhysBits"`
> +	Policy          *uint  `xml:"policy"`
> +	DhCert          string `xml:"dhCert"`

s/DhCert/DHCert/  since 'dh' is an acronym

> +	Session         string `xml:"sesion"`
> +}
> +
>  type DomainFeatureCapabilities struct {
>  	Policy         string                   `xml:"policy,attr,omitempty"`
>  	AuditControl   *DomainFeatureCapability `xml:"audit_control"`
> @@ -2182,7 +2191,8 @@ type Domain struct {
>  	QEMUCommandline      *DomainQEMUCommandline
>  	LXCNamespace         *DomainLXCNamespace
>  	VMWareDataCenterPath *DomainVMWareDataCenterPath
> -	KeyWrap              *DomainKeyWrap `xml:"keywrap"`
> +	KeyWrap              *DomainKeyWrap        `xml:"keywrap"`
> +	LaunchSecurity       *DomainLaunchSecurity `xml:"launchSecurity"`
>  }
>  
>  func (d *Domain) Unmarshal(doc string) error {


Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-go-xml PATCH 1/2] Add support for domain launch security
Posted by Daniel P. Berrangé 7 years, 7 months ago 
On Thu, Jun 14, 2018 at 04:54:43PM +0100, Daniel P. Berrangé wrote:
> On Thu, Jun 14, 2018 at 04:30:29PM +0200, Erik Skultety wrote:
> > Signed-off-by: Erik Skultety <eskultet@redhat.com>
> > ---
> >  domain.go | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> >  1 file changed, 134 insertions(+), 1 deletion(-)
> > 
> > diff --git a/domain.go b/domain.go
> > index aeeb24a..27e2fdc 100644
> > --- a/domain.go
> > +++ b/domain.go
> > @@ -1863,6 +1863,15 @@ type DomainFeatureCapability struct {
> >  	State string `xml:"state,attr,omitempty"`
> >  }
> >  
> > +type DomainLaunchSecurity struct {
> > +	Sectype         string `xml:"type,attr"`

Oh, actually I forgot that I aim to avoid ever exposing "type" attributes
in the XML - they are a sign that we need to use a union.

IOW, we would want

  type DomainLaunchSecurity struct {
      SEV *DomainLaunchSecuritySEV
  }

And DomainLaunchSecuritySEV would contain the rest of the fields
below - this requires more magic MarshalXML/UnmarshalXML helpers
to create/serialize the SEV struct depending on 'type' value.


If you want a simple example of how this is done which is a good
fit with DomainLaunchSecurity, take a look at NetworkForwardAddress
and NetworkForwardAddressPCI structs, in the network.go file, and
their corresponding MarshalXML/UnmarshalXML methods.

> > +	Cbitpos         *uint  `xml:"cbitpos"`
> 
> s/Cbitpos/CBitPos/
> 
> > +	ReducedPhysBits *uint  `xml:"reducedPhysBits"`
> > +	Policy          *uint  `xml:"policy"`
> > +	DhCert          string `xml:"dhCert"`
> 
> s/DhCert/DHCert/  since 'dh' is an acronym
> 
> > +	Session         string `xml:"sesion"`
> > +}
> > +
> >  type DomainFeatureCapabilities struct {
> >  	Policy         string                   `xml:"policy,attr,omitempty"`
> >  	AuditControl   *DomainFeatureCapability `xml:"audit_control"`
> > @@ -2182,7 +2191,8 @@ type Domain struct {
> >  	QEMUCommandline      *DomainQEMUCommandline
> >  	LXCNamespace         *DomainLXCNamespace
> >  	VMWareDataCenterPath *DomainVMWareDataCenterPath
> > -	KeyWrap              *DomainKeyWrap `xml:"keywrap"`
> > +	KeyWrap              *DomainKeyWrap        `xml:"keywrap"`
> > +	LaunchSecurity       *DomainLaunchSecurity `xml:"launchSecurity"`
> >  }
> >  
> >  func (d *Domain) Unmarshal(doc string) error {
> 
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> 
> Regards,
> Daniel
> -- 
> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2026 Red Hat, Inc.