From df8ffecde0b4190c6c8ce8ee21e871ceafe132f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Thu, 24 Feb 2022 21:00:39 +0100
Subject: [PATCH] hypervisors: Confidential Guests do not support Device
 hotplug
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Similarly to VCPUs hotplug, Confidential Guests also do not support
Device hotplug.

Let's make it clear in the documentation and guard the code on both QEMU
and Cloud Hypervisor side to ensure we don't advertise Device hotplug as
being supported when running Confidential Guests.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 src/runtime/config/configuration-clh.toml.in  |  1 +
 src/runtime/config/configuration-qemu.toml.in |  1 +
 src/runtime/virtcontainers/clh.go             | 12 +++++++++++-
 src/runtime/virtcontainers/qemu_amd64.go      |  5 +++--
 src/runtime/virtcontainers/qemu_arch_base.go  |  4 +++-
 src/runtime/virtcontainers/qemu_ppc64le.go    |  3 ++-
 6 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/runtime/config/configuration-clh.toml.in b/src/runtime/config/configuration-clh.toml.in
index 0971c6c4b9..dc7f1f9f55 100644
--- a/src/runtime/config/configuration-clh.toml.in
+++ b/src/runtime/config/configuration-clh.toml.in
@@ -24,6 +24,7 @@ image = "@IMAGEPATH@"
 # Known limitations:
 # * Does not work by design:
 #   - CPU Hotplug 
+#   - Device Hotplug
 #
 # Default false
 # confidential_guest = true
diff --git a/src/runtime/config/configuration-qemu.toml.in b/src/runtime/config/configuration-qemu.toml.in
index a603d7607a..1282be310b 100644
--- a/src/runtime/config/configuration-qemu.toml.in
+++ b/src/runtime/config/configuration-qemu.toml.in
@@ -25,6 +25,7 @@ machine_type = "@MACHINETYPE@"
 # Known limitations:
 # * Does not work by design:
 #   - CPU Hotplug 
+#   - Device Hotplug
 #
 # Default false
 # confidential_guest = true
diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go
index 3cf1ca3e1e..f463d17445 100644
--- a/src/runtime/virtcontainers/clh.go
+++ b/src/runtime/virtcontainers/clh.go
@@ -589,6 +589,10 @@ func (clh *cloudHypervisor) HotplugAddDevice(ctx context.Context, devInfo interf
 	span, _ := katatrace.Trace(ctx, clh.Logger(), "HotplugAddDevice", clhTracingTags, map[string]string{"sandbox_id": clh.id})
 	defer span.End()
 
+	if clh.config.ConfidentialGuest {
+		return nil, errors.New("Device hotplug addition is not supported in confidential mode")
+	}
+
 	switch devType {
 	case BlockDev:
 		drive := devInfo.(*config.BlockDrive)
@@ -606,6 +610,10 @@ func (clh *cloudHypervisor) HotplugRemoveDevice(ctx context.Context, devInfo int
 	span, _ := katatrace.Trace(ctx, clh.Logger(), "HotplugRemoveDevice", clhTracingTags, map[string]string{"sandbox_id": clh.id})
 	defer span.End()
 
+	if clh.config.ConfidentialGuest {
+		return nil, errors.New("Device hotplug addition is not supported in confidential mode")
+	}
+
 	var deviceID string
 
 	switch devType {
@@ -860,7 +868,9 @@ func (clh *cloudHypervisor) Capabilities(ctx context.Context) types.Capabilities
 	clh.Logger().WithField("function", "Capabilities").Info("get Capabilities")
 	var caps types.Capabilities
 	caps.SetFsSharingSupport()
-	caps.SetBlockDeviceHotplugSupport()
+	if !clh.config.ConfidentialGuest {
+		caps.SetBlockDeviceHotplugSupport()
+	}
 	return caps
 }
 
diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go
index f3ae89b59c..067a555036 100644
--- a/src/runtime/virtcontainers/qemu_amd64.go
+++ b/src/runtime/virtcontainers/qemu_amd64.go
@@ -153,8 +153,9 @@ func newQemuArch(config HypervisorConfig) (qemuArch, error) {
 func (q *qemuAmd64) capabilities() types.Capabilities {
 	var caps types.Capabilities
 
-	if q.qemuMachine.Type == QemuQ35 ||
-		q.qemuMachine.Type == QemuVirt {
+	if (q.qemuMachine.Type == QemuQ35 ||
+		q.qemuMachine.Type == QemuVirt) &&
+		q.protection == noneProtection {
 		caps.SetBlockDeviceHotplugSupport()
 	}
 
diff --git a/src/runtime/virtcontainers/qemu_arch_base.go b/src/runtime/virtcontainers/qemu_arch_base.go
index b65cb61e3d..6601a74d81 100644
--- a/src/runtime/virtcontainers/qemu_arch_base.go
+++ b/src/runtime/virtcontainers/qemu_arch_base.go
@@ -277,7 +277,9 @@ func (q *qemuArchBase) kernelParameters(debug bool) []Param {
 
 func (q *qemuArchBase) capabilities() types.Capabilities {
 	var caps types.Capabilities
-	caps.SetBlockDeviceHotplugSupport()
+	if q.protection == noneProtection {
+		caps.SetBlockDeviceHotplugSupport()
+	}
 	caps.SetMultiQueueSupport()
 	caps.SetFsSharingSupport()
 	return caps
diff --git a/src/runtime/virtcontainers/qemu_ppc64le.go b/src/runtime/virtcontainers/qemu_ppc64le.go
index f78ed24297..d6f768128b 100644
--- a/src/runtime/virtcontainers/qemu_ppc64le.go
+++ b/src/runtime/virtcontainers/qemu_ppc64le.go
@@ -96,7 +96,8 @@ func (q *qemuPPC64le) capabilities() types.Capabilities {
 	var caps types.Capabilities
 
 	// pseries machine type supports hotplugging drives
-	if q.qemuMachine.Type == QemuPseries {
+	if q.qemuMachine.Type == QemuPseries &&
+		q.protection == noneProtection {
 		caps.SetBlockDeviceHotplugSupport()
 	}