On Fri, May 24, 2024 at 02:21:23PM +0800, Zhenzhong Duan wrote:
Add element "quoteGenerationService" to tdx launch security type. Currently it contains only one sub-element "SocketAddress".
"SocketAddress" is modelized according to QEMU QAPI, supporting inet, unix, vsock and fd type and variant attributes depending on type.
XML example:
<launchSecurity type='tdx'> <policy>0x0</policy> <mrConfigId>xxx</mrConfigId> <mrOwner>xxx</mrOwner> <mrOwnerConfig>xxx</mrOwnerConfig> <quoteGenerationService> <SocketAddress type='vsock' cid='xxx' port='xxx'/>
Libvirt doesn't usually have initial capitals in any XML elements/attrs. I think everything from <SocketAddress> could be put on the <quoteGenerationService> element directly.
</quoteGenerationService> </launchSecurity>
QEMU command line example: qemu-system-x86_64 \ -object '{"qom-type":"tdx-guest","id":"lsec0","sept-ve-disable":false,"mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx","quote-generation-socket":{"type":"vsock","cid":"xxx","port":"xxx"}}' \ -machine pc-q35-6.0,confidential-guest-support=lsec0
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- src/conf/domain_conf.c | 272 +++++++++++++++++++++++++++++- src/conf/domain_conf.h | 61 +++++++ src/conf/schemas/domaincommon.rng | 106 ++++++++++++ src/qemu/qemu_command.c | 106 ++++++++++++ 4 files changed, 544 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index bb4973fce8..15cdb3e0e6 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2852,6 +2852,55 @@ struct _virDomainKeyWrapDef { virTristateSwitch dea; };
+typedef enum { + VIR_DOMAIN_SOCKET_ADDRESS_NONE, + VIR_DOMAIN_SOCKET_ADDRESS_INET, + VIR_DOMAIN_SOCKET_ADDRESS_UNIX, + VIR_DOMAIN_SOCKET_ADDRESS_VSOCK, + VIR_DOMAIN_SOCKET_ADDRESS_FD, + + VIR_DOMAIN_SOCKET_ADDRESS_LAST +} virDomainSocketAddress; + +typedef struct _InetSocketAddress InetSocketAddress; +typedef struct _UnixSocketAddress UnixSocketAddress; +typedef struct _VsockSocketAddress VsockSocketAddress; +typedef struct _FdSocketAddress FdSocketAddress; + +struct _InetSocketAddress { + char *host; + char *port; + bool has_numeric; + virTristateBool numeric; + bool has_to; + unsigned int to; + bool has_ipv4; + virTristateBool ipv4; + bool has_ipv6; + virTristateBool ipv6; + bool has_keep_alive; + virTristateBool keep_alive; + bool has_mptcp; + virTristateBool mptcp; +}; + +struct _UnixSocketAddress { + char *path; + bool has_abstract; + virTristateBool abstract; + bool has_tight; + virTristateBool tight; +};
All of these "has_XXX" fields are redundant. Only 'has_to' is ever set, and it is never read after that, so that's a dead store.
+ +struct _VsockSocketAddress { + char *cid; + char *port; +}; + +struct _FdSocketAddress { + char *str; +}; + typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_NONE, VIR_DOMAIN_LAUNCH_SECURITY_SEV, @@ -2873,11 +2922,22 @@ struct _virDomainSEVDef { virTristateBool kernel_hashes; };
+typedef struct SocketAddress { + virDomainSocketAddress type; + union { + InetSocketAddress inet; + UnixSocketAddress Unix; + VsockSocketAddress vsock; + FdSocketAddress fd; + } u; +} SocketAddress; + struct _virDomainTDXDef { unsigned long long policy; char *mrconfigid; char *mrowner; char *mrownerconfig; + SocketAddress qgs_sa; };
#define VIR_DOMAIN_TDX_POLICY_DEBUG 0x1
With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|