From nobody Mon Feb 9 19:04:44 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1652860803445984.2010881719302; Wed, 18 May 2022 01:00:03 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-675-6nPc5A73MouJf8-if7BGuA-1; Wed, 18 May 2022 03:59:46 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B7BF7100BAC6; Wed, 18 May 2022 07:59:44 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id A276440CFD01; Wed, 18 May 2022 07:59:44 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id CDFD719259E7; Wed, 18 May 2022 07:59:43 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 831501947B84 for ; Wed, 18 May 2022 07:59:42 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 63736492CA3; Wed, 18 May 2022 07:59:42 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5EFA7492C3B for ; Wed, 18 May 2022 07:59:42 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 41F03811E76 for ; Wed, 18 May 2022 07:59:42 +0000 (UTC) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-9-W36zWY6xPRq4ptKQz9W4Mw-3; Wed, 18 May 2022 03:59:39 -0400 Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2022 00:59:36 -0700 Received: from sse-tme-qnx-01.jf.intel.com ([10.54.34.46]) by orsmga005.jf.intel.com with ESMTP; 18 May 2022 00:59:36 -0700 X-MC-Unique: 6nPc5A73MouJf8-if7BGuA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: W36zWY6xPRq4ptKQz9W4Mw-3 X-IronPort-AV: E=McAfee;i="6400,9594,10350"; a="252061026" X-IronPort-AV: E=Sophos;i="5.91,234,1647327600"; d="scan'208";a="252061026" X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,234,1647327600"; d="scan'208";a="742198348" From: Haibin Huang To: libvir-list@redhat.com, haibin.huang@intel.com, jian-feng.ding@intel.com, lin.a.yang@intel.com, lianhao.lu@intel.com, yang.zhong@intel.com Subject: [libvirt][PATCH RESEND v12 3/6] Convert QMP capabilities to domain capabilities Date: Wed, 18 May 2022 00:59:30 -0700 Message-Id: <20220518075933.19943-4-haibin.huang@intel.com> In-Reply-To: <20220518075933.19943-1-haibin.huang@intel.com> References: <20220518075933.19943-1-haibin.huang@intel.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 2 X-Mimecast-Originator: redhat.com X-ZM-MESSAGEID: 1652860804832100003 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8"; x-default="true" the QMP capabilities: {"return": { "sgx": true, "section-size": 1024, "flc": true } } the domain capabilities: yes 1 Signed-off-by: Haibin Huang --- src/conf/schemas/domaincaps.rng | 22 +++- src/qemu/qemu_capabilities.c | 121 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_capspriv.h | 4 + .../caps_6.2.0.x86_64.replies | 22 +++- .../caps_6.2.0.x86_64.xml | 5 + .../caps_7.0.0.x86_64.replies | 22 +++- .../caps_7.0.0.x86_64.xml | 5 + .../caps_7.1.0.x86_64.replies | 21 ++- 9 files changed, 213 insertions(+), 13 deletions(-) diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.= rng index 9cbc2467ab..5ace30ae0d 100644 --- a/src/conf/schemas/domaincaps.rng +++ b/src/conf/schemas/domaincaps.rng @@ -270,6 +270,9 @@ + + + =20 @@ -330,7 +333,24 @@ =20 - + + + + + + + + + + KiB + + + + + + + + diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index a59d839d85..0d16762a0b 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -675,6 +675,7 @@ VIR_ENUM_IMPL(virQEMUCaps, =20 /* 430 */ "chardev.qemu-vdagent", /* QEMU_CAPS_CHARDEV_QEMU_VDAGENT */ + "sgx-epc", /* QEMU_CAPS_SGX_EPC */ ); =20 =20 @@ -756,6 +757,8 @@ struct _virQEMUCaps { =20 virSEVCapability *sevCapabilities; =20 + virSGXCapability *sgxCapabilities; + /* Capabilities which may differ depending on the accelerator. */ virQEMUCapsAccel kvm; virQEMUCapsAccel hvf; @@ -1398,6 +1401,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[= ] =3D { { "s390-pv-guest", QEMU_CAPS_S390_PV_GUEST }, { "virtio-mem-pci", QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI }, { "virtio-iommu-pci", QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI }, + { "sgx-epc", QEMU_CAPS_SGX_EPC }, }; =20 =20 @@ -1974,6 +1978,22 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, } =20 =20 +static int +virQEMUCapsSGXInfoCopy(virSGXCapabilityPtr *dst, + virSGXCapabilityPtr src) +{ + g_autoptr(virSGXCapability) tmp =3D NULL; + + tmp =3D g_new0(virSGXCapability, 1); + + tmp->flc =3D src->flc; + tmp->epc_size =3D src->epc_size; + + *dst =3D g_steal_pointer(&tmp); + return 0; +} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccel *dst, virQEMUCapsAccel *src) @@ -2055,6 +2075,12 @@ virQEMUCaps *virQEMUCapsNewCopy(virQEMUCaps *qemuCap= s) qemuCaps->sevCapabilities) < 0) return NULL; =20 + + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) && + virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities, + qemuCaps->sgxCapabilities) < 0) + return NULL; + return g_steal_pointer(&ret); } =20 @@ -2618,6 +2644,13 @@ virQEMUCapsGetSEVCapabilities(virQEMUCaps *qemuCaps) } =20 =20 +virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps) +{ + return qemuCaps->sgxCapabilities; +} + + static int virQEMUCapsProbeQMPCommands(virQEMUCaps *qemuCaps, qemuMonitor *mon) @@ -3444,6 +3477,31 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemu= Caps, } =20 =20 +static int +virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemuCaps, + qemuMonitor *mon) +{ + int rc =3D -1; + virSGXCapability *caps =3D NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if ((rc =3D qemuMonitorGetSGXCapabilities(mon, &caps)) < 0) + return -1; + + /* SGX isn't actually supported */ + if (rc =3D=3D 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_SGX_EPC); + return 0; + } + + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); + qemuCaps->sgxCapabilities =3D caps; + return 0; +} + + /* * Filter for features which should never be passed to QEMU. Either because * QEMU never supported them or they were dropped as they never did anythi= ng @@ -4222,6 +4280,42 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXP= athContextPtr ctxt) } =20 =20 +static int +virQEMUCapsParseSGXInfo(virQEMUCaps *qemuCaps, + xmlXPathContextPtr ctxt) +{ + g_autoptr(virSGXCapability) sgx =3D NULL; + g_autofree char *flc =3D NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if (virXPathBoolean("boolean(./sgx)", ctxt) =3D=3D 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform data in QEMU capabilities c= ache")); + return -1; + } + + sgx =3D g_new0(virSGXCapability, 1); + + if ((!(flc =3D virXPathString("string(./sgx/flc)", ctxt))) || + virStringParseYesNo(flc, &sgx->flc) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform flc in QEMU capa= bilities cache")); + return -1; + } + + if (virXPathUInt("string(./sgx/epc_size)", ctxt, &sgx->epc_size) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SGX platform epc_size in QE= MU capabilities cache")); + return -1; + } + + qemuCaps->sgxCapabilities =3D g_steal_pointer(&sgx); + return 0; +} + + static int virQEMUCapsParseFlags(virQEMUCaps *qemuCaps, xmlXPathContextPtr ctxt) { @@ -4524,6 +4618,9 @@ virQEMUCapsLoadCache(virArch hostArch, if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0) return -1; =20 + if (virQEMUCapsParseSGXInfo(qemuCaps, ctxt) < 0) + return -1; + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM)) virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KV= M); if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_HVF)) @@ -4709,6 +4806,25 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virB= uffer *buf) } =20 =20 +static void +virQEMUCapsFormatSGXInfo(virQEMUCaps *qemuCaps, + virBuffer *buf) +{ + virSGXCapabilityPtr sgx =3D virQEMUCapsGetSGXCapabilities(qemuCaps); + + virBufferAddLit(buf, "\n"); + virBufferAdjustIndent(buf, 2); + if (sgx->flc) { + virBufferAsprintf(buf, "%s\n", "yes"); + } else { + virBufferAsprintf(buf, "%s\n", "no"); + } + virBufferAsprintf(buf, "%u\n", sgx->epc_size); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); +} + + char * virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) { @@ -4790,6 +4906,9 @@ virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf); =20 + if (qemuCaps->sgxCapabilities) + virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->kvmSupportsNesting) virBufferAddLit(&buf, "\n"); =20 @@ -5457,6 +5576,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps, return -1; if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) + return -1; =20 virQEMUCapsInitProcessCaps(qemuCaps); =20 diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 59c09903f3..38ec3222dd 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -650,6 +650,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for = syntax-check */ =20 /* 430 */ QEMU_CAPS_CHARDEV_QEMU_VDAGENT, /* -chardev qemu-vdagent */ + QEMU_CAPS_SGX_EPC, /* -object sgx-epc,... */ =20 QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; @@ -843,6 +844,9 @@ virQEMUCapsCPUFeatureFromQEMU(virQEMUCaps *qemuCaps, virSEVCapability * virQEMUCapsGetSEVCapabilities(virQEMUCaps *qemuCaps); =20 +virSGXCapabilityPtr +virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps); + bool virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps) G_GNUC_NO_INLI= NE; =20 diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h index f4f4a99d32..c632647a74 100644 --- a/src/qemu/qemu_capspriv.h +++ b/src/qemu/qemu_capspriv.h @@ -101,6 +101,10 @@ void virQEMUCapsSetSEVCapabilities(virQEMUCaps *qemuCaps, virSEVCapability *capabilities); =20 +void +virQEMUCapsSetSGXCapabilities(virQEMUCaps *qemuCaps, + virSGXCapability *capabilities); + int virQEMUCapsProbeCPUDefinitionsTest(virQEMUCaps *qemuCaps, qemuMonitor *mon); diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies b/tests/q= emucapabilitiesdata/caps_6.2.0.x86_64.replies index e235532d62..04b3a06f4a 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies @@ -32707,6 +32707,20 @@ } } =20 +{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "return": { + "sgx": true, + "section-size": 1024, + "flc": false + }, + "id": "libvirt-51" +} + { "execute": "query-cpu-model-expansion", "arguments": { @@ -32715,7 +32729,7 @@ "name": "host" } }, - "id": "libvirt-51" + "id": "libvirt-52" } =20 { @@ -33048,7 +33062,7 @@ } } }, - "id": "libvirt-51" + "id": "libvirt-52" } =20 { @@ -33062,7 +33076,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } =20 { @@ -33395,7 +33409,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } =20 { diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_6.2.0.x86_64.xml index 19605d93ae..bc7c16c0f9 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml @@ -238,6 +238,7 @@ + 6002000 0 43100244 @@ -3706,4 +3707,8 @@ + + no + 1 + diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies b/tests/q= emucapabilitiesdata/caps_7.0.0.x86_64.replies index 620442704a..6e85a96ffb 100644 --- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies @@ -33317,6 +33317,20 @@ } } =20 +{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "return": { + "sgx": true, + "section-size": 1024, + "flc": false + }, + "id": "libvirt-51" +} + { "execute": "query-cpu-model-expansion", "arguments": { @@ -33325,7 +33339,7 @@ "name": "host" } }, - "id": "libvirt-51" + "id": "libvirt-52" } =20 { @@ -33662,7 +33676,7 @@ } } }, - "id": "libvirt-51" + "id": "libvirt-52" } =20 { @@ -33676,7 +33690,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } =20 { @@ -34013,7 +34027,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } =20 { diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_7.0.0.x86_64.xml index 7523b92e6b..54720d9ee9 100644 --- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml @@ -242,6 +242,7 @@ + 7000000 0 43100243 @@ -3770,4 +3771,8 @@ + + no + 1 + diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies b/tests/q= emucapabilitiesdata/caps_7.1.0.x86_64.replies index 8444825cb7..c52b7917e2 100644 --- a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies @@ -33484,6 +33484,19 @@ } } =20 +{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "id": "libvirt-51", + "error": { + "class": "GenericError", + "desc": "SGX is not enabled in KVM" + } +} + { "execute": "query-cpu-model-expansion", "arguments": { @@ -33492,7 +33505,7 @@ "name": "host" } }, - "id": "libvirt-51" + "id": "libvirt-52" } =20 { @@ -33829,7 +33842,7 @@ } } }, - "id": "libvirt-51" + "id": "libvirt-52" } =20 { @@ -33843,7 +33856,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } =20 { @@ -34180,7 +34193,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } =20 { --=20 2.17.1