Re: [PATCH v14 12/15] qemu_cgroup: Allow SGX in devices controller

SGX memory backend needs to access /dev/sgx_vepc (which allows userspace to allocate "raw" EPC without an associated enclave) and /dev/sgx_provision (which allows creating provisioning enclaves). Allow these two devices in CGroups if a domain is configured so. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/qemu/qemu_cgroup.c | 76 +++++++++++++++++++++++++++++++++++------- src/qemu/qemu_domain.h | 2 ++ 2 files changed, 66 insertions(+), 12 deletions(-)

@@ -538,16 +575,31 @@ qemuTeardownMemoryDevicesCgroup(virDomainObj *vm, virDomainMemoryDef *mem) { qemuDomainObjPrivate *priv = vm->privateData; - - if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM && - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM) - return 0; + const char *const sgxPaths[] = { QEMU_DEV_SGX_VEPVC, + QEMU_DEV_SGX_PROVISION, NULL };