From nobody Wed Apr 24 13:14:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 165224955811023.17476269379563;
 Tue, 10 May 2022 23:12:38 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-477-WyuPo1xvOMWNLTqL543uKw-1; Wed, 11 May 2022 02:12:33 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 735C42999B2F;
	Wed, 11 May 2022 06:12:31 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5CCD2C27E9E;
	Wed, 11 May 2022 06:12:31 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 1EE1A194704F;
	Wed, 11 May 2022 06:12:31 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id A150D1947043 for <libvir-list@listman.corp.redhat.com>;
 Wed, 11 May 2022 06:12:30 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 8FF49C27EB0; Wed, 11 May 2022 06:12:30 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 8BA91C27E9E
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:30 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [205.139.110.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6EC6580A0B9
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:30 +0000 (UTC)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-612-lSaoyvVxN5GMPDtSn8s3Tw-1; Wed, 11 May 2022 02:12:27 -0400
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 10 May 2022 23:11:23 -0700
Received: from sdp540.jf.intel.com ([10.165.9.5])
 by FMSMGA003.fm.intel.com with ESMTP; 10 May 2022 23:11:23 -0700
X-MC-Unique: WyuPo1xvOMWNLTqL543uKw-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: lSaoyvVxN5GMPDtSn8s3Tw-1
X-IronPort-AV: E=McAfee;i="6400,9594,10343"; a="294837332"
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="294837332"
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="658006043"
From: Lin Yang <lin.a.yang@intel.com>
To: libvir-list@redhat.com, haibin.huang@intel.com, jian-feng.ding@intel.com,
 lin.a.yang@intel.com, yang.zhong@intel.com
Subject: [libvirt][PATCH v11 1/4] qemu: provide support to query the SGX
 capability
Date: Tue, 10 May 2022 23:11:09 -0700
Message-Id: <20220511061112.2453344-2-lin.a.yang@intel.com>
In-Reply-To: <20220511061112.2453344-1-lin.a.yang@intel.com>
References: <20220511061112.2453344-1-lin.a.yang@intel.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1652249559218100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

From: Haibin Huang <haibin.huang@intel.com>

QEMU version >=3D 6.2.0 provides support for creating enclave on
SGX x86 platform using Software Guard Extensions (SGX) feature.
This patch adds support to query the SGX capability from the qemu.

Signed-off-by: Haibin Huang <haibin.huang@intel.com>
---
 src/conf/domain_capabilities.c                |  10 ++
 src/conf/domain_capabilities.h                |  13 ++
 src/libvirt_private.syms                      |   1 +
 src/qemu/qemu_capabilities.c                  | 119 ++++++++++++++++++
 src/qemu/qemu_capabilities.h                  |   6 +
 src/qemu/qemu_capspriv.h                      |   4 +
 src/qemu/qemu_monitor.c                       |  10 ++
 src/qemu/qemu_monitor.h                       |   3 +
 src/qemu/qemu_monitor_json.c                  | 104 +++++++++++++--
 src/qemu/qemu_monitor_json.h                  |   9 ++
 .../caps_6.2.0.x86_64.replies                 |  22 +++-
 .../caps_6.2.0.x86_64.xml                     |   5 +
 .../caps_7.0.0.x86_64.replies                 |  22 +++-
 .../caps_7.0.0.x86_64.xml                     |   5 +
 14 files changed, 318 insertions(+), 15 deletions(-)

diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 2a888da1a9..d0e863c5cb 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -78,6 +78,16 @@ virSEVCapabilitiesFree(virSEVCapability *cap)
 }
=20
=20
+void
+virSGXCapabilitiesFree(virSGXCapability *cap)
+{
+    if (!cap)
+        return;
+
+    VIR_FREE(cap);
+}
+
+
 static void
 virDomainCapsDispose(void *obj)
 {
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index f2eed80b15..9be0cff535 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -192,6 +192,13 @@ struct _virSEVCapability {
     unsigned int max_es_guests;
 };
=20
+typedef struct _virSGXCapability virSGXCapability;
+typedef virSGXCapability *virSGXCapabilityPtr;
+struct _virSGXCapability {
+    bool flc;
+    unsigned int epc_size;
+};
+
 typedef enum {
     VIR_DOMAIN_CAPS_FEATURE_IOTHREADS =3D 0,
     VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO,
@@ -228,6 +235,7 @@ struct _virDomainCaps {
=20
     virDomainCapsFeatureGIC gic;
     virSEVCapability *sev;
+    virSGXCapability *sgx;
     /* add new domain features here */
=20
     virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST];
@@ -276,3 +284,8 @@ void
 virSEVCapabilitiesFree(virSEVCapability *capabilities);
=20
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree);
+
+void
+virSGXCapabilitiesFree(virSGXCapability *capabilities);
+
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 97bfca906b..0ebd16f585 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -219,6 +219,7 @@ virDomainCapsEnumSet;
 virDomainCapsFormat;
 virDomainCapsNew;
 virSEVCapabilitiesFree;
+virSGXCapabilitiesFree;
=20
=20
 # conf/domain_conf.h
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 1ed4cda7f0..8fc6dda955 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -672,6 +672,9 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "virtio-iommu-pci", /* QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI */
               "virtio-iommu.boot-bypass", /* QEMU_CAPS_VIRTIO_IOMMU_BOOT_B=
YPASS */
               "virtio-net.rss", /* QEMU_CAPS_VIRTIO_NET_RSS */
+
+              /* 430 */
+              "sgx-epc", /* QEMU_CAPS_SGX_EPC */
     );
=20
=20
@@ -753,6 +756,8 @@ struct _virQEMUCaps {
=20
     virSEVCapability *sevCapabilities;
=20
+    virSGXCapability *sgxCapabilities;
+
     /* Capabilities which may differ depending on the accelerator. */
     virQEMUCapsAccel kvm;
     virQEMUCapsAccel hvf;
@@ -1396,6 +1401,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[=
] =3D {
     { "s390-pv-guest", QEMU_CAPS_S390_PV_GUEST },
     { "virtio-mem-pci", QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI },
     { "virtio-iommu-pci", QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI },
+    { "sgx-epc", QEMU_CAPS_SGX_EPC },
 };
=20
=20
@@ -1971,6 +1977,22 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
 }
=20
=20
+static int
+virQEMUCapsSGXInfoCopy(virSGXCapabilityPtr *dst,
+                       virSGXCapabilityPtr src)
+{
+    g_autoptr(virSGXCapability) tmp =3D NULL;
+
+    tmp =3D g_new0(virSGXCapability, 1);
+
+    tmp->flc =3D src->flc;
+    tmp->epc_size =3D src->epc_size;
+
+    *dst =3D g_steal_pointer(&tmp);
+    return 0;
+}
+
+
 static void
 virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccel *dst,
                                  virQEMUCapsAccel *src)
@@ -2052,6 +2074,12 @@ virQEMUCaps *virQEMUCapsNewCopy(virQEMUCaps *qemuCap=
s)
                                qemuCaps->sevCapabilities) < 0)
         return NULL;
=20
+
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) &&
+        virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities,
+                               qemuCaps->sgxCapabilities) < 0)
+        return NULL;
+
     return g_steal_pointer(&ret);
 }
=20
@@ -2615,6 +2643,13 @@ virQEMUCapsGetSEVCapabilities(virQEMUCaps *qemuCaps)
 }
=20
=20
+virSGXCapabilityPtr
+virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps)
+{
+    return qemuCaps->sgxCapabilities;
+}
+
+
 static int
 virQEMUCapsProbeQMPCommands(virQEMUCaps *qemuCaps,
                             qemuMonitor *mon)
@@ -3441,6 +3476,31 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemu=
Caps,
 }
=20
=20
+static int
+virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemuCaps,
+                                   qemuMonitor *mon)
+{
+    int rc =3D -1;
+    virSGXCapability *caps =3D NULL;
+
+    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC))
+        return 0;
+
+    if ((rc =3D qemuMonitorGetSGXCapabilities(mon, &caps)) < 0)
+        return -1;
+
+    /* SGX isn't actually supported */
+    if (rc =3D=3D 0) {
+        virQEMUCapsClear(qemuCaps, QEMU_CAPS_SGX_EPC);
+        return 0;
+    }
+
+    virSGXCapabilitiesFree(qemuCaps->sgxCapabilities);
+    qemuCaps->sgxCapabilities =3D caps;
+    return 0;
+}
+
+
 /*
  * Filter for features which should never be passed to QEMU. Either because
  * QEMU never supported them or they were dropped as they never did anythi=
ng
@@ -4219,6 +4279,42 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXP=
athContextPtr ctxt)
 }
=20
=20
+static int
+virQEMUCapsParseSGXInfo(virQEMUCaps *qemuCaps,
+                        xmlXPathContextPtr ctxt)
+{
+    g_autoptr(virSGXCapability) sgx =3D NULL;
+    g_autofree char *flc =3D NULL;
+
+    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC))
+        return 0;
+
+    if (virXPathBoolean("boolean(./sgx)", ctxt) =3D=3D 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing SGX platform data in QEMU capabilities c=
ache"));
+        return -1;
+    }
+
+    sgx =3D g_new0(virSGXCapability, 1);
+
+    if ((!(flc =3D virXPathString("string(./sgx/flc)", ctxt))) ||
+        virStringParseYesNo(flc, &sgx->flc) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing or invalid SGX platform flc in QEMU capa=
bilities cache"));
+        return -1;
+    }
+
+    if (virXPathUInt("string(./sgx/epc_size)", ctxt, &sgx->epc_size) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing or malformed SGX platform epc_size in QE=
MU capabilities cache"));
+        return -1;
+    }
+
+    qemuCaps->sgxCapabilities =3D g_steal_pointer(&sgx);
+    return 0;
+}
+
+
 static int
 virQEMUCapsParseFlags(virQEMUCaps *qemuCaps, xmlXPathContextPtr ctxt)
 {
@@ -4521,6 +4617,9 @@ virQEMUCapsLoadCache(virArch hostArch,
     if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0)
         return -1;
=20
+    if (virQEMUCapsParseSGXInfo(qemuCaps, ctxt) < 0)
+        return -1;
+
     if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM))
         virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KV=
M);
     if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_HVF))
@@ -4706,6 +4805,21 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virB=
uffer *buf)
 }
=20
=20
+static void
+virQEMUCapsFormatSGXInfo(virQEMUCaps *qemuCaps,
+                         virBuffer *buf)
+{
+    virSGXCapabilityPtr sgx =3D virQEMUCapsGetSGXCapabilities(qemuCaps);
+
+    virBufferAddLit(buf, "<sgx>\n");
+    virBufferAdjustIndent(buf, 2);
+    virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no");
+    virBufferAsprintf(buf, "<epc_size>%u</epc_size>\n", sgx->epc_size);
+    virBufferAdjustIndent(buf, -2);
+    virBufferAddLit(buf, "</sgx>\n");
+}
+
+
 char *
 virQEMUCapsFormatCache(virQEMUCaps *qemuCaps)
 {
@@ -4787,6 +4901,9 @@ virQEMUCapsFormatCache(virQEMUCaps *qemuCaps)
     if (qemuCaps->sevCapabilities)
         virQEMUCapsFormatSEVInfo(qemuCaps, &buf);
=20
+    if (qemuCaps->sgxCapabilities)
+        virQEMUCapsFormatSGXInfo(qemuCaps, &buf);
+
     if (qemuCaps->kvmSupportsNesting)
         virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
=20
@@ -5454,6 +5571,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps,
         return -1;
     if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0)
         return -1;
+    if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0)
+        return -1;
=20
     virQEMUCapsInitProcessCaps(qemuCaps);
=20
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 9b240e47fb..0d420527b0 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -648,6 +648,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_VIRTIO_IOMMU_BOOT_BYPASS, /* virtio-iommu.boot-bypass */
     QEMU_CAPS_VIRTIO_NET_RSS, /* virtio-net rss feature */
=20
+    /* 430 */
+    QEMU_CAPS_SGX_EPC, /* -object sgx-epc,... */
+
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
=20
@@ -840,6 +843,9 @@ virQEMUCapsCPUFeatureFromQEMU(virQEMUCaps *qemuCaps,
 virSEVCapability *
 virQEMUCapsGetSEVCapabilities(virQEMUCaps *qemuCaps);
=20
+virSGXCapabilityPtr
+virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps);
+
 bool
 virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps) G_GNUC_NO_INLI=
NE;
=20
diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h
index f4f4a99d32..c632647a74 100644
--- a/src/qemu/qemu_capspriv.h
+++ b/src/qemu/qemu_capspriv.h
@@ -101,6 +101,10 @@ void
 virQEMUCapsSetSEVCapabilities(virQEMUCaps *qemuCaps,
                               virSEVCapability *capabilities);
=20
+void
+virQEMUCapsSetSGXCapabilities(virQEMUCaps *qemuCaps,
+                              virSGXCapability *capabilities);
+
 int
 virQEMUCapsProbeCPUDefinitionsTest(virQEMUCaps *qemuCaps,
                                    qemuMonitor *mon);
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 316cff5b9b..e3425b1db7 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -3690,6 +3690,16 @@ qemuMonitorGetSEVCapabilities(qemuMonitor *mon,
 }
=20
=20
+int
+qemuMonitorGetSGXCapabilities(qemuMonitor *mon,
+                              virSGXCapability **capabilities)
+{
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONGetSGXCapabilities(mon, capabilities);
+}
+
+
 int
 qemuMonitorNBDServerStart(qemuMonitor *mon,
                           const virStorageNetHostDef *server,
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 5c2a749282..f7b0582f68 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -900,6 +900,9 @@ int qemuMonitorGetGICCapabilities(qemuMonitor *mon,
 int qemuMonitorGetSEVCapabilities(qemuMonitor *mon,
                                   virSEVCapability **capabilities);
=20
+int qemuMonitorGetSGXCapabilities(qemuMonitor *mon,
+                                  virSGXCapability **capabilities);
+
 typedef enum {
   QEMU_MONITOR_MIGRATE_BACKGROUND       =3D 1 << 0,
   QEMU_MONITOR_MIGRATE_NON_SHARED_DISK  =3D 1 << 1, /* migration with non-=
shared storage with full disk copy */
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 9e611e93e8..5c6c6f293a 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6469,6 +6469,69 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon,
     return 1;
 }
=20
+/**
+ * qemuMonitorJSONGetSGXCapabilities:
+ * @mon: qemu monitor object
+ * @capabilities: pointer to pointer to a SGX capability structure to be f=
illed
+ *
+ * This function queries and fills in INTEL's SGX platform-specific data.
+ * Note that from QEMU's POV both -object sgx-epc and query-sgx-capabiliti=
es
+ * can be present even if SGX is not available, which basically leaves us =
with
+ * checking for JSON "GenericError" in order to differentiate between comp=
iled-in
+ * support and actual SGX support on the platform.
+ *
+ * Returns: -1 on error,
+ *           0 if SGX is not supported, and
+ *           1 if SGX is supported on the platform.
+ */
+int
+qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon,
+                                  virSGXCapability **capabilities)
+{
+    g_autoptr(virJSONValue) cmd =3D NULL;
+    g_autoptr(virJSONValue) reply =3D NULL;
+    virJSONValue *caps;
+    bool flc =3D false;
+    unsigned int section_size =3D 0;
+    g_autoptr(virSGXCapability) capability =3D NULL;
+
+    *capabilities =3D NULL;
+
+    if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sgx-capabilities", NUL=
L)))
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        return -1;
+
+    /* QEMU has only compiled-in support of SGX */
+    if (qemuMonitorJSONHasError(reply, "GenericError"))
+        return 0;
+
+    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+        return -1;
+
+    caps =3D virJSONValueObjectGetObject(reply, "return");
+
+    if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("query-sgx-capabilities reply was missing 'flc' f=
ield"));
+        return -1;
+    }
+
+    if (virJSONValueObjectGetNumberUint(caps, "section-size", &section_siz=
e) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("query-sgx-capabilities reply was missing 'sectio=
n-size' field"));
+        return -1;
+    }
+
+    capability =3D g_new0(virSGXCapability, 1);
+    capability->flc =3D flc;
+    capability->epc_size =3D section_size/1024;
+
+    *capabilities =3D g_steal_pointer(&capability);
+    return 1;
+}
+
 static virJSONValue *
 qemuMonitorJSONBuildInetSocketAddress(const char *host,
                                       const char *port)
@@ -7478,13 +7541,25 @@ qemuMonitorJSONGetMemoryDeviceInfo(qemuMonitor *mon,
             return -1;
         }
=20
-        /* While 'id' attribute is marked as optional in QEMU's QAPI
-         * specification, Libvirt always sets it. Thus we can fail if not
-         * present. */
-        if (!(devalias =3D virJSONValueObjectGetString(dimminfo, "id"))) {
-            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                           _("dimm memory info data is missing 'id'"));
-            return -1;
+        if (STREQ(type, "dimm") || STREQ(type, "nvdimm") || STREQ(type, "v=
irtio-mem")) {
+            /* While 'id' attribute is marked as optional in QEMU's QAPI
+            * specification, Libvirt always sets it. Thus we can fail if n=
ot
+            * present. */
+            if (!(devalias =3D virJSONValueObjectGetString(dimminfo, "id")=
)) {
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("dimm memory info data is missing 'id'"));
+                return -1;
+            }
+        } else if (STREQ(type, "sgx-epc")) {
+            if (!(devalias =3D virJSONValueObjectGetString(dimminfo, "memd=
ev"))) {
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("sgx-epc memory info data is missing 'memdev=
'"));
+                return -1;
+            }
+        } else {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                        _("%s memory device info is not handled yet"), typ=
e);
+                return -1;
         }
=20
         meminfo =3D g_new0(qemuMonitorMemoryDeviceInfo, 1);
@@ -7528,6 +7603,21 @@ qemuMonitorJSONGetMemoryDeviceInfo(qemuMonitor *mon,
                                _("malformed/missing size in virtio memory =
info"));
                 return -1;
             }
+        } else if (STREQ(type, "sgx-epc")) {
+            /* sgx-epc memory devices */
+            if (virJSONValueObjectGetNumberUlong(dimminfo, "memaddr",
+                                                 &meminfo->address) < 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                               _("malformed/missing memaddr in sgx-epc mem=
ory info"));
+                return -1;
+            }
+
+            if (virJSONValueObjectGetNumberUlong(dimminfo, "size",
+                                                 &meminfo->size) < 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                               _("malformed/missing size in sgx-epc memory=
 info"));
+                return -1;
+            }
         } else {
             /* type not handled yet */
             continue;
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 982fbad44e..2e445cda91 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -256,6 +256,15 @@ qemuMonitorJSONAddFileHandleToSet(qemuMonitor *mon,
                                   const char *opaque,
                                   qemuMonitorAddFdInfo *info);
=20
+int qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon,
+                                      virSGXCapability **capabilities);
+
+int qemuMonitorJSONMigrate(qemuMonitor *mon,
+                           unsigned int flags,
+                           const char *uri);
+int qemuMonitorJSONGetSpiceMigrationStatus(qemuMonitor *mon,
+                                           bool *spice_migrated);
+
 int
 qemuMonitorJSONRemoveFdset(qemuMonitor *mon,
                            unsigned int fdset);
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_6.2.0.x86_64.replies
index e235532d62..04b3a06f4a 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
@@ -32707,6 +32707,20 @@
   }
 }
=20
+{
+  "execute": "query-sgx-capabilities",
+  "id": "libvirt-51"
+}
+
+{
+  "return": {
+    "sgx": true,
+    "section-size": 1024,
+    "flc": false
+  },
+  "id": "libvirt-51"
+}
+
 {
   "execute": "query-cpu-model-expansion",
   "arguments": {
@@ -32715,7 +32729,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -33048,7 +33062,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -33062,7 +33076,7 @@
       }
     }
   },
-  "id": "libvirt-52"
+  "id": "libvirt-53"
 }
=20
 {
@@ -33395,7 +33409,7 @@
       }
     }
   },
-  "id": "libvirt-52"
+  "id": "libvirt-53"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.2.0.x86_64.xml
index dba5ecaf87..0b0563752f 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
@@ -238,6 +238,7 @@
   <flag name=3D'memory-backend-file.prealloc-threads'/>
   <flag name=3D'virtio-iommu-pci'/>
   <flag name=3D'virtio-net.rss'/>
+  <flag name=3D'sgx-epc'/>
   <version>6002000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100244</microcodeVersion>
@@ -3706,4 +3707,8 @@
   <machine type=3D'tcg' name=3D'pc-q35-2.5' hotplugCpus=3D'yes' maxCpus=3D=
'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultRAMi=
d=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-i440fx-3.0' hotplugCpus=3D'yes' maxCpus=
=3D'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-q35-2.11' hotplugCpus=3D'yes' maxCpus=
=3D'288' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
+  <sgx>
+    <flc>no</flc>
+    <epc_size>1</epc_size>
+  </sgx>
 </qemuCaps>
diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_7.0.0.x86_64.replies
index 620442704a..6e85a96ffb 100644
--- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies
@@ -33317,6 +33317,20 @@
   }
 }
=20
+{
+  "execute": "query-sgx-capabilities",
+  "id": "libvirt-51"
+}
+
+{
+  "return": {
+    "sgx": true,
+    "section-size": 1024,
+    "flc": false
+  },
+  "id": "libvirt-51"
+}
+
 {
   "execute": "query-cpu-model-expansion",
   "arguments": {
@@ -33325,7 +33339,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -33662,7 +33676,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -33676,7 +33690,7 @@
       }
     }
   },
-  "id": "libvirt-52"
+  "id": "libvirt-53"
 }
=20
 {
@@ -34013,7 +34027,7 @@
       }
     }
   },
-  "id": "libvirt-52"
+  "id": "libvirt-53"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_7.0.0.x86_64.xml
index 8074c97ecd..65d0d71cee 100644
--- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml
@@ -242,6 +242,7 @@
   <flag name=3D'virtio-iommu-pci'/>
   <flag name=3D'virtio-iommu.boot-bypass'/>
   <flag name=3D'virtio-net.rss'/>
+  <flag name=3D'sgx-epc'/>
   <version>7000000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100243</microcodeVersion>
@@ -3770,4 +3771,8 @@
   <machine type=3D'tcg' name=3D'pc-q35-2.5' hotplugCpus=3D'yes' maxCpus=3D=
'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultRAMi=
d=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-i440fx-3.0' hotplugCpus=3D'yes' maxCpus=
=3D'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-q35-2.11' hotplugCpus=3D'yes' maxCpus=
=3D'288' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
+  <sgx>
+    <flc>no</flc>
+    <epc_size>1</epc_size>
+  </sgx>
 </qemuCaps>
--=20
2.25.1
From nobody Wed Apr 24 13:14:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1652249588479710.6703137015643;
 Tue, 10 May 2022 23:13:08 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-2-ieYsa7LVMTSk7Q950hLGuw-1; Wed, 11 May 2022 02:12:36 -0400
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D23F186B8C0;
	Wed, 11 May 2022 06:12:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id B64FC40CF8E4;
	Wed, 11 May 2022 06:12:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 8E670194704F;
	Wed, 11 May 2022 06:12:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id E89B11947043 for <libvir-list@listman.corp.redhat.com>;
 Wed, 11 May 2022 06:12:31 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id C959E56BCAF; Wed, 11 May 2022 06:12:31 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id C4B8456BCA5
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:31 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A218F804184
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:31 +0000 (UTC)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-612-SewaP-AKP6G_vRC9XYTAag-2; Wed, 11 May 2022 02:12:29 -0400
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 10 May 2022 23:11:24 -0700
Received: from sdp540.jf.intel.com ([10.165.9.5])
 by FMSMGA003.fm.intel.com with ESMTP; 10 May 2022 23:11:24 -0700
X-MC-Unique: ieYsa7LVMTSk7Q950hLGuw-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: SewaP-AKP6G_vRC9XYTAag-2
X-IronPort-AV: E=McAfee;i="6400,9594,10343"; a="294837337"
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="294837337"
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="658006054"
From: Lin Yang <lin.a.yang@intel.com>
To: libvir-list@redhat.com, haibin.huang@intel.com, jian-feng.ding@intel.com,
 lin.a.yang@intel.com, yang.zhong@intel.com
Subject: [libvirt][PATCH v11 2/4] conf: expose SGX feature in domain
 capabilities
Date: Tue, 10 May 2022 23:11:10 -0700
Message-Id: <20220511061112.2453344-3-lin.a.yang@intel.com>
In-Reply-To: <20220511061112.2453344-1-lin.a.yang@intel.com>
References: <20220511061112.2453344-1-lin.a.yang@intel.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1652249591051100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

From: Haibin Huang <haibin.huang@intel.com>

Extend hypervisor capabilities to include sgx feature. When available,
the hypervisor supports launching an VM with SGX on Intel platfrom.
The SGX feature tag privides additional details like section size and
sgx1 or sgx2.

Signed-off-by: Haibin Huang <haibin.huang@intel.com>
---
 docs/formatdomaincaps.rst                     | 26 +++++++++++++++++++
 src/conf/domain_capabilities.c                | 19 ++++++++++++++
 src/conf/schemas/domaincaps.rng               | 22 +++++++++++++++-
 src/qemu/qemu_capabilities.c                  | 24 +++++++++++++++++
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |  1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |  1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml    |  1 +
 tests/domaincapsdata/empty.xml                |  1 +
 tests/domaincapsdata/libxl-xenfv.xml          |  1 +
 tests/domaincapsdata/libxl-xenpv.xml          |  1 +
 .../domaincapsdata/qemu_2.11.0-q35.x86_64.xml |  1 +
 .../domaincapsdata/qemu_2.11.0-tcg.x86_64.xml |  1 +
 tests/domaincapsdata/qemu_2.11.0.s390x.xml    |  1 +
 tests/domaincapsdata/qemu_2.11.0.x86_64.xml   |  1 +
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |  1 +
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |  1 +
 .../qemu_2.12.0-virt.aarch64.xml              |  1 +
 tests/domaincapsdata/qemu_2.12.0.aarch64.xml  |  1 +
 tests/domaincapsdata/qemu_2.12.0.ppc64.xml    |  1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml    |  1 +
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |  1 +
 .../domaincapsdata/qemu_3.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_3.0.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_3.0.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_3.0.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_3.1.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_3.1.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |  1 +
 .../qemu_4.0.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_4.0.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_4.0.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_4.1.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |  1 +
 .../qemu_4.2.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |  1 +
 .../qemu_5.0.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_5.1.0.sparc.xml     |  1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |  1 +
 .../qemu_5.2.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  1 +
 .../qemu_6.0.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |  1 +
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |  1 +
 .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |  1 +
 tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |  1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |  4 +++
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |  4 +++
 .../qemu_6.2.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_6.2.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_6.2.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |  4 +++
 .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml  |  4 +++
 .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml  |  4 +++
 .../qemu_7.0.0-virt.aarch64.xml               |  1 +
 tests/domaincapsdata/qemu_7.0.0.aarch64.xml   |  1 +
 tests/domaincapsdata/qemu_7.0.0.ppc64.xml     |  1 +
 tests/domaincapsdata/qemu_7.0.0.x86_64.xml    |  4 +++
 85 files changed, 189 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index 4de96ea83a..964cc26d21 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -519,6 +519,10 @@ capabilities. All features occur as children of the ma=
in ``features`` element.
          <cbitpos>47</cbitpos>
          <reduced-phys-bits>1</reduced-phys-bits>
        </sev>
+       <sgx>
+         <flc>no</flc>
+         <epc_size>1</epc_size>
+       </sgx>
      </features>
    </domainCapabilities>
=20
@@ -598,3 +602,25 @@ in domain XML <formatdomain.html#launchSecurity>`__
 ``maxESGuests``
    The maximum number of SEV-ES guests that can be launched on the host. T=
his
    value may be configurable in the firmware for some hosts.
+
+SGX capabilities
+^^^^^^^^^^^^^^^^
+
+Intel Software Guard Extensions (Intel SGX) capabilities are exposed under=
 the
+``sgx`` element.
+
+Intel SGX helps protect data in use via unique application isolation techn=
ology.
+Protect selected code and data from modification using hardened enclaves w=
ith
+Intel SGX.
+
+For more details on the SGX feature, please follow resources in the SGX de=
veloper's
+document store. In order to use SGX with libvirt have a look at formatdoma=
in.rst
+Memory devices.
+
+
+``flc``
+   FLC (Flexible Launch Control), not strictly part of SGX2, but was not p=
art of
+   original SGX hardware either.
+
+``epc_size``
+   The size of the SGX enclave page cache (called EPC).
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index d0e863c5cb..a54999e569 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -100,6 +100,7 @@ virDomainCapsDispose(void *obj)
     virObjectUnref(caps->cpu.custom);
     virCPUDefFree(caps->cpu.hostModel);
     virSEVCapabilitiesFree(caps->sev);
+    virSGXCapabilitiesFree(caps->sgx);
=20
     values =3D &caps->os.loader.values;
     for (i =3D 0; i < values->nvalues; i++)
@@ -622,6 +623,23 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
     return;
 }
=20
+static void
+virDomainCapsFeatureSGXFormat(virBuffer *buf,
+                              const virSGXCapability *sgx)
+{
+    if (!sgx) {
+        virBufferAddLit(buf, "<sgx supported=3D'no'/>\n");
+    } else {
+        virBufferAddLit(buf, "<sgx supported=3D'yes'>\n");
+        virBufferAdjustIndent(buf, 2);
+        virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no");
+        virBufferAsprintf(buf, "<epc_size unit=3D'KiB'>%d</epc_size>\n", s=
gx->epc_size);
+        virBufferAdjustIndent(buf, -2);
+        virBufferAddLit(buf, "</sgx>\n");
+    }
+
+    return;
+}
=20
 static void
 virDomainCapsFormatFeatures(const virDomainCaps *caps,
@@ -642,6 +660,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps,
     }
=20
     virDomainCapsFeatureSEVFormat(&childBuf, caps->sev);
+    virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx);
=20
     virXMLFormatElement(buf, "features", NULL, &childBuf);
 }
diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.=
rng
index 9cbc2467ab..5ace30ae0d 100644
--- a/src/conf/schemas/domaincaps.rng
+++ b/src/conf/schemas/domaincaps.rng
@@ -270,6 +270,9 @@
       <optional>
         <ref name=3D"sev"/>
       </optional>
+      <optional>
+        <ref name=3D'sgx'/>
+      </optional>
     </element>
   </define>
=20
@@ -330,7 +333,24 @@
     </element>
   </define>
=20
-  <define name=3D"value">
+  <define name=3D'sgx'>
+    <element name=3D'sgx'>
+      <ref name=3D'supported'/>
+      <optional>
+        <element name=3D'flc'>
+          <data type=3D'string'/>
+        </element>
+        <element name=3D'epc_size'>
+          <attribute name=3D"unit">
+            <value>KiB</value>
+          </attribute>
+          <data type=3D'unsignedInt'/>
+        </element>
+      </optional>
+    </element>
+  </define>
+
+  <define name=3D'value'>
     <zeroOrMore>
       <element name=3D"value">
         <text/>
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 8fc6dda955..04890cc6a1 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6630,6 +6630,29 @@ virQEMUCapsFillDomainFeatureS390PVCaps(virQEMUCaps *=
qemuCaps,
     }
 }
=20
+/**
+ * virQEMUCapsFillDomainFeatureiSGXCaps:
+ * @qemuCaps: QEMU capabilities
+ * @domCaps: domain capabilities
+ *
+ * Take the information about SGX capabilities that has been obtained
+ * using the 'query-sgx-capabilities' QMP command and stored in @qemuCaps
+ * and convert it to a form suitable for @domCaps.
+ */
+static void
+virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCaps *qemuCaps,
+                                    virDomainCaps *domCaps)
+{
+    virSGXCapability *cap =3D qemuCaps->sgxCapabilities;
+
+    if (!cap)
+        return;
+
+    domCaps->sgx =3D g_new0(virSGXCapability, 1);
+
+    domCaps->sgx->flc =3D cap->flc;
+    domCaps->sgx->epc_size =3D cap->epc_size;
+}
=20
 int
 virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
@@ -6682,6 +6705,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
     virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps);
     virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps);
     virQEMUCapsFillDomainFeatureS390PVCaps(qemuCaps, domCaps);
+    virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps);
=20
     return 0;
 }
diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml b/tests/domaincaps=
data/bhyve_basic.x86_64.xml
index 745f325531..dd054577c0 100644
--- a/tests/domaincapsdata/bhyve_basic.x86_64.xml
+++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml
@@ -33,5 +33,6 @@
     <vmcoreinfo supported=3D'no'/>
     <genid supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml b/tests/domaincapsd=
ata/bhyve_fbuf.x86_64.xml
index bb11c02ae9..0b1d9c17d7 100644
--- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml
+++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml
@@ -50,5 +50,6 @@
     <vmcoreinfo supported=3D'no'/>
     <genid supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml b/tests/domaincapsd=
ata/bhyve_uefi.x86_64.xml
index dfd2360d74..69fff197a7 100644
--- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml
+++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml
@@ -42,5 +42,6 @@
     <vmcoreinfo supported=3D'no'/>
     <genid supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml
index d3e2d89b60..97752ca04a 100644
--- a/tests/domaincapsdata/empty.xml
+++ b/tests/domaincapsdata/empty.xml
@@ -13,5 +13,6 @@
   </devices>
   <features>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/li=
bxl-xenfv.xml
index cc5b3847e2..c71d759517 100644
--- a/tests/domaincapsdata/libxl-xenfv.xml
+++ b/tests/domaincapsdata/libxl-xenfv.xml
@@ -76,5 +76,6 @@
     <vmcoreinfo supported=3D'no'/>
     <genid supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/li=
bxl-xenpv.xml
index 325f1e50b3..8ae2370b7e 100644
--- a/tests/domaincapsdata/libxl-xenpv.xml
+++ b/tests/domaincapsdata/libxl-xenpv.xml
@@ -66,5 +66,6 @@
     <vmcoreinfo supported=3D'no'/>
     <genid supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml b/tests/domain=
capsdata/qemu_2.11.0-q35.x86_64.xml
index ea9737d9ce..665e2b6401 100644
--- a/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.11.0-q35.x86_64.xml
@@ -187,5 +187,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml b/tests/domain=
capsdata/qemu_2.11.0-tcg.x86_64.xml
index cccc6830f9..de19ae76e0 100644
--- a/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.11.0-tcg.x86_64.xml
@@ -200,5 +200,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsd=
ata/qemu_2.11.0.s390x.xml
index 804bf8020e..5249aca8c1 100644
--- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
@@ -215,5 +215,6 @@
     <backup supported=3D'no'/>
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml b/tests/domaincaps=
data/qemu_2.11.0.x86_64.xml
index 3a8aa2ab71..3186231683 100644
--- a/tests/domaincapsdata/qemu_2.11.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.11.0.x86_64.xml
@@ -187,5 +187,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-q35.x86_64.xml
index 0dc5995c09..7aa4ba7d2c 100644
--- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
@@ -208,5 +208,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-tcg.x86_64.xml
index 575506d852..a08a9b6a8e 100644
--- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
@@ -218,5 +218,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml b/tests/doma=
incapsdata/qemu_2.12.0-virt.aarch64.xml
index 2074c89875..e4518988c6 100644
--- a/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-virt.aarch64.xml
@@ -168,5 +168,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml b/tests/domaincap=
sdata/qemu_2.12.0.aarch64.xml
index a93313f980..ff1158d107 100644
--- a/tests/domaincapsdata/qemu_2.12.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.aarch64.xml
@@ -162,5 +162,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml b/tests/domaincapsd=
ata/qemu_2.12.0.ppc64.xml
index cb3edcbd56..681b4bc7bd 100644
--- a/tests/domaincapsdata/qemu_2.12.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.ppc64.xml
@@ -132,5 +132,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0.s390x.xml b/tests/domaincapsd=
ata/qemu_2.12.0.s390x.xml
index 5c3d9ce7db..7f7b8a1911 100644
--- a/tests/domaincapsdata/qemu_2.12.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.s390x.xml
@@ -215,5 +215,6 @@
     <backup supported=3D'no'/>
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincaps=
data/qemu_2.12.0.x86_64.xml
index c8a5558536..32f1816ad6 100644
--- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
@@ -208,5 +208,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_3.0.0-q35.x86_64.xml
index 4f80439eb4..740ff9062d 100644
--- a/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_3.0.0-q35.x86_64.xml
@@ -204,5 +204,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_3.0.0-tcg.x86_64.xml
index 301101095c..09c4c07471 100644
--- a/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml
@@ -216,5 +216,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_3.0.0.ppc64.xml
index 8605db5cc8..039ee5c99c 100644
--- a/tests/domaincapsdata/qemu_3.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_3.0.0.ppc64.xml
@@ -134,5 +134,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.0.0.s390x.xml b/tests/domaincapsda=
ta/qemu_3.0.0.s390x.xml
index f49b6907ff..63a128fab5 100644
--- a/tests/domaincapsdata/qemu_3.0.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_3.0.0.s390x.xml
@@ -222,5 +222,6 @@
     <backup supported=3D'no'/>
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_3.0.0.x86_64.xml
index 650728566e..a8cd693bbd 100644
--- a/tests/domaincapsdata/qemu_3.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_3.0.0.x86_64.xml
@@ -204,5 +204,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_3.1.0-q35.x86_64.xml
index c4277c53a1..381cc9a4ec 100644
--- a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml
@@ -207,5 +207,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_3.1.0-tcg.x86_64.xml
index 2a65cb0ad9..28868f1c0b 100644
--- a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml
@@ -226,5 +226,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_3.1.0.ppc64.xml
index 8035f7230a..3176d7044f 100644
--- a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml
@@ -134,5 +134,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_3.1.0.x86_64.xml
index 6e3ddda356..db9bb1dd9f 100644
--- a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml
@@ -207,5 +207,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_4.0.0-q35.x86_64.xml
index 8f3911b4b3..b99301af1f 100644
--- a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml
@@ -207,5 +207,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_4.0.0-tcg.x86_64.xml
index a4dc7bafc9..da58e85b72 100644
--- a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml
@@ -226,5 +226,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_4.0.0-virt.aarch64.xml
index 7108efe3b4..65aa9403c5 100644
--- a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml
@@ -175,5 +175,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml b/tests/domaincaps=
data/qemu_4.0.0.aarch64.xml
index 1e7db635d0..d3e2ac0621 100644
--- a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml
@@ -169,5 +169,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_4.0.0.ppc64.xml
index f109d36266..076820c5bc 100644
--- a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml
@@ -135,5 +135,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.0.0.s390x.xml b/tests/domaincapsda=
ta/qemu_4.0.0.s390x.xml
index b810ad737a..821d467bd9 100644
--- a/tests/domaincapsdata/qemu_4.0.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_4.0.0.s390x.xml
@@ -232,5 +232,6 @@
     <backup supported=3D'no'/>
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_4.0.0.x86_64.xml
index 24e732d9c3..3dac8ff1ae 100644
--- a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml
@@ -207,5 +207,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_4.1.0-q35.x86_64.xml
index 3ee7feea48..2f9dc00689 100644
--- a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml
@@ -213,5 +213,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_4.1.0-tcg.x86_64.xml
index b20c02cb68..13540675b6 100644
--- a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml
@@ -229,5 +229,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_4.1.0.x86_64.xml
index 0f1d398e2c..bb7d6b9219 100644
--- a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml
@@ -213,5 +213,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_4.2.0-q35.x86_64.xml
index c8a77cdd41..9fef4ccd37 100644
--- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
@@ -221,5 +221,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_4.2.0-tcg.x86_64.xml
index d0ee3f7b7a..76636c0c37 100644
--- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
@@ -236,5 +236,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_4.2.0-virt.aarch64.xml
index 05d606967b..1a87fc417b 100644
--- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
@@ -177,5 +177,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincaps=
data/qemu_4.2.0.aarch64.xml
index f19ad5e6db..943c3605d8 100644
--- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
@@ -171,5 +171,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_4.2.0.ppc64.xml
index 4c3a2c6d98..e0187041db 100644
--- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
@@ -141,5 +141,6 @@
     <backingStoreInput supported=3D'no'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsda=
ta/qemu_4.2.0.s390x.xml
index fb162ea578..8150e5119a 100644
--- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml
@@ -247,5 +247,6 @@
     <backup supported=3D'no'/>
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_4.2.0.x86_64.xml
index 6578fd04b6..8f3edfce70 100644
--- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
@@ -221,5 +221,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_5.0.0-q35.x86_64.xml
index 8a6797c2f1..4c6ea67c99 100644
--- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
@@ -223,5 +223,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_5.0.0-tcg.x86_64.xml
index d277c96426..e0536347e5 100644
--- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
@@ -238,5 +238,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_5.0.0-virt.aarch64.xml
index f8cea230d9..3a70b34001 100644
--- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
@@ -186,5 +186,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincaps=
data/qemu_5.0.0.aarch64.xml
index ab72b7ffeb..6a8c1027c0 100644
--- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
@@ -180,5 +180,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_5.0.0.ppc64.xml
index 5772045e35..0910a0e3bf 100644
--- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
@@ -146,5 +146,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_5.0.0.x86_64.xml
index 51ca1d98e0..74f297c2e7 100644
--- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
@@ -223,5 +223,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_5.1.0-q35.x86_64.xml
index 3468fb2e72..ceafdd35e7 100644
--- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
@@ -224,5 +224,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_5.1.0-tcg.x86_64.xml
index 4f1ffbb2ba..ae9754a14c 100644
--- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
@@ -238,5 +238,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsda=
ta/qemu_5.1.0.sparc.xml
index 5c1c0c4680..ae8474a696 100644
--- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml
@@ -113,5 +113,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_5.1.0.x86_64.xml
index 8ff49c7899..37d053c086 100644
--- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
@@ -224,5 +224,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_5.2.0-q35.x86_64.xml
index 2301a475eb..4e68dc46f4 100644
--- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
@@ -224,5 +224,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_5.2.0-tcg.x86_64.xml
index 6cff0f815e..a8914a90b2 100644
--- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
@@ -238,5 +238,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_5.2.0-virt.aarch64.xml
index a863a6052d..41bb7ecb45 100644
--- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
@@ -186,5 +186,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincaps=
data/qemu_5.2.0.aarch64.xml
index ab72b7ffeb..6a8c1027c0 100644
--- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
@@ -180,5 +180,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_5.2.0.ppc64.xml
index 051b7d43a8..17f6f71bf9 100644
--- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
@@ -146,5 +146,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsda=
ta/qemu_5.2.0.s390x.xml
index 2a2ca8abcf..496c08dd34 100644
--- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml
@@ -249,5 +249,6 @@
     <backup supported=3D'no'/>
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_5.2.0.x86_64.xml
index 41a54985d7..df653b95e3 100644
--- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
@@ -224,5 +224,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-q35.x86_64.xml
index 4595e70f61..95627a1f9c 100644
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@@ -230,5 +230,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-tcg.x86_64.xml
index 65f4459bcb..4ac6365cad 100644
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@@ -244,5 +244,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_6.0.0-virt.aarch64.xml
index 61eab9de0e..bda348ac18 100644
--- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
@@ -187,5 +187,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincaps=
data/qemu_6.0.0.aarch64.xml
index fa722b5fd3..d1478dedde 100644
--- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
@@ -181,5 +181,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'no'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsda=
ta/qemu_6.0.0.s390x.xml
index 13fa3a637e..ccb6536dfc 100644
--- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml
@@ -250,5 +250,6 @@
     <backup supported=3D'no'/>
     <s390-pv supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.0.0.x86_64.xml
index a6fa374211..621cf5032c 100644
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@@ -230,5 +230,6 @@
       <maxGuests>59</maxGuests>
       <maxESGuests>450</maxESGuests>
     </sev>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.1.0-q35.x86_64.xml
index f4d0fcf673..93194d4f99 100644
--- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
@@ -226,5 +226,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.1.0-tcg.x86_64.xml
index 40bc875e3c..9828fb4192 100644
--- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
@@ -239,5 +239,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.1.0.x86_64.xml
index 67fc449f5d..0948e9cf14 100644
--- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
@@ -226,5 +226,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-q35.x86_64.xml
index 9d68c0a404..5ef1006b81 100644
--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
@@ -226,5 +226,9 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'yes'>
+      <flc>no</flc>
+      <epc_size unit=3D'KiB'>1</epc_size>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-tcg.x86_64.xml
index a439dda190..5731369514 100644
--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
@@ -240,5 +240,9 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'yes'>
+      <flc>no</flc>
+      <epc_size unit=3D'KiB'>1</epc_size>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_6.2.0-virt.aarch64.xml
index f6045623f5..7494df031f 100644
--- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
@@ -189,5 +189,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincaps=
data/qemu_6.2.0.aarch64.xml
index 35e18adcd5..2946a36b04 100644
--- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
@@ -183,5 +183,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_6.2.0.ppc64.xml
index 8fed9d30b7..4213cc2988 100644
--- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
@@ -144,5 +144,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.2.0.x86_64.xml
index 0f89790b60..0dc51619f8 100644
--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
@@ -226,5 +226,9 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'yes'>
+      <flc>no</flc>
+      <epc_size unit=3D'KiB'>1</epc_size>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_7.0.0-q35.x86_64.xml
index 1f56616587..3f1ce8028c 100644
--- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
@@ -227,5 +227,9 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'yes'>
+      <flc>no</flc>
+      <epc_size unit=3D'KiB'>1</epc_size>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_7.0.0-tcg.x86_64.xml
index 9ed9123f7d..c113c98360 100644
--- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
@@ -241,5 +241,9 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'yes'>
+      <flc>no</flc>
+      <epc_size unit=3D'KiB'>1</epc_size>
+    </sgx>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_7.0.0-virt.aarch64.xml
index 7a8cb9f113..514f673e4c 100644
--- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
@@ -189,5 +189,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincaps=
data/qemu_7.0.0.aarch64.xml
index d48c87dc3a..797affc12f 100644
--- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
@@ -183,5 +183,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_7.0.0.ppc64.xml
index 942c721afd..68d51bf4b1 100644
--- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
@@ -146,5 +146,6 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'no'/>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_7.0.0.x86_64.xml
index 71532ad0ed..c02afe0f40 100644
--- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
@@ -227,5 +227,9 @@
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
     <sev supported=3D'no'/>
+    <sgx supported=3D'yes'>
+      <flc>no</flc>
+      <epc_size unit=3D'KiB'>1</epc_size>
+    </sgx>
   </features>
 </domainCapabilities>
--=20
2.25.1
From nobody Wed Apr 24 13:14:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1652249560589964.8578394069114;
 Tue, 10 May 2022 23:12:40 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-511-sqI2nBToMB6R7ZjOAAyJog-1; Wed, 11 May 2022 02:12:35 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
 [10.11.54.2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2C14B185A7A4;
	Wed, 11 May 2022 06:12:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1369E4010E20;
	Wed, 11 May 2022 06:12:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id F30F11947048;
	Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 491CA1947043 for <libvir-list@listman.corp.redhat.com>;
 Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 2BB3A154EEED; Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 279CE154EEE8
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 05F76811E7A
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-44-1HU5rIncOUKdBx8LLYw-Vg-1; Wed, 11 May 2022 02:12:30 -0400
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 10 May 2022 23:11:25 -0700
Received: from sdp540.jf.intel.com ([10.165.9.5])
 by FMSMGA003.fm.intel.com with ESMTP; 10 May 2022 23:11:25 -0700
X-MC-Unique: sqI2nBToMB6R7ZjOAAyJog-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: 1HU5rIncOUKdBx8LLYw-Vg-1
X-IronPort-AV: E=McAfee;i="6400,9594,10343"; a="294837344"
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="294837344"
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="658006064"
From: Lin Yang <lin.a.yang@intel.com>
To: libvir-list@redhat.com, haibin.huang@intel.com, jian-feng.ding@intel.com,
 lin.a.yang@intel.com, yang.zhong@intel.com
Subject: [libvirt][PATCH v11 3/4] conf: Introduce SGX EPC element into device
 memory xml
Date: Tue, 10 May 2022 23:11:11 -0700
Message-Id: <20220511061112.2453344-4-lin.a.yang@intel.com>
In-Reply-To: <20220511061112.2453344-1-lin.a.yang@intel.com>
References: <20220511061112.2453344-1-lin.a.yang@intel.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1652249560906100003
Content-Type: text/plain; charset="utf-8"; x-default="true"

<devices>
  ...
  <memory model=3D'sgx-epc'>
    <target>
      <size unit=3D'KiB'>512</size>
    </target>
  </memory>
  ...
</devices>

Signed-off-by: Lin Yang <lin.a.yang@intel.com>
---
 docs/formatdomain.rst                         |  9 +++-
 src/conf/domain_conf.c                        |  6 +++
 src/conf/domain_conf.h                        |  1 +
 src/conf/domain_validate.c                    | 16 ++++++
 src/conf/schemas/domaincommon.rng             |  1 +
 src/qemu/qemu_alias.c                         |  3 ++
 src/qemu/qemu_command.c                       |  1 +
 src/qemu/qemu_domain.c                        | 38 +++++++++-----
 src/qemu/qemu_domain_address.c                |  6 +++
 src/qemu/qemu_driver.c                        |  1 +
 src/qemu/qemu_process.c                       |  2 +
 src/qemu/qemu_validate.c                      |  8 +++
 src/security/security_apparmor.c              |  1 +
 src/security/security_dac.c                   |  2 +
 src/security/security_selinux.c               |  2 +
 tests/qemuxml2argvdata/sgx-epc.xml            | 36 +++++++++++++
 .../sgx-epc.x86_64-latest.xml                 | 52 +++++++++++++++++++
 tests/qemuxml2xmltest.c                       |  2 +
 18 files changed, 172 insertions(+), 15 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
 create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-latest.xml

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 9be305f3e6..cdb61068b9 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -7836,6 +7836,11 @@ Example: usage of the memory devices
          <current unit=3D'KiB'>524288</current>
        </target>
      </memory>
+     <memory model=3D'sgx-epc'>
+       <target>
+         <size unit=3D'KiB'>16384</size>
+       </target>
+     </memory>
    </devices>
    ...
=20
@@ -7844,7 +7849,9 @@ Example: usage of the memory devices
    1.2.14` Provide ``nvdimm`` model that adds a Non-Volatile DIMM module.
    :since:`Since 3.2.0` Provide ``virtio-pmem`` model to add a paravirtual=
ized
    persistent memory device. :since:`Since 7.1.0` Provide ``virtio-mem`` m=
odel
-   to add paravirtualized memory device. :since:`Since 7.9.0`
+   to add paravirtualized memory device. :since:`Since 7.9.0` Provide
+   ``sgx-epc`` model to add a SGX enclave page cache (EPC) memory to the g=
uest.
+   :since:`Since 8.1.0`
=20
 ``access``
    An optional attribute ``access`` ( :since:`since 3.2.0` ) that provides
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index bd2884088c..a35f9e6c02 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1429,6 +1429,7 @@ VIR_ENUM_IMPL(virDomainMemoryModel,
               "nvdimm",
               "virtio-pmem",
               "virtio-mem",
+              "sgx-epc",
 );
=20
 VIR_ENUM_IMPL(virDomainShmemModel,
@@ -5630,6 +5631,7 @@ virDomainMemoryDefPostParse(virDomainMemoryDef *mem,
=20
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
@@ -14552,6 +14554,7 @@ virDomainMemorySourceDefParseXML(xmlNodePtr node,
         def->nvdimmPath =3D virXPathString("string(./path)", ctxt);
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
@@ -14620,6 +14623,7 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
     }
@@ -16416,6 +16420,7 @@ virDomainMemoryFindByDefInternal(virDomainDef *def,
                 continue;
             break;
=20
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
         case VIR_DOMAIN_MEMORY_MODEL_NONE:
         case VIR_DOMAIN_MEMORY_MODEL_LAST:
             break;
@@ -25874,6 +25879,7 @@ virDomainMemorySourceDefFormat(virBuffer *buf,
         virBufferEscapeString(&childBuf, "<path>%s</path>\n", def->nvdimmP=
ath);
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 88a411d00c..8c89690ca5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2536,6 +2536,7 @@ typedef enum {
     VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device */
     VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM, /* virtio-pmem memory device */
     VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM, /* virtio-mem memory device */
+    VIR_DOMAIN_MEMORY_MODEL_SGX_EPC, /* SGX enclave page cache */
=20
     VIR_DOMAIN_MEMORY_MODEL_LAST
 } virDomainMemoryModel;
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index b9cb50ed31..5000261fdd 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2158,6 +2158,22 @@ virDomainMemoryDefValidate(const virDomainMemoryDef =
*mem,
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+        if (mem->info.type !=3D VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("memory device address is not supported for m=
odel '%s'"),
+                           virDomainMemoryModelTypeToString(mem->model));
+            return -1;
+        }
+
+        if (mem->targetNode !=3D -1) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("NUMA nodes is not supported for model '%s'"),
+                           virDomainMemoryModelTypeToString(mem->model));
+            return -1;
+        }
+        break;
+
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     default:
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom=
mon.rng
index 8afb0dadd4..ed6bd66326 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -6703,6 +6703,7 @@
           <value>nvdimm</value>
           <value>virtio-pmem</value>
           <value>virtio-mem</value>
+          <value>sgx-epc</value>
         </choice>
       </attribute>
       <optional>
diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index 8c2f055604..e5a946cbed 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -516,6 +516,9 @@ qemuAssignDeviceMemoryAlias(virDomainDef *def,
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
         prefix =3D "virtiomem";
         break;
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+        prefix =3D "epc";
+        break;
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     default:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 3746f02ff0..cb0ddb3467 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4016,6 +4016,7 @@ qemuBuildMemoryDeviceProps(virQEMUDriverConfig *cfg,
             return NULL;
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     default:
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 7974cdb00b..33de07bfd7 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -8401,6 +8401,7 @@ qemuDomainUpdateMemoryDeviceInfo(virQEMUDriver *drive=
r,
             break;
=20
         case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
         case VIR_DOMAIN_MEMORY_MODEL_NONE:
         case VIR_DOMAIN_MEMORY_MODEL_LAST:
             break;
@@ -9082,6 +9083,12 @@ qemuDomainDefValidateMemoryHotplugDevice(const virDo=
mainMemoryDef *mem,
         }
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("hotplug are not supported for the %s device"),
+                       virDomainMemoryModelTypeToString(mem->model));
+            return -1;
+
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         return -1;
@@ -9117,7 +9124,7 @@ int
 qemuDomainDefValidateMemoryHotplug(const virDomainDef *def,
                                    const virDomainMemoryDef *mem)
 {
-    unsigned int nmems =3D def->nmems;
+    unsigned int hotplugNum =3D 0;
     unsigned long long hotplugSpace;
     unsigned long long hotplugMemory =3D 0;
     size_t i;
@@ -9125,15 +9132,27 @@ qemuDomainDefValidateMemoryHotplug(const virDomainD=
ef *def,
     hotplugSpace =3D def->mem.max_memory - virDomainDefGetMemoryInitial(de=
f);
=20
     if (mem) {
-        nmems++;
+        hotplugNum++;
         hotplugMemory =3D mem->size;
=20
         if (qemuDomainDefValidateMemoryHotplugDevice(mem, def) < 0)
             return -1;
     }
=20
+    for (i =3D 0; i < def->nmems; i++) {
+        /* sgx epc memory does not support hotplug */
+        if (def->mems[i]->model !=3D VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) {
+            hotplugMemory +=3D def->mems[i]->size;
+            hotplugNum++;
+            /* already existing devices don't need to be checked on hotplu=
g */
+            if (!mem &&
+                qemuDomainDefValidateMemoryHotplugDevice(def->mems[i], def=
) < 0)
+                return -1;
+        }
+    }
+
     if (!virDomainDefHasMemoryHotplug(def)) {
-        if (nmems) {
+        if (hotplugNum) {
             virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                            _("cannot use/hotplug a memory device when doma=
in "
                              "'maxMemory' is not defined"));
@@ -9156,22 +9175,13 @@ qemuDomainDefValidateMemoryHotplug(const virDomainD=
ef *def,
         }
     }
=20
-    if (nmems > def->mem.memory_slots) {
+    if (hotplugNum > def->mem.memory_slots) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("memory device count '%u' exceeds slots count '%u=
'"),
-                       nmems, def->mem.memory_slots);
+                       hotplugNum, def->mem.memory_slots);
         return -1;
     }
=20
-    for (i =3D 0; i < def->nmems; i++) {
-        hotplugMemory +=3D def->mems[i]->size;
-
-        /* already existing devices don't need to be checked on hotplug */
-        if (!mem &&
-            qemuDomainDefValidateMemoryHotplugDevice(def->mems[i], def) < =
0)
-            return -1;
-    }
-
     if (hotplugMemory > hotplugSpace) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("memory device total size exceeds hotplug space")=
);
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index 753733d1b9..a111ae4d0c 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -389,6 +389,7 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDef *def,
         case VIR_DOMAIN_MEMORY_MODEL_NONE:
         case VIR_DOMAIN_MEMORY_MODEL_DIMM:
         case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
         case VIR_DOMAIN_MEMORY_MODEL_LAST:
             break;
         }
@@ -1039,6 +1040,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDev=
iceDef *dev,
         case VIR_DOMAIN_MEMORY_MODEL_NONE:
         case VIR_DOMAIN_MEMORY_MODEL_DIMM:
         case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
         case VIR_DOMAIN_MEMORY_MODEL_LAST:
             return 0;
         }
@@ -2421,6 +2423,7 @@ qemuDomainAssignDevicePCISlots(virDomainDef *def,
         case VIR_DOMAIN_MEMORY_MODEL_NONE:
         case VIR_DOMAIN_MEMORY_MODEL_DIMM:
         case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
         case VIR_DOMAIN_MEMORY_MODEL_LAST:
             break;
         }
@@ -3081,6 +3084,7 @@ qemuDomainAssignMemoryDeviceSlot(virDomainObj *vm,
         return qemuDomainEnsurePCIAddress(vm, &dev);
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
@@ -3107,6 +3111,7 @@ qemuDomainReleaseMemoryDeviceSlot(virDomainObj *vm,
         qemuDomainReleaseDeviceAddress(vm, &mem->info);
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
@@ -3140,6 +3145,7 @@ qemuDomainAssignMemorySlots(virDomainDef *def)
         case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
             /* handled in qemuDomainAssignPCIAddresses() */
             break;
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
         case VIR_DOMAIN_MEMORY_MODEL_NONE:
         case VIR_DOMAIN_MEMORY_MODEL_LAST:
             break;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index e3582f62a7..0dd4c86830 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7002,6 +7002,7 @@ qemuDomainChangeMemoryLiveValidateChange(const virDom=
ainMemoryDef *oldDef,
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("cannot modify memory of model '%s'"),
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index b0b00eb0a2..34cbea9bee 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3799,6 +3799,7 @@ qemuProcessDomainMemoryDefNeedHugepagesPath(const vir=
DomainMemoryDef *mem,
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         /* None of these can be backed by hugepages. */
         return false;
@@ -3873,6 +3874,7 @@ qemuProcessNeedMemoryBackingPath(virDomainDef *def,
         case VIR_DOMAIN_MEMORY_MODEL_NONE:
         case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
         case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
         case VIR_DOMAIN_MEMORY_MODEL_LAST:
             /* Backed by user provided path. Not stored in memory
              * backing dir anyway. */
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index b576efe375..713610482a 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -5053,6 +5053,14 @@ qemuValidateDomainDeviceDefMemory(virDomainMemoryDef=
 *mem,
         }
         break;
=20
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+        if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("sgx epc isn't supported by this QEMU binary"=
));
+            return -1;
+        }
+        break;
+
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
diff --git a/src/security/security_apparmor.c b/src/security/security_appar=
mor.c
index 8f7acba980..c0ce9cdbc9 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -687,6 +687,7 @@ AppArmorSetMemoryLabel(virSecurityManager *mgr,
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
     }
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index e9e316551e..5bbe4cd771 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1850,6 +1850,7 @@ virSecurityDACRestoreMemoryLabel(virSecurityManager *=
mgr,
=20
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
         ret =3D 0;
@@ -2035,6 +2036,7 @@ virSecurityDACSetMemoryLabel(virSecurityManager *mgr,
=20
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
         ret =3D 0;
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 6f02baf2ce..b95fb14c32 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1582,6 +1582,7 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManager *=
mgr,
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         break;
     }
@@ -1610,6 +1611,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManag=
er *mgr,
=20
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
         ret =3D 0;
diff --git a/tests/qemuxml2argvdata/sgx-epc.xml b/tests/qemuxml2argvdata/sg=
x-epc.xml
new file mode 100644
index 0000000000..65ae8ae296
--- /dev/null
+++ b/tests/qemuxml2argvdata/sgx-epc.xml
@@ -0,0 +1,36 @@
+<domain type=3D'qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'q35'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'sata' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x1f' f=
unction=3D'0x2'/>
+    </controller>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memory model=3D'sgx-epc'>
+      <target>
+        <size unit=3D'MiB'>64</size>
+      </target>
+    </memory>
+    <memory model=3D'sgx-epc'>
+      <target>
+        <size unit=3D'MiB'>16</size>
+      </target>
+    </memory>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/sgx-epc.x86_64-latest.xml b/tests/qem=
uxml2xmloutdata/sgx-epc.x86_64-latest.xml
new file mode 100644
index 0000000000..1f2a9c418f
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/sgx-epc.x86_64-latest.xml
@@ -0,0 +1,52 @@
+<domain type=3D'qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'q35'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'sata' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x1f' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'1' model=3D'pcie-root-port'>
+      <model name=3D'pcie-root-port'/>
+      <target chassis=3D'1' port=3D'0x8'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x0' multifunction=3D'on'/>
+    </controller>
+    <controller type=3D'pci' index=3D'2' model=3D'pcie-root-port'>
+      <model name=3D'pcie-root-port'/>
+      <target chassis=3D'2' port=3D'0x9'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x1'/>
+    </controller>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x01' slot=3D'0x00' f=
unction=3D'0x0'/>
+    </memballoon>
+    <memory model=3D'sgx-epc'>
+      <target>
+        <size unit=3D'KiB'>65536</size>
+      </target>
+    </memory>
+    <memory model=3D'sgx-epc'>
+      <target>
+        <size unit=3D'KiB'>16384</size>
+      </target>
+    </memory>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 58ee29cd33..51f805dcab 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1468,6 +1468,8 @@ mymain(void)
                   QEMU_CAPS_DEVICE_VIRTIO_RNG,
                   QEMU_CAPS_OBJECT_RNG_RANDOM);
=20
+    DO_TEST_CAPS_LATEST("sgx-epc");
+
  cleanup:
     if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL)
         virFileDeleteTree(fakerootdir);
--=20
2.25.1
From nobody Wed Apr 24 13:14:52 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=intel.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1652249560932392.19828183197944;
 Tue, 10 May 2022 23:12:40 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-439-Lc_i34_cNnq4LuL1FLN2hQ-1; Wed, 11 May 2022 02:12:37 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3BD2D804181;
	Wed, 11 May 2022 06:12:35 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 25845C2810A;
	Wed, 11 May 2022 06:12:35 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 1069719451F2;
	Wed, 11 May 2022 06:12:35 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
 [10.11.54.2])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 19A491947BAE for <libvir-list@listman.corp.redhat.com>;
 Wed, 11 May 2022 06:12:33 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id EE7AC40C1421; Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id EA63E400E118
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [205.139.110.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D2C562949BD4
 for <libvir-list@redhat.com>; Wed, 11 May 2022 06:12:32 +0000 (UTC)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-612-IC1gYsKwOA2apJQVXG1VIw-3; Wed, 11 May 2022 02:12:30 -0400
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 10 May 2022 23:11:26 -0700
Received: from sdp540.jf.intel.com ([10.165.9.5])
 by FMSMGA003.fm.intel.com with ESMTP; 10 May 2022 23:11:26 -0700
X-MC-Unique: Lc_i34_cNnq4LuL1FLN2hQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: IC1gYsKwOA2apJQVXG1VIw-3
X-IronPort-AV: E=McAfee;i="6400,9594,10343"; a="294837348"
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="294837348"
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,216,1647327600"; d="scan'208";a="658006075"
From: Lin Yang <lin.a.yang@intel.com>
To: libvir-list@redhat.com, haibin.huang@intel.com, jian-feng.ding@intel.com,
 lin.a.yang@intel.com, yang.zhong@intel.com
Subject: [libvirt][PATCH v11 4/4] qemu: Add command-line to generate SGX EPC
 memory backend
Date: Tue, 10 May 2022 23:11:12 -0700
Message-Id: <20220511061112.2453344-5-lin.a.yang@intel.com>
In-Reply-To: <20220511061112.2453344-1-lin.a.yang@intel.com>
References: <20220511061112.2453344-1-lin.a.yang@intel.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1652249562927100005
Content-Type: text/plain; charset="utf-8"; x-default="true"

According to the result parsing from xml, add the argument of
SGX EPC memory backend into QEMU command line:

    #qemu-system-x86_64 \
        ...... \
        -object memory-backend-epc,id=3Dmemepc0,size=3D64M,prealloc=3Don \
        -object memory-backend-epc,id=3Dmemepc1,size=3D28M \
        -machine sgx-epc.0.memdev=3Dmemepc0,sgx-epc.1.memdev=3Dmemepc1

Signed-off-by: Lin Yang <lin.a.yang@intel.com>
---
 src/qemu/qemu_alias.c                         |  3 +-
 src/qemu/qemu_command.c                       | 53 +++++++++++++++++--
 .../sgx-epc.x86_64-6.2.0.args                 | 37 +++++++++++++
 tests/qemuxml2argvtest.c                      |  2 +
 4 files changed, 90 insertions(+), 5 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args

diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index e5a946cbed..03c79bcf0e 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -467,7 +467,8 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
      * valid */
     if (!oldAlias &&
         mem->model !=3D VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM &&
-        mem->model !=3D VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM)
+        mem->model !=3D VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM &&
+        mem->model !=3D VIR_DOMAIN_MEMORY_MODEL_SGX_EPC)
         return mem->info.addr.dimm.slot;
=20
     for (i =3D 0; i < def->nmems; i++) {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index cb0ddb3467..d048c17b94 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3749,6 +3749,10 @@ qemuBuildMemoryBackendProps(virJSONValue **backendPr=
ops,
         if (systemMemory)
             disableCanonicalPath =3D true;
=20
+    } else if (mem->model =3D=3D VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) {
+        backendType =3D "memory-backend-epc";
+        if (!priv->memPrealloc)
+            prealloc =3D true;
     } else if (useHugepage || mem->nvdimmPath || memAccess ||
         def->mem.source =3D=3D VIR_DOMAIN_MEMORY_SOURCE_FILE) {
=20
@@ -3909,6 +3913,11 @@ qemuBuildMemoryBackendProps(virJSONValue **backendPr=
ops,
                            _("this qemu doesn't support the "
                              "memory-backend-memfd object"));
             return -1;
+        } else if (STREQ(backendType, "memory-backend-epc") &&
+                   !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_SGX_EPC)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("this qemu doesn't support the memory-backend=
-epc object"));
+            return -1;
         }
=20
         rc =3D 0;
@@ -6959,6 +6968,7 @@ qemuBuildMachineCommandLine(virCommand *cmd,
     virCPUDef *cpu =3D def->cpu;
     g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER;
     size_t i;
+    int epcNum =3D 0;
=20
     virCommandAddArg(cmd, "-machine");
     virBufferAdd(&buf, def->os.machine, -1);
@@ -7179,6 +7189,25 @@ qemuBuildMachineCommandLine(virCommand *cmd,
         virBufferAddLit(&buf, ",graphics=3Doff");
     }
=20
+    /* add sgx epc memory to -machine parameter */
+    for (i =3D 0; i < def->nmems; i++) {
+        switch ((virDomainMemoryModel) def->mems[i]->model) {
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+            virBufferAsprintf(&buf, ",sgx-epc.%d.memdev=3Dmem%s", epcNum++,
+                              def->mems[i]->info.alias);
+
+            break;
+
+        case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+        case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+        case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+        case VIR_DOMAIN_MEMORY_MODEL_NONE:
+        case VIR_DOMAIN_MEMORY_MODEL_LAST:
+            break;
+        }
+    }
+
     virCommandAddArgBuffer(cmd, &buf);
=20
     return 0;
@@ -7759,11 +7788,27 @@ qemuBuildMemoryDeviceCommandLine(virCommand *cmd,
         if (qemuBuildMemoryDimmBackendStr(cmd, def->mems[i], def, cfg, pri=
v) < 0)
             return -1;
=20
-        if (!(props =3D qemuBuildMemoryDeviceProps(cfg, priv, def, def->me=
ms[i])))
-            return -1;
+        switch ((virDomainMemoryModel) def->mems[i]->model) {
+        case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+        case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+        case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+            if (!(props =3D qemuBuildMemoryDeviceProps(cfg, priv, def, def=
->mems[i])))
+                return -1;
=20
-        if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, priv->qemu=
Caps) < 0)
-            return -1;
+            if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, priv->=
qemuCaps) < 0)
+                return -1;
+
+            break;
+
+        /* sgx epc memory will be added to -machine parameter, so skip her=
e */
+        case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+            break;
+
+        case VIR_DOMAIN_MEMORY_MODEL_NONE:
+        case VIR_DOMAIN_MEMORY_MODEL_LAST:
+            break;
+        }
     }
=20
     return 0;
diff --git a/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args b/tests/qemux=
ml2argvdata/sgx-epc.x86_64-6.2.0.args
new file mode 100644
index 0000000000..56c476b777
--- /dev/null
+++ b/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
@@ -0,0 +1,37 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-QEMUGuest1 \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3DQEMUGuest1,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc-q35-6.2,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc.ra=
m,sgx-epc.0.memdev=3Dmemepc0,sgx-epc.1.memdev=3Dmemepc1 \
+-accel tcg \
+-cpu qemu64 \
+-m 134 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":140509184}'=
 \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-device pcie-root-port,port=3D8,chassis=3D1,id=3Dpci.1,bus=3Dpcie.0,multif=
unction=3Don,addr=3D0x1 \
+-device pcie-root-port,port=3D9,chassis=3D2,id=3Dpci.2,bus=3Dpcie.0,addr=
=3D0x1.0x1 \
+-object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"=
size":67108864}' \
+-object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"=
size":16777216}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.1,addr=3D0x0 \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index a23a89a506..b249e5f032 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3430,6 +3430,8 @@ mymain(void)
     /* HVF guests should not work on Linux with KVM */
     DO_TEST_CAPS_LATEST_PARSE_ERROR("hvf-x86_64-q35-headless");
=20
+    DO_TEST_CAPS_VER("sgx-epc", "6.2.0");
+
     if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL)
         virFileDeleteTree(fakerootdir);
=20
--=20
2.25.1