From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Markus Armbruster" <armbru@redhat.com>,
"Michael Roth" <michael.roth@amd.com>,
"Konstantin Kostiuk" <kkostiuk@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PATCH 09/14] qga: define commands which can be run in confidential mode
Date: Tue, 4 Jun 2024 16:32:37 +0100 [thread overview]
Message-ID: <20240604153242.251334-10-berrange@redhat.com> (raw)
In-Reply-To: <20240604153242.251334-1-berrange@redhat.com>
This adds the 'confidential' feature tag to the commands which are
safe to permit in confidential VMs. In a confidential virt scenario,
the host must not be permitted to modify guest data, nor request
information that could compromise guest data.
This effectively limits the QGA to commands which either are part
of the QGA operation, or are related to modifying virtual hardware
to assist in a host mgmt tasks.
This results in the following being permitted
* guest-sync
* guest-sync-delimited
* guest-ping
* guest-get-time
* guest-set-time
* guest-info
* guest-shutdown
* guest-fsfreeze-status
* guest-fsfreeze-freeze
* guest-fsfreeze-freeze-list
* guest-fsfreeze-thaw
* guest-fstrim
* guest-suspend-disk
* guest-suspend-ram
* guest-suspend-hybrid
* guest-get-vcpus
* guest-set-vcpus
* guest-get-memory-blocks
* guest-set-memory-blocks
* guest-get-memory-block-info
* guest-get-host-name
* guest-get-cpustats
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
qga/qapi-schema.json | 117 +++++++++++++++++++++++++++++++++++++++----
1 file changed, 107 insertions(+), 10 deletions(-)
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 9a213dfc06..48ea95cdba 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -78,12 +78,14 @@
#
# @fs-frozen: permitted to execute when filesystems are frozen
#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.1
##
{ 'command': 'guest-sync-delimited',
'data': { 'id': 'int' },
'returns': 'int',
- 'features': [ 'fs-frozen'] }
+ 'features': [ 'fs-frozen', 'confidential' ] }
##
# @guest-sync:
@@ -120,12 +122,14 @@
#
# @fs-frozen: permitted to execute when filesystems are frozen
#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 0.15.0
##
{ 'command': 'guest-sync',
'data': { 'id': 'int' },
'returns': 'int',
- 'features': [ 'fs-frozen'] }
+ 'features': [ 'fs-frozen', 'confidential' ] }
##
# @guest-ping:
@@ -136,10 +140,12 @@
#
# @fs-frozen: permitted to execute when filesystems are frozen
#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 0.15.0
##
{ 'command': 'guest-ping',
- 'features': [ 'fs-frozen'] }
+ 'features': [ 'fs-frozen', 'confidential' ] }
##
# @guest-get-time:
@@ -149,10 +155,15 @@
#
# Returns: Time in nanoseconds.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.5
##
{ 'command': 'guest-get-time',
- 'returns': 'int' }
+ 'returns': 'int',
+ 'features': [ 'confidential' ] }
##
# @guest-set-time:
@@ -175,10 +186,15 @@
# @time: time of nanoseconds, relative to the Epoch of 1970-01-01 in
# UTC.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.5
##
{ 'command': 'guest-set-time',
- 'data': { '*time': 'int' } }
+ 'data': { '*time': 'int' },
+ 'features': [ 'confidential' ] }
##
# @GuestAgentCommandInfo:
@@ -222,11 +238,13 @@
#
# @fs-frozen: permitted when filesystems are frozen
#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 0.15.0
##
{ 'command': 'guest-info',
'returns': 'GuestAgentInfo',
- 'features': [ 'fs-frozen'] }
+ 'features': [ 'fs-frozen', 'confidential' ] }
##
# @guest-shutdown:
@@ -241,10 +259,15 @@
# when running with --no-shutdown, by issuing the query-status QMP
# command to confirm the VM status is "shutdown".
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 0.15.0
##
{ 'command': 'guest-shutdown', 'data': { '*mode': 'str' },
- 'success-response': false }
+ 'success-response': false,
+ 'features': [ 'confidential' ] }
##
# @guest-file-open:
@@ -457,11 +480,13 @@
#
# @fs-frozen: permitted when filesystems are frozen
#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-status',
'returns': 'GuestFsfreezeStatus',
- 'features': [ 'fs-frozen'],
+ 'features': [ 'fs-frozen', 'confidential' ],
'if': { 'any': ['CONFIG_WIN32', 'CONFIG_FSFREEZE'] } }
##
@@ -481,10 +506,15 @@
# Volume Shadow-copy Service DLL helper. The frozen state is
# limited for up to 10 seconds by VSS.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-freeze',
'returns': 'int',
+ 'features': [ 'confidential' ],
'if': { 'any': ['CONFIG_WIN32', 'CONFIG_FSFREEZE'] } }
##
@@ -501,11 +531,16 @@
#
# Returns: Number of file systems currently frozen.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 2.2
##
{ 'command': 'guest-fsfreeze-freeze-list',
'data': { '*mountpoints': ['str'] },
'returns': 'int',
+ 'features': [ 'confidential' ],
'if': { 'any': ['CONFIG_WIN32', 'CONFIG_FSFREEZE'] } }
##
@@ -524,11 +559,13 @@
#
# @fs-frozen: permitted when filesystems are frozen
#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-thaw',
'returns': 'int',
- 'features': [ 'fs-frozen'],
+ 'features': [ 'fs-frozen', 'confidential' ],
'if': { 'any': ['CONFIG_WIN32', 'CONFIG_FSFREEZE'] } }
##
@@ -576,11 +613,16 @@
# Returns: A @GuestFilesystemTrimResponse which contains the status of
# all trimmed paths. (since 2.4)
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.2
##
{ 'command': 'guest-fstrim',
'data': { '*minimum': 'int' },
'returns': 'GuestFilesystemTrimResponse',
+ 'features': [ 'confidential' ],
'if': { 'any': ['CONFIG_WIN32', 'CONFIG_FSTRIM'] } }
##
@@ -608,9 +650,14 @@
# Notes: It's strongly recommended to issue the guest-sync command
# before sending commands when the guest resumes
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.1
##
{ 'command': 'guest-suspend-disk', 'success-response': false,
+ 'features': [ 'confidential' ],
'if': { 'any': ['CONFIG_LINUX', 'CONFIG_WIN32'] } }
##
@@ -645,9 +692,14 @@
# Notes: It's strongly recommended to issue the guest-sync command
# before sending commands when the guest resumes
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.1
##
{ 'command': 'guest-suspend-ram', 'success-response': false,
+ 'features': [ 'confidential' ],
'if': { 'any': ['CONFIG_LINUX', 'CONFIG_WIN32'] } }
##
@@ -681,9 +733,14 @@
# Notes: It's strongly recommended to issue the guest-sync command
# before sending commands when the guest resumes
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.1
##
{ 'command': 'guest-suspend-hybrid', 'success-response': false,
+ 'features': [ 'confidential' ],
'if': 'CONFIG_LINUX' }
##
@@ -815,10 +872,15 @@
# Returns: The list of all VCPUs the guest knows about. Each VCPU is
# put on the list exactly once, but their order is unspecified.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.5
##
{ 'command': 'guest-get-vcpus',
'returns': ['GuestLogicalProcessor'],
+ 'features': [ 'confidential' ],
'if': { 'any': ['CONFIG_LINUX', 'CONFIG_WIN32'] } }
##
@@ -857,11 +919,16 @@
# - If the reconfiguration of the first node in @vcpus failed.
# Guest state has not been changed.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 1.5
##
{ 'command': 'guest-set-vcpus',
'data': {'vcpus': ['GuestLogicalProcessor'] },
'returns': 'int',
+ 'features': [ 'confidential' ],
'if': 'CONFIG_LINUX' }
##
@@ -1180,10 +1247,15 @@
# memory block is put on the list exactly once, but their order is
# unspecified.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 2.3
##
{ 'command': 'guest-get-memory-blocks',
'returns': ['GuestMemoryBlock'],
+ 'features': [ 'confidential' ],
'if': 'CONFIG_LINUX' }
##
@@ -1254,11 +1326,16 @@
# empty on input, or there is an error, and in this case, guest
# state will not be changed.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 2.3
##
{ 'command': 'guest-set-memory-blocks',
'data': {'mem-blks': ['GuestMemoryBlock'] },
'returns': ['GuestMemoryBlockResponse'],
+ 'features': [ 'confidential' ],
'if': 'CONFIG_LINUX' }
##
@@ -1268,10 +1345,15 @@
# minimal units of memory block online/offline operations (also
# called Logical Memory Hotplug).
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 2.3
##
{ 'struct': 'GuestMemoryBlockInfo',
'data': {'size': 'uint64'},
+ 'features': [ 'confidential' ],
'if': 'CONFIG_LINUX' }
##
@@ -1281,10 +1363,15 @@
#
# Returns: @GuestMemoryBlockInfo
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 2.3
##
{ 'command': 'guest-get-memory-block-info',
'returns': 'GuestMemoryBlockInfo',
+ 'features': [ 'confidential' ],
'if': 'CONFIG_LINUX' }
##
@@ -1430,10 +1517,15 @@
#
# Returns: the host name of the machine
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 2.10
##
{ 'command': 'guest-get-host-name',
- 'returns': 'GuestHostName' }
+ 'returns': 'GuestHostName',
+ 'features': [ 'confidential' ] }
##
@@ -1882,9 +1974,14 @@
#
# Returns: List of CPU stats of guest.
#
+# Features:
+#
+# @confidential: permitted when running inside a confidential VM
+#
# Since: 7.1
##
{ 'command': 'guest-get-cpustats',
'returns': ['GuestCpuStats'],
+ 'features': [ 'confidential' ],
'if': 'CONFIG_LINUX'
}
--
2.45.1
next prev parent reply other threads:[~2024-06-04 15:34 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 15:32 [PATCH 00/14] Improve mechanism for configuring allowed commands Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 01/14] qapi: use "QAPI_FEATURE" as namespace for special features Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 02/14] qapi: add helper for checking if a command feature is set Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 03/14] qapi: cope with special feature names containing a '-' Daniel P. Berrangé
2024-07-12 7:54 ` Markus Armbruster
2024-06-04 15:32 ` [PATCH 04/14] qapi: add a 'command-features' pragma Daniel P. Berrangé
2024-07-12 8:07 ` Markus Armbruster
2024-07-12 8:12 ` Daniel P. Berrangé
2024-07-12 8:50 ` Markus Armbruster
2024-07-12 9:17 ` Daniel P. Berrangé
2024-07-16 18:08 ` Markus Armbruster
2024-07-17 10:46 ` Daniel P. Berrangé
2024-07-17 11:43 ` Markus Armbruster
2024-06-04 15:32 ` [PATCH 05/14] qapi: stop hardcoding list of special features Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 06/14] qapi: define enum for custom special features on commands Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 07/14] qga: use special feature to mark those that can run when FS are frozen Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 08/14] qga: add command line to limit commands for confidential guests Daniel P. Berrangé
2024-06-04 15:32 ` Daniel P. Berrangé [this message]
2024-06-04 15:32 ` [PATCH 10/14] qga: add command line to block unrestricted command/file access Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 11/14] qga: mark guest-file-* commands with 'unrestricted' flag Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 12/14] qga: mark guest-exec-* " Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 13/14] qga: add command line to block user authentication commands Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 14/14] qga: mark guest-ssh-* / guest-*-password commands with 'unrestricted' flag Daniel P. Berrangé
2024-07-02 18:09 ` [PATCH 00/14] Improve mechanism for configuring allowed commands Daniel P. Berrangé
2024-07-15 9:52 ` Markus Armbruster
2024-07-15 10:56 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240604153242.251334-10-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=kkostiuk@redhat.com \
--cc=michael.roth@amd.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).