[PATCH v14 00/15] Support query and use SGX

Wednesday, 27 July 2022

As agreed here, I've taken posted patches, did some changes and fixes
and posted them:

https://listman.redhat.com/archives/libvir-list/2022-July/233164.html

The v13 version can be found here:

https://listman.redhat.com/archives/libvir-list/2022-July/232679.html

diff to v13:
- I've worked my comments in (couple of memleaks, naming issues, ...)
- Fixed problem with CGroups and namespaces
- Fixed a problem with <memoryBacking> <source type='memfd'/>, which
  prevented domain from starting. Simply because wrong memory-backend
  was picked for SGX (-memfd was picked instead of -sgx).
- Some cleanups, formatted before original patches (more tests,
  validation, code separation, ...)

You can find these patches on my gitlab (among with green pipeline):

https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx_rework

Haibin Huang (4):
  domain_capabilities: Define SGX capabilities structs
  qemu: Get SGX capabilities form QMP
  Convert QMP capabilities to domain capabilities
  conf: expose SGX feature in domain capabilities

Lin Yang (2):
  conf: Introduce SGX EPC element into device memory xml
  qemu: Add command-line to generate SGX EPC memory backend

Michal Prívozník (9):
  qemuxml2argvtest: Switch memory-hotplug-dimm-addr to latest caps
  qemuxml2xmltest: Test memory-hotplug-dimm-addr
  conf: Validate virDomainMemoryDef::targetNode
  qemu_command: Separate domain features building into a helper
  qemu_command: Separate domain memory building into a helper
  qemu_cgroup: Don't ignore ENOENT in qemuCgroupAllowDevicesPaths()
  qemu_cgroup: Allow SGX in devices controller
  qemu_namespace: Create SGX related nodes in domain's namespace
  security_dac: Set DAC label on SGX /dev nodes

 docs/formatdomain.rst                         |  25 +-
 docs/formatdomaincaps.rst                     |  40 +++
 src/conf/domain_capabilities.c                |  46 +++
 src/conf/domain_capabilities.h                |  22 ++
 src/conf/domain_conf.c                        |  30 ++
 src/conf/domain_conf.h                        |   1 +
 src/conf/domain_postparse.c                   |   1 +
 src/conf/domain_validate.c                    |  22 ++
 src/conf/schemas/domaincaps.rng               |  40 +++
 src/conf/schemas/domaincommon.rng             |   1 +
 src/libvirt_private.syms                      |   1 +
 src/qemu/qemu_alias.c                         |   6 +-
 src/qemu/qemu_capabilities.c                  | 222 +++++++++++++
 src/qemu/qemu_capabilities.h                  |   6 +
 src/qemu/qemu_cgroup.c                        |  82 ++++-
 src/qemu/qemu_command.c                       | 293 +++++++++++-------
 src/qemu/qemu_domain.c                        |  48 ++-
 src/qemu/qemu_domain.h                        |   2 +
 src/qemu/qemu_domain_address.c                |   6 +
 src/qemu/qemu_driver.c                        |   1 +
 src/qemu/qemu_monitor.c                       |  10 +
 src/qemu/qemu_monitor.h                       |   3 +
 src/qemu/qemu_monitor_json.c                  | 148 ++++++++-
 src/qemu/qemu_monitor_json.h                  |   4 +
 src/qemu/qemu_namespace.c                     |  20 +-
 src/qemu/qemu_process.c                       |   2 +
 src/qemu/qemu_validate.c                      |   8 +
 src/security/security_apparmor.c              |   1 +
 src/security/security_dac.c                   |  44 ++-
 src/security/security_selinux.c               |   2 +
 tests/domaincapsdata/bhyve_basic.x86_64.xml   |   1 +
 tests/domaincapsdata/bhyve_fbuf.x86_64.xml    |   1 +
 tests/domaincapsdata/bhyve_uefi.x86_64.xml    |   1 +
 tests/domaincapsdata/empty.xml                |   1 +
 tests/domaincapsdata/libxl-xenfv.xml          |   1 +
 tests/domaincapsdata/libxl-xenpv.xml          |   1 +
 .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_3.1.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_3.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_4.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_4.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_5.1.0.sparc.xml     |   1 +
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |   1 +
 .../qemu_5.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |   1 +
 .../qemu_6.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |   1 +
 .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |   1 +
 tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |   1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   6 +
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   6 +
 .../qemu_6.2.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_6.2.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_6.2.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |   6 +
 .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml  |  10 +
 .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml  |  10 +
 .../qemu_7.0.0-virt.aarch64.xml               |   1 +
 tests/domaincapsdata/qemu_7.0.0.aarch64.xml   |   1 +
 tests/domaincapsdata/qemu_7.0.0.ppc64.xml     |   1 +
 tests/domaincapsdata/qemu_7.0.0.x86_64.xml    |  10 +
 .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml  |  10 +
 .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml  |  10 +
 tests/domaincapsdata/qemu_7.1.0.x86_64.xml    |  10 +
 .../caps_6.2.0.x86_64.replies                 |  24 +-
 .../caps_6.2.0.x86_64.xml                     |   7 +
 .../caps_7.0.0.x86_64.replies                 |  34 +-
 .../caps_7.0.0.x86_64.xml                     |  11 +
 .../caps_7.1.0.x86_64.replies                 |  34 +-
 .../caps_7.1.0.x86_64.xml                     |  11 +
 .../aarch64-aavmf-virtio-mmio.args            |   2 +-
 .../aarch64-cpu-passthrough.args              |   2 +-
 ...fault-cpu-kvm-virt-4.2.aarch64-latest.args |   2 +-
 ...fault-cpu-tcg-virt-4.2.aarch64-latest.args |   2 +-
 .../aarch64-features-sve.aarch64-latest.args  |   2 +-
 tests/qemuxml2argvdata/aarch64-gic-host.args  |   2 +-
 .../aarch64-gic-none-tcg.args                 |   2 +-
 tests/qemuxml2argvdata/aarch64-gic-v2.args    |   2 +-
 tests/qemuxml2argvdata/aarch64-gic-v3.args    |   2 +-
 .../qemuxml2argvdata/aarch64-pci-serial.args  |   2 +-
 .../aarch64-tpm.aarch64-latest.args           |   2 +-
 .../aarch64-traditional-pci.args              |   2 +-
 .../aarch64-usb-controller-nec-xhci.args      |   2 +-
 .../aarch64-usb-controller-qemu-xhci.args     |   2 +-
 .../aarch64-video-default.args                |   2 +-
 .../aarch64-video-virtio-gpu-pci.args         |   2 +-
 .../aarch64-virt-2.6-virtio-pci-default.args  |   2 +-
 .../aarch64-virt-default-nic.args             |   2 +-
 .../aarch64-virt-graphics.aarch64-latest.args |   2 +-
 .../aarch64-virt-headless.aarch64-latest.args |   2 +-
 .../qemuxml2argvdata/aarch64-virt-virtio.args |   2 +-
 .../aarch64-virtio-pci-default.args           |   2 +-
 .../aarch64-virtio-pci-manual-addresses.args  |   2 +-
 .../balloon-mmio-deflate.args                 |   2 +-
 .../clock-timer-armvtimer.aarch64-latest.args |   2 +-
 ...ult-video-type-aarch64.aarch64-latest.args |   2 +-
 ...mware-auto-efi-aarch64.aarch64-latest.args |   2 +-
 ...-auto-efi-enrolled-keys.x86_64-latest.args |   2 +-
 ...-auto-efi-loader-secure.x86_64-latest.args |   2 +-
 ...to-efi-no-enrolled-keys.x86_64-latest.args |   2 +-
 ...are-auto-efi-no-secboot.x86_64-latest.args |   2 +-
 ...firmware-auto-efi-nvram.x86_64-latest.args |   2 +-
 ...rmware-auto-efi-secboot.x86_64-latest.args |   2 +-
 ...ware-auto-efi-stateless.x86_64-latest.args |   2 +-
 .../firmware-auto-efi.x86_64-latest.args      |   2 +-
 ...manual-bios-rw-implicit.x86_64-latest.args |   2 +-
 ...firmware-manual-bios-rw.x86_64-latest.args |   2 +-
 .../firmware-manual-efi-acpi-aarch64.args     |   2 +-
 .../firmware-manual-efi-noacpi-aarch64.args   |   2 +-
 ...e-manual-efi-nvram-file.x86_64-latest.args |   2 +-
 ...efi-nvram-network-iscsi.x86_64-latest.args |   2 +-
 ...l-efi-nvram-network-nbd.x86_64-latest.args |   2 +-
 ...nual-efi-nvram-template.x86_64-latest.args |   2 +-
 ...re-manual-efi-stateless.x86_64-latest.args |   2 +-
 .../firmware-manual-noefi-noacpi-aarch64.args |   2 +-
 .../hvf-aarch64-virt-headless.args            |   2 +-
 .../intel-iommu-aw-bits.x86_64-latest.args    |   2 +-
 ...ntel-iommu-caching-mode.x86_64-latest.args |   2 +-
 ...ntel-iommu-device-iotlb.x86_64-latest.args |   2 +-
 .../intel-iommu-eim.x86_64-latest.args        |   2 +-
 .../iommu-smmuv3.aarch64-latest.args          |   2 +-
 .../launch-security-s390-pv.s390x-latest.args |   2 +-
 ...nch-security-sev-direct.x86_64-latest.args |   2 +-
 ...ev-missing-platform-info.x86_64-6.0.0.args |   2 +-
 .../launch-security-sev.x86_64-6.0.0.args     |   2 +-
 .../mach-virt-console-virtio.args             |   2 +-
 .../mach-virt-serial-native.args              |   2 +-
 .../mach-virt-serial-pci.args                 |   2 +-
 .../mach-virt-serial-usb.args                 |   2 +-
 .../machine-aeskeywrap-off-cap.args           |   2 +-
 .../machine-aeskeywrap-off-caps.args          |   2 +-
 .../machine-aeskeywrap-on-cap.args            |   2 +-
 .../machine-aeskeywrap-on-caps.args           |   2 +-
 .../machine-deakeywrap-off-cap.args           |   2 +-
 .../machine-deakeywrap-off-caps.args          |   2 +-
 .../machine-deakeywrap-on-cap.args            |   2 +-
 .../machine-deakeywrap-on-caps.args           |   2 +-
 ...emory-hotplug-dimm-addr.x86_64-latest.args |  42 +++
 .../memory-hotplug-dimm-addr.xml              |   2 +-
 .../memory-hotplug-invalid-targetnode.err     |   1 +
 .../memory-hotplug-invalid-targetnode.xml     |  42 +++
 ...e-expander-bus-aarch64.aarch64-latest.args |   2 +-
 ...eries-cpu-compat-power10.ppc64-latest.args |   2 +-
 ...series-cpu-compat-power9.ppc64-latest.args |   2 +-
 tests/qemuxml2argvdata/pseries-features.args  |   2 +-
 .../sgx-epc-numa.x86_64-latest.args           |  40 +++
 tests/qemuxml2argvdata/sgx-epc-numa.xml       |  64 ++++
 ...mm-addr.args => sgx-epc.x86_64-6.2.0.args} |  29 +-
 tests/qemuxml2argvdata/sgx-epc.xml            |  52 ++++
 .../virtio-iommu-aarch64.aarch64-latest.args  |   2 +-
 tests/qemuxml2argvtest.c                      |   7 +-
 ...memory-hotplug-dimm-addr.x86_64-latest.xml |  63 ++++
 .../sgx-epc-numa.x86_64-latest.xml            |   1 +
 .../sgx-epc.x86_64-6.2.0.xml                  |   1 +
 tests/qemuxml2xmltest.c                       |   4 +
 189 files changed, 1621 insertions(+), 266 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/memory-hotplug-dimm-addr.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err
 create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml
 create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.xml
 rename tests/qemuxml2argvdata/{memory-hotplug-dimm-addr.args =>
sgx-epc.x86_64-6.2.0.args} (39%)
 create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
 create mode 100644 tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml
 create mode 120000 tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml
 create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml

-- 
2.35.1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH v14 00/15] Support query and use SGX