From: Lin Yang <lin.a.yang@intel.com>
<launchSecurity type='sgx'>
<epc_size unit='KiB'>1024</epc_size>
</launchSecurity>
---
src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++-----------
src/conf/domain_conf.h | 10 ++++
src/conf/virconftypes.h | 3 ++
3 files changed, 91 insertions(+), 28 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index ef67efa1da..4336dafd82 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
"",
"sev",
+ "sgx",
);
static virClassPtr virDomainObjClass;
@@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def)
}
+static void
+virDomainSGXDefFree(virDomainSGXDefPtr def)
+{
+ if (!def)
+ return;
+
+ VIR_FREE(def);
+}
+
+
void virDomainDefFree(virDomainDefPtr def)
{
size_t i;
@@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
(def->ns.free)(def->namespaceData);
virDomainSEVDefFree(def->sev);
+ virDomainSGXDefFree(def->sgx);
xmlFreeNode(def->metadata);
@@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
return 0;
}
-
static virDomainSEVDefPtr
-virDomainSEVDefParseXML(xmlNodePtr sevNode,
- xmlXPathContextPtr ctxt)
+virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
{
VIR_XPATH_NODE_AUTORESTORE(ctxt);
virDomainSEVDefPtr def;
unsigned long policy;
- g_autofree char *type = NULL;
if (VIR_ALLOC(def) < 0)
return NULL;
- ctxt->node = sevNode;
-
- if (!(type = virXMLPropString(sevNode, "type"))) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing launch security type"));
- goto error;
- }
-
- def->sectype = virDomainLaunchSecurityTypeFromString(type);
- switch ((virDomainLaunchSecurity) def->sectype) {
- case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
- break;
- case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
- case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
- default:
- virReportError(VIR_ERR_XML_ERROR,
- _("unsupported launch security type '%s'"),
- type);
- goto error;
- }
+ def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
@@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
return NULL;
}
+static virDomainSGXDefPtr
+virDomainSGXDefParseXML(xmlXPathContextPtr ctxt)
+{
+ VIR_XPATH_NODE_AUTORESTORE(ctxt);
+ virDomainSGXDefPtr def;
+
+ if (VIR_ALLOC(def) < 0)
+ return NULL;
+
+ def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX;
+
+ if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
+ &def->epc_size, false, false) < 0)
+ goto error;
+
+ return def;
+
+ error:
+ virDomainSGXDefFree(def);
+ return NULL;
+}
+
+static int
+virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
+ xmlXPathContextPtr ctxt,
+ virDomainDefPtr def)
+{
+ VIR_XPATH_NODE_AUTORESTORE(ctxt);
+ g_autofree char *type = NULL;
+
+ ctxt->node = launchSecurityNode;
+
+ if (!(type = virXMLPropString(launchSecurityNode, "type"))) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing launch security type"));
+ return -1;
+ }
+
+ switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) {
+ case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+ def->sev = virDomainSEVDefParseXML(ctxt);
+ break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
+ def->sgx = virDomainSGXDefParseXML(ctxt);
+ break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+ case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+ default:
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unsupported launch security type '%s'"),
+ type);
+ return -1;
+ }
+
+ return 0;
+}
+
static virDomainMemoryDefPtr
virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
xmlNodePtr memdevNode,
@@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml,
ctxt->node = node;
VIR_FREE(nodes);
- /* Check for SEV feature */
- if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
- def->sev = virDomainSEVDefParseXML(node, ctxt);
- if (!def->sev)
+ /* analysis of launch security */
+ if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
+ goto error;
+
+ for (i = 0; i < n; i++) {
+ if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0)
goto error;
}
+ VIR_FREE(nodes);
/* analysis of memory devices */
if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 011bf66cb4..88adf461df 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef {
typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+ VIR_DOMAIN_LAUNCH_SECURITY_SGX,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
@@ -2462,6 +2463,12 @@ struct _virDomainSEVDef {
};
+struct _virDomainSGXDef {
+ int sectype; /* enum virDomainLaunchSecurity */
+ unsigned long long epc_size; /* kibibytes */
+};
+
+
typedef enum {
VIR_DOMAIN_IOMMU_MODEL_INTEL,
VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
@@ -2670,6 +2677,9 @@ struct _virDomainDef {
/* SEV-specific domain */
virDomainSEVDefPtr sev;
+ /* SGX-specific domain */
+ virDomainSGXDefPtr sgx;
+
/* Application-specific custom metadata */
xmlNodePtr metadata;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 1c62cde251..084bcc7687 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr;
typedef struct _virDomainSEVDef virDomainSEVDef;
typedef virDomainSEVDef *virDomainSEVDefPtr;
+typedef struct _virDomainSGXDef virDomainSGXDef;
+typedef virDomainSGXDef *virDomainSGXDefPtr;
+
typedef struct _virDomainShmemDef virDomainShmemDef;
typedef virDomainShmemDef *virDomainShmemDefPtr;
--
2.17.1
On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
> From: Lin Yang <lin.a.yang@intel.com>
>
> <launchSecurity type='sgx'>
> <epc_size unit='KiB'>1024</epc_size>
> </launchSecurity>
Please also update "docs/schemas/domaincommon.rng".
> ---
> src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++---------
> --
> src/conf/domain_conf.h | 10 ++++
> src/conf/virconftypes.h | 3 ++
> 3 files changed, 91 insertions(+), 28 deletions(-)
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index ef67efa1da..4336dafd82 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> "",
> "sev",
> + "sgx",
> );
>
> static virClassPtr virDomainObjClass;
> @@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def)
> }
>
>
> +static void
> +virDomainSGXDefFree(virDomainSGXDefPtr def)
> +{
> + if (!def)
> + return;
> +
> + VIR_FREE(def);
> +}
> +
> +
> void virDomainDefFree(virDomainDefPtr def)
> {
> size_t i;
> @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
> (def->ns.free)(def->namespaceData);
>
> virDomainSEVDefFree(def->sev);
> + virDomainSGXDefFree(def->sgx);
>
> xmlFreeNode(def->metadata);
>
> @@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr
> node,
> return 0;
> }
>
> -
> static virDomainSEVDefPtr
> -virDomainSEVDefParseXML(xmlNodePtr sevNode,
> - xmlXPathContextPtr ctxt)
> +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
> {
> VIR_XPATH_NODE_AUTORESTORE(ctxt);
> virDomainSEVDefPtr def;
> unsigned long policy;
> - g_autofree char *type = NULL;
>
> if (VIR_ALLOC(def) < 0)
> return NULL;
>
> - ctxt->node = sevNode;
> -
> - if (!(type = virXMLPropString(sevNode, "type"))) {
> - virReportError(VIR_ERR_XML_ERROR, "%s",
> - _("missing launch security type"));
> - goto error;
> - }
> -
> - def->sectype = virDomainLaunchSecurityTypeFromString(type);
> - switch ((virDomainLaunchSecurity) def->sectype) {
> - case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> - break;
> - case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> - case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> - default:
> - virReportError(VIR_ERR_XML_ERROR,
> - _("unsupported launch security type '%s'"),
> - type);
> - goto error;
> - }
> + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
>
> if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0)
> {
> virReportError(VIR_ERR_XML_ERROR, "%s",
> @@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
> return NULL;
> }
>
> +static virDomainSGXDefPtr
> +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt)
> +{
> + VIR_XPATH_NODE_AUTORESTORE(ctxt);
I do not believe that this is necessary.
> + virDomainSGXDefPtr def;
> +
> + if (VIR_ALLOC(def) < 0)
> + return NULL;
> +
> + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX;
> +
> + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
> + &def->epc_size, false, false) < 0)
> + goto error;
> +
> + return def;
> +
> + error:
> + virDomainSGXDefFree(def);
> + return NULL;
> +}
> +
> +static int
> +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
> + xmlXPathContextPtr ctxt,
> + virDomainDefPtr def)
> +{
> + VIR_XPATH_NODE_AUTORESTORE(ctxt);
> + g_autofree char *type = NULL;
> +
> + ctxt->node = launchSecurityNode;
> +
> + if (!(type = virXMLPropString(launchSecurityNode, "type"))) {
> + virReportError(VIR_ERR_XML_ERROR, "%s",
> + _("missing launch security type"));
> + return -1;
> + }
> +
> + switch ((virDomainLaunchSecurity)
> virDomainLaunchSecurityTypeFromString(type)) {
> + case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> + def->sev = virDomainSEVDefParseXML(ctxt);
I believe this should return "-1" when "def->sev == NULL".
> + break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
> + def->sgx = virDomainSGXDefParseXML(ctxt);
Similar.
Regards,
Tim
> + break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> + case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> + default:
> + virReportError(VIR_ERR_XML_ERROR,
> + _("unsupported launch security type '%s'"),
> + type);
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> static virDomainMemoryDefPtr
> virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
> xmlNodePtr memdevNode,
> @@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml,
> ctxt->node = node;
> VIR_FREE(nodes);
>
> - /* Check for SEV feature */
> - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
> - def->sev = virDomainSEVDefParseXML(node, ctxt);
> - if (!def->sev)
> + /* analysis of launch security */
> + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
> + goto error;
> +
> + for (i = 0; i < n; i++) {
> + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def)
> != 0)
> goto error;
> }
> + VIR_FREE(nodes);
>
> /* analysis of memory devices */
> if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 011bf66cb4..88adf461df 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef {
> typedef enum {
> VIR_DOMAIN_LAUNCH_SECURITY_NONE,
> VIR_DOMAIN_LAUNCH_SECURITY_SEV,
> + VIR_DOMAIN_LAUNCH_SECURITY_SGX,
>
> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> } virDomainLaunchSecurity;
> @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef {
> };
>
>
> +struct _virDomainSGXDef {
> + int sectype; /* enum virDomainLaunchSecurity */
> + unsigned long long epc_size; /* kibibytes */
> +};
> +
> +
> typedef enum {
> VIR_DOMAIN_IOMMU_MODEL_INTEL,
> VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
> @@ -2670,6 +2677,9 @@ struct _virDomainDef {
> /* SEV-specific domain */
> virDomainSEVDefPtr sev;
>
> + /* SGX-specific domain */
> + virDomainSGXDefPtr sgx;
> +
> /* Application-specific custom metadata */
> xmlNodePtr metadata;
>
> diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
> index 1c62cde251..084bcc7687 100644
> --- a/src/conf/virconftypes.h
> +++ b/src/conf/virconftypes.h
> @@ -291,6 +291,9 @@ typedef virDomainResourceDef
> *virDomainResourceDefPtr;
> typedef struct _virDomainSEVDef virDomainSEVDef;
> typedef virDomainSEVDef *virDomainSEVDefPtr;
>
> +typedef struct _virDomainSGXDef virDomainSGXDef;
> +typedef virDomainSGXDef *virDomainSGXDefPtr;
> +
> typedef struct _virDomainShmemDef virDomainShmemDef;
> typedef virDomainShmemDef *virDomainShmemDefPtr;
>
> -----Original Message-----
> From: Tim Wiederhake <twiederh@redhat.com>
> Sent: Monday, July 5, 2021 7:32 PM
> To: Huang, Haibin <haibin.huang@intel.com>
> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang,
> Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com>
> Subject: Re: [libvirt][PATCH v4 1/4] conf: Introduce SGX related element into
> domain xml
>
> On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote:
> > From: Lin Yang <lin.a.yang@intel.com>
> >
> > <launchSecurity type='sgx'>
> > <epc_size unit='KiB'>1024</epc_size>
> > </launchSecurity>
>
> Please also update "docs/schemas/domaincommon.rng".
[Haibin] ok, I will do it.
>
> > ---
> > src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++-------
> --
> > --
> > src/conf/domain_conf.h | 10 ++++
> > src/conf/virconftypes.h | 3 ++
> > 3 files changed, 91 insertions(+), 28 deletions(-)
> >
> > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index
> > ef67efa1da..4336dafd82 100644
> > --- a/src/conf/domain_conf.c
> > +++ b/src/conf/domain_conf.c
> > @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
> > VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> > "",
> > "sev",
> > + "sgx",
> > );
> >
> > static virClassPtr virDomainObjClass; @@ -3409,6 +3410,16 @@
> > virDomainSEVDefFree(virDomainSEVDefPtr def)
> > }
> >
> >
> > +static void
> > +virDomainSGXDefFree(virDomainSGXDefPtr def) {
> > + if (!def)
> > + return;
> > +
> > + VIR_FREE(def);
> > +}
> > +
> > +
> > void virDomainDefFree(virDomainDefPtr def)
> > {
> > size_t i;
> > @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
> > (def->ns.free)(def->namespaceData);
> >
> > virDomainSEVDefFree(def->sev);
> > + virDomainSGXDefFree(def->sgx);
> >
> > xmlFreeNode(def->metadata);
> >
> > @@ -16700,39 +16712,17 @@
> virDomainMemoryTargetDefParseXML(xmlNodePtr
> > node,
> > return 0;
> > }
> >
> > -
> > static virDomainSEVDefPtr
> > -virDomainSEVDefParseXML(xmlNodePtr sevNode,
> > - xmlXPathContextPtr ctxt)
> > +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
> > {
> > VIR_XPATH_NODE_AUTORESTORE(ctxt);
> > virDomainSEVDefPtr def;
> > unsigned long policy;
> > - g_autofree char *type = NULL;
> >
> > if (VIR_ALLOC(def) < 0)
> > return NULL;
> >
> > - ctxt->node = sevNode;
> > -
> > - if (!(type = virXMLPropString(sevNode, "type"))) {
> > - virReportError(VIR_ERR_XML_ERROR, "%s",
> > - _("missing launch security type"));
> > - goto error;
> > - }
> > -
> > - def->sectype = virDomainLaunchSecurityTypeFromString(type);
> > - switch ((virDomainLaunchSecurity) def->sectype) {
> > - case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> > - break;
> > - case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> > - case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> > - default:
> > - virReportError(VIR_ERR_XML_ERROR,
> > - _("unsupported launch security type '%s'"),
> > - type);
> > - goto error;
> > - }
> > + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
> >
> > if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
> > virReportError(VIR_ERR_XML_ERROR, "%s", @@ -16764,6 +16754,63
> > @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
> > return NULL;
> > }
> >
> > +static virDomainSGXDefPtr
> > +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt) {
> > + VIR_XPATH_NODE_AUTORESTORE(ctxt);
>
> I do not believe that this is necessary.
[Haibin] ok, I will remove " VIR_XPATH_NODE_AUTORESTORE(ctxt);"
>
> > + virDomainSGXDefPtr def;
> > +
> > + if (VIR_ALLOC(def) < 0)
> > + return NULL;
> > +
> > + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX;
> > +
> > + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
> > + &def->epc_size, false, false) < 0)
> > + goto error;
> > +
> > + return def;
> > +
> > + error:
> > + virDomainSGXDefFree(def);
> > + return NULL;
> > +}
> > +
> > +static int
> > +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
> > + xmlXPathContextPtr ctxt,
> > + virDomainDefPtr def) {
> > + VIR_XPATH_NODE_AUTORESTORE(ctxt);
> > + g_autofree char *type = NULL;
> > +
> > + ctxt->node = launchSecurityNode;
> > +
> > + if (!(type = virXMLPropString(launchSecurityNode, "type"))) {
> > + virReportError(VIR_ERR_XML_ERROR, "%s",
> > + _("missing launch security type"));
> > + return -1;
> > + }
> > +
> > + switch ((virDomainLaunchSecurity)
> > virDomainLaunchSecurityTypeFromString(type)) {
> > + case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> > + def->sev = virDomainSEVDefParseXML(ctxt);
>
> I believe this should return "-1" when "def->sev == NULL".
[Haibin] ok, I will add check code for def->sev.
>
> > + break;
> > + case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
> > + def->sgx = virDomainSGXDefParseXML(ctxt);
>
> Similar.
[Haibin] ok, I will add check code for def->sgx.
>
> Regards,
> Tim
> > + break;
> > + case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> > + case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> > + default:
> > + virReportError(VIR_ERR_XML_ERROR,
> > + _("unsupported launch security type '%s'"),
> > + type);
> > + return -1;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > static virDomainMemoryDefPtr
> > virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
> > xmlNodePtr memdevNode, @@ -22227,12
> > +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml,
> > ctxt->node = node;
> > VIR_FREE(nodes);
> >
> > - /* Check for SEV feature */
> > - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
> > - def->sev = virDomainSEVDefParseXML(node, ctxt);
> > - if (!def->sev)
> > + /* analysis of launch security */
> > + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
> > + goto error;
> > +
> > + for (i = 0; i < n; i++) {
> > + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def)
> > != 0)
> > goto error;
> > }
> > + VIR_FREE(nodes);
> >
> > /* analysis of memory devices */
> > if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
> > diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index
> > 011bf66cb4..88adf461df 100644
> > --- a/src/conf/domain_conf.h
> > +++ b/src/conf/domain_conf.h
> > @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef {
> > typedef enum {
> > VIR_DOMAIN_LAUNCH_SECURITY_NONE,
> > VIR_DOMAIN_LAUNCH_SECURITY_SEV,
> > + VIR_DOMAIN_LAUNCH_SECURITY_SGX,
> >
> > VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> > } virDomainLaunchSecurity;
> > @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef {
> > };
> >
> >
> > +struct _virDomainSGXDef {
> > + int sectype; /* enum virDomainLaunchSecurity */
> > + unsigned long long epc_size; /* kibibytes */ };
> > +
> > +
> > typedef enum {
> > VIR_DOMAIN_IOMMU_MODEL_INTEL,
> > VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
> > @@ -2670,6 +2677,9 @@ struct _virDomainDef {
> > /* SEV-specific domain */
> > virDomainSEVDefPtr sev;
> >
> > + /* SGX-specific domain */
> > + virDomainSGXDefPtr sgx;
> > +
> > /* Application-specific custom metadata */
> > xmlNodePtr metadata;
> >
> > diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index
> > 1c62cde251..084bcc7687 100644
> > --- a/src/conf/virconftypes.h
> > +++ b/src/conf/virconftypes.h
> > @@ -291,6 +291,9 @@ typedef virDomainResourceDef
> > *virDomainResourceDefPtr;
> > typedef struct _virDomainSEVDef virDomainSEVDef;
> > typedef virDomainSEVDef *virDomainSEVDefPtr;
> >
> > +typedef struct _virDomainSGXDef virDomainSGXDef; typedef
> > +virDomainSGXDef *virDomainSGXDefPtr;
> > +
> > typedef struct _virDomainShmemDef virDomainShmemDef;
> > typedef virDomainShmemDef *virDomainShmemDefPtr;
> >
On Thu, Jul 01, 2021 at 08:10:26PM +0800, Haibin Huang wrote:
> From: Lin Yang <lin.a.yang@intel.com>
>
> <launchSecurity type='sgx'>
> <epc_size unit='KiB'>1024</epc_size>
> </launchSecurity>
> ---
> src/conf/domain_conf.c | 106 +++++++++++++++++++++++++++++-----------
> src/conf/domain_conf.h | 10 ++++
> src/conf/virconftypes.h | 3 ++
> 3 files changed, 91 insertions(+), 28 deletions(-)
Not commenting the code for now as there is already ongoing work adding
s390-pv-guest support that refactors exactly the same functions as this
patch so we should coordinate the work to not introduce merge conflicts
and unnecessary work for both contributors.
https://listman.redhat.com/archives/libvir-list/2021-June/msg00653.html
Pavel
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index ef67efa1da..4336dafd82 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> "",
> "sev",
> + "sgx",
> );
>
> static virClassPtr virDomainObjClass;
> @@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def)
> }
>
>
> +static void
> +virDomainSGXDefFree(virDomainSGXDefPtr def)
> +{
> + if (!def)
> + return;
> +
> + VIR_FREE(def);
> +}
> +
> +
> void virDomainDefFree(virDomainDefPtr def)
> {
> size_t i;
> @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
> (def->ns.free)(def->namespaceData);
>
> virDomainSEVDefFree(def->sev);
> + virDomainSGXDefFree(def->sgx);
>
> xmlFreeNode(def->metadata);
>
> @@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
> return 0;
> }
>
> -
> static virDomainSEVDefPtr
> -virDomainSEVDefParseXML(xmlNodePtr sevNode,
> - xmlXPathContextPtr ctxt)
> +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
> {
> VIR_XPATH_NODE_AUTORESTORE(ctxt);
> virDomainSEVDefPtr def;
> unsigned long policy;
> - g_autofree char *type = NULL;
>
> if (VIR_ALLOC(def) < 0)
> return NULL;
>
> - ctxt->node = sevNode;
> -
> - if (!(type = virXMLPropString(sevNode, "type"))) {
> - virReportError(VIR_ERR_XML_ERROR, "%s",
> - _("missing launch security type"));
> - goto error;
> - }
> -
> - def->sectype = virDomainLaunchSecurityTypeFromString(type);
> - switch ((virDomainLaunchSecurity) def->sectype) {
> - case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> - break;
> - case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> - case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> - default:
> - virReportError(VIR_ERR_XML_ERROR,
> - _("unsupported launch security type '%s'"),
> - type);
> - goto error;
> - }
> + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
>
> if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
> virReportError(VIR_ERR_XML_ERROR, "%s",
> @@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
> return NULL;
> }
>
> +static virDomainSGXDefPtr
> +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt)
> +{
> + VIR_XPATH_NODE_AUTORESTORE(ctxt);
> + virDomainSGXDefPtr def;
> +
> + if (VIR_ALLOC(def) < 0)
> + return NULL;
> +
> + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX;
> +
> + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
> + &def->epc_size, false, false) < 0)
> + goto error;
> +
> + return def;
> +
> + error:
> + virDomainSGXDefFree(def);
> + return NULL;
> +}
> +
> +static int
> +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
> + xmlXPathContextPtr ctxt,
> + virDomainDefPtr def)
> +{
> + VIR_XPATH_NODE_AUTORESTORE(ctxt);
> + g_autofree char *type = NULL;
> +
> + ctxt->node = launchSecurityNode;
> +
> + if (!(type = virXMLPropString(launchSecurityNode, "type"))) {
> + virReportError(VIR_ERR_XML_ERROR, "%s",
> + _("missing launch security type"));
> + return -1;
> + }
> +
> + switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) {
> + case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> + def->sev = virDomainSEVDefParseXML(ctxt);
> + break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
> + def->sgx = virDomainSGXDefParseXML(ctxt);
> + break;
> + case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> + case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> + default:
> + virReportError(VIR_ERR_XML_ERROR,
> + _("unsupported launch security type '%s'"),
> + type);
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> static virDomainMemoryDefPtr
> virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
> xmlNodePtr memdevNode,
> @@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml,
> ctxt->node = node;
> VIR_FREE(nodes);
>
> - /* Check for SEV feature */
> - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
> - def->sev = virDomainSEVDefParseXML(node, ctxt);
> - if (!def->sev)
> + /* analysis of launch security */
> + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
> + goto error;
> +
> + for (i = 0; i < n; i++) {
> + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0)
> goto error;
> }
> + VIR_FREE(nodes);
>
> /* analysis of memory devices */
> if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 011bf66cb4..88adf461df 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef {
> typedef enum {
> VIR_DOMAIN_LAUNCH_SECURITY_NONE,
> VIR_DOMAIN_LAUNCH_SECURITY_SEV,
> + VIR_DOMAIN_LAUNCH_SECURITY_SGX,
>
> VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> } virDomainLaunchSecurity;
> @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef {
> };
>
>
> +struct _virDomainSGXDef {
> + int sectype; /* enum virDomainLaunchSecurity */
> + unsigned long long epc_size; /* kibibytes */
> +};
> +
> +
> typedef enum {
> VIR_DOMAIN_IOMMU_MODEL_INTEL,
> VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
> @@ -2670,6 +2677,9 @@ struct _virDomainDef {
> /* SEV-specific domain */
> virDomainSEVDefPtr sev;
>
> + /* SGX-specific domain */
> + virDomainSGXDefPtr sgx;
> +
> /* Application-specific custom metadata */
> xmlNodePtr metadata;
>
> diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
> index 1c62cde251..084bcc7687 100644
> --- a/src/conf/virconftypes.h
> +++ b/src/conf/virconftypes.h
> @@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr;
> typedef struct _virDomainSEVDef virDomainSEVDef;
> typedef virDomainSEVDef *virDomainSEVDefPtr;
>
> +typedef struct _virDomainSGXDef virDomainSGXDef;
> +typedef virDomainSGXDef *virDomainSGXDefPtr;
> +
> typedef struct _virDomainShmemDef virDomainShmemDef;
> typedef virDomainShmemDef *virDomainShmemDefPtr;
>
> --
> 2.17.1
>
Ok, got it. Thanks.
> -----Original Message-----
> From: Pavel Hrdina <phrdina@redhat.com>
> Sent: Wednesday, July 7, 2021 4:36 PM
> To: Huang, Haibin <haibin.huang@intel.com>
> Cc: libvir-list@redhat.com; Ding, Jian-feng <jian-feng.ding@intel.com>; Yang,
> Lin A <lin.a.yang@intel.com>; Lu, Lianhao <lianhao.lu@intel.com>
> Subject: Re: [libvirt][PATCH v4 1/4] conf: Introduce SGX related element into
> domain xml
>
> On Thu, Jul 01, 2021 at 08:10:26PM +0800, Haibin Huang wrote:
> > From: Lin Yang <lin.a.yang@intel.com>
> >
> > <launchSecurity type='sgx'>
> > <epc_size unit='KiB'>1024</epc_size>
> > </launchSecurity>
> > ---
> > src/conf/domain_conf.c | 106
> > +++++++++++++++++++++++++++++-----------
> > src/conf/domain_conf.h | 10 ++++
> > src/conf/virconftypes.h | 3 ++
> > 3 files changed, 91 insertions(+), 28 deletions(-)
>
> Not commenting the code for now as there is already ongoing work adding
> s390-pv-guest support that refactors exactly the same functions as this patch so
> we should coordinate the work to not introduce merge conflicts and
> unnecessary work for both contributors.
>
> https://listman.redhat.com/archives/libvir-list/2021-June/msg00653.html
>
> Pavel
>
> > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index
> > ef67efa1da..4336dafd82 100644
> > --- a/src/conf/domain_conf.c
> > +++ b/src/conf/domain_conf.c
> > @@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
> > VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> > "",
> > "sev",
> > + "sgx",
> > );
> >
> > static virClassPtr virDomainObjClass; @@ -3409,6 +3410,16 @@
> > virDomainSEVDefFree(virDomainSEVDefPtr def) }
> >
> >
> > +static void
> > +virDomainSGXDefFree(virDomainSGXDefPtr def) {
> > + if (!def)
> > + return;
> > +
> > + VIR_FREE(def);
> > +}
> > +
> > +
> > void virDomainDefFree(virDomainDefPtr def) {
> > size_t i;
> > @@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
> > (def->ns.free)(def->namespaceData);
> >
> > virDomainSEVDefFree(def->sev);
> > + virDomainSGXDefFree(def->sgx);
> >
> > xmlFreeNode(def->metadata);
> >
> > @@ -16700,39 +16712,17 @@
> virDomainMemoryTargetDefParseXML(xmlNodePtr node,
> > return 0;
> > }
> >
> > -
> > static virDomainSEVDefPtr
> > -virDomainSEVDefParseXML(xmlNodePtr sevNode,
> > - xmlXPathContextPtr ctxt)
> > +virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
> > {
> > VIR_XPATH_NODE_AUTORESTORE(ctxt);
> > virDomainSEVDefPtr def;
> > unsigned long policy;
> > - g_autofree char *type = NULL;
> >
> > if (VIR_ALLOC(def) < 0)
> > return NULL;
> >
> > - ctxt->node = sevNode;
> > -
> > - if (!(type = virXMLPropString(sevNode, "type"))) {
> > - virReportError(VIR_ERR_XML_ERROR, "%s",
> > - _("missing launch security type"));
> > - goto error;
> > - }
> > -
> > - def->sectype = virDomainLaunchSecurityTypeFromString(type);
> > - switch ((virDomainLaunchSecurity) def->sectype) {
> > - case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> > - break;
> > - case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> > - case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> > - default:
> > - virReportError(VIR_ERR_XML_ERROR,
> > - _("unsupported launch security type '%s'"),
> > - type);
> > - goto error;
> > - }
> > + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
> >
> > if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
> > virReportError(VIR_ERR_XML_ERROR, "%s", @@ -16764,6 +16754,63
> > @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
> > return NULL;
> > }
> >
> > +static virDomainSGXDefPtr
> > +virDomainSGXDefParseXML(xmlXPathContextPtr ctxt) {
> > + VIR_XPATH_NODE_AUTORESTORE(ctxt);
> > + virDomainSGXDefPtr def;
> > +
> > + if (VIR_ALLOC(def) < 0)
> > + return NULL;
> > +
> > + def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX;
> > +
> > + if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
> > + &def->epc_size, false, false) < 0)
> > + goto error;
> > +
> > + return def;
> > +
> > + error:
> > + virDomainSGXDefFree(def);
> > + return NULL;
> > +}
> > +
> > +static int
> > +virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
> > + xmlXPathContextPtr ctxt,
> > + virDomainDefPtr def) {
> > + VIR_XPATH_NODE_AUTORESTORE(ctxt);
> > + g_autofree char *type = NULL;
> > +
> > + ctxt->node = launchSecurityNode;
> > +
> > + if (!(type = virXMLPropString(launchSecurityNode, "type"))) {
> > + virReportError(VIR_ERR_XML_ERROR, "%s",
> > + _("missing launch security type"));
> > + return -1;
> > + }
> > +
> > + switch ((virDomainLaunchSecurity)
> virDomainLaunchSecurityTypeFromString(type)) {
> > + case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
> > + def->sev = virDomainSEVDefParseXML(ctxt);
> > + break;
> > + case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
> > + def->sgx = virDomainSGXDefParseXML(ctxt);
> > + break;
> > + case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
> > + case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> > + default:
> > + virReportError(VIR_ERR_XML_ERROR,
> > + _("unsupported launch security type '%s'"),
> > + type);
> > + return -1;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > static virDomainMemoryDefPtr
> > virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
> > xmlNodePtr memdevNode, @@ -22227,12
> > +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml,
> > ctxt->node = node;
> > VIR_FREE(nodes);
> >
> > - /* Check for SEV feature */
> > - if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
> > - def->sev = virDomainSEVDefParseXML(node, ctxt);
> > - if (!def->sev)
> > + /* analysis of launch security */
> > + if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
> > + goto error;
> > +
> > + for (i = 0; i < n; i++) {
> > + if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def)
> > + != 0)
> > goto error;
> > }
> > + VIR_FREE(nodes);
> >
> > /* analysis of memory devices */
> > if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
> > diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index
> > 011bf66cb4..88adf461df 100644
> > --- a/src/conf/domain_conf.h
> > +++ b/src/conf/domain_conf.h
> > @@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef { typedef enum {
> > VIR_DOMAIN_LAUNCH_SECURITY_NONE,
> > VIR_DOMAIN_LAUNCH_SECURITY_SEV,
> > + VIR_DOMAIN_LAUNCH_SECURITY_SGX,
> >
> > VIR_DOMAIN_LAUNCH_SECURITY_LAST,
> > } virDomainLaunchSecurity;
> > @@ -2462,6 +2463,12 @@ struct _virDomainSEVDef { };
> >
> >
> > +struct _virDomainSGXDef {
> > + int sectype; /* enum virDomainLaunchSecurity */
> > + unsigned long long epc_size; /* kibibytes */ };
> > +
> > +
> > typedef enum {
> > VIR_DOMAIN_IOMMU_MODEL_INTEL,
> > VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
> > @@ -2670,6 +2677,9 @@ struct _virDomainDef {
> > /* SEV-specific domain */
> > virDomainSEVDefPtr sev;
> >
> > + /* SGX-specific domain */
> > + virDomainSGXDefPtr sgx;
> > +
> > /* Application-specific custom metadata */
> > xmlNodePtr metadata;
> >
> > diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index
> > 1c62cde251..084bcc7687 100644
> > --- a/src/conf/virconftypes.h
> > +++ b/src/conf/virconftypes.h
> > @@ -291,6 +291,9 @@ typedef virDomainResourceDef
> > *virDomainResourceDefPtr; typedef struct _virDomainSEVDef
> > virDomainSEVDef; typedef virDomainSEVDef *virDomainSEVDefPtr;
> >
> > +typedef struct _virDomainSGXDef virDomainSGXDef; typedef
> > +virDomainSGXDef *virDomainSGXDefPtr;
> > +
> > typedef struct _virDomainShmemDef virDomainShmemDef; typedef
> > virDomainShmemDef *virDomainShmemDefPtr;
> >
> > --
> > 2.17.1
> >
© 2016 - 2026 Red Hat, Inc.