RE: [libvirt][PATCH v4 2/4] qemu: Add command-line to generate SGX EPC memory backend

-----Original Message----- From: Tim Wiederhake <twiederh(a)redhat.com&gt; Sent: Monday, July 5, 2021 7:32 PM To: Huang, Haibin <haibin.huang(a)intel.com&gt; Cc: libvir-list(a)redhat.com; Ding, Jian-feng <jian-feng.ding(a)intel.com>; Yang, Lin A <lin.a.yang(a)intel.com>; Lu, Lianhao <lianhao.lu(a)intel.com&gt; Subject: Re: [libvirt][PATCH v4 2/4] qemu: Add command-line to generate SGX EPC memory backend On Thu, 2021-07-01 at 20:10 +0800, Haibin Huang wrote: > From: Lin Yang <lin.a.yang(a)intel.com&gt; > > According to the result parsing from xml, add the argument of SGX EPC > memory backend into QEMU command line: > >     -object memory-backend-epc,id=mem1,size=<epc_size>K,prealloc \ >     -sgx-epc id=epc1,memdev=mem1 > --- >  src/qemu/qemu_command.c | 24 ++++++++++++++++++++++++ >  1 file changed, 24 insertions(+) > > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index > 01812cd39b..2c3785886c 100644 > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -9869,6 +9869,27 @@ qemuBuildVsockCommandLine(virCommandPtr cmd, >  } > > > +static int > +qemuBuildSGXCommandLine(virCommandPtr cmd, virDomainSGXDefPtr sgx) { > +    g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; > + > +    if (!sgx) > +        return 0; > + > +    VIR_DEBUG("sgx->epc_size=%lluKiB", sgx->epc_size); > + > +    virBufferAsprintf(&buf, "memory-backend- > epc,id=mem1,size=%lluK,prealloc", sgx->epc_size); > +    virCommandAddArg(cmd, "-object"); > +    virCommandAddArgBuffer(cmd, &buf); virCommandAddArgFormat?

> + > +    virCommandAddArg(cmd, "-sgx-epc"); > +    virCommandAddArg(cmd, "id=epc1,memdev=mem1"); > + > +    return 0; > +} > + > + >  /* >   * Constructs a argv suitable for launching qemu with config defined >   * for a given virtual machine. > @@ -10154,6 +10175,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, >          cfg->logTimestamp) >          virCommandAddArgList(cmd, "-msg", "timestamp=on", NULL); > > +    if (qemuBuildSGXCommandLine(cmd, def->sgx) < 0) > +        return NULL; > + Personal opinion: I would not add this to the end of the function, but place it next to the call to "qemuBuildSEVCommandLine(...)". Or replace the call to qemuBuildSEVCommandLine() with a "qemuBuildSecurityCommandLine()", which in turn calls qemuBuild{SEV,SGX}CommandLine().

Regards, Tim >      return g_steal_pointer(&cmd); >  } >