From nobody Sun May 19 02:07:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1673920083; cv=none; d=zohomail.com; s=zohoarc; b=MR2UdjmX9qosZUz6q2V3Ls1oSvXJ96qyBpsu4JIKmhNYjJJH3j6rPVMq++OjL3VJSH7ptvAhWfrdJFrfqTG4BxAQzjhX+X2HcDcznUXH3nKBKS/rQ2RncVwupWKu4ZbW4t+1H86rVMAzF+vQcgaisvu27ogn9YMQepj+gxgqMS4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673920083; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=94NUUVl/9HgnbzSPzYhQ1lMH0xlCwt5xdJkmbtM1frw=; b=GuLKxfW4IQhdd7axsGywwLSAyEEkkq/1vtlnJkScip9nOMxwv33LSx6yATRXJsqg5UwuQhPHP0mPc+fG9VPux1gL5dCsQGP67dFEIa6u47x/WVLMD2mgr23o7DrmCZO/XTHfcEs6PV1gOJwNS3H+qXalF2g3+/cB+b0+VxzM/4g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1673920083961494.3946219889857; Mon, 16 Jan 2023 17:48:03 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-536-w__81r8qPeC64ZK5t6bIhw-1; Mon, 16 Jan 2023 20:47:11 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EC34E85C064; Tue, 17 Jan 2023 01:47:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id D03402026D4B; Tue, 17 Jan 2023 01:47:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B985F194658D; Tue, 17 Jan 2023 01:47:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 41FDA19465A3 for ; Tue, 17 Jan 2023 01:47:07 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 33E222166B29; Tue, 17 Jan 2023 01:47:07 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2C86F2166B26 for ; Tue, 17 Jan 2023 01:47:07 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 068978030CC for ; Tue, 17 Jan 2023 01:47:07 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-619-dXjWHj5cP56BBNvPhjif2A-1; Mon, 16 Jan 2023 20:47:04 -0500 Received: by mail-pf1-f182.google.com with SMTP id c85so18980456pfc.8 for ; Mon, 16 Jan 2023 17:47:03 -0800 (PST) Received: from always-pc.bytedance.net ([61.213.176.6]) by smtp.gmail.com with ESMTPSA id y206-20020a6264d7000000b0058659177fb8sm17321375pfb.86.2023.01.16.17.47.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Jan 2023 17:47:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673920082; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=94NUUVl/9HgnbzSPzYhQ1lMH0xlCwt5xdJkmbtM1frw=; b=CeJm3yMHE7zDS1em7c3Us+FCLlaL/1wM+FLZm1r0cygpVKmC1n6HmZB5YntJK4iPPbhT5m brBXO8aTrHxGAmSH1wT3k/wI0VbCBLG/1OlK/LRR7tu8GOyqWTojENYysHj6KCZcWQi9Cj XVeYK8FS3uR6BSrWoGLquWI4WdZvVLE= X-MC-Unique: w__81r8qPeC64ZK5t6bIhw-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: dXjWHj5cP56BBNvPhjif2A-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=94NUUVl/9HgnbzSPzYhQ1lMH0xlCwt5xdJkmbtM1frw=; b=IaVLQ5zPMC+gsYmnQFJqxO0ak6w9yCuaMU8ROChjHyLVFD0sTgVtpyI1fDjCSBx39j ORFPBoaa8x+9Z2XgNF6ut6w8YhGUndf0/7Avhb5fkHmdBX8nY6UNxfdtLHuyDKpe2CiX t4p/TP9KinRFQx9drl7bwp2LdbV3iHs7ApM361+aMqBz/5vgI1zP0FRGzjLntEnKyS7X jqvkxir+PaEs5cwdoP883LWTa6+8WR0uHhLRJ+R2idS4nt9b13tu/laOwVLxO/MDyZDy tHhaUCThRFxaAW+bNSFAqTiBvcYGEV8U44qDUgxQd0D7Okhewopmtb/RkmJpCBDhT4nl dsdQ== X-Gm-Message-State: AFqh2kp+oX895h4VioHo+mTVLW4UpbNZgG/BVgSIt6aru2ftZ96jnWBt zcDuZ+Rol6ZE6Vjluw5D93IPifH1bRmKary2 X-Google-Smtp-Source: AMrXdXvNd/OCQ8qklG67FzLlf0zFaztDukADnOVTbTuRVz/Z1fsMHBhW7M7kYhklcYEGlsMnq3Lxwg== X-Received: by 2002:a05:6a00:4515:b0:575:d06d:1bfa with SMTP id cw21-20020a056a00451500b00575d06d1bfamr1597276pfb.2.1673920022819; Mon, 16 Jan 2023 17:47:02 -0800 (PST) From: zhenwei pi To: mprivozn@redhat.com Subject: [PATCH v2 1/5] conf: introduce crypto device Date: Tue, 17 Jan 2023 09:46:50 +0800 Message-Id: <20230117014654.2697534-2-pizhenwei@bytedance.com> In-Reply-To: <20230117014654.2697534-1-pizhenwei@bytedance.com> References: <20230117014654.2697534-1-pizhenwei@bytedance.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: libvir-list@redhat.com, helei.sig11@bytedance.com, zhenwei pi Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1673920085667100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Introduce crypto device like:
Currently, crypto model supports virtio only, type supports qemu only (vhost-user in the plan). For the qemu type, backend supports modle builtin/lkcf, and the queues is optional. Changes in this commit: - docs: formatdomain.rst - schemas: domaincommon.rng - conf: crypto related domain conf - qemu: crypto related - tests: crypto related test Signed-off-by: zhenwei pi Reviewed-by: Michal Privoznik --- docs/formatdomain.rst | 21 +++ src/ch/ch_domain.c | 1 + src/conf/domain_conf.c | 158 ++++++++++++++++++ src/conf/domain_conf.h | 39 +++++ src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 18 ++ src/conf/schemas/domaincommon.rng | 58 +++++++ src/conf/virconftypes.h | 2 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 1 + src/qemu/qemu_domain.c | 3 + src/qemu/qemu_domain_address.c | 26 +++ src/qemu/qemu_driver.c | 5 + src/qemu/qemu_hotplug.c | 3 + src/qemu/qemu_validate.c | 22 +++ tests/qemuxml2argvdata/crypto-builtin.xml | 51 ++++++ .../crypto-builtin.x86_64-latest.xml | 1 + tests/qemuxml2xmltest.c | 2 + 18 files changed, 413 insertions(+) create mode 100644 tests/qemuxml2argvdata/crypto-builtin.xml create mode 120000 tests/qemuxml2xmloutdata/crypto-builtin.x86_64-latest.x= ml diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 490a954745..dadcbc631a 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8305,6 +8305,27 @@ The optional ``driver`` element allows to specify vi= rtio options, see ... =20 =20 +Crypto +~~~~~~ + +A crypto device. The ``model`` attribute defaults to ``virtio``. +:since:`Since v9.0.0` ``model`` supports ``virtio`` only. The ``type`` att= ribute +defaults to ``qemu``. :since:`Since v9.0.0` ``type`` supports ``qemu`` onl= y. +The optional attribute ``backend`` is required if the ``type`` is ``qemu``= , the +``model`` attribute can be ``builtint`` and ``lkcf``, the optional attribu= te +``queues`` specifies the number of virt queues for virtio crypto. + +:: + + ... + + + + + + ... + + Security label -------------- =20 diff --git a/src/ch/ch_domain.c b/src/ch/ch_domain.c index dc666243a4..83defbb416 100644 --- a/src/ch/ch_domain.c +++ b/src/ch/ch_domain.c @@ -174,6 +174,7 @@ chValidateDomainDeviceDef(const virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Cloud-Hypervisor doesn't support '%s' device"), virDomainDeviceTypeToString(dev->type)); diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 45965fa0fa..7f6a55185e 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -332,6 +332,7 @@ VIR_ENUM_IMPL(virDomainDevice, "iommu", "vsock", "audio", + "crypto", ); =20 VIR_ENUM_IMPL(virDomainDiskDevice, @@ -1327,6 +1328,22 @@ VIR_ENUM_IMPL(virDomainVsockModel, "virtio-non-transitional", ); =20 +VIR_ENUM_IMPL(virDomainCryptoModel, + VIR_DOMAIN_CRYPTO_MODEL_LAST, + "virtio", +); + +VIR_ENUM_IMPL(virDomainCryptoType, + VIR_DOMAIN_CRYPTO_TYPE_LAST, + "qemu", +); + +VIR_ENUM_IMPL(virDomainCryptoBackend, + VIR_DOMAIN_CRYPTO_BACKEND_LAST, + "builtin", + "lkcf", +); + VIR_ENUM_IMPL(virDomainDiskDiscard, VIR_DOMAIN_DISK_DISCARD_LAST, "default", @@ -3510,6 +3527,9 @@ void virDomainDeviceDefFree(virDomainDeviceDef *def) case VIR_DOMAIN_DEVICE_AUDIO: virDomainAudioDefFree(def->data.audio); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + virDomainCryptoDefFree(def->data.crypto); + break; case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: break; @@ -3853,6 +3873,10 @@ void virDomainDefFree(virDomainDef *def) virDomainPanicDefFree(def->panics[i]); g_free(def->panics); =20 + for (i =3D 0; i < def->ncryptos; i++) + virDomainCryptoDefFree(def->cryptos[i]); + g_free(def->cryptos); + virDomainIOMMUDefFree(def->iommu); =20 g_free(def->idmap.uidmap); @@ -4411,6 +4435,8 @@ virDomainDeviceGetInfo(const virDomainDeviceDef *devi= ce) return &device->data.iommu->info; case VIR_DOMAIN_DEVICE_VSOCK: return &device->data.vsock->info; + case VIR_DOMAIN_DEVICE_CRYPTO: + return &device->data.crypto->info; =20 /* The following devices do not contain virDomainDeviceInfo */ case VIR_DOMAIN_DEVICE_LEASE: @@ -4513,6 +4539,9 @@ virDomainDeviceSetData(virDomainDeviceDef *device, case VIR_DOMAIN_DEVICE_AUDIO: device->data.audio =3D devicedata; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + device->data.crypto =3D devicedata; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -4724,6 +4753,13 @@ virDomainDeviceInfoIterateFlags(virDomainDef *def, return rc; } =20 + device.type =3D VIR_DOMAIN_DEVICE_CRYPTO; + for (i =3D 0; i < def->ncryptos; i++) { + device.data.crypto =3D def->cryptos[i]; + if ((rc =3D cb(def, &device, &def->cryptos[i]->info, opaque)) !=3D= 0) + return rc; + } + /* If the flag below is set, make sure @cb can handle @info being NULL= */ if (iteratorFlags & DOMAIN_DEVICE_ITERATE_MISSING_INFO) { device.type =3D VIR_DOMAIN_DEVICE_GRAPHICS; @@ -4782,6 +4818,7 @@ virDomainDeviceInfoIterateFlags(virDomainDef *def, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -13610,6 +13647,64 @@ virDomainVsockDefParseXML(virDomainXMLOption *xmlo= pt, return g_steal_pointer(&vsock); } =20 + +static virDomainCryptoDef * +virDomainCryptoDefParseXML(virDomainXMLOption *xmlopt, + xmlNodePtr node, + xmlXPathContextPtr ctxt, + unsigned int flags) +{ + g_autoptr(virDomainCryptoDef) def =3D NULL; + int nbackends; + g_autofree xmlNodePtr *backends =3D NULL; + VIR_XPATH_NODE_AUTORESTORE(ctxt) + + def =3D g_new0(virDomainCryptoDef, 1); + + if (virXMLPropEnum(node, "model", virDomainCryptoModelTypeFromString, + VIR_XML_PROP_REQUIRED, &def->model) < 0) { + return NULL; + } + + + if (virXMLPropEnum(node, "type", virDomainCryptoTypeTypeFromString, + VIR_XML_PROP_REQUIRED, &def->type) < 0) { + return NULL; + } + + ctxt->node =3D node; + + if ((nbackends =3D virXPathNodeSet("./backend", ctxt, &backends)) < 0) + return NULL; + + if (nbackends !=3D 1) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only one crypto backend is supported")); + return NULL; + } + + if (virXMLPropEnum(backends[0], "model", + virDomainCryptoBackendTypeFromString, + VIR_XML_PROP_REQUIRED, &def->backend) < 0) { + return NULL; + } + + if (virXMLPropUInt(backends[0], "queues", 10, + VIR_XML_PROP_NONE, &def->queues) < 0) { + return NULL; + } + + if (virDomainDeviceInfoParseXML(xmlopt, node, ctxt, &def->info, flags)= < 0) + return NULL; + + if (virDomainVirtioOptionsParseXML(virXPathNode("./driver", ctxt), + &def->virtio) < 0) + return NULL; + + return g_steal_pointer(&def); +} + + virDomainDeviceDef * virDomainDeviceDefParse(const char *xmlStr, const virDomainDef *def, @@ -13771,6 +13866,11 @@ virDomainDeviceDefParse(const char *xmlStr, flags))) return NULL; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + if (!(dev->data.crypto =3D virDomainCryptoDefParseXML(xmlopt, node= , ctxt, + flags))) + return NULL; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -18863,6 +18963,21 @@ virDomainDefParseXML(xmlXPathContextPtr ctxt, } VIR_FREE(nodes); =20 + /* Parse the crypto devices */ + if ((n =3D virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0) + return NULL; + if (n) + def->cryptos =3D g_new0(virDomainCryptoDef *, n); + for (i =3D 0; i < n; i++) { + virDomainCryptoDef *crypto =3D virDomainCryptoDefParseXML(xmlopt, = nodes[i], + ctxt, flag= s); + if (!crypto) + return NULL; + + def->cryptos[def->ncryptos++] =3D crypto; + } + VIR_FREE(nodes); + /* Parse the TPM devices */ if ((n =3D virXPathNodeSet("./devices/tpm", ctxt, &nodes)) < 0) return NULL; @@ -21403,6 +21518,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDef *sr= c, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -24843,6 +24959,45 @@ virDomainRNGDefFree(virDomainRNGDef *def) } =20 =20 +static void +virDomainCryptoDefFormat(virBuffer *buf, + virDomainCryptoDef *def, + unsigned int flags) +{ + const char *model =3D virDomainCryptoModelTypeToString(def->model); + const char *type =3D virDomainCryptoTypeTypeToString(def->model); + const char *backend =3D virDomainCryptoBackendTypeToString(def->backen= d); + g_auto(virBuffer) driverAttrBuf =3D VIR_BUFFER_INITIALIZER; + g_auto(virBuffer) attrBuf =3D VIR_BUFFER_INITIALIZER; + g_auto(virBuffer) childBuf =3D VIR_BUFFER_INIT_CHILD(buf); + + virBufferAsprintf(&attrBuf, " model=3D'%s' type=3D'%s'", model, type); + virBufferAsprintf(&childBuf, "queues) + virBufferAsprintf(&childBuf, " queues=3D'%d'", def->queues); + virBufferAddLit(&childBuf, "/>\n"); + + virDomainVirtioOptionsFormat(&driverAttrBuf, def->virtio); + + virXMLFormatElement(&childBuf, "driver", &driverAttrBuf, NULL); + + virDomainDeviceInfoFormat(&childBuf, &def->info, flags); + + virXMLFormatElement(buf, "crypto", &attrBuf, &childBuf); +} + +void +virDomainCryptoDefFree(virDomainCryptoDef *def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + g_free(def->virtio); + g_free(def); +} + + static int virDomainMemorySourceDefFormat(virBuffer *buf, virDomainMemoryDef *def) @@ -27542,6 +27697,9 @@ virDomainDefFormatInternalSetRootName(virDomainDef = *def, return -1; } =20 + for (n =3D 0; n < def->ncryptos; n++) { + virDomainCryptoDefFormat(buf, def->cryptos[n], flags); + } if (def->iommu) virDomainIOMMUDefFormat(buf, def->iommu); =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 3e4985a67d..d99bbbc3ff 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -86,6 +86,7 @@ typedef enum { VIR_DOMAIN_DEVICE_IOMMU, VIR_DOMAIN_DEVICE_VSOCK, VIR_DOMAIN_DEVICE_AUDIO, + VIR_DOMAIN_DEVICE_CRYPTO, =20 VIR_DOMAIN_DEVICE_LAST } virDomainDeviceType; @@ -118,6 +119,7 @@ struct _virDomainDeviceDef { virDomainIOMMUDef *iommu; virDomainVsockDef *vsock; virDomainAudioDef *audio; + virDomainCryptoDef *crypto; } data; }; =20 @@ -2897,6 +2899,34 @@ struct _virDomainVsockDef { virDomainVirtioOptions *virtio; }; =20 +typedef enum { + VIR_DOMAIN_CRYPTO_MODEL_VIRTIO, + + VIR_DOMAIN_CRYPTO_MODEL_LAST +} virDomainCryptoModel; + +typedef enum { + VIR_DOMAIN_CRYPTO_TYPE_QEMU, + + VIR_DOMAIN_CRYPTO_TYPE_LAST +} virDomainCryptoType; + +typedef enum { + VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN, + VIR_DOMAIN_CRYPTO_BACKEND_LKCF, + + VIR_DOMAIN_CRYPTO_BACKEND_LAST +} virDomainCryptoBackend; + +struct _virDomainCryptoDef { + virDomainCryptoModel model; + virDomainCryptoType type; + virDomainCryptoBackend backend; + unsigned int queues; + virDomainDeviceInfo info; + virDomainVirtioOptions *virtio; +}; + struct _virDomainVirtioOptions { virTristateSwitch iommu; virTristateSwitch ats; @@ -3062,6 +3092,9 @@ struct _virDomainDef { size_t nsysinfo; virSysinfoDef **sysinfo; =20 + size_t ncryptos; + virDomainCryptoDef **cryptos; + /* At maximum 2 TPMs on the domain if a TPM Proxy is present. */ size_t ntpms; virDomainTPMDef **tpms; @@ -3331,6 +3364,7 @@ struct _virDomainXMLPrivateDataCallbacks { virDomainXMLPrivateDataNewFunc vcpuNew; virDomainXMLPrivateDataNewFunc chrSourceNew; virDomainXMLPrivateDataNewFunc vsockNew; + virDomainXMLPrivateDataNewFunc cryptoNew; virDomainXMLPrivateDataNewFunc graphicsNew; virDomainXMLPrivateDataNewFunc networkNew; virDomainXMLPrivateDataNewFunc videoNew; @@ -3505,6 +3539,8 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainIOMMUDef, virD= omainIOMMUDefFree); virDomainVsockDef *virDomainVsockDefNew(virDomainXMLOption *xmlopt); void virDomainVsockDefFree(virDomainVsockDef *vsock); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainVsockDef, virDomainVsockDefFree); +void virDomainCryptoDefFree(virDomainCryptoDef *def); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainCryptoDef, virDomainCryptoDefFree); void virDomainNetTeamingInfoFree(virDomainNetTeamingInfo *teaming); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainNetTeamingInfo, virDomainNetTeaming= InfoFree); void virDomainNetPortForwardFree(virDomainNetPortForward *pf); @@ -4159,6 +4195,9 @@ VIR_ENUM_DECL(virDomainMemorySource); VIR_ENUM_DECL(virDomainMemoryAllocation); VIR_ENUM_DECL(virDomainIOMMUModel); VIR_ENUM_DECL(virDomainVsockModel); +VIR_ENUM_DECL(virDomainCryptoModel); +VIR_ENUM_DECL(virDomainCryptoType); +VIR_ENUM_DECL(virDomainCryptoBackend); VIR_ENUM_DECL(virDomainShmemModel); VIR_ENUM_DECL(virDomainShmemRole); VIR_ENUM_DECL(virDomainLaunchSecurity); diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c index d1f0b80338..22eb603b3b 100644 --- a/src/conf/domain_postparse.c +++ b/src/conf/domain_postparse.c @@ -730,6 +730,7 @@ virDomainDeviceDefPostParseCommon(virDomainDeviceDef *d= ev, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: ret =3D 0; break; =20 diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 5a9bf20d3f..3ba41e4c00 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2442,6 +2442,21 @@ virDomainVsockDefValidate(const virDomainVsockDef *v= sock) } =20 =20 +static int +virDomainCryptoDefValidate(const virDomainCryptoDef *crypto) +{ + switch (crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + break; + case VIR_DOMAIN_CRYPTO_MODEL_LAST: + default: + return -1; + } + + return 0; +} + + static int virDomainInputDefValidate(const virDomainInputDef *input, const virDomainDef *def) @@ -2866,6 +2881,9 @@ virDomainDeviceDefValidateInternal(const virDomainDev= iceDef *dev, case VIR_DOMAIN_DEVICE_VSOCK: return virDomainVsockDefValidate(dev->data.vsock); =20 + case VIR_DOMAIN_DEVICE_CRYPTO: + return virDomainCryptoDefValidate(dev->data.crypto); + case VIR_DOMAIN_DEVICE_INPUT: return virDomainInputDefValidate(dev->data.input, def); =20 diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index 6cb0a20e1e..14044811c0 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -6426,6 +6426,7 @@ + @@ -7196,6 +7197,63 @@ =20 + + + + + virtio + + + + + qemu + + + + + + + + + + + + + + + + + + + + + + + + + builtin + + + + + + + + + + lkcf + + + + + + + + + + + + diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index adb2496cba..d03d1d132e 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -254,6 +254,8 @@ typedef struct _virDomainVirtioSerialOpts virDomainVirt= ioSerialOpts; =20 typedef struct _virDomainVsockDef virDomainVsockDef; =20 +typedef struct _virDomainCryptoDef virDomainCryptoDef; + typedef struct _virDomainWatchdogDef virDomainWatchdogDef; =20 typedef struct _virDomainXMLOption virDomainXMLOption; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 576ec8f95f..8b9efe106c 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -301,6 +301,7 @@ virDomainControllerRemove; virDomainControllerTypeToString; virDomainCpuPlacementModeTypeFromString; virDomainCpuPlacementModeTypeToString; +virDomainCryptoDefFree; virDomainDefAddController; virDomainDefAddImplicitDevices; virDomainDefAddUSBController; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index b96f2d33c1..bb7031f66d 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -942,6 +942,7 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef= *device, case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: default: break; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 2eb5653254..b6ad118f1f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5945,6 +5945,7 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_RNG: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: ret =3D 0; break; =20 @@ -9983,6 +9984,7 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef = *dev, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } =20 @@ -11783,6 +11785,7 @@ qemuDomainDeviceBackendChardevForeachOne(virDomainD= eviceDef *dev, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: /* no chardev backend */ break; } diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index b8d1969fbe..9529bd9a8d 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -405,6 +405,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDef *def, def->vsock->info.type =3D type; } } + + for (i =3D 0; i < def->ncryptos; i++) { + /* All devices accepted by the qemu driver are virtio */ + if (def->cryptos[i]->info.type =3D=3D VIR_DOMAIN_DEVICE_ADDRESS_TY= PE_NONE) + def->cryptos[i]->info.type =3D type; + } } =20 =20 @@ -544,6 +550,7 @@ qemuDomainDeviceSupportZPCI(virDomainDeviceDef *device) case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; =20 case VIR_DOMAIN_DEVICE_NONE: @@ -1045,6 +1052,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDe= viceDef *dev, } break; =20 + case VIR_DOMAIN_DEVICE_CRYPTO: + switch (dev->data.crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + return pciFlags; + case VIR_DOMAIN_CRYPTO_MODEL_LAST: + return 0; + } + break; + /* These devices don't ever connect with PCI */ case VIR_DOMAIN_DEVICE_NVRAM: case VIR_DOMAIN_DEVICE_TPM: @@ -2428,6 +2444,16 @@ qemuDomainAssignDevicePCISlots(virDomainDef *def, } } =20 + /* the qemu driver only accepts virtio crypto devices */ + for (i =3D 0; i < def->ncryptos; i++) { + if (!virDeviceInfoPCIAddressIsWanted(&def->cryptos[i]->info)) + continue; + + if (qemuDomainPCIAddressReserveNextAddr(addrs, &def->cryptos[i]->i= nfo) < 0) + return -1; + } + + return 0; } =20 diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index d6879175fe..f88f44170a 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6768,6 +6768,7 @@ qemuDomainAttachDeviceLive(virDomainObj *vm, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live attach of device '%s' is not supported"), @@ -7079,6 +7080,7 @@ qemuDomainUpdateDeviceLive(virDomainObj *vm, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("live update of device '%s' is not supported"), @@ -7290,6 +7292,7 @@ qemuDomainAttachDeviceConfig(virDomainDef *vmdef, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent attach of device '%s' is not support= ed"), @@ -7495,6 +7498,7 @@ qemuDomainDetachDeviceConfig(virDomainDef *vmdef, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent detach of device '%s' is not supporte= d"), @@ -7620,6 +7624,7 @@ qemuDomainUpdateDeviceConfig(virDomainDef *vmdef, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent update of device '%s' is not supporte= d"), diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 026e1ee5ad..49ef49fb15 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -5037,6 +5037,7 @@ qemuDomainRemoveAuditDevice(virDomainObj *vm, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: /* libvirt doesn't yet support detaching these devices */ break; @@ -5140,6 +5141,7 @@ qemuDomainRemoveDevice(virQEMUDriver *driver, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("don't know how to remove a %s device"), @@ -5993,6 +5995,7 @@ qemuDomainDetachDeviceLive(virDomainObj *vm, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live detach of device '%s' is not supported"), diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 6e04b22da4..5daf7d31c7 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -4511,6 +4511,25 @@ qemuValidateDomainDeviceDefAudio(virDomainAudioDef *= audio, } =20 =20 +static int +qemuValidateDomainDeviceDefCrypto(virDomainCryptoDef *crypto, + const virDomainDef *def G_GNUC_UNUSED, + virQEMUCaps *qemuCaps G_GNUC_UNUSED) +{ + switch (crypto->type) { + case VIR_DOMAIN_CRYPTO_TYPE_QEMU: + break; + + case VIR_DOMAIN_CRYPTO_TYPE_LAST: + default: + virReportEnumRangeError(virDomainCryptoType, crypto->type); + return -1; + } + + return 0; +} + + static int qemuSoundCodecTypeToCaps(int type) { @@ -5218,6 +5237,9 @@ qemuValidateDomainDeviceDef(const virDomainDeviceDef = *dev, case VIR_DOMAIN_DEVICE_AUDIO: return qemuValidateDomainDeviceDefAudio(dev->data.audio, def, qemu= Caps); =20 + case VIR_DOMAIN_DEVICE_CRYPTO: + return qemuValidateDomainDeviceDefCrypto(dev->data.crypto, def, qe= muCaps); + case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_NONE: diff --git a/tests/qemuxml2argvdata/crypto-builtin.xml b/tests/qemuxml2argv= data/crypto-builtin.xml new file mode 100644 index 0000000000..51049888f6 --- /dev/null +++ b/tests/qemuxml2argvdata/crypto-builtin.xml @@ -0,0 +1,51 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 1130496 + 1048576 + 1048576 + 2 + + hvm + + + + qemu64 + + + + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + +
+ + + +
+ + + +