From: Lin Yang <lin.a.yang@intel.com>
According to the result parsing from xml, add the argument of
SGX EPC memory backend into QEMU command line:
#qemu-system-x86_64 \
...... \
-object memory-backend-epc,id=memepc0,size=64M,prealloc=on \
-object memory-backend-epc,id=memepc1,size=28M \
-machine sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1
Signed-off-by: Lin Yang <lin.a.yang@intel.com>
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
---
src/qemu/qemu_alias.c | 3 +-
src/qemu/qemu_command.c | 53 +++++++++++++++++--
.../sgx-epc.x86_64-6.2.0.args | 37 +++++++++++++
tests/qemuxml2argvtest.c | 2 +
4 files changed, 90 insertions(+), 5 deletions(-)
create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index e5a946cbed..03c79bcf0e 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -467,7 +467,8 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
* valid */
if (!oldAlias &&
mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM &&
- mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM)
+ mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM &&
+ mem->model != VIR_DOMAIN_MEMORY_MODEL_SGX_EPC)
return mem->info.addr.dimm.slot;
for (i = 0; i < def->nmems; i++) {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4807b137b6..9c83f0e168 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3774,6 +3774,10 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
if (systemMemory)
disableCanonicalPath = true;
+ } else if (mem->model == VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) {
+ backendType = "memory-backend-epc";
+ if (!priv->memPrealloc)
+ prealloc = true;
} else if (useHugepage || mem->nvdimmPath || memAccess ||
def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_FILE) {
@@ -3934,6 +3938,11 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
_("this qemu doesn't support the "
"memory-backend-memfd object"));
return -1;
+ } else if (STREQ(backendType, "memory-backend-epc") &&
+ !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_SGX_EPC)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("this qemu doesn't support the memory-backend-epc object"));
+ return -1;
}
rc = 0;
@@ -6979,6 +6988,7 @@ qemuBuildMachineCommandLine(virCommand *cmd,
virCPUDef *cpu = def->cpu;
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
size_t i;
+ int epcNum = 0;
virCommandAddArg(cmd, "-machine");
virBufferAdd(&buf, def->os.machine, -1);
@@ -7199,6 +7209,25 @@ qemuBuildMachineCommandLine(virCommand *cmd,
virBufferAddLit(&buf, ",graphics=off");
}
+ /* add sgx epc memory to -machine parameter */
+ for (i = 0; i < def->nmems; i++) {
+ switch ((virDomainMemoryModel) def->mems[i]->model) {
+ case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+ virBufferAsprintf(&buf, ",sgx-epc.%d.memdev=mem%s", epcNum++,
+ def->mems[i]->info.alias);
+
+ break;
+
+ case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+ case VIR_DOMAIN_MEMORY_MODEL_NONE:
+ case VIR_DOMAIN_MEMORY_MODEL_LAST:
+ break;
+ }
+ }
+
virCommandAddArgBuffer(cmd, &buf);
return 0;
@@ -7779,11 +7808,27 @@ qemuBuildMemoryDeviceCommandLine(virCommand *cmd,
if (qemuBuildMemoryDimmBackendStr(cmd, def->mems[i], def, cfg, priv) < 0)
return -1;
- if (!(props = qemuBuildMemoryDeviceProps(cfg, priv, def, def->mems[i])))
- return -1;
+ switch ((virDomainMemoryModel) def->mems[i]->model) {
+ case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
+ if (!(props = qemuBuildMemoryDeviceProps(cfg, priv, def, def->mems[i])))
+ return -1;
- if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, priv->qemuCaps) < 0)
- return -1;
+ if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, priv->qemuCaps) < 0)
+ return -1;
+
+ break;
+
+ /* sgx epc memory will be added to -machine parameter, so skip here */
+ case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+ break;
+
+ case VIR_DOMAIN_MEMORY_MODEL_NONE:
+ case VIR_DOMAIN_MEMORY_MODEL_LAST:
+ break;
+ }
}
return 0;
diff --git a/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args b/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
new file mode 100644
index 0000000000..56c476b777
--- /dev/null
+++ b/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
@@ -0,0 +1,37 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc-q35-6.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1 \
+-accel tcg \
+-cpu qemu64 \
+-m 134 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":140509184}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-device pcie-root-port,port=8,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x1 \
+-device pcie-root-port,port=9,chassis=2,id=pci.2,bus=pcie.0,addr=0x1.0x1 \
+-object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864}' \
+-object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-device virtio-balloon-pci,id=balloon0,bus=pci.1,addr=0x0 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 7708e3ba3e..b32803474e 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3433,6 +3433,8 @@ mymain(void)
/* HVF guests should not work on Linux with KVM */
DO_TEST_CAPS_LATEST_PARSE_ERROR("hvf-x86_64-q35-headless");
+ DO_TEST_CAPS_VER("sgx-epc", "6.2.0");
+
if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL)
virFileDeleteTree(fakerootdir);
--
2.17.1On 5/18/22 09:59, Haibin Huang wrote:
> From: Lin Yang <lin.a.yang@intel.com>
>
> According to the result parsing from xml, add the argument of
> SGX EPC memory backend into QEMU command line:
>
> #qemu-system-x86_64 \
> ...... \
> -object memory-backend-epc,id=memepc0,size=64M,prealloc=on \
> -object memory-backend-epc,id=memepc1,size=28M \
> -machine sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1
>
> Signed-off-by: Lin Yang <lin.a.yang@intel.com>
> Signed-off-by: Haibin Huang <haibin.huang@intel.com>
> ---
> src/qemu/qemu_alias.c | 3 +-
> src/qemu/qemu_command.c | 53 +++++++++++++++++--
> .../sgx-epc.x86_64-6.2.0.args | 37 +++++++++++++
> tests/qemuxml2argvtest.c | 2 +
> 4 files changed, 90 insertions(+), 5 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
>
> diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
> index e5a946cbed..03c79bcf0e 100644
> --- a/src/qemu/qemu_alias.c
> +++ b/src/qemu/qemu_alias.c
> @@ -467,7 +467,8 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
> * valid */
> if (!oldAlias &&
> mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM &&
> - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM)
> + mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM &&
> + mem->model != VIR_DOMAIN_MEMORY_MODEL_SGX_EPC)
> return mem->info.addr.dimm.slot;
>
> for (i = 0; i < def->nmems; i++) {
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 4807b137b6..9c83f0e168 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -3774,6 +3774,10 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
> if (systemMemory)
> disableCanonicalPath = true;
>
> + } else if (mem->model == VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) {
> + backendType = "memory-backend-epc";
> + if (!priv->memPrealloc)
> + prealloc = true;
> } else if (useHugepage || mem->nvdimmPath || memAccess ||
> def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_FILE) {
>
> @@ -3934,6 +3938,11 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
> _("this qemu doesn't support the "
> "memory-backend-memfd object"));
> return -1;
> + } else if (STREQ(backendType, "memory-backend-epc") &&
> + !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_SGX_EPC)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("this qemu doesn't support the memory-backend-epc object"));
> + return -1;
> }
>
> rc = 0;
> @@ -6979,6 +6988,7 @@ qemuBuildMachineCommandLine(virCommand *cmd,
> virCPUDef *cpu = def->cpu;
> g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
> size_t i;
> + int epcNum = 0;
>
> virCommandAddArg(cmd, "-machine");
> virBufferAdd(&buf, def->os.machine, -1);
> @@ -7199,6 +7209,25 @@ qemuBuildMachineCommandLine(virCommand *cmd,
> virBufferAddLit(&buf, ",graphics=off");
> }
>
> + /* add sgx epc memory to -machine parameter */
> + for (i = 0; i < def->nmems; i++) {
> + switch ((virDomainMemoryModel) def->mems[i]->model) {
> + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> + virBufferAsprintf(&buf, ",sgx-epc.%d.memdev=mem%s", epcNum++,
> + def->mems[i]->info.alias);
So there really isn't any better way to specify sgx-epc than through -M?
This way libvirt loses capability to set th device @id attribute which
means we have to jump through hoops (like in your patch 2/6) when the
@id value is expected.
I vaguely pointing this out earlier (but maybe I just thought about
pointing it out and never did - it's been a while since I've reviewed
these patches), but I don't know what the consensus was.
Michal
On 5/30/22, 6:09 AM, "Michal Prívozník" <mprivozn@redhat.com> wrote:
> On 5/18/22 09:59, Haibin Huang wrote:
> > From: Lin Yang <lin.a.yang@intel.com>
> >
> > According to the result parsing from xml, add the argument of
> > SGX EPC memory backend into QEMU command line:
> >
> > #qemu-system-x86_64 \
> > ...... \
> > -object memory-backend-epc,id=memepc0,size=64M,prealloc=on \
> > -object memory-backend-epc,id=memepc1,size=28M \
> > -machine sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1
> >
> > Signed-off-by: Lin Yang <lin.a.yang@intel.com>
> > Signed-off-by: Haibin Huang <haibin.huang@intel.com>
> > ---
> > src/qemu/qemu_alias.c | 3 +-
> > src/qemu/qemu_command.c | 53 +++++++++++++++++--
> > .../sgx-epc.x86_64-6.2.0.args | 37 +++++++++++++
> > tests/qemuxml2argvtest.c | 2 +
> > 4 files changed, 90 insertions(+), 5 deletions(-)
> > create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
> >
> > diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
> > index e5a946cbed..03c79bcf0e 100644
> > --- a/src/qemu/qemu_alias.c
> > +++ b/src/qemu/qemu_alias.c
> > @@ -467,7 +467,8 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def,
> > * valid */
> > if (!oldAlias &&
> > mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM &&
> > - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM)
> > + mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM &&
> > + mem->model != VIR_DOMAIN_MEMORY_MODEL_SGX_EPC)
> > return mem->info.addr.dimm.slot;
> >
> > for (i = 0; i < def->nmems; i++) {
> > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> > index 4807b137b6..9c83f0e168 100644
> > --- a/src/qemu/qemu_command.c
> > +++ b/src/qemu/qemu_command.c
> > @@ -3774,6 +3774,10 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
> > if (systemMemory)
> > disableCanonicalPath = true;
> >
> > + } else if (mem->model == VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) {
> > + backendType = "memory-backend-epc";
> > + if (!priv->memPrealloc)
> > + prealloc = true;
> > } else if (useHugepage || mem->nvdimmPath || memAccess ||
> > def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_FILE) {
> >
> > @@ -3934,6 +3938,11 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
> > _("this qemu doesn't support the "
> > "memory-backend-memfd object"));
> > return -1;
> > + } else if (STREQ(backendType, "memory-backend-epc") &&
> > + !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_SGX_EPC)) {
> > + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> > + _("this qemu doesn't support the memory-backend-epc object"));
> > + return -1;
> > }
> >
> > rc = 0;
> > @@ -6979,6 +6988,7 @@ qemuBuildMachineCommandLine(virCommand *cmd,
> > virCPUDef *cpu = def->cpu;
> > g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
> > size_t i;
> > + int epcNum = 0;
> >
> > virCommandAddArg(cmd, "-machine");
> > virBufferAdd(&buf, def->os.machine, -1);
> > @@ -7199,6 +7209,25 @@ qemuBuildMachineCommandLine(virCommand *cmd,
> > virBufferAddLit(&buf, ",graphics=off");
> > }
> >
> > + /* add sgx epc memory to -machine parameter */
> > + for (i = 0; i < def->nmems; i++) {
> > + switch ((virDomainMemoryModel) def->mems[i]->model) {
> > + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
> > + virBufferAsprintf(&buf, ",sgx-epc.%d.memdev=mem%s", epcNum++,
> > + def->mems[i]->info.alias);
>
> So there really isn't any better way to specify sgx-epc than through -M?
> This way libvirt loses capability to set th device @id attribute which
> means we have to jump through hoops (like in your patch 2/6) when the
> @id value is expected.
>
> I vaguely pointing this out earlier (but maybe I just thought about
> pointing it out and never did - it's been a while since I've reviewed
> these patches), but I don't know what the consensus was.
I was not involved in the QEMU SGX patches review process and don’t
know the reason why it use -machine instead of -device. The initial
patch introduce separate QEMU argument -sgx-epc, but finally was
updated to -machine according to the comments.
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00644.html
Thanks,
Lin.
© 2016 - 2026 Red Hat, Inc.