parent
86132c4faa
commit
fa5be9939f
@ -0,0 +1,494 @@
|
|||||||
|
From 128d73c47ef90ca871966a5417962836f9f359f1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Tue, 2 Jul 2024 08:45:10 +0000
|
||||||
|
Subject: [PATCH] Fix support for Hyper-V on Arm
|
||||||
|
|
||||||
|
This architecture lacks CPUID so we must fall back to looking
|
||||||
|
at DMI data instead.
|
||||||
|
|
||||||
|
Reported-by: Yuxin Sun
|
||||||
|
Thanks: Dan Berrange
|
||||||
|
Fixes: https://issues.redhat.com/browse/RHEL-45834
|
||||||
|
(cherry picked from commit 49a17ec8438d01280750d52ae661c8c5c9fe9d07)
|
||||||
|
---
|
||||||
|
configure.ac | 2 +
|
||||||
|
tests/hyperv-arm/Makefile.am | 28 +++
|
||||||
|
tests/hyperv-arm/proc/cpuinfo | 18 ++
|
||||||
|
tests/hyperv-arm/proc/self/status | 57 +++++
|
||||||
|
tests/hyperv-arm/sbin/dmidecode | 221 +++++++++++++++++++
|
||||||
|
tests/hyperv-arm/sbin/uname | 2 +
|
||||||
|
tests/hyperv-arm/sbin/virt-what-cpuid-helper | 2 +
|
||||||
|
tests/hyperv-arm/test.sh | 32 +++
|
||||||
|
virt-what.in | 16 +-
|
||||||
|
9 files changed, 374 insertions(+), 4 deletions(-)
|
||||||
|
create mode 100644 tests/hyperv-arm/Makefile.am
|
||||||
|
create mode 100644 tests/hyperv-arm/proc/cpuinfo
|
||||||
|
create mode 100644 tests/hyperv-arm/proc/self/status
|
||||||
|
create mode 100755 tests/hyperv-arm/sbin/dmidecode
|
||||||
|
create mode 100755 tests/hyperv-arm/sbin/uname
|
||||||
|
create mode 100755 tests/hyperv-arm/sbin/virt-what-cpuid-helper
|
||||||
|
create mode 100755 tests/hyperv-arm/test.sh
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 632e25e91..4dd2c9731 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -48,6 +48,7 @@ tests="\
|
||||||
|
esx4.1 \
|
||||||
|
google-cloud \
|
||||||
|
hyperv \
|
||||||
|
+ hyperv-arm \
|
||||||
|
illumos-lx \
|
||||||
|
kvm \
|
||||||
|
kvm-explicit-cpu \
|
||||||
|
@@ -99,6 +100,7 @@ AC_CONFIG_FILES([Makefile
|
||||||
|
tests/esx4.1/Makefile
|
||||||
|
tests/google-cloud/Makefile
|
||||||
|
tests/hyperv/Makefile
|
||||||
|
+ tests/hyperv-arm/Makefile
|
||||||
|
tests/illumos-lx/Makefile
|
||||||
|
tests/kvm/Makefile
|
||||||
|
tests/kvm-explicit-cpu/Makefile
|
||||||
|
diff --git a/tests/hyperv-arm/Makefile.am b/tests/hyperv-arm/Makefile.am
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..b748df8bc
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hyperv-arm/Makefile.am
|
||||||
|
@@ -0,0 +1,28 @@
|
||||||
|
+# Makefile for virt-what
|
||||||
|
+# Copyright (C) 2008-2011 Red Hat Inc.
|
||||||
|
+#
|
||||||
|
+# This program is free software; you can redistribute it and/or modify
|
||||||
|
+# it under the terms of the GNU General Public License as published by
|
||||||
|
+# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+# (at your option) any later version.
|
||||||
|
+#
|
||||||
|
+# This program is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+# GNU General Public License for more details.
|
||||||
|
+#
|
||||||
|
+# You should have received a copy of the GNU General Public License
|
||||||
|
+# along with this program; if not, write to the Free Software
|
||||||
|
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
+
|
||||||
|
+CLEANFILES = *~
|
||||||
|
+
|
||||||
|
+TESTS = test.sh
|
||||||
|
+
|
||||||
|
+EXTRA_DIST = \
|
||||||
|
+ test.sh \
|
||||||
|
+ proc/cpuinfo \
|
||||||
|
+ proc/self/status \
|
||||||
|
+ sbin/dmidecode \
|
||||||
|
+ sbin/uname \
|
||||||
|
+ sbin/virt-what-cpuid-helper
|
||||||
|
diff --git a/tests/hyperv-arm/proc/cpuinfo b/tests/hyperv-arm/proc/cpuinfo
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..c492a0024
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hyperv-arm/proc/cpuinfo
|
||||||
|
@@ -0,0 +1,18 @@
|
||||||
|
+processor : 0
|
||||||
|
+BogoMIPS : 50.00
|
||||||
|
+Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
|
||||||
|
+CPU implementer : 0x41
|
||||||
|
+CPU architecture: 8
|
||||||
|
+CPU variant : 0x3
|
||||||
|
+CPU part : 0xd0c
|
||||||
|
+CPU revision : 1
|
||||||
|
+
|
||||||
|
+processor : 1
|
||||||
|
+BogoMIPS : 50.00
|
||||||
|
+Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
|
||||||
|
+CPU implementer : 0x41
|
||||||
|
+CPU architecture: 8
|
||||||
|
+CPU variant : 0x3
|
||||||
|
+CPU part : 0xd0c
|
||||||
|
+CPU revision : 1
|
||||||
|
+
|
||||||
|
diff --git a/tests/hyperv-arm/proc/self/status b/tests/hyperv-arm/proc/self/status
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..129e9c2aa
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hyperv-arm/proc/self/status
|
||||||
|
@@ -0,0 +1,57 @@
|
||||||
|
+Name: cat
|
||||||
|
+Umask: 0022
|
||||||
|
+State: R (running)
|
||||||
|
+Tgid: 17916
|
||||||
|
+Ngid: 0
|
||||||
|
+Pid: 17916
|
||||||
|
+PPid: 5880
|
||||||
|
+TracerPid: 0
|
||||||
|
+Uid: 1000 1000 1000 1000
|
||||||
|
+Gid: 1000 1000 1000 1000
|
||||||
|
+FDSize: 256
|
||||||
|
+Groups: 4 190 1000
|
||||||
|
+NStgid: 17916
|
||||||
|
+NSpid: 17916
|
||||||
|
+NSpgid: 17916
|
||||||
|
+NSsid: 5880
|
||||||
|
+VmPeak: 5284 kB
|
||||||
|
+VmSize: 5284 kB
|
||||||
|
+VmLck: 0 kB
|
||||||
|
+VmPin: 0 kB
|
||||||
|
+VmHWM: 772 kB
|
||||||
|
+VmRSS: 772 kB
|
||||||
|
+RssAnon: 80 kB
|
||||||
|
+RssFile: 692 kB
|
||||||
|
+RssShmem: 0 kB
|
||||||
|
+VmData: 344 kB
|
||||||
|
+VmStk: 132 kB
|
||||||
|
+VmExe: 24 kB
|
||||||
|
+VmLib: 1736 kB
|
||||||
|
+VmPTE: 48 kB
|
||||||
|
+VmSwap: 0 kB
|
||||||
|
+HugetlbPages: 0 kB
|
||||||
|
+CoreDumping: 0
|
||||||
|
+THP_enabled: 1
|
||||||
|
+Threads: 1
|
||||||
|
+SigQ: 0/30549
|
||||||
|
+SigPnd: 0000000000000000
|
||||||
|
+ShdPnd: 0000000000000000
|
||||||
|
+SigBlk: 0000000000000000
|
||||||
|
+SigIgn: 0000000000000000
|
||||||
|
+SigCgt: 0000000000000000
|
||||||
|
+CapInh: 0000000000000000
|
||||||
|
+CapPrm: 0000000000000000
|
||||||
|
+CapEff: 0000000000000000
|
||||||
|
+CapBnd: 000001ffffffffff
|
||||||
|
+CapAmb: 0000000000000000
|
||||||
|
+NoNewPrivs: 0
|
||||||
|
+Seccomp: 0
|
||||||
|
+Seccomp_filters: 0
|
||||||
|
+Speculation_Store_Bypass: not vulnerable
|
||||||
|
+SpeculationIndirectBranch: unknown
|
||||||
|
+Cpus_allowed: 3
|
||||||
|
+Cpus_allowed_list: 0-1
|
||||||
|
+Mems_allowed: 00000000,00000001
|
||||||
|
+Mems_allowed_list: 0
|
||||||
|
+voluntary_ctxt_switches: 0
|
||||||
|
+nonvoluntary_ctxt_switches: 0
|
||||||
|
diff --git a/tests/hyperv-arm/sbin/dmidecode b/tests/hyperv-arm/sbin/dmidecode
|
||||||
|
new file mode 100755
|
||||||
|
index 000000000..38ac3feac
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hyperv-arm/sbin/dmidecode
|
||||||
|
@@ -0,0 +1,221 @@
|
||||||
|
+#!/bin/sh -
|
||||||
|
+cat <<'EOF'
|
||||||
|
+# dmidecode 3.3
|
||||||
|
+Getting SMBIOS data from sysfs.
|
||||||
|
+SMBIOS 3.1.0 present.
|
||||||
|
+Table at 0x3FD63000.
|
||||||
|
+
|
||||||
|
+Handle 0x0000, DMI type 0, 26 bytes
|
||||||
|
+BIOS Information
|
||||||
|
+ Vendor: Microsoft Corporation
|
||||||
|
+ Version: Hyper-V UEFI Release v4.1
|
||||||
|
+ Release Date: 11/28/2023
|
||||||
|
+ ROM Size: 64 kB
|
||||||
|
+ Characteristics:
|
||||||
|
+ BIOS characteristics not supported
|
||||||
|
+ ACPI is supported
|
||||||
|
+ Targeted content distribution is supported
|
||||||
|
+ UEFI is supported
|
||||||
|
+ System is a virtual machine
|
||||||
|
+ BIOS Revision: 4.1
|
||||||
|
+
|
||||||
|
+Handle 0x0001, DMI type 1, 27 bytes
|
||||||
|
+System Information
|
||||||
|
+ Manufacturer: Microsoft Corporation
|
||||||
|
+ Product Name: Virtual Machine
|
||||||
|
+ Version: Hyper-V UEFI Release v4.1
|
||||||
|
+ Serial Number: 0000-0011-3798-4833-3781-8467-28
|
||||||
|
+ UUID: 9ded57c4-3ce3-4ac8-aaaf-2c4ccf6e7a59
|
||||||
|
+ Wake-up Type: Power Switch
|
||||||
|
+ SKU Number: None
|
||||||
|
+ Family: Virtual Machine
|
||||||
|
+
|
||||||
|
+Handle 0x0002, DMI type 3, 24 bytes
|
||||||
|
+Chassis Information
|
||||||
|
+ Manufacturer: Microsoft Corporation
|
||||||
|
+ Type: Desktop
|
||||||
|
+ Lock: Not Present
|
||||||
|
+ Version: Hyper-V UEFI Release v4.1
|
||||||
|
+ Serial Number: 6708-6940-4856-4751-7507-5546-20
|
||||||
|
+ Asset Tag: 7783-7084-3265-9085-8269-3286-77
|
||||||
|
+ Boot-up State: Safe
|
||||||
|
+ Power Supply State: Safe
|
||||||
|
+ Thermal State: Safe
|
||||||
|
+ Security Status: Unknown
|
||||||
|
+ OEM Information: 0x00000000
|
||||||
|
+ Height: Unspecified
|
||||||
|
+ Number Of Power Cords: Unspecified
|
||||||
|
+ Contained Elements: 0
|
||||||
|
+ SKU Number: Virtual Machine
|
||||||
|
+
|
||||||
|
+Handle 0x0003, DMI type 2, 17 bytes
|
||||||
|
+Base Board Information
|
||||||
|
+ Manufacturer: Microsoft Corporation
|
||||||
|
+ Product Name: Virtual Machine
|
||||||
|
+ Version: Hyper-V UEFI Release v4.1
|
||||||
|
+ Serial Number: 0000-0012-2990-9781-5781-3745-53
|
||||||
|
+ Asset Tag: None
|
||||||
|
+ Features:
|
||||||
|
+ Board is a hosting board
|
||||||
|
+ Location In Chassis: Virtual Machine
|
||||||
|
+ Chassis Handle: 0x0002
|
||||||
|
+ Type: Motherboard
|
||||||
|
+ Contained Object Handles: 0
|
||||||
|
+
|
||||||
|
+Handle 0x0004, DMI type 4, 48 bytes
|
||||||
|
+Processor Information
|
||||||
|
+ Socket Designation: None
|
||||||
|
+ Type: Central Processor
|
||||||
|
+ Family: ARMv8
|
||||||
|
+ Manufacturer: Ampere(R)
|
||||||
|
+ ID: 00 00 00 00 00 00 00 00
|
||||||
|
+ Version: Ampere(R) Altra(R) Processor
|
||||||
|
+ Voltage: 1.0 V
|
||||||
|
+ External Clock: 1650 MHz
|
||||||
|
+ Max Speed: 3000 MHz
|
||||||
|
+ Current Speed: 3000 MHz
|
||||||
|
+ Status: Populated, Enabled
|
||||||
|
+ Upgrade: None
|
||||||
|
+ L1 Cache Handle: Not Provided
|
||||||
|
+ L2 Cache Handle: Not Provided
|
||||||
|
+ L3 Cache Handle: Not Provided
|
||||||
|
+ Serial Number: None
|
||||||
|
+ Asset Tag: None
|
||||||
|
+ Part Number: None
|
||||||
|
+ Core Count: 2
|
||||||
|
+ Core Enabled: 2
|
||||||
|
+ Thread Count: 1
|
||||||
|
+ Characteristics:
|
||||||
|
+ 64-bit capable
|
||||||
|
+ Multi-Core
|
||||||
|
+ Power/Performance Control
|
||||||
|
+ 128-bit Capable
|
||||||
|
+ Arm64 SoC ID
|
||||||
|
+
|
||||||
|
+Handle 0x0005, DMI type 11, 5 bytes
|
||||||
|
+OEM Strings
|
||||||
|
+ String 1: [MS_VM_CERT/SHA1/9b80ca0d5dd061ec9da4e494f4c3fd1196270c22]
|
||||||
|
+ String 2: 00000000000000000000000000000000
|
||||||
|
+ String 3: To be filled by OEM
|
||||||
|
+
|
||||||
|
+Handle 0x0006, DMI type 16, 23 bytes
|
||||||
|
+Physical Memory Array
|
||||||
|
+ Location: System Board Or Motherboard
|
||||||
|
+ Use: System Memory
|
||||||
|
+ Error Correction Type: None
|
||||||
|
+ Maximum Capacity: 0 bytes
|
||||||
|
+ Error Information Handle: Not Provided
|
||||||
|
+ Number Of Devices: 2
|
||||||
|
+
|
||||||
|
+Handle 0x0007, DMI type 17, 92 bytes
|
||||||
|
+Memory Device
|
||||||
|
+ Array Handle: 0x0006
|
||||||
|
+ Error Information Handle: Not Provided
|
||||||
|
+ Total Width: Unknown
|
||||||
|
+ Data Width: Unknown
|
||||||
|
+ Size: 1 GB
|
||||||
|
+ Form Factor: Unknown
|
||||||
|
+ Set: None
|
||||||
|
+ Locator: M0001
|
||||||
|
+ Bank Locator: None
|
||||||
|
+ Type: Unknown
|
||||||
|
+ Type Detail: Unknown
|
||||||
|
+ Speed: Unknown
|
||||||
|
+ Manufacturer: Microsoft Corporation
|
||||||
|
+ Serial Number: None
|
||||||
|
+ Asset Tag: None
|
||||||
|
+ Part Number: None
|
||||||
|
+ Rank: Unknown
|
||||||
|
+ Configured Memory Speed: Unknown
|
||||||
|
+ Minimum Voltage: Unknown
|
||||||
|
+ Maximum Voltage: Unknown
|
||||||
|
+ Configured Voltage: Unknown
|
||||||
|
+ Memory Technology: <OUT OF SPEC>
|
||||||
|
+ Memory Operating Mode Capability: None
|
||||||
|
+ Firmware Version: Not Specified
|
||||||
|
+ Module Manufacturer ID: Unknown
|
||||||
|
+ Module Product ID: Unknown
|
||||||
|
+ Memory Subsystem Controller Manufacturer ID: Unknown
|
||||||
|
+ Memory Subsystem Controller Product ID: Unknown
|
||||||
|
+ Non-Volatile Size: None
|
||||||
|
+ Volatile Size: None
|
||||||
|
+ Cache Size: None
|
||||||
|
+ Logical Size: None
|
||||||
|
+
|
||||||
|
+Handle 0x0008, DMI type 19, 31 bytes
|
||||||
|
+Memory Array Mapped Address
|
||||||
|
+ Starting Address: 0x00000000000
|
||||||
|
+ Ending Address: 0x000400003FF
|
||||||
|
+ Range Size: 1 GB
|
||||||
|
+ Physical Array Handle: 0x0006
|
||||||
|
+ Partition Width: 0
|
||||||
|
+
|
||||||
|
+Handle 0x0009, DMI type 20, 35 bytes
|
||||||
|
+Memory Device Mapped Address
|
||||||
|
+ Starting Address: 0x00000000000
|
||||||
|
+ Ending Address: 0x000400003FF
|
||||||
|
+ Range Size: 1 GB
|
||||||
|
+ Physical Device Handle: 0x0007
|
||||||
|
+ Memory Array Mapped Address Handle: 0x0008
|
||||||
|
+ Partition Row Position: Unknown
|
||||||
|
+
|
||||||
|
+Handle 0x000A, DMI type 17, 92 bytes
|
||||||
|
+Memory Device
|
||||||
|
+ Array Handle: 0x0006
|
||||||
|
+ Error Information Handle: Not Provided
|
||||||
|
+ Total Width: Unknown
|
||||||
|
+ Data Width: Unknown
|
||||||
|
+ Size: 7 GB
|
||||||
|
+ Form Factor: Unknown
|
||||||
|
+ Set: None
|
||||||
|
+ Locator: M0002
|
||||||
|
+ Bank Locator: None
|
||||||
|
+ Type: Unknown
|
||||||
|
+ Type Detail: Unknown
|
||||||
|
+ Speed: Unknown
|
||||||
|
+ Manufacturer: Microsoft Corporation
|
||||||
|
+ Serial Number: None
|
||||||
|
+ Asset Tag: None
|
||||||
|
+ Part Number: None
|
||||||
|
+ Rank: Unknown
|
||||||
|
+ Configured Memory Speed: Unknown
|
||||||
|
+ Minimum Voltage: Unknown
|
||||||
|
+ Maximum Voltage: Unknown
|
||||||
|
+ Configured Voltage: Unknown
|
||||||
|
+ Memory Technology: <OUT OF SPEC>
|
||||||
|
+ Memory Operating Mode Capability: None
|
||||||
|
+ Firmware Version: Not Specified
|
||||||
|
+ Module Manufacturer ID: Unknown
|
||||||
|
+ Module Product ID: Unknown
|
||||||
|
+ Memory Subsystem Controller Manufacturer ID: Unknown
|
||||||
|
+ Memory Subsystem Controller Product ID: Unknown
|
||||||
|
+ Non-Volatile Size: None
|
||||||
|
+ Volatile Size: None
|
||||||
|
+ Cache Size: None
|
||||||
|
+ Logical Size: None
|
||||||
|
+
|
||||||
|
+Handle 0x000B, DMI type 19, 31 bytes
|
||||||
|
+Memory Array Mapped Address
|
||||||
|
+ Starting Address: 0x00100000000
|
||||||
|
+ Ending Address: 0x002C00003FF
|
||||||
|
+ Range Size: 7 GB
|
||||||
|
+ Physical Array Handle: 0x0006
|
||||||
|
+ Partition Width: 0
|
||||||
|
+
|
||||||
|
+Handle 0x000C, DMI type 20, 35 bytes
|
||||||
|
+Memory Device Mapped Address
|
||||||
|
+ Starting Address: 0x00100000000
|
||||||
|
+ Ending Address: 0x002C00003FF
|
||||||
|
+ Range Size: 7 GB
|
||||||
|
+ Physical Device Handle: 0x000A
|
||||||
|
+ Memory Array Mapped Address Handle: 0x000B
|
||||||
|
+ Partition Row Position: Unknown
|
||||||
|
+
|
||||||
|
+Handle 0x000D, DMI type 32, 11 bytes
|
||||||
|
+System Boot Information
|
||||||
|
+ Status: No errors detected
|
||||||
|
+
|
||||||
|
+Handle 0xFEFF, DMI type 127, 4 bytes
|
||||||
|
+End Of Table
|
||||||
|
+
|
||||||
|
+EOF
|
||||||
|
diff --git a/tests/hyperv-arm/sbin/uname b/tests/hyperv-arm/sbin/uname
|
||||||
|
new file mode 100755
|
||||||
|
index 000000000..bd33a2d73
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hyperv-arm/sbin/uname
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#!/bin/sh -
|
||||||
|
+echo aarch64
|
||||||
|
diff --git a/tests/hyperv-arm/sbin/virt-what-cpuid-helper b/tests/hyperv-arm/sbin/virt-what-cpuid-helper
|
||||||
|
new file mode 100755
|
||||||
|
index 000000000..77a669235
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hyperv-arm/sbin/virt-what-cpuid-helper
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#!/bin/sh -
|
||||||
|
+# nothing
|
||||||
|
diff --git a/tests/hyperv-arm/test.sh b/tests/hyperv-arm/test.sh
|
||||||
|
new file mode 100755
|
||||||
|
index 000000000..50fca7431
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/hyperv-arm/test.sh
|
||||||
|
@@ -0,0 +1,32 @@
|
||||||
|
+# Test for Microsoft HyperV.
|
||||||
|
+# Copyright (C) 2008-2024 Red Hat Inc.
|
||||||
|
+#
|
||||||
|
+# This program is free software; you can redistribute it and/or modify
|
||||||
|
+# it under the terms of the GNU General Public License as published by
|
||||||
|
+# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+# (at your option) any later version.
|
||||||
|
+#
|
||||||
|
+# This program is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+# GNU General Public License for more details.
|
||||||
|
+#
|
||||||
|
+# You should have received a copy of the GNU General Public License
|
||||||
|
+# along with this program; if not, write to the Free Software
|
||||||
|
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
+
|
||||||
|
+output="$(PATH=../..:$PATH virt-what --test-root=. 2>&1)"
|
||||||
|
+expected="hyperv"
|
||||||
|
+
|
||||||
|
+if [ "$output" != "$expected" ]; then
|
||||||
|
+ echo "$0: test failed because output did not match expected"
|
||||||
|
+ echo "Expected output was:"
|
||||||
|
+ echo "----------------------------------------"
|
||||||
|
+ echo "$expected"
|
||||||
|
+ echo "----------------------------------------"
|
||||||
|
+ echo "But the actual output of the program was:"
|
||||||
|
+ echo "----------------------------------------"
|
||||||
|
+ echo "$output"
|
||||||
|
+ echo "----------------------------------------"
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
diff --git a/virt-what.in b/virt-what.in
|
||||||
|
index 5c5b54b92..77b385f91 100644
|
||||||
|
--- a/virt-what.in
|
||||||
|
+++ b/virt-what.in
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
#!/bin/sh -
|
||||||
|
# @configure_input@
|
||||||
|
-# Copyright (C) 2008-2022 Red Hat Inc.
|
||||||
|
+# Copyright (C) 2008-2024 Red Hat Inc.
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
@@ -136,14 +136,22 @@ fi
|
||||||
|
# http://blogs.msdn.com/b/sqlosteam/archive/2010/10/30/is-this-real-the-metaphysics-of-hardware-virtualization.aspx
|
||||||
|
if [ "$cpuid" = "Microsoft Hv" ]; then
|
||||||
|
echo hyperv
|
||||||
|
+# Hyper-V on ARM doesn't have CPUID. Use the information in dmidecode
|
||||||
|
+# instead. Note this is similar to VirtualPC below.
|
||||||
|
+elif echo "$dmi" | grep -q 'Manufacturer: Microsoft Corporation' &&
|
||||||
|
+ echo "$dmi" | grep -q 'Product Name: Virtual Machine' &&
|
||||||
|
+ echo "$dmi" | grep -q 'Version: Hyper-V'; then
|
||||||
|
+ echo hyperv
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for VirtualPC.
|
||||||
|
-# The negative check for cpuid is to distinguish this from Hyper-V
|
||||||
|
-# which also has the same manufacturer string in the SM-BIOS data.
|
||||||
|
+# The negative check for cpuid & Hyper-V is to distinguish this from
|
||||||
|
+# Hyper-V above which also has the same manufacturer string in the
|
||||||
|
+# SM-BIOS data.
|
||||||
|
if [ "$cpuid" != "Microsoft Hv" ] &&
|
||||||
|
echo "$dmi" | grep -q 'Manufacturer: Microsoft Corporation' &&
|
||||||
|
- echo "$dmi" | grep -q 'Product Name: Virtual Machine'; then
|
||||||
|
+ echo "$dmi" | grep -q 'Product Name: Virtual Machine' &&
|
||||||
|
+ ! echo "$dmi" | grep -q 'Version: Hyper-V'; then
|
||||||
|
echo virtualpc
|
||||||
|
fi
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,25 @@
|
|||||||
|
From dbd90b1a4ceae884b06907da0b7964bcb8ff01d3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Tue, 30 May 2023 08:46:06 +0100
|
||||||
|
Subject: [PATCH] docs: Add cross reference to virt-what-cvm(1) to virt-what(1)
|
||||||
|
|
||||||
|
(cherry picked from commit 52c833c7c6ede0b7fcefa7ad225206f410407eda)
|
||||||
|
---
|
||||||
|
virt-what.pod | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/virt-what.pod b/virt-what.pod
|
||||||
|
index 45dd7c933..d60449d02 100644
|
||||||
|
--- a/virt-what.pod
|
||||||
|
+++ b/virt-what.pod
|
||||||
|
@@ -409,6 +409,7 @@ specific features your drivers need (eg. for the presence of PCI devices).
|
||||||
|
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
+L<virt-what-cvm(1)>,
|
||||||
|
L<http://people.redhat.com/~rjones/virt-what/>,
|
||||||
|
L<http://www.vmware.com/>,
|
||||||
|
L<http://www.microsoft.com/windows/products/winfamily/virtualpc>,
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,59 @@
|
|||||||
|
From 56498baf2eddf072b9dcab7570febc6ce8f58504 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Thu, 29 Jun 2023 17:51:03 +0100
|
||||||
|
Subject: [PATCH] virt-what-cvm: support alternative cpuid leaf ordering
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The HyperV CPUID leaf for reporting the vendor string has an
|
||||||
|
alternative ordering of ecx/edx.
|
||||||
|
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 15d3e4a92fd9c1490fb6f86b7ab3a2dff8364837)
|
||||||
|
---
|
||||||
|
virt-what-cvm.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
||||||
|
index f1847688b..1e7c50bb0 100644
|
||||||
|
--- a/virt-what-cvm.c
|
||||||
|
+++ b/virt-what-cvm.c
|
||||||
|
@@ -209,11 +209,14 @@ cpuid (uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx)
|
||||||
|
|
||||||
|
|
||||||
|
static uint32_t
|
||||||
|
-cpuid_leaf (uint32_t eax, char *sig)
|
||||||
|
+cpuid_leaf (uint32_t eax, char *sig, bool swapped)
|
||||||
|
{
|
||||||
|
uint32_t *sig32 = (uint32_t *) sig;
|
||||||
|
|
||||||
|
- cpuid (&eax, &sig32[0], &sig32[2], &sig32[1]);
|
||||||
|
+ if (swapped)
|
||||||
|
+ cpuid (&eax, &sig32[0], &sig32[2], &sig32[1]);
|
||||||
|
+ else
|
||||||
|
+ cpuid (&eax, &sig32[0], &sig32[1], &sig32[2]);
|
||||||
|
sig[12] = 0; /* \0-terminate the string to make string comparison possible */
|
||||||
|
debug("CPUID sig %s\n", sig);
|
||||||
|
return eax;
|
||||||
|
@@ -335,7 +338,7 @@ cpu_sig_intel (void)
|
||||||
|
return;
|
||||||
|
|
||||||
|
memset (sig, 0, sizeof sig);
|
||||||
|
- cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig);
|
||||||
|
+ cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig, true);
|
||||||
|
|
||||||
|
if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
|
||||||
|
puts ("intel-tdx");
|
||||||
|
@@ -368,7 +371,7 @@ cpu_sig (void)
|
||||||
|
return;
|
||||||
|
|
||||||
|
memset (sig, 0, sizeof sig);
|
||||||
|
- cpuid_leaf (0, sig);
|
||||||
|
+ cpuid_leaf (0, sig, true);
|
||||||
|
|
||||||
|
if (memcmp (sig, CPUID_SIG_AMD, sizeof(sig)) == 0)
|
||||||
|
cpu_sig_amd ();
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,117 @@
|
|||||||
|
From eecffe8b20d7e136e64d7360ef6655c8eee4250e Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Thu, 29 Jun 2023 17:51:04 +0100
|
||||||
|
Subject: [PATCH] virt-what-cvm: probe for SNP/HCL on HyperV/Azure via CPUID
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
When running a confidential VM on Azure (HyperV) we can probe
|
||||||
|
CPUID leaf 0x40000003 to detect if VM isolation is present,
|
||||||
|
and 0x4000000c to detect what kind of isolation is used.
|
||||||
|
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit bb0055b491501e16fca3ab61dc7a969effbf48f3)
|
||||||
|
---
|
||||||
|
virt-what-cvm.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 60 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
||||||
|
index 1e7c50bb0..a7a224f94 100644
|
||||||
|
--- a/virt-what-cvm.c
|
||||||
|
+++ b/virt-what-cvm.c
|
||||||
|
@@ -70,14 +70,33 @@ static bool dodebug = false;
|
||||||
|
|
||||||
|
#define CPUID_INTEL_TDX_ENUMERATION 0x21
|
||||||
|
|
||||||
|
+/* Requirements for Implementing the Microsoft Hypervisor Interface
|
||||||
|
+ * https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/tlfs
|
||||||
|
+ */
|
||||||
|
+#define CPUID_HYPERV_VENDOR_AND_MAX_FUNCTIONS 0x40000000
|
||||||
|
+
|
||||||
|
+#define CPUID_HYPERV_FEATURES 0x40000003
|
||||||
|
+
|
||||||
|
+#define CPUID_HYPERV_ISOLATION_CONFIG 0x4000000C
|
||||||
|
+
|
||||||
|
+#define CPUID_HYPERV_MIN 0x40000005
|
||||||
|
+#define CPUID_HYPERV_MAX 0x4000ffff
|
||||||
|
|
||||||
|
#define CPUID_SIG_AMD "AuthenticAMD"
|
||||||
|
#define CPUID_SIG_INTEL "GenuineIntel"
|
||||||
|
#define CPUID_SIG_INTEL_TDX "IntelTDX "
|
||||||
|
+#define CPUID_SIG_HYPERV "Microsoft Hv"
|
||||||
|
|
||||||
|
/* ecx bit 31: set => hyperpvisor, unset => bare metal */
|
||||||
|
#define CPUID_FEATURE_HYPERVISOR (1 << 31)
|
||||||
|
|
||||||
|
+/* Linux include/asm-generic/hyperv-tlfs.h */
|
||||||
|
+#define CPUID_HYPERV_CPU_MANAGEMENT (1 << 12) /* root partition */
|
||||||
|
+#define CPUID_HYPERV_ISOLATION (1 << 22) /* confidential VM partition */
|
||||||
|
+
|
||||||
|
+#define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf
|
||||||
|
+#define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* This TPM NV data format is not explicitly documented anywhere,
|
||||||
|
* but the header definition is present in code at:
|
||||||
|
@@ -272,6 +291,44 @@ cpu_sig_amd_azure (void)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static bool
|
||||||
|
+cpu_sig_amd_hyperv (void)
|
||||||
|
+{
|
||||||
|
+ uint32_t eax, ebx, ecx, edx;
|
||||||
|
+ char sig[13];
|
||||||
|
+ uint32_t feat;
|
||||||
|
+
|
||||||
|
+ feat = cpuid_leaf (CPUID_HYPERV_VENDOR_AND_MAX_FUNCTIONS, sig, false);
|
||||||
|
+
|
||||||
|
+ if (feat < CPUID_HYPERV_MIN ||
|
||||||
|
+ feat > CPUID_HYPERV_MAX)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (memcmp (sig, CPUID_SIG_HYPERV, sizeof(sig)) != 0)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ debug ("CPUID is on hyperv\n");
|
||||||
|
+ eax = CPUID_HYPERV_FEATURES;
|
||||||
|
+ ebx = ecx = edx = 0;
|
||||||
|
+
|
||||||
|
+ cpuid(&eax, &ebx, &ecx, &edx);
|
||||||
|
+
|
||||||
|
+ if (ebx & CPUID_HYPERV_ISOLATION &&
|
||||||
|
+ !(ebx & CPUID_HYPERV_CPU_MANAGEMENT)) {
|
||||||
|
+
|
||||||
|
+ eax = CPUID_HYPERV_ISOLATION_CONFIG;
|
||||||
|
+ ebx = ecx = edx = 0;
|
||||||
|
+ cpuid(&eax, &ebx, &ecx, &edx);
|
||||||
|
+
|
||||||
|
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) ==
|
||||||
|
+ CPUID_HYPERV_ISOLATION_TYPE_SNP) {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return false;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
cpu_sig_amd (void)
|
||||||
|
{
|
||||||
|
@@ -298,9 +355,10 @@ cpu_sig_amd (void)
|
||||||
|
* exposes a SEV-SNP attestation report as evidence.
|
||||||
|
*/
|
||||||
|
if (!(eax & (1 << 1))) {
|
||||||
|
- debug ("No sev in CPUID, try azure TPM NV\n");
|
||||||
|
+ debug ("No sev in CPUID, try hyperv CPUID/azure TPM NV\n");
|
||||||
|
|
||||||
|
- if (cpu_sig_amd_azure()) {
|
||||||
|
+ if (cpu_sig_amd_hyperv () ||
|
||||||
|
+ cpu_sig_amd_azure()) {
|
||||||
|
puts ("amd-sev-snp");
|
||||||
|
puts ("azure-hcl");
|
||||||
|
} else {
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,258 @@
|
|||||||
|
From 5658e72cb0de7e0e31fd16df7a3b80015ce6dc71 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Thu, 29 Jun 2023 17:51:05 +0100
|
||||||
|
Subject: [PATCH] virt-what-cvm: drop TPM logic for detecting SNP on
|
||||||
|
HyperV/Azure
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Now we have proper CPUID detection, we no longer need the TPM
|
||||||
|
hacks.
|
||||||
|
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 82c0e9c469953a36f18db1e329629cecd950134a)
|
||||||
|
---
|
||||||
|
Makefile.am | 3 -
|
||||||
|
configure.ac | 2 -
|
||||||
|
virt-what-cvm.c | 161 ++----------------------------------------------
|
||||||
|
3 files changed, 6 insertions(+), 160 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 2050bef8d..b68540f39 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -30,9 +30,6 @@ if HOST_CPU_IA64
|
||||||
|
libexec_PROGRAMS += virt-what-ia64-xen-rdtsc-test
|
||||||
|
endif
|
||||||
|
|
||||||
|
-virt_what_cvm_LDADD = $(TPM2_TSS_LIBS)
|
||||||
|
-virt_what_cvm_CFLAGS = $(TPM2_TSS_CFLAGS)
|
||||||
|
-
|
||||||
|
if HAVE_POD2MAN
|
||||||
|
|
||||||
|
CLEANFILES += virt-what.1 virt-what-cvm.1 virt-what.txt virt-what-cvm.txt
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index b1dadd64d..0309a80bd 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -32,8 +32,6 @@ dnl Architecture we are compiling for.
|
||||||
|
AC_CANONICAL_HOST
|
||||||
|
AM_CONDITIONAL([HOST_CPU_IA64], [ test "x$host_cpu" = "xia64" ])
|
||||||
|
|
||||||
|
-PKG_HAVE_DEFINE_WITH_MODULES(TPM2_TSS, tss2-esys, [tpm2-tss package])
|
||||||
|
-
|
||||||
|
|
||||||
|
dnl List of tests.
|
||||||
|
tests="\
|
||||||
|
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
||||||
|
index a7a224f94..8b8a4df09 100644
|
||||||
|
--- a/virt-what-cvm.c
|
||||||
|
+++ b/virt-what-cvm.c
|
||||||
|
@@ -26,10 +26,6 @@
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <getopt.h>
|
||||||
|
-#ifdef HAVE_TPM2_TSS
|
||||||
|
-#include <tss2/tss2_esys.h>
|
||||||
|
-#include <assert.h>
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
static bool dodebug = false;
|
||||||
|
|
||||||
|
@@ -97,121 +93,8 @@ static bool dodebug = false;
|
||||||
|
#define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf
|
||||||
|
#define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
|
||||||
|
|
||||||
|
-/*
|
||||||
|
- * This TPM NV data format is not explicitly documented anywhere,
|
||||||
|
- * but the header definition is present in code at:
|
||||||
|
- *
|
||||||
|
- * https://github.com/kinvolk/azure-cvm-tooling/blob/main/az-snp-vtpm/src/hcl.rs
|
||||||
|
- */
|
||||||
|
-#define TPM_AZURE_HCLA_REPORT_INDEX 0x01400001
|
||||||
|
-
|
||||||
|
-struct TPMAzureHCLAHeader {
|
||||||
|
- uint32_t signature;
|
||||||
|
- uint32_t version;
|
||||||
|
- uint32_t report_len;
|
||||||
|
- uint32_t report_type;
|
||||||
|
- uint32_t unknown[4];
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
-/* The bytes for "HCLA" */
|
||||||
|
-#define TPM_AZURE_HCLA_SIGNATURE 0x414C4348
|
||||||
|
-#define TPM_AZURE_HCLA_VERSION 0x1
|
||||||
|
-#define TPM_AZURE_HCLA_REPORT_TYPE_SNP 0x2
|
||||||
|
-
|
||||||
|
#if defined(__x86_64__)
|
||||||
|
|
||||||
|
-#ifdef HAVE_TPM2_TSS
|
||||||
|
-static char *
|
||||||
|
-tpm_nvread(uint32_t nvindex, size_t *retlen)
|
||||||
|
-{
|
||||||
|
- TSS2_RC rc;
|
||||||
|
- ESYS_CONTEXT *ctx = NULL;
|
||||||
|
- ESYS_TR primary = ESYS_TR_NONE;
|
||||||
|
- ESYS_TR session = ESYS_TR_NONE;
|
||||||
|
- ESYS_TR nvobj = ESYS_TR_NONE;
|
||||||
|
- TPM2B_NV_PUBLIC *pubData = NULL;
|
||||||
|
- TPMT_SYM_DEF sym = {
|
||||||
|
- .algorithm = TPM2_ALG_AES,
|
||||||
|
- .keyBits = { .aes = 128 },
|
||||||
|
- .mode = { .aes = TPM2_ALG_CFB }
|
||||||
|
- };
|
||||||
|
- char *ret;
|
||||||
|
- size_t retwant;
|
||||||
|
-
|
||||||
|
- rc = Esys_Initialize(&ctx, NULL, NULL);
|
||||||
|
- if (rc != TSS2_RC_SUCCESS)
|
||||||
|
- return NULL;
|
||||||
|
-
|
||||||
|
- rc = Esys_Startup(ctx, TPM2_SU_CLEAR);
|
||||||
|
- debug("tpm startup %d\n", rc);
|
||||||
|
- if (rc != TSS2_RC_SUCCESS)
|
||||||
|
- goto error;
|
||||||
|
-
|
||||||
|
- rc = Esys_StartAuthSession(ctx, ESYS_TR_NONE, ESYS_TR_NONE,
|
||||||
|
- ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
|
||||||
|
- NULL, 0,
|
||||||
|
- &sym, TPM2_ALG_SHA256, &session);
|
||||||
|
- debug("tpm auth session %d\n", rc);
|
||||||
|
- if (rc != TSS2_RC_SUCCESS)
|
||||||
|
- goto error;
|
||||||
|
-
|
||||||
|
- rc = Esys_TR_FromTPMPublic(ctx, nvindex, ESYS_TR_NONE,
|
||||||
|
- ESYS_TR_NONE, ESYS_TR_NONE, &nvobj);
|
||||||
|
- debug("tpm from public %d\n", rc);
|
||||||
|
- if (rc != TSS2_RC_SUCCESS)
|
||||||
|
- goto error;
|
||||||
|
-
|
||||||
|
- rc = Esys_NV_ReadPublic(ctx, nvobj, ESYS_TR_NONE,
|
||||||
|
- ESYS_TR_NONE, ESYS_TR_NONE,
|
||||||
|
- &pubData, NULL);
|
||||||
|
- debug("tpm read public %d\n", rc);
|
||||||
|
- if (rc != TPM2_RC_SUCCESS)
|
||||||
|
- goto error;
|
||||||
|
-
|
||||||
|
- retwant = pubData->nvPublic.dataSize;
|
||||||
|
- free(pubData);
|
||||||
|
- *retlen = 0;
|
||||||
|
- ret = malloc(retwant);
|
||||||
|
- assert(ret);
|
||||||
|
- while (*retlen < retwant) {
|
||||||
|
- size_t want = retwant - *retlen;
|
||||||
|
- TPM2B_MAX_NV_BUFFER *data = NULL;
|
||||||
|
- if (want > 1024)
|
||||||
|
- want = 1024;
|
||||||
|
- rc = Esys_NV_Read(ctx, ESYS_TR_RH_OWNER, nvobj, session, ESYS_TR_NONE, ESYS_TR_NONE,
|
||||||
|
- want, *retlen, &data);
|
||||||
|
- debug("tpm nv read %d\n", rc);
|
||||||
|
- if (rc != TPM2_RC_SUCCESS) {
|
||||||
|
- free(ret);
|
||||||
|
- goto error;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- memcpy(ret + *retlen, data->buffer, data->size);
|
||||||
|
- *retlen += data->size;
|
||||||
|
- free(data);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- return ret;
|
||||||
|
-
|
||||||
|
- error:
|
||||||
|
- if (nvobj != ESYS_TR_NONE)
|
||||||
|
- Esys_FlushContext(ctx, nvobj);
|
||||||
|
- if (session != ESYS_TR_NONE)
|
||||||
|
- Esys_FlushContext(ctx, session);
|
||||||
|
- if (primary != ESYS_TR_NONE)
|
||||||
|
- Esys_FlushContext(ctx, primary);
|
||||||
|
- Esys_Finalize(&ctx);
|
||||||
|
- *retlen = 0;
|
||||||
|
- return NULL;
|
||||||
|
-}
|
||||||
|
-#else /* ! HAVE_TPM2_TSS */
|
||||||
|
-static char *
|
||||||
|
-tpm_nvread(uint32_t nvindex, size_t *retlen)
|
||||||
|
-{
|
||||||
|
- return NULL;
|
||||||
|
-}
|
||||||
|
-#endif /* ! HAVE_TPM2_TSS */
|
||||||
|
-
|
||||||
|
/* Copied from the Linux kernel definition in
|
||||||
|
* arch/x86/include/asm/processor.h
|
||||||
|
*/
|
||||||
|
@@ -263,34 +146,6 @@ msr (off_t index)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
-bool
|
||||||
|
-cpu_sig_amd_azure (void)
|
||||||
|
-{
|
||||||
|
- size_t datalen = 0;
|
||||||
|
- char *data = tpm_nvread(TPM_AZURE_HCLA_REPORT_INDEX, &datalen);
|
||||||
|
- struct TPMAzureHCLAHeader *header = (struct TPMAzureHCLAHeader *)data;
|
||||||
|
- bool ret;
|
||||||
|
-
|
||||||
|
- if (!data)
|
||||||
|
- return false;
|
||||||
|
-
|
||||||
|
- if (datalen < sizeof(struct TPMAzureHCLAHeader)) {
|
||||||
|
- debug ("TPM data len is too small to be an Azure HCLA report");
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- debug ("Azure TPM HCLA report header sig %x ver %x type %x\n",
|
||||||
|
- header->signature, header->version, header->report_type);
|
||||||
|
-
|
||||||
|
- ret = (header->signature == TPM_AZURE_HCLA_SIGNATURE &&
|
||||||
|
- header->version == TPM_AZURE_HCLA_VERSION &&
|
||||||
|
- header->report_type == TPM_AZURE_HCLA_REPORT_TYPE_SNP);
|
||||||
|
- debug ("Azure TPM HCLA report present ? %d\n", ret);
|
||||||
|
-
|
||||||
|
- free(data);
|
||||||
|
- return ret;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
static bool
|
||||||
|
cpu_sig_amd_hyperv (void)
|
||||||
|
{
|
||||||
|
@@ -350,19 +205,18 @@ cpu_sig_amd (void)
|
||||||
|
|
||||||
|
/* bit 1 == CPU supports SEV feature
|
||||||
|
*
|
||||||
|
- * Note, Azure blocks this CPUID leaf from its SEV-SNP
|
||||||
|
- * guests, so we must fallback to probing the TPM which
|
||||||
|
- * exposes a SEV-SNP attestation report as evidence.
|
||||||
|
+ * Note, HyperV/Azure blocks this CPUID leaf from its SEV-SNP
|
||||||
|
+ * guests. We already did an alternative detection mechanism
|
||||||
|
+ * in such VMs, so should not even be running this code.
|
||||||
|
*/
|
||||||
|
if (!(eax & (1 << 1))) {
|
||||||
|
- debug ("No sev in CPUID, try hyperv CPUID/azure TPM NV\n");
|
||||||
|
+ debug ("No sev in CPUID, try hyperv CPUID\n");
|
||||||
|
|
||||||
|
- if (cpu_sig_amd_hyperv () ||
|
||||||
|
- cpu_sig_amd_azure()) {
|
||||||
|
+ if (cpu_sig_amd_hyperv ()) {
|
||||||
|
puts ("amd-sev-snp");
|
||||||
|
puts ("azure-hcl");
|
||||||
|
} else {
|
||||||
|
- debug("No azure TPM NV\n");
|
||||||
|
+ debug("No hyperv CPUID\n");
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
@@ -483,9 +337,6 @@ main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!dodebug)
|
||||||
|
- setenv("TSS2_LOG", "all+none", 1);
|
||||||
|
-
|
||||||
|
cpu_sig ();
|
||||||
|
|
||||||
|
exit(EXIT_SUCCESS);
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From fc766c6db5305effdaaaa843d6a2c2b4623c8b99 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Thu, 29 Jun 2023 17:51:06 +0100
|
||||||
|
Subject: [PATCH] virt-what-cvm: rename 'azure-hcl' fact to 'hyperv-hcl'
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Azure is a cloud service that uses the HyperV platform, so we
|
||||||
|
should refer to the fact as 'hyperv-hcl', not 'azure-hcl'.
|
||||||
|
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 94773022f76f994d7a9b37f59ba978bd28f30d1d)
|
||||||
|
---
|
||||||
|
virt-what-cvm.c | 2 +-
|
||||||
|
virt-what-cvm.pod | 6 +++---
|
||||||
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
||||||
|
index 8b8a4df09..52b3426bc 100644
|
||||||
|
--- a/virt-what-cvm.c
|
||||||
|
+++ b/virt-what-cvm.c
|
||||||
|
@@ -214,7 +214,7 @@ cpu_sig_amd (void)
|
||||||
|
|
||||||
|
if (cpu_sig_amd_hyperv ()) {
|
||||||
|
puts ("amd-sev-snp");
|
||||||
|
- puts ("azure-hcl");
|
||||||
|
+ puts ("hyperv-hcl");
|
||||||
|
} else {
|
||||||
|
debug("No hyperv CPUID\n");
|
||||||
|
}
|
||||||
|
diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
|
||||||
|
index 12cfc6a96..0f9076569 100644
|
||||||
|
--- a/virt-what-cvm.pod
|
||||||
|
+++ b/virt-what-cvm.pod
|
||||||
|
@@ -52,11 +52,11 @@ This is a confidential guest running with Intel TDX technology
|
||||||
|
|
||||||
|
Status: tested on Microsoft Azure TDX CVM (preview)
|
||||||
|
|
||||||
|
-=item B<azure-hcl>
|
||||||
|
+=item B<hyperv-hcl>
|
||||||
|
|
||||||
|
This is a confidential guest running unenlightened under the
|
||||||
|
-Azure HCL (Host Compatibility Layer). This will be paired with
|
||||||
|
-B<amd-sev-snp>.
|
||||||
|
+HyperV (Azure) HCL (Host Compatibility Layer). This will be
|
||||||
|
+paired with B<amd-sev-snp>.
|
||||||
|
|
||||||
|
Status: tested on Microsoft Azure SEV-SNP CVM
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
From c8daee800cbe22e622306f78a71188ec5639d4a1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Fri, 26 Jul 2024 16:05:12 +0100
|
||||||
|
Subject: [PATCH] Add virt-what-cvm.pod to EXTRA_DIST
|
||||||
|
|
||||||
|
(Single hunk cherry pick from commit 6d1455766b)
|
||||||
|
---
|
||||||
|
Makefile.am | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index b68540f39..ba5185741 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -19,7 +19,7 @@ AM_CPPFLAGS = -Wall
|
||||||
|
|
||||||
|
CLEANFILES = virt-what *~
|
||||||
|
|
||||||
|
-EXTRA_DIST = .gitignore virt-what.in virt-what.pod
|
||||||
|
+EXTRA_DIST = .gitignore virt-what.in virt-what.pod virt-what-cvm.pod
|
||||||
|
|
||||||
|
SUBDIRS = . tests
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,98 @@
|
|||||||
|
From 7b19a3a531fbabb5785dc7f78352d574f079212f Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Tue, 30 Jul 2024 10:46:46 +0100
|
||||||
|
Subject: [PATCH] Fix CVM detection on Azure with TDX
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The current TDX support was tested on Azure, however, since that time
|
||||||
|
they now block the CPUID leaf we were using. Instead it is required to
|
||||||
|
issue the Azure specific CPUID calls as we were already doing for SNP.
|
||||||
|
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 059cbff66740ef74cd663f88c5f96a80a8d6d6ea)
|
||||||
|
---
|
||||||
|
virt-what-cvm.c | 14 +++++++++-----
|
||||||
|
virt-what-cvm.pod | 4 ++--
|
||||||
|
2 files changed, 11 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
||||||
|
index 52b3426bc..0daa6ac35 100644
|
||||||
|
--- a/virt-what-cvm.c
|
||||||
|
+++ b/virt-what-cvm.c
|
||||||
|
@@ -92,6 +92,7 @@ static bool dodebug = false;
|
||||||
|
|
||||||
|
#define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf
|
||||||
|
#define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
|
||||||
|
+#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
|
||||||
|
|
||||||
|
#if defined(__x86_64__)
|
||||||
|
|
||||||
|
@@ -147,7 +148,7 @@ msr (off_t index)
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool
|
||||||
|
-cpu_sig_amd_hyperv (void)
|
||||||
|
+cpu_sig_cvm_hyperv (uint32_t isoltype)
|
||||||
|
{
|
||||||
|
uint32_t eax, ebx, ecx, edx;
|
||||||
|
char sig[13];
|
||||||
|
@@ -175,8 +176,7 @@ cpu_sig_amd_hyperv (void)
|
||||||
|
ebx = ecx = edx = 0;
|
||||||
|
cpuid(&eax, &ebx, &ecx, &edx);
|
||||||
|
|
||||||
|
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) ==
|
||||||
|
- CPUID_HYPERV_ISOLATION_TYPE_SNP) {
|
||||||
|
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -212,7 +212,7 @@ cpu_sig_amd (void)
|
||||||
|
if (!(eax & (1 << 1))) {
|
||||||
|
debug ("No sev in CPUID, try hyperv CPUID\n");
|
||||||
|
|
||||||
|
- if (cpu_sig_amd_hyperv ()) {
|
||||||
|
+ if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_SNP)) {
|
||||||
|
puts ("amd-sev-snp");
|
||||||
|
puts ("hyperv-hcl");
|
||||||
|
} else {
|
||||||
|
@@ -252,8 +252,12 @@ cpu_sig_intel (void)
|
||||||
|
memset (sig, 0, sizeof sig);
|
||||||
|
cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig, true);
|
||||||
|
|
||||||
|
- if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
|
||||||
|
+ if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) {
|
||||||
|
puts ("intel-tdx");
|
||||||
|
+ } else if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_TDX)) {
|
||||||
|
+ puts ("intel-tdx");
|
||||||
|
+ puts ("hyperv-hcl");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool
|
||||||
|
diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
|
||||||
|
index 0f9076569..70213abd7 100644
|
||||||
|
--- a/virt-what-cvm.pod
|
||||||
|
+++ b/virt-what-cvm.pod
|
||||||
|
@@ -50,7 +50,7 @@ Status: tested on Fedora 38 QEMU+KVM SEV-SNP (devel snapshot)
|
||||||
|
|
||||||
|
This is a confidential guest running with Intel TDX technology
|
||||||
|
|
||||||
|
-Status: tested on Microsoft Azure TDX CVM (preview)
|
||||||
|
+Status: tested on Microsoft Azure TDX CVM
|
||||||
|
|
||||||
|
=item B<hyperv-hcl>
|
||||||
|
|
||||||
|
@@ -58,7 +58,7 @@ This is a confidential guest running unenlightened under the
|
||||||
|
HyperV (Azure) HCL (Host Compatibility Layer). This will be
|
||||||
|
paired with B<amd-sev-snp>.
|
||||||
|
|
||||||
|
-Status: tested on Microsoft Azure SEV-SNP CVM
|
||||||
|
+Status: tested on Microsoft Azure SEV-SNP & TDX CVM
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,66 @@
|
|||||||
|
From d1cedcffeeff58f33aa467d62c0347ce7073aa4e Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||||
|
Date: Fri, 2 Aug 2024 16:07:46 +0100
|
||||||
|
Subject: [PATCH] Add support for detecting protected virtualization on s390x
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 037689fbe95e403b050c1eb736ebc8fdc2e601a5)
|
||||||
|
---
|
||||||
|
virt-what-cvm.c | 21 ++++++++++++++++++++-
|
||||||
|
virt-what-cvm.pod | 5 +++++
|
||||||
|
2 files changed, 25 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
||||||
|
index 0daa6ac35..320df478b 100644
|
||||||
|
--- a/virt-what-cvm.c
|
||||||
|
+++ b/virt-what-cvm.c
|
||||||
|
@@ -295,7 +295,26 @@ cpu_sig (void)
|
||||||
|
cpu_sig_intel ();
|
||||||
|
}
|
||||||
|
|
||||||
|
-#else /* !x86_64 */
|
||||||
|
+#elif defined(__s390x__)
|
||||||
|
+
|
||||||
|
+#define SYSFS_PROT_VIRT "/sys/firmware/uv/prot_virt_guest"
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+cpu_sig (void)
|
||||||
|
+{
|
||||||
|
+ int fd = open("/sys/firmware/uv/prot_virt_guest", O_RDONLY);
|
||||||
|
+ char c;
|
||||||
|
+ if (fd < 0)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ if (read(fd, &c, 1) == 1 && c == '1')
|
||||||
|
+ puts("s390-protvirt");
|
||||||
|
+
|
||||||
|
+ close(fd);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+#else /* ! x86_64 && ! s390x */
|
||||||
|
|
||||||
|
static void
|
||||||
|
cpu_sig (void)
|
||||||
|
diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
|
||||||
|
index 70213abd7..00e21cb70 100644
|
||||||
|
--- a/virt-what-cvm.pod
|
||||||
|
+++ b/virt-what-cvm.pod
|
||||||
|
@@ -60,6 +60,11 @@ paired with B<amd-sev-snp>.
|
||||||
|
|
||||||
|
Status: tested on Microsoft Azure SEV-SNP & TDX CVM
|
||||||
|
|
||||||
|
+=item B<s390x-protvirt>
|
||||||
|
+
|
||||||
|
+This is a confidential guest running on s390x with the
|
||||||
|
+Protected Virtualization (Secure Execution) technology
|
||||||
|
+
|
||||||
|
=back
|
||||||
|
|
||||||
|
=head1 EXIT STATUS
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,29 @@
|
|||||||
|
From 69e5ae90a5a95b38d765e110acf76b3fe3c2665a Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Tue, 13 Aug 2024 13:23:06 +0100
|
||||||
|
Subject: [PATCH] virt-what-cvm.pod: Fix man page typo s390x-protvirt ->
|
||||||
|
s390-protvirt
|
||||||
|
|
||||||
|
Reported-by: Yongkui Guo
|
||||||
|
Fixes: commit 037689fbe95e403b050c1eb736ebc8fdc2e601a5
|
||||||
|
(cherry picked from commit 963676c4dd4c2a9c070b76da6f8835ceb131dbe0)
|
||||||
|
---
|
||||||
|
virt-what-cvm.pod | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
|
||||||
|
index 00e21cb70..a76717984 100644
|
||||||
|
--- a/virt-what-cvm.pod
|
||||||
|
+++ b/virt-what-cvm.pod
|
||||||
|
@@ -60,7 +60,7 @@ paired with B<amd-sev-snp>.
|
||||||
|
|
||||||
|
Status: tested on Microsoft Azure SEV-SNP & TDX CVM
|
||||||
|
|
||||||
|
-=item B<s390x-protvirt>
|
||||||
|
+=item B<s390-protvirt>
|
||||||
|
|
||||||
|
This is a confidential guest running on s390x with the
|
||||||
|
Protected Virtualization (Secure Execution) technology
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
Loading…
Reference in new issue