From nobody Sat Feb  7 04:40:33 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1625152176999885.1417715918031;
 Thu, 1 Jul 2021 08:09:36 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-102-7kJP_maUPbWWYMGIIBxMfQ-1; Thu, 01 Jul 2021 11:09:33 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D983E100CA88;
	Thu,  1 Jul 2021 15:09:27 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8727E19C44;
	Thu,  1 Jul 2021 15:09:26 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0505B4A712;
	Thu,  1 Jul 2021 15:09:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 161CDfL5022542 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 1 Jul 2021 08:13:41 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E304F102F136; Thu,  1 Jul 2021 12:13:40 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DE52B102583D
	for <libvir-list@redhat.com>; Thu,  1 Jul 2021 12:13:39 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 43CF280D090
	for <libvir-list@redhat.com>; Thu,  1 Jul 2021 12:13:39 +0000 (UTC)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (Using
	TLS) by relay.mimecast.com with ESMTP id
	us-mta-430-o0EyY1SsOF2A0HwZOZjyyQ-2; Thu, 01 Jul 2021 08:13:37 -0400
Received: from orsmga005.jf.intel.com ([10.7.209.41])
	by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
	01 Jul 2021 05:12:35 -0700
Received: from nhsgx.sh.intel.com ([10.239.36.138])
	by orsmga005.jf.intel.com with ESMTP; 01 Jul 2021 05:12:33 -0700
X-MC-Unique: 7kJP_maUPbWWYMGIIBxMfQ-1
X-MC-Unique: o0EyY1SsOF2A0HwZOZjyyQ-2
X-IronPort-AV: E=McAfee;i="6200,9189,10031"; a="195812172"
X-IronPort-AV: E=Sophos;i="5.83,314,1616482800"; d="scan'208";a="195812172"
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.83,314,1616482800"; d="scan'208";a="626344950"
From: Haibin Huang <haibin.huang@intel.com>
To: libvir-list@redhat.com, haibin.huang@intel.com, jian-feng.ding@intel.com,
	lin.a.yang@intel.com, lianhao.lu@intel.com
Subject: [libvirt][PATCH v4 1/4] conf: Introduce SGX related element into
	domain xml
Date: Thu,  1 Jul 2021 20:10:26 +0800
Message-Id: <20210701121029.10837-2-haibin.huang@intel.com>
In-Reply-To: <20210701121029.10837-1-haibin.huang@intel.com>
References: <20210701121029.10837-1-haibin.huang@intel.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
X-Mailman-Approved-At: Thu, 01 Jul 2021 11:06:50 -0400
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

From: Lin Yang <lin.a.yang@intel.com>

  <launchSecurity type=3D'sgx'>
=E2=80=AF=E2=80=AF  <epc_size unit=3D'KiB'>1024</epc_size>
  </launchSecurity>
---
 src/conf/domain_conf.c  | 106 +++++++++++++++++++++++++++++-----------
 src/conf/domain_conf.h  |  10 ++++
 src/conf/virconftypes.h |   3 ++
 3 files changed, 91 insertions(+), 28 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index ef67efa1da..4336dafd82 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
               VIR_DOMAIN_LAUNCH_SECURITY_LAST,
               "",
               "sev",
+              "sgx",
 );
=20
 static virClassPtr virDomainObjClass;
@@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def)
 }
=20
=20
+static void
+virDomainSGXDefFree(virDomainSGXDefPtr def)
+{
+    if (!def)
+        return;
+
+    VIR_FREE(def);
+}
+
+
 void virDomainDefFree(virDomainDefPtr def)
 {
     size_t i;
@@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
         (def->ns.free)(def->namespaceData);
=20
     virDomainSEVDefFree(def->sev);
+    virDomainSGXDefFree(def->sgx);
=20
     xmlFreeNode(def->metadata);
=20
@@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
     return 0;
 }
=20
-
 static virDomainSEVDefPtr
-virDomainSEVDefParseXML(xmlNodePtr sevNode,
-                        xmlXPathContextPtr ctxt)
+virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
 {
     VIR_XPATH_NODE_AUTORESTORE(ctxt);
     virDomainSEVDefPtr def;
     unsigned long policy;
-    g_autofree char *type =3D NULL;
=20
     if (VIR_ALLOC(def) < 0)
         return NULL;
=20
-    ctxt->node =3D sevNode;
-
-    if (!(type =3D virXMLPropString(sevNode, "type"))) {
-        virReportError(VIR_ERR_XML_ERROR, "%s",
-                       _("missing launch security type"));
-        goto error;
-    }
-
-    def->sectype =3D virDomainLaunchSecurityTypeFromString(type);
-    switch ((virDomainLaunchSecurity) def->sectype) {
-    case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
-        break;
-    case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
-    case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
-    default:
-        virReportError(VIR_ERR_XML_ERROR,
-                       _("unsupported launch security type '%s'"),
-                       type);
-        goto error;
-    }
+    def->sectype =3D VIR_DOMAIN_LAUNCH_SECURITY_SEV;
=20
     if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
@@ -16764,6 +16754,63 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
     return NULL;
 }
=20
+static virDomainSGXDefPtr
+virDomainSGXDefParseXML(xmlXPathContextPtr ctxt)
+{
+    VIR_XPATH_NODE_AUTORESTORE(ctxt);
+    virDomainSGXDefPtr def;
+
+    if (VIR_ALLOC(def) < 0)
+        return NULL;
+
+    def->sectype =3D VIR_DOMAIN_LAUNCH_SECURITY_SGX;
+
+    if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
+                             &def->epc_size, false, false) < 0)
+        goto error;
+
+    return def;
+
+ error:
+    virDomainSGXDefFree(def);
+    return NULL;
+}
+
+static int
+virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
+                                   xmlXPathContextPtr ctxt,
+                                   virDomainDefPtr def)
+{
+    VIR_XPATH_NODE_AUTORESTORE(ctxt);
+    g_autofree char *type =3D NULL;
+
+    ctxt->node =3D launchSecurityNode;
+
+    if (!(type =3D virXMLPropString(launchSecurityNode, "type"))) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing launch security type"));
+        return -1;
+    }
+
+    switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromStrin=
g(type)) {
+    case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+        def->sev =3D virDomainSEVDefParseXML(ctxt);
+        break;
+    case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
+        def->sgx =3D virDomainSGXDefParseXML(ctxt);
+        break;
+    case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+    case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+    default:
+        virReportError(VIR_ERR_XML_ERROR,
+                       _("unsupported launch security type '%s'"),
+                       type);
+        return -1;
+    }
+
+    return 0;
+}
+
 static virDomainMemoryDefPtr
 virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
                            xmlNodePtr memdevNode,
@@ -22227,12 +22274,15 @@ virDomainDefParseXML(xmlDocPtr xml,
     ctxt->node =3D node;
     VIR_FREE(nodes);
=20
-    /* Check for SEV feature */
-    if ((node =3D virXPathNode("./launchSecurity", ctxt)) !=3D NULL) {
-        def->sev =3D virDomainSEVDefParseXML(node, ctxt);
-        if (!def->sev)
+    /* analysis of launch security */
+    if ((n =3D virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
+        goto error;
+
+    for (i =3D 0; i < n; i++) {
+        if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) !=3D 0)
             goto error;
     }
+    VIR_FREE(nodes);
=20
     /* analysis of memory devices */
     if ((n =3D virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 011bf66cb4..88adf461df 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef {
 typedef enum {
     VIR_DOMAIN_LAUNCH_SECURITY_NONE,
     VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+    VIR_DOMAIN_LAUNCH_SECURITY_SGX,
=20
     VIR_DOMAIN_LAUNCH_SECURITY_LAST,
 } virDomainLaunchSecurity;
@@ -2462,6 +2463,12 @@ struct _virDomainSEVDef {
 };
=20
=20
+struct _virDomainSGXDef {
+    int sectype; /* enum virDomainLaunchSecurity */
+    unsigned long long epc_size; /* kibibytes */
+};
+
+
 typedef enum {
     VIR_DOMAIN_IOMMU_MODEL_INTEL,
     VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
@@ -2670,6 +2677,9 @@ struct _virDomainDef {
     /* SEV-specific domain */
     virDomainSEVDefPtr sev;
=20
+    /* SGX-specific domain */
+    virDomainSGXDefPtr sgx;
+
     /* Application-specific custom metadata */
     xmlNodePtr metadata;
=20
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 1c62cde251..084bcc7687 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr;
 typedef struct _virDomainSEVDef virDomainSEVDef;
 typedef virDomainSEVDef *virDomainSEVDefPtr;
=20
+typedef struct _virDomainSGXDef virDomainSGXDef;
+typedef virDomainSGXDef *virDomainSGXDefPtr;
+
 typedef struct _virDomainShmemDef virDomainShmemDef;
 typedef virDomainShmemDef *virDomainShmemDefPtr;
=20
--=20
2.17.1