[PATCH 6/8] qemu_validate: Use domaincaps to validate supported launchSecurity type

Michal Privoznik <mprivozn@xxxxxxxxxx> · Tue, 25 Jun 2024 11:48:51 +0200

Now that the logic for detecting supported launchSecurity types
has been moved to domain capabilities generation, we can just use
it when validating launchSecurity type. Just like we do for
device models and so on.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/qemu/qemu_validate.c | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 3cfcceafc9..b392428f48 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1310,14 +1310,20 @@ qemuValidateDomainDef(const virDomainDef *def,
         return -1;
 
     if (def->sec) {
+        virDomainCapsLaunchSecurity launchSecurity = { };
+
+        virQEMUCapsFillDomainLaunchSecurity(qemuCaps, &launchSecurity);
+
+        if (!VIR_DOMAIN_CAPS_ENUM_IS_SET(launchSecurity.sectype,
+                                         def->sec->sectype)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("'%1$s' launch security is not supported with this QEMU binary"),
+                           virDomainLaunchSecurityTypeToString(def->sec->sectype));
+            return -1;
+        }
+
         switch (def->sec->sectype) {
         case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
-            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("SEV launch security is not supported with this QEMU binary"));
-                return -1;
-            }
-
             if (def->sec->data.sev.common.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT &&
                 !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -1327,20 +1333,9 @@ qemuValidateDomainDef(const virDomainDef *def,
             break;
 
         case VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP:
-            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_SNP_GUEST)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("SEV SNP launch security is not supported with this QEMU binary"));
-                return -1;
-            }
             break;
 
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
-            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT) ||
-                !virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("S390 PV launch security is not supported with this QEMU binary"));
-                return -1;
-            }
             if (!virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps)) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                _("S390 PV launch security is not supported by this host or kernel"));
-- 
2.44.2







