[v17] Support query and use SGX

[libvirt][PATCH v17 0/9] Support query and use SGX

Lin Yang posted 9 patches 1 year, 5 months ago

Diff against v4 v5 v6 v8 v9 v10 v10 v11 v12 v12 v13 v14 v15 v16

Only 0 patches received!

docs/formatdomain.rst                         |  25 +-
docs/formatdomaincaps.rst                     |  40 ++++
src/conf/domain_capabilities.c                |  47 ++++
src/conf/domain_capabilities.h                |  22 ++
src/conf/domain_conf.c                        |  30 +++
src/conf/domain_conf.h                        |   1 +
src/conf/domain_postparse.c                   |   1 +
src/conf/domain_validate.c                    |   9 +
src/conf/schemas/domaincaps.rng               |  43 ++++
src/conf/schemas/domaincommon.rng             |   1 +
src/libvirt_private.syms                      |   1 +
src/qemu/qemu_alias.c                         |   6 +-
src/qemu/qemu_capabilities.c                  | 220 ++++++++++++++++++
src/qemu/qemu_capabilities.h                  |   4 +
src/qemu/qemu_cgroup.c                        |  78 ++++++-
src/qemu/qemu_command.c                       |  66 +++++-
src/qemu/qemu_domain.c                        |  28 ++-
src/qemu/qemu_domain.h                        |   2 +
src/qemu/qemu_domain_address.c                |   6 +
src/qemu/qemu_driver.c                        |   1 +
src/qemu/qemu_monitor.c                       |  10 +
src/qemu/qemu_monitor.h                       |   3 +
src/qemu/qemu_monitor_json.c                  | 154 +++++++++++-
src/qemu/qemu_monitor_json.h                  |   4 +
src/qemu/qemu_namespace.c                     |  20 +-
src/qemu/qemu_process.c                       |   2 +
src/qemu/qemu_validate.c                      |  40 ++++
src/security/security_apparmor.c              |   1 +
src/security/security_dac.c                   |  46 ++--
src/security/security_selinux.c               |   2 +
tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
tests/domaincapsdata/empty.xml                |   1 +
tests/domaincapsdata/libxl-xenfv.xml          |   1 +
tests/domaincapsdata/libxl-xenpv.xml          |   1 +
.../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
.../qemu_4.2.0-virt.aarch64.xml               |   1 +
tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
.../qemu_5.0.0-virt.aarch64.xml               |   1 +
tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
tests/domaincapsdata/qemu_5.1.0.sparc.xml     |   1 +
tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |   1 +
.../qemu_5.2.0-virt.aarch64.xml               |   1 +
tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |   1 +
tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |   1 +
tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |   1 +
.../qemu_6.0.0-virt.aarch64.xml               |   1 +
tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |   1 +
tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |   1 +
tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   1 +
.../qemu_6.2.0-virt.aarch64.xml               |   1 +
tests/domaincapsdata/qemu_6.2.0.aarch64.xml   |   1 +
tests/domaincapsdata/qemu_6.2.0.ppc64.xml     |   1 +
tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_7.0.0-q35.x86_64.xml  |  10 +
.../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml  |  10 +
.../qemu_7.0.0-virt.aarch64.xml               |   1 +
tests/domaincapsdata/qemu_7.0.0.aarch64.xml   |   1 +
tests/domaincapsdata/qemu_7.0.0.ppc64.xml     |   1 +
tests/domaincapsdata/qemu_7.0.0.x86_64.xml    |  10 +
.../domaincapsdata/qemu_7.1.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml  |   1 +
tests/domaincapsdata/qemu_7.1.0.ppc64.xml     |   1 +
tests/domaincapsdata/qemu_7.1.0.x86_64.xml    |   1 +
.../domaincapsdata/qemu_7.2.0-q35.x86_64.xml  |   1 +
.../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml  |   1 +
tests/domaincapsdata/qemu_7.2.0.x86_64.xml    |   1 +
.../caps_6.2.0.x86_64.replies                 |  21 +-
.../caps_7.0.0.x86_64.replies                 |  34 ++-
.../caps_7.0.0.x86_64.xml                     |  11 +
.../caps_7.1.0.x86_64.replies                 |  21 +-
.../caps_7.2.0.x86_64.replies                 |  21 +-
.../sgx-epc.x86_64-7.0.0.args                 |  40 ++++
tests/qemuxml2argvdata/sgx-epc.xml            |  65 ++++++
tests/qemuxml2argvtest.c                      |   2 +
.../sgx-epc.x86_64-7.0.0.xml                  |  65 ++++++
tests/qemuxml2xmltest.c                       |   2 +
98 files changed, 1210 insertions(+), 70 deletions(-)
create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-7.0.0.args
create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-7.0.0.xml

Expand all Fold all

[libvirt][PATCH v17 0/9] Support query and use SGX

Posted by Lin Yang 1 year, 5 months ago

Diff to v16:
* Included SGX EPC in the calculation and validation of maximum
  memory space in qemuDomainDefValidateMemoryHotplug. Removed
  all hacking in this function, but only skip
  qemuDomainDefValidateMemoryHotplugDevice validation for SGX EPC,
  since it is not hotpluggable.
* Added SGX fields in new QEMU 7.2 domaincaps xml.

Haibin Huang (4):
  domain_capabilities: Define SGX capabilities structs
  qemu: Get SGX capabilities form QMP
  Convert QMP capabilities to domain capabilities
  conf: expose SGX feature in domain capabilities

Lin Yang (2):
  conf: Introduce SGX EPC element into device memory xml
  qemu: Add command-line to generate SGX EPC memory backend

Michal Prívozník (3):
  qemu_cgroup: Allow SGX in devices controller
  qemu_namespace: Create SGX related nodes in domain's namespace
  security_dac: Set DAC label on SGX /dev nodes

 docs/formatdomain.rst                         |  25 +-
 docs/formatdomaincaps.rst                     |  40 ++++
 src/conf/domain_capabilities.c                |  47 ++++
 src/conf/domain_capabilities.h                |  22 ++
 src/conf/domain_conf.c                        |  30 +++
 src/conf/domain_conf.h                        |   1 +
 src/conf/domain_postparse.c                   |   1 +
 src/conf/domain_validate.c                    |   9 +
 src/conf/schemas/domaincaps.rng               |  43 ++++
 src/conf/schemas/domaincommon.rng             |   1 +
 src/libvirt_private.syms                      |   1 +
 src/qemu/qemu_alias.c                         |   6 +-
 src/qemu/qemu_capabilities.c                  | 220 ++++++++++++++++++
 src/qemu/qemu_capabilities.h                  |   4 +
 src/qemu/qemu_cgroup.c                        |  78 ++++++-
 src/qemu/qemu_command.c                       |  66 +++++-
 src/qemu/qemu_domain.c                        |  28 ++-
 src/qemu/qemu_domain.h                        |   2 +
 src/qemu/qemu_domain_address.c                |   6 +
 src/qemu/qemu_driver.c                        |   1 +
 src/qemu/qemu_monitor.c                       |  10 +
 src/qemu/qemu_monitor.h                       |   3 +
 src/qemu/qemu_monitor_json.c                  | 154 +++++++++++-
 src/qemu/qemu_monitor_json.h                  |   4 +
 src/qemu/qemu_namespace.c                     |  20 +-
 src/qemu/qemu_process.c                       |   2 +
 src/qemu/qemu_validate.c                      |  40 ++++
 src/security/security_apparmor.c              |   1 +
 src/security/security_dac.c                   |  46 ++--
 src/security/security_selinux.c               |   2 +
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
 tests/domaincapsdata/empty.xml                |   1 +
 tests/domaincapsdata/libxl-xenfv.xml          |   1 +
 tests/domaincapsdata/libxl-xenpv.xml          |   1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_5.1.0.sparc.xml     |   1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_6.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_6.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_6.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_6.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml  |  10 +
 .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml  |  10 +
 .../qemu_7.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_7.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_7.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_7.0.0.x86_64.xml    |  10 +
 .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_7.1.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_7.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_7.2.0.x86_64.xml    |   1 +
 .../caps_6.2.0.x86_64.replies                 |  21 +-
 .../caps_7.0.0.x86_64.replies                 |  34 ++-
 .../caps_7.0.0.x86_64.xml                     |  11 +
 .../caps_7.1.0.x86_64.replies                 |  21 +-
 .../caps_7.2.0.x86_64.replies                 |  21 +-
 .../sgx-epc.x86_64-7.0.0.args                 |  40 ++++
 tests/qemuxml2argvdata/sgx-epc.xml            |  65 ++++++
 tests/qemuxml2argvtest.c                      |   2 +
 .../sgx-epc.x86_64-7.0.0.xml                  |  65 ++++++
 tests/qemuxml2xmltest.c                       |   2 +
 98 files changed, 1210 insertions(+), 70 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-7.0.0.args
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
 create mode 100644 tests/qemuxml2xmloutdata/sgx-epc.x86_64-7.0.0.xml

-- 
2.25.1

Re: [libvirt][PATCH v17 0/9] Support query and use SGX

Posted by Michal Prívozník 1 year, 5 months ago

On 11/11/22 02:17, Lin Yang wrote:
> Diff to v16:
> * Included SGX EPC in the calculation and validation of maximum
>   memory space in qemuDomainDefValidateMemoryHotplug. Removed
>   all hacking in this function, but only skip
>   qemuDomainDefValidateMemoryHotplugDevice validation for SGX EPC,
>   since it is not hotpluggable.
> * Added SGX fields in new QEMU 7.2 domaincaps xml.
> 
> Haibin Huang (4):
>   domain_capabilities: Define SGX capabilities structs
>   qemu: Get SGX capabilities form QMP
>   Convert QMP capabilities to domain capabilities
>   conf: expose SGX feature in domain capabilities
> 
> Lin Yang (2):
>   conf: Introduce SGX EPC element into device memory xml
>   qemu: Add command-line to generate SGX EPC memory backend
> 
> Michal Prívozník (3):
>   qemu_cgroup: Allow SGX in devices controller
>   qemu_namespace: Create SGX related nodes in domain's namespace
>   security_dac: Set DAC label on SGX /dev nodes
> 


>  98 files changed, 1210 insertions(+), 70 deletions(-)


Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

and pushed. Congratulations on your first libvirt contribution and thank
you for your patience.

Michal