On Tue, Jun 22, 2021 at 03:10:48PM +0200, Boris Fiuczynski wrote:
> Add launch security type 's390-pv' as well as some tests.
>
> Signed-off-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxx>
> Reviewed-by: Daniel Henrique Barboza <danielhb413@xxxxxxxxx>
> ---
> docs/schemas/domaincommon.rng | 1 +
> src/conf/domain_conf.c | 8 +++++
> src/conf/domain_conf.h | 1 +
> src/qemu/qemu_command.c | 26 ++++++++++++++
> src/qemu/qemu_firmware.c | 1 +
> src/qemu/qemu_namespace.c | 1 +
> src/qemu/qemu_process.c | 1 +
> src/qemu/qemu_validate.c | 9 +++++
> .../launch-security-s390-pv-ignore-policy.xml | 24 +++++++++++++
> .../launch-security-s390-pv.xml | 18 ++++++++++
> .../launch-security-s390-pv-ignore-policy.xml | 1 +
> tests/genericxml2xmltest.c | 2 ++
> ...ty-s390-pv-ignore-policy.s390x-latest.args | 35 +++++++++++++++++++
> .../launch-security-s390-pv-ignore-policy.xml | 33 +++++++++++++++++
> .../launch-security-s390-pv.s390x-latest.args | 35 +++++++++++++++++++
> .../launch-security-s390-pv.xml | 30 ++++++++++++++++
> tests/qemuxml2argvtest.c | 3 ++
> 17 files changed, 229 insertions(+)
> create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
> create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
> create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
>
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 8c1b6c3a09..b81c51728d 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -485,6 +485,7 @@
> <attribute name="type">
> <choice>
> <value>sev</value>
> + <value>s390-pv</value>
> </choice>
> </attribute>
> <interleave>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 2bd5210a16..a7fc8cd65f 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -1401,6 +1401,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> "",
> "sev",
> + "s390-pv",
> );
>
> static virClass *virDomainObjClass;
> @@ -14799,6 +14800,8 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
> if (!sec->sev)
> return NULL;
> break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> + break;
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> default:
> @@ -26895,6 +26898,11 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
> break;
> }
>
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> + virBufferAsprintf(buf, "<launchSecurity type='%s'/>\n",
> + virDomainLaunchSecurityTypeToString(sec->sectype));
> + break;
> +
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> break;
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index fa7ab1895d..9d9acab50c 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2645,6 +2645,7 @@ struct _virDomainKeyWrapDef {
> typedef enum {
> VIR_DOMAIN_LAUNCH_SECURITY_NONE,
> VIR_DOMAIN_LAUNCH_SECURITY_SEV,
> + VIR_DOMAIN_LAUNCH_SECURITY_PV,
>
> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> } virDomainLaunchSecurity;
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 4135a8444a..3ab803f7ce 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -6975,6 +6975,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
> virBufferAddLit(&buf, ",memory-encryption=sev0");
> }
> break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> + virBufferAddLit(&buf, ",confidential-guest-support=pv0");
> + break;
This could be possible shared for all launchSecurity types as well but
it can be done as followup. That would mean using for example lsec0
instead of sev0, pv0, somethingelse0 and so on. It's just an id which
can be anything.
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> break;
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> @@ -9870,6 +9873,26 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
> }
>
>
> +static int
> +qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
> +{
> + g_autoptr(virJSONValue) props = NULL;
> + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
> + qemuDomainObjPrivate *priv = vm->privateData;
> +
> + if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest", "pv0",
> + NULL) < 0)
> + return -1;
> +
> + if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
> + return -1;
> +
> + virCommandAddArg(cmd, "-object");
> + virCommandAddArgBuffer(cmd, &buf);
> + return 0;
> +}
> +
> +
> static int
> qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
> virDomainSecDef *sec)
> @@ -9881,6 +9904,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
> case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> return qemuBuildSEVCommandLine(vm, cmd, sec->sev);
> break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> + return qemuBuildPVCommandLine(vm, cmd);
> + break;
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> break;
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
> index 6d1bab181e..3b408fa7b8 100644
> --- a/src/qemu/qemu_firmware.c
> +++ b/src/qemu/qemu_firmware.c
> @@ -1070,6 +1070,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
> return false;
> }
> break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> break;
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
> index 35c8eb83fd..156ee84292 100644
> --- a/src/qemu/qemu_namespace.c
> +++ b/src/qemu/qemu_namespace.c
> @@ -607,6 +607,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
>
> VIR_DEBUG("Set up launch security for SEV");
> break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> break;
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index d9073fb3a3..9f9904cc6c 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -6707,6 +6707,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
> switch ((virDomainLaunchSecurity) sec->sectype) {
> case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> return qemuProcessPrepareSEVGuestInput(vm);
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> break;
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> index 957dbc906c..c39dc5136d 100644
> --- a/src/qemu/qemu_validate.c
> +++ b/src/qemu/qemu_validate.c
> @@ -1224,6 +1224,15 @@ qemuValidateDomainDef(const virDomainDef *def,
> return -1;
> }
> break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT) ||
> + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("S390 PV launch security is not supported with "
> + "this QEMU binary"));
> + return -1;
> + }
> + break;
> case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> break;
> case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> diff --git a/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml b/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
> new file mode 100644
> index 0000000000..0c398cced8
> --- /dev/null
> +++ b/tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
> @@ -0,0 +1,24 @@
> +<domain type='kvm'>
> + <name>QEMUGuest1</name>
> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> + <memory unit='KiB'>219100</memory>
> + <currentMemory unit='KiB'>219100</currentMemory>
> + <vcpu placement='static'>1</vcpu>
> + <os>
> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
> + <boot dev='hd'/>
> + </os>
> + <clock offset='utc'/>
> + <on_poweroff>destroy</on_poweroff>
> + <on_reboot>restart</on_reboot>
> + <on_crash>destroy</on_crash>
> + <devices>
> + </devices>
> + <launchSecurity type='s390-pv'>
> + <cbitpos>47</cbitpos>
> + <reducedPhysBits>1</reducedPhysBits>
> + <policy>0x0001</policy>
> + <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
> + <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
I thing we should not ignore invalid XML bits and error out instead.
> + </launchSecurity>
> +</domain>
> diff --git a/tests/genericxml2xmlindata/launch-security-s390-pv.xml b/tests/genericxml2xmlindata/launch-security-s390-pv.xml
> new file mode 100644
> index 0000000000..29c7fc152d
> --- /dev/null
> +++ b/tests/genericxml2xmlindata/launch-security-s390-pv.xml
> @@ -0,0 +1,18 @@
> +<domain type='kvm'>
> + <name>QEMUGuest1</name>
> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> + <memory unit='KiB'>219100</memory>
> + <currentMemory unit='KiB'>219100</currentMemory>
> + <vcpu placement='static'>1</vcpu>
> + <os>
> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
> + <boot dev='hd'/>
> + </os>
> + <clock offset='utc'/>
> + <on_poweroff>destroy</on_poweroff>
> + <on_reboot>restart</on_reboot>
> + <on_crash>destroy</on_crash>
> + <devices>
> + </devices>
> + <launchSecurity type='s390-pv'/>
> +</domain>
> diff --git a/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml b/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
> new file mode 120000
> index 0000000000..075c72603d
> --- /dev/null
> +++ b/tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
> @@ -0,0 +1 @@
> +../genericxml2xmlindata/launch-security-s390-pv.xml
> \ No newline at end of file
> diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c
> index ac89422a32..eb15f66c3c 100644
> --- a/tests/genericxml2xmltest.c
> +++ b/tests/genericxml2xmltest.c
> @@ -233,6 +233,8 @@ mymain(void)
> DO_TEST("tseg");
>
> DO_TEST("launch-security-sev");
> + DO_TEST("launch-security-s390-pv");
> + DO_TEST_DIFFERENT("launch-security-s390-pv-ignore-policy");
>
> DO_TEST_DIFFERENT("cputune");
> DO_TEST("device-backenddomain");
> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
> new file mode 100644
> index 0000000000..c9d9b84dd3
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
> @@ -0,0 +1,35 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/tmp/lib/domain--1-QEMUGuest1 \
> +USER=test \
> +LOGNAME=test \
> +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
> +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
> +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
> +/usr/bin/qemu-system-s390x \
> +-name guest=QEMUGuest1,debug-threads=on \
> +-S \
> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
> +-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram \
> +-cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \
> +-m 214 \
> +-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
> +-overcommit mem-lock=off \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
> +-display none \
> +-no-user-config \
> +-nodefaults \
> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
> +-mon chardev=charmonitor,id=monitor,mode=control \
> +-rtc base=utc \
> +-no-shutdown \
> +-boot strict=on \
> +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
> +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
> +-device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
> +-audiodev id=audio1,driver=none \
> +-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
> +-object '{"qom-type":"s390-pv-guest","id":"pv0"}' \
> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
> +-msg timestamp=on
> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
> new file mode 100644
> index 0000000000..052d96dedb
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
> @@ -0,0 +1,33 @@
> +<domain type='kvm'>
> + <name>QEMUGuest1</name>
> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> + <memory unit='KiB'>219100</memory>
> + <currentMemory unit='KiB'>219100</currentMemory>
> + <vcpu placement='static'>1</vcpu>
> + <os>
> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
> + <boot dev='hd'/>
> + </os>
> + <clock offset='utc'/>
> + <on_poweroff>destroy</on_poweroff>
> + <on_reboot>restart</on_reboot>
> + <on_crash>destroy</on_crash>
> + <devices>
> + <emulator>/usr/bin/qemu-system-s390x</emulator>
> + <disk type='block' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source dev='/dev/HostVG/QEMUGuest1'/>
> + <target dev='hda' bus='virtio'/>
> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
> + </disk>
> + <controller type='pci' index='0' model='pci-root'/>
> + <memballoon model='virtio'>
> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
> + </memballoon>
> + <panic model='s390'/>
> + </devices>
> + <launchSecurity type='s390-pv'>
> + <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
> + <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
This doesn't look correct, we should not format dhCert or session with
s390-pv because based on the patches they are not used at all.
Pavel
> + </launchSecurity>
> +</domain>
> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
> new file mode 100644
> index 0000000000..c9d9b84dd3
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
> @@ -0,0 +1,35 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/tmp/lib/domain--1-QEMUGuest1 \
> +USER=test \
> +LOGNAME=test \
> +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
> +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
> +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
> +/usr/bin/qemu-system-s390x \
> +-name guest=QEMUGuest1,debug-threads=on \
> +-S \
> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
> +-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram \
> +-cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \
> +-m 214 \
> +-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
> +-overcommit mem-lock=off \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
> +-display none \
> +-no-user-config \
> +-nodefaults \
> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
> +-mon chardev=charmonitor,id=monitor,mode=control \
> +-rtc base=utc \
> +-no-shutdown \
> +-boot strict=on \
> +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
> +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
> +-device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
> +-audiodev id=audio1,driver=none \
> +-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
> +-object '{"qom-type":"s390-pv-guest","id":"pv0"}' \
> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
> +-msg timestamp=on
> diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv.xml b/tests/qemuxml2argvdata/launch-security-s390-pv.xml
> new file mode 100644
> index 0000000000..c40c2b4bf2
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/launch-security-s390-pv.xml
> @@ -0,0 +1,30 @@
> +<domain type='kvm'>
> + <name>QEMUGuest1</name>
> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> + <memory unit='KiB'>219100</memory>
> + <currentMemory unit='KiB'>219100</currentMemory>
> + <vcpu placement='static'>1</vcpu>
> + <os>
> + <type arch='s390x' machine='s390-ccw-virtio'>hvm</type>
> + <boot dev='hd'/>
> + </os>
> + <clock offset='utc'/>
> + <on_poweroff>destroy</on_poweroff>
> + <on_reboot>restart</on_reboot>
> + <on_crash>destroy</on_crash>
> + <devices>
> + <emulator>/usr/bin/qemu-system-s390x</emulator>
> + <disk type='block' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source dev='/dev/HostVG/QEMUGuest1'/>
> + <target dev='hda' bus='virtio'/>
> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/>
> + </disk>
> + <controller type='pci' index='0' model='pci-root'/>
> + <memballoon model='virtio'>
> + <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
> + </memballoon>
> + <panic model='s390'/>
> + </devices>
> + <launchSecurity type='s390-pv'/>
> +</domain>
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index ef6afae586..3268e4fe37 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -3461,6 +3461,9 @@ mymain(void)
> DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0");
> DO_TEST_CAPS_VER_PARSE_ERROR("launch-security-sev-missing-policy", "2.12.0");
>
> + DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv", "s390x");
> + DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv-ignore-policy", "s390x");
> +
> DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
> DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
> DO_TEST_CAPS_LATEST_PARSE_ERROR("vhost-user-fs-readonly");
> --
> 2.30.2
>
Attachment:
signature.asc
Description: PGP signature
