[libvirt] [PATCH v3 0/4] Virtio-crypto device support
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt. --- Hi guys, Sorry for the long delay... Changes since v2: - PATCH 1: modify docs as Martin & Boris's suggestion. [Martin & Boris] - PATCH 2: add the missing 'ToString'. [Martin] - PATCH 3: use virAsprintf instead of virBufferAsprintf. [Martin] remove pointless virBufferCheckError. [Martin] - rebase on master. [Longpeng] Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei] --- Longpeng(Mike) (4): docs: schema: Add basic documentation for the virtual conf: Parse virtio-crypto in the domain XML qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto XML parsing docs/formatdomain.html.in | 61 ++++++ docs/schemas/domaincommon.rng | 30 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 4 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 126 ++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto.args | 22 +++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 20 files changed, 618 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml -- 1.8.3.1
This patch documents XML elements used for support of virtual crypto devices. In the devices section in the domain XML users may specify: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> to enable the crypto device for guests. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- docs/formatdomain.html.in | 61 +++++++++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 30 +++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 36bea67..7c27ae7 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7547,6 +7547,67 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl> + <h4><a name="elementCrypto">Crypto device</a></h4> + + <p> + The virtual crypto device is a virtual crypto accelerator + card(provides crypto services, such as CIPHER, HMAC, HASH, + and AEAD) for virtual machines and it can be added to the + guest via the <code>crypto</code> element. + <span class="since">Since 3.6.0, QEMU and KVM only</span> + </p> + + <p> + Example: usage of the crypto device: + </p> +<pre> + ... + <devices> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> + ... +</pre> + <dl> + <dt><code>model</code></dt> + <dd> + <p> + The required <code>model</code> attribute specifies what + type of crypto device is provide. + Currently only 'virtio' is supported and it needs virtio-crypto + guest driver. + </p> + </dd> + <dt><code>backend</code></dt> + <dd> + <p> + The <code>backend</code> element specifies the type and + number of queues of the crypto device to be used for the + domain. + </p> + <dl> + <dt><code>type</code></dt> + <dd> + <p> + The required <code>type</code> element specifies the + type of the crypto device. + Currently only supports 'builtin' which uses QEMU's + crypto APIs to complete the crypto operations. + </p> + </dd> + <dt><code>queues</code></dt> + <dd> + <p> + The optional <code>queues</code> element specifies the + number of queues of the crypto device, the default number + of queues is 1. + </p> + </dd> + </dl> + </dd> + </dl> + <h3><a name="seclabel">Security label</a></h3> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index bdf7103..6e3b0fd 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4506,6 +4506,7 @@ <ref name="tpm"/> <ref name="shmem"/> <ref name="memorydev"/> + <ref name="crypto"/> </choice> </zeroOrMore> <optional> @@ -5052,6 +5053,35 @@ </optional> </define> + <define name="crypto"> + <element name="crypto"> + <attribute name="model"> + <choice> + <value>virtio</value> + </choice> + </attribute> + <ref name="crypto-backend"/> + <optional> + <ref name="address"/> + </optional> + </element> + </define> + + <define name="crypto-backend"> + <element name="backend"> + <attribute name="type"> + <choice> + <value>builtin</value> + </choice> + </attribute> + <optional> + <attribute name="queues"> + <ref name="positiveInteger"/> + </attribute> + </optional> + </element> + </define> + <define name="usbmaster"> <element name="master"> <attribute name="startport"> -- 1.8.3.1
This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 32 +++++++ src/libvirt_private.syms | 4 + src/qemu/qemu_domain_address.c | 1 + src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_hotplug.c | 1 + 6 files changed, 256 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c3149f9..ea353ea 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -253,7 +253,8 @@ VIR_ENUM_IMPL(virDomainDevice, VIR_DOMAIN_DEVICE_LAST, "tpm", "panic", "memory", - "iommu") + "iommu", + "crypto") VIR_ENUM_IMPL(virDomainDeviceAddress, VIR_DOMAIN_DEVICE_ADDRESS_TYPE_LAST, "none", @@ -830,6 +831,14 @@ VIR_ENUM_IMPL(virDomainRNGBackend, "random", "egd"); +VIR_ENUM_IMPL(virDomainCryptoModel, + VIR_DOMAIN_CRYPTO_MODEL_LAST, + "virtio"); + +VIR_ENUM_IMPL(virDomainCryptoBackend, + VIR_DOMAIN_CRYPTO_BACKEND_LAST, + "builtin"); + VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST, "tpm-tis") @@ -2617,6 +2626,9 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def) case VIR_DOMAIN_DEVICE_IOMMU: VIR_FREE(def->data.iommu); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + virDomainCryptoDefFree(def->data.crypto); + break; case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: break; @@ -2866,6 +2878,10 @@ void virDomainDefFree(virDomainDefPtr def) VIR_FREE(def->iommu); + for (i = 0; i < def->ncryptos; i++) + virDomainCryptoDefFree(def->cryptos[i]); + VIR_FREE(def->cryptos); + VIR_FREE(def->idmap.uidmap); VIR_FREE(def->idmap.gidmap); @@ -3453,6 +3469,8 @@ virDomainDeviceGetInfo(virDomainDeviceDefPtr device) return &device->data.panic->info; case VIR_DOMAIN_DEVICE_MEMORY: return &device->data.memory->info; + case VIR_DOMAIN_DEVICE_CRYPTO: + return &device->data.crypto->info; /* The following devices do not contain virDomainDeviceInfo */ case VIR_DOMAIN_DEVICE_LEASE: @@ -3768,6 +3786,13 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def, return -1; } + device.type = VIR_DOMAIN_DEVICE_CRYPTO; + for (i = 0; i < def->ncryptos; i++) { + device.data.crypto = def->cryptos[i]; + if (cb(def, &device, &def->cryptos[i]->info, opaque) < 0) + return -1; + } + /* Coverity is not very happy with this - all dead_error_condition */ #if !STATIC_ANALYSIS /* This switch statement is here to trigger compiler warning when adding @@ -3802,6 +3827,7 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def, case VIR_DOMAIN_DEVICE_RNG: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -5095,6 +5121,7 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -13048,6 +13075,88 @@ virDomainRNGDefParseXML(virDomainXMLOptionPtr xmlopt, } +static virDomainCryptoDefPtr +virDomainCryptoDefParseXML(xmlNodePtr node, + xmlXPathContextPtr ctxt, + unsigned int flags) +{ + char *model = NULL; + char *backend = NULL; + char *queues = NULL; + virDomainCryptoDefPtr def; + xmlNodePtr save = ctxt->node; + xmlNodePtr *backends = NULL; + int nbackends; + + if (VIR_ALLOC(def) < 0) + return NULL; + + if (!(model = virXMLPropString(node, "model"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing Crypto device model")); + goto error; + } + + if ((def->model = virDomainCryptoModelTypeFromString(model)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown Crypto model '%s'"), model); + goto error; + } + + ctxt->node = node; + + if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0) + goto error; + + if (nbackends != 1) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only one Crypto backend is supported")); + goto error; + } + + if (!(backend = virXMLPropString(backends[0], "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing Crypto device backend type")); + goto error; + } + + if ((def->backend = virDomainCryptoBackendTypeFromString(backend)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown Crypto backend model '%s'"), backend); + goto error; + } + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + queues = virXMLPropString(backends[0], "queues"); + if (queues && virStrToLong_ui(queues, NULL, 10, &def->queues) < 0) { + virReportError(VIR_ERR_XML_ERROR, + _("Malformed 'queues' value '%s'"), queues); + } + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0) + goto error; + + cleanup: + VIR_FREE(model); + VIR_FREE(backend); + VIR_FREE(queues); + VIR_FREE(backends); + ctxt->node = save; + return def; + + error: + virDomainCryptoDefFree(def); + def = NULL; + goto cleanup; +} + + static virDomainMemballoonDefPtr virDomainMemballoonDefParseXML(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -14643,6 +14752,10 @@ virDomainDeviceDefParse(const char *xmlStr, if (!(dev->data.iommu = virDomainIOMMUDefParseXML(node, ctxt))) goto error; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + if (!(dev->data.crypto = virDomainCryptoDefParseXML(node, ctxt, flags))) + goto error; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -17709,6 +17822,22 @@ virDomainDefParseXML(xmlDocPtr xml, } VIR_FREE(nodes); + /* Parse the crypto devices */ + if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0) + goto error; + if (n && VIR_ALLOC_N(def->cryptos, n) < 0) + goto error; + for (i = 0; i < n; i++) { + virDomainCryptoDefPtr crypto = virDomainCryptoDefParseXML(nodes[i], + ctxt, + flags); + if (!crypto) + goto error; + + def->cryptos[def->ncryptos++] = crypto; + } + VIR_FREE(nodes); + if (virCPUDefParseXML(ctxt, "./cpu[1]", VIR_CPU_TYPE_GUEST, &def->cpu) < 0) goto error; @@ -19815,6 +19944,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src, static bool +virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src, + virDomainCryptoDefPtr dst) +{ + if (src->model != dst->model) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target Crypto model '%s' does not match source '%s'"), + virDomainCryptoModelTypeToString(dst->model), + virDomainCryptoModelTypeToString(src->model)); + return false; + } + + if (!virDomainDeviceInfoCheckABIStability(&src->info, &dst->info)) + return false; + + return true; +} + + +static bool virDomainHubDefCheckABIStability(virDomainHubDefPtr src, virDomainHubDefPtr dst) { @@ -20718,6 +20866,17 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, !xmlopt->abi.domain(src, dst)) goto error; + if (src->ncryptos != dst->ncryptos) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain crypto device count %zu " + "does not match source %zu"), dst->ncryptos, src->ncryptos); + goto error; + } + + for (i = 0; i < src->ncryptos; i++) + if (!virDomainCryptoDefCheckABIStability(src->cryptos[i], dst->cryptos[i])) + goto error; + /* Coverity is not very happy with this - all dead_error_condition */ #if !STATIC_ANALYSIS /* This switch statement is here to trigger compiler warning when adding @@ -20751,6 +20910,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, case VIR_DOMAIN_DEVICE_SHMEM: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -23387,6 +23547,49 @@ virDomainRNGDefFree(virDomainRNGDefPtr def) static int +virDomainCryptoDefFormat(virBufferPtr buf, + virDomainCryptoDefPtr def, + unsigned int flags) +{ + const char *model = virDomainCryptoModelTypeToString(def->model); + const char *backend = virDomainCryptoBackendTypeToString(def->backend); + + virBufferAsprintf(buf, "<crypto model='%s'>\n", model); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<backend type='%s'", backend); + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (def->queues) + virBufferAsprintf(buf, " queues='%u'", def->queues); + + virBufferAddLit(buf, "/>\n"); + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0) + return -1; + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</crypto>\n"); + return 0; +} + +void +virDomainCryptoDefFree(virDomainCryptoDefPtr def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + VIR_FREE(def); +} + + +static int virDomainMemorySourceDefFormat(virBufferPtr buf, virDomainMemoryDefPtr def) { @@ -25418,6 +25621,11 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error; } + for (n = 0; n < def->ncryptos; n++) { + if (virDomainCryptoDefFormat(buf, def->cryptos[n], flags)) + goto error; + } + if (def->iommu) virDomainIOMMUDefFormat(buf, def->iommu); @@ -26500,6 +26708,9 @@ virDomainDeviceDefCopy(virDomainDeviceDefPtr src, case VIR_DOMAIN_DEVICE_SHMEM: rc = virDomainShmemDefFormat(&buf, src->data.shmem, flags); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + rc = virDomainCryptoDefFormat(&buf, src->data.crypto, flags); + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_SMARTCARD: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 964bc02..3dd809a 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -159,6 +159,9 @@ typedef virDomainIOMMUDef *virDomainIOMMUDefPtr; typedef struct _virDomainVirtioOptions virDomainVirtioOptions; typedef virDomainVirtioOptions *virDomainVirtioOptionsPtr; +typedef struct _virDomainCryptoDef virDomainCryptoDef; +typedef virDomainCryptoDef *virDomainCryptoDefPtr; + /* Flags for the 'type' field in virDomainDeviceDef */ typedef enum { VIR_DOMAIN_DEVICE_NONE = 0, @@ -185,6 +188,7 @@ typedef enum { VIR_DOMAIN_DEVICE_PANIC, VIR_DOMAIN_DEVICE_MEMORY, VIR_DOMAIN_DEVICE_IOMMU, + VIR_DOMAIN_DEVICE_CRYPTO, VIR_DOMAIN_DEVICE_LAST } virDomainDeviceType; @@ -217,6 +221,7 @@ struct _virDomainDeviceDef { virDomainPanicDefPtr panic; virDomainMemoryDefPtr memory; virDomainIOMMUDefPtr iommu; + virDomainCryptoDefPtr crypto; } data; }; @@ -2043,6 +2048,26 @@ struct _virDomainRNGDef { }; typedef enum { + VIR_DOMAIN_CRYPTO_MODEL_VIRTIO, + + VIR_DOMAIN_CRYPTO_MODEL_LAST +} virDomainCryptoModel; + +typedef enum { + VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN, + + VIR_DOMAIN_CRYPTO_BACKEND_LAST +} virDomainCryptoBackend; + +struct _virDomainCryptoDef { + int model; + int backend; + unsigned int queues; /* Multiqueue virtio-crypto */ + + virDomainDeviceInfo info; +}; + +typedef enum { VIR_DOMAIN_MEMORY_MODEL_NONE, VIR_DOMAIN_MEMORY_MODEL_DIMM, /* dimm hotpluggable memory device */ VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device */ @@ -2380,6 +2405,9 @@ struct _virDomainDef { size_t npanics; virDomainPanicDefPtr *panics; + size_t ncryptos; + virDomainCryptoDefPtr *cryptos; + /* Only 1 */ virDomainWatchdogDefPtr watchdog; virDomainMemballoonDefPtr memballoon; @@ -2908,6 +2936,8 @@ int virDomainDefCompatibleDevice(virDomainDefPtr def, void virDomainRNGDefFree(virDomainRNGDefPtr def); +void virDomainCryptoDefFree(virDomainCryptoDefPtr def); + int virDomainDiskIndexByAddress(virDomainDefPtr def, virPCIDeviceAddressPtr pci_controller, unsigned int bus, unsigned int target, @@ -3236,6 +3266,8 @@ VIR_ENUM_DECL(virDomainShutdownReason) VIR_ENUM_DECL(virDomainShutoffReason) VIR_ENUM_DECL(virDomainCrashedReason) VIR_ENUM_DECL(virDomainPMSuspendedReason) +VIR_ENUM_DECL(virDomainCryptoModel) +VIR_ENUM_DECL(virDomainCryptoBackend) const char *virDomainStateReasonToString(virDomainState state, int reason); int virDomainStateReasonFromString(virDomainState state, const char *reason); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 888412a..b183bea 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -237,6 +237,10 @@ virDomainControllerRemove; virDomainControllerTypeToString; virDomainCpuPlacementModeTypeFromString; virDomainCpuPlacementModeTypeToString; +virDomainCryptoBackendTypeFromString; +virDomainCryptoBackendTypeToString; +virDomainCryptoModelTypeFromString; +virDomainCryptoModelTypeToString; virDomainDefAddController; virDomainDefAddImplicitDevices; virDomainDefAddUSBController; diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index b5b863f..5209fbe 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -796,6 +796,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index cdb727b..1c2342c 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -7526,6 +7526,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live attach of device '%s' is not supported"), @@ -7619,6 +7620,7 @@ qemuDomainDetachDeviceLive(virDomainObjPtr vm, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live detach of device '%s' is not supported"), @@ -7735,6 +7737,7 @@ qemuDomainUpdateDeviceLive(virConnectPtr conn, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("live update of device '%s' is not supported"), @@ -7910,6 +7913,7 @@ qemuDomainAttachDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent attach of device '%s' is not supported"), @@ -8076,6 +8080,7 @@ qemuDomainDetachDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent detach of device '%s' is not supported"), @@ -8163,6 +8168,7 @@ qemuDomainUpdateDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent update of device '%s' is not supported"), diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index b5b62df..c7db125 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -4325,6 +4325,7 @@ qemuDomainRemoveDevice(virQEMUDriverPtr driver, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("don't know how to remove a %s device"), -- 1.8.3.1
On Wed, Jul 05, 2017 at 01:17 PM +0200, "Longpeng(Mike)" <longpeng2@huawei.com> wrote:
This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this:
<crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 32 +++++++ src/libvirt_private.syms | 4 + src/qemu/qemu_domain_address.c | 1 + src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_hotplug.c | 1 + 6 files changed, 256 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
(snip)
+ + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + queues = virXMLPropString(backends[0], "queues"); + if (queues && virStrToLong_ui(queues, NULL, 10, &def->queues) < 0) { + virReportError(VIR_ERR_XML_ERROR, + _("Malformed 'queues' value '%s'"), queues); ^^ Indentation
+ break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0) + goto error; + + cleanup: + VIR_FREE(model); + VIR_FREE(backend); + VIR_FREE(queues); + VIR_FREE(backends); + ctxt->node = save; + return def; + + error: + virDomainCryptoDefFree(def); + def = NULL; + goto cleanup; +} + + static virDomainMemballoonDefPtr virDomainMemballoonDefParseXML(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -14643,6 +14752,10 @@ virDomainDeviceDefParse(const char *xmlStr, if (!(dev->data.iommu = virDomainIOMMUDefParseXML(node, ctxt))) goto error; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + if (!(dev->data.crypto = virDomainCryptoDefParseXML(node, ctxt, flags))) + goto error; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -17709,6 +17822,22 @@ virDomainDefParseXML(xmlDocPtr xml, } VIR_FREE(nodes);
+ /* Parse the crypto devices */ + if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0) + goto error; + if (n && VIR_ALLOC_N(def->cryptos, n) < 0) + goto error; + for (i = 0; i < n; i++) { + virDomainCryptoDefPtr crypto = virDomainCryptoDefParseXML(nodes[i], + ctxt, + flags); + if (!crypto) + goto error; + + def->cryptos[def->ncryptos++] = crypto; + } + VIR_FREE(nodes); + if (virCPUDefParseXML(ctxt, "./cpu[1]", VIR_CPU_TYPE_GUEST, &def->cpu) < 0) goto error;
@@ -19815,6 +19944,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src,
static bool +virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src, + virDomainCryptoDefPtr dst) +{ + if (src->model != dst->model) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target Crypto model '%s' does not match source '%s'"), + virDomainCryptoModelTypeToString(dst->model), + virDomainCryptoModelTypeToString(src->model)); + return false; + } + + if (!virDomainDeviceInfoCheckABIStability(&src->info, &dst->info)) + return false; + + return true; +} + + +static bool virDomainHubDefCheckABIStability(virDomainHubDefPtr src, virDomainHubDefPtr dst) { @@ -20718,6 +20866,17 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, !xmlopt->abi.domain(src, dst)) goto error;
+ if (src->ncryptos != dst->ncryptos) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain crypto device count %zu " + "does not match source %zu"), dst->ncryptos, src->ncryptos); + goto error; + } + + for (i = 0; i < src->ncryptos; i++) + if (!virDomainCryptoDefCheckABIStability(src->cryptos[i], dst->cryptos[i])) + goto error; + /* Coverity is not very happy with this - all dead_error_condition */ #if !STATIC_ANALYSIS /* This switch statement is here to trigger compiler warning when adding @@ -20751,6 +20910,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, case VIR_DOMAIN_DEVICE_SHMEM: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -23387,6 +23547,49 @@ virDomainRNGDefFree(virDomainRNGDefPtr def)
static int +virDomainCryptoDefFormat(virBufferPtr buf, + virDomainCryptoDefPtr def, + unsigned int flags) +{ + const char *model = virDomainCryptoModelTypeToString(def->model); + const char *backend = virDomainCryptoBackendTypeToString(def->backend); + + virBufferAsprintf(buf, "<crypto model='%s'>\n", model); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<backend type='%s'", backend); + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (def->queues) + virBufferAsprintf(buf, " queues='%u'", def->queues); + + virBufferAddLit(buf, "/>\n"); + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0) + return -1; + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</crypto>\n"); + return 0; +} + +void +virDomainCryptoDefFree(virDomainCryptoDefPtr def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + VIR_FREE(def); +}
You should add 'virDomainCryptoDefFree' to libvirt_private.syms.
+ + +static int virDomainMemorySourceDefFormat(virBufferPtr buf, virDomainMemoryDefPtr def) { @@ -25418,6 +25621,11 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error;
Beste Grüße / Kind regards Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
Hi Marc, On 2017/7/6 21:19, Marc Hartmayer wrote:
On Wed, Jul 05, 2017 at 01:17 PM +0200, "Longpeng(Mike)" <longpeng2@huawei.com> wrote:
This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this:
[...]
+ queues = virXMLPropString(backends[0], "queues"); + if (queues && virStrToLong_ui(queues, NULL, 10, &def->queues) < 0) { + virReportError(VIR_ERR_XML_ERROR, + _("Malformed 'queues' value '%s'"), queues); ^^ Indentation
OK. :)
+ break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0) + goto error; + + cleanup: + VIR_FREE(model); + VIR_FREE(backend); + VIR_FREE(queues); + VIR_FREE(backends); + ctxt->node = save; + return def; + + error: + virDomainCryptoDefFree(def); + def = NULL; + goto cleanup; +} + +
[...]
static int +virDomainCryptoDefFormat(virBufferPtr buf, + virDomainCryptoDefPtr def, + unsigned int flags) +{ + const char *model = virDomainCryptoModelTypeToString(def->model); + const char *backend = virDomainCryptoBackendTypeToString(def->backend); + + virBufferAsprintf(buf, "<crypto model='%s'>\n", model); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<backend type='%s'", backend); + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (def->queues) + virBufferAsprintf(buf, " queues='%u'", def->queues); + + virBufferAddLit(buf, "/>\n"); + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0) + return -1; + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</crypto>\n"); + return 0; +} + +void +virDomainCryptoDefFree(virDomainCryptoDefPtr def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + VIR_FREE(def); +}
You should add 'virDomainCryptoDefFree' to libvirt_private.syms.
Thanks, I'll fix it.
+ + +static int virDomainMemorySourceDefFormat(virBufferPtr buf, virDomainMemoryDefPtr def) { @@ -25418,6 +25621,11 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error;
Beste Grüße / Kind regards Marc Hartmayer
IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
.
-- Regards, Longpeng(Mike)
This patch implements support for the virtio-crypto-pci device and the builtin backend in qemu. Two capabilities bits are added to track support for those: QEMU_CAPS_DEVICE_VIRTIO_CRYPTO - for the device support and QEMU_CAPS_OBJECT_CRYPTO_BUILTIN - for the backend support. qemu is invoked with these additional parameters if the device id enabled: (to add the backend) -object cryptodev-backend-builtin,id=objcrypto0,queues=1 (to add the device) -device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0 Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/qemu/qemu_alias.c | 20 +++++++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 6 ++ src/qemu/qemu_capabilities.h | 4 ++ src/qemu/qemu_command.c | 126 +++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 26 ++++++++- 7 files changed, 187 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index 914b2b9..2b6e049 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -332,6 +332,26 @@ qemuAssignDeviceRNGAlias(virDomainDefPtr def, } +int +qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto) +{ + size_t i; + int maxidx = 0; + int idx; + + for (i = 0; i < def->ncryptos; i++) { + if ((idx = qemuDomainDeviceAliasIndex(&def->cryptos[i]->info, "crypto")) >= maxidx) + maxidx = idx + 1; + } + + if (virAsprintf(&crypto->info.alias, "crypto%d", maxidx) < 0) + return -1; + + return 0; +} + + /** * qemuAssignDeviceMemoryAlias: * @def: domain definition. Necessary only if @oldAlias is true. diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index 300fd4d..fe59928 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -57,6 +57,9 @@ int qemuAssignDeviceRedirdevAlias(virDomainDefPtr def, int qemuAssignDeviceRNGAlias(virDomainDefPtr def, virDomainRNGDefPtr rng); +int qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto); + int qemuAssignDeviceMemoryAlias(virDomainDefPtr def, virDomainMemoryDefPtr mems, bool oldAlias); diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 61c9a10..01005d5 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -430,6 +430,10 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "virtio.iommu_platform", "virtio.ats", "loadparm", + "cryptodev-backend-builtin", + + /* 265 */ + "virtio-crypto", ); @@ -1679,6 +1683,8 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "nvdimm", QEMU_CAPS_DEVICE_NVDIMM }, { "pcie-root-port", QEMU_CAPS_DEVICE_PCIE_ROOT_PORT }, { "qemu-xhci", QEMU_CAPS_DEVICE_QEMU_XHCI }, + { "cryptodev-backend-builtin", QEMU_CAPS_OBJECT_CRYPTO_BUILTIN }, + { "virtio-crypto-device", QEMU_CAPS_DEVICE_VIRTIO_CRYPTO }, }; static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBalloon[] = { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 6e95876..50bb7a5 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -416,6 +416,10 @@ typedef enum { QEMU_CAPS_VIRTIO_PCI_IOMMU_PLATFORM, /* virtio-*-pci.iommu_platform */ QEMU_CAPS_VIRTIO_PCI_ATS, /* virtio-*-pci.ats */ QEMU_CAPS_LOADPARM, /* -machine loadparm */ + QEMU_CAPS_OBJECT_CRYPTO_BUILTIN, /* -object cryptodev-backend-builtin */ + + /* 265 */ + QEMU_CAPS_DEVICE_VIRTIO_CRYPTO, /* -device virtio-crypto-pci */ QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c53ab97..5278edc 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5992,6 +5992,129 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager, static char * +qemuBuildCryptoBackendStr(virDomainCryptoDefPtr crypto, + virQEMUCapsPtr qemuCaps) +{ + const char *type = NULL; + char *alias = NULL; + char *queue = NULL; + char *backstr = NULL; + + if (virAsprintf(&alias, "obj%s", crypto->info.alias) < 0) + goto cleanup; + + if (crypto->queues > 0) { + if (virAsprintf(&queue, "queues=%u", crypto->queues) < 0) + goto cleanup; + } + + switch ((virDomainCryptoBackend)crypto->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_BUILTIN)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("this qemu doesn't support the builtin backend")); + goto cleanup; + } + + type = "cryptodev-backend-builtin"; + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("unknown crypto backend")); + goto cleanup; + } + + if (queue) + ignore_value(virAsprintf(&backstr, "%s,id=%s,%s", type, alias, queue)); + else + ignore_value(virAsprintf(&backstr, "%s,id=%s", type, alias)); + + cleanup: + VIR_FREE(alias); + return backstr; +} + + +char * +qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + + if (dev->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("this qemu doesn't support crypto device model '%s'"), + virDomainRNGModelTypeToString(dev->model)); + goto error; + } + + if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported address type %s for virtio crypto device"), + virDomainDeviceAddressTypeToString(dev->info.type)); + goto error; + } + + virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=obj%s,id=%s", + dev->info.alias, dev->info.alias); + + if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0) + goto error; + + return virBufferContentAndReset(&buf); + + error: + virBufferFreeAndReset(&buf); + return NULL; +} + + +static int +qemuBuildCryptoCommandLine(virCommandPtr cmd, + const virDomainDef *def, + virQEMUCapsPtr qemuCaps) +{ + size_t i; + + for (i = 0; i < def->ncryptos; i++) { + virDomainCryptoDefPtr crypto = def->cryptos[i]; + char *tmp; + + if (qemuAssignDeviceCryptoAlias(def, crypto)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device assign alias faile")); + return -1; + } + + if (!crypto->info.alias) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device is missing alias")); + return -1; + } + + /* add the crypto backend */ + if (!(tmp = qemuBuildCryptoBackendStr(crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-object", tmp, NULL); + VIR_FREE(tmp); + + /* add the device */ + if (!(tmp = qemuBuildCryptoDevStr(def, crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-device", tmp, NULL); + VIR_FREE(tmp); + } + + return 0; +} + + +static char * qemuBuildSmbiosBiosStr(virSysinfoBIOSDefPtr def) { virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -10220,6 +10343,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, chardevStdioLogd) < 0) goto error; + if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0) + goto error; + if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0) goto error; diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index f5e3e5f..996840d 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -204,6 +204,9 @@ char *qemuBuildShmemDevStr(virDomainDefPtr def, virQEMUCapsPtr qemuCaps) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); +char *qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps); #endif /* __QEMU_COMMAND_H__*/ diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index 5209fbe..9bd064b 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -331,6 +331,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr def, def->rngs[i]->info.type = type; } + for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model == VIR_DOMAIN_CRYPTO_MODEL_VIRTIO && + def->cryptos[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) + def->cryptos[i]->info.type = type; + } + if (type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) { for (i = 0; i < def->nfss; i++) { if (def->fss[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) @@ -738,6 +744,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, return 0; } + case VIR_DOMAIN_DEVICE_CRYPTO: + switch ((virDomainCryptoModel) dev->data.crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + return virtioFlags; + + case VIR_DOMAIN_RNG_MODEL_LAST: + return 0; + } + case VIR_DOMAIN_DEVICE_VIDEO: switch ((virDomainVideoType) dev->data.video->type) { case VIR_DOMAIN_VIDEO_TYPE_VIRTIO: @@ -796,7 +811,6 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: - case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0; @@ -1775,6 +1789,16 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def, goto error; } + /* VirtIO CRYPTO */ + for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virDeviceInfoPCIAddressWanted(&def->cryptos[i]->info)) + continue; + + if (qemuDomainPCIAddressReserveNextAddr(addrs, &def->cryptos[i]->info) < 0) + goto error; + } + /* A watchdog - check if it is a PCI device */ if (def->watchdog && def->watchdog->model == VIR_DOMAIN_WATCHDOG_MODEL_I6300ESB && -- 1.8.3.1
Adds XML parsing and qemu commandline tests for the virtio-crypto device support. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 ++ tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 ++ .../qemuxml2argv-virtio-crypto-builtin.xml | 26 ++++++++++++++++++ .../qemuxml2argv-virtio-crypto.args | 22 +++++++++++++++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 ++++++++++++++++++++++ tests/qemuxml2xmltest.c | 2 ++ 6 files changed, 85 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml index 51be9bc..527c765 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml @@ -134,6 +134,8 @@ <flag name='query-named-block-nodes'/> <flag name='kernel-irqchip'/> <flag name='kernel-irqchip.split'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2007093</version> <kvmVersion>0</kvmVersion> <package></package> diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml index 01edbc8..f10833c 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml @@ -207,6 +207,8 @@ <flag name='kernel-irqchip.split'/> <flag name='intel-iommu.intremap'/> <flag name='intel-iommu.eim'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2008000</version> <kvmVersion>0</kvmVersion> <package> (v2.8.0)</package> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml new file mode 100644 index 0000000..f4e78fa --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml @@ -0,0 +1,26 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'/> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args new file mode 100644 index 0000000..430c061 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args @@ -0,0 +1,22 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/home/test \ +USER=test \ +LOGNAME=test \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-m 214 \ +-smp 1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \ +-object cryptodev-backend-builtin,id=objcrypto0,queues=1 \ +-device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0,bus=pci.0,addr=0x4 diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml new file mode 100644 index 0000000..1f06aeb --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml @@ -0,0 +1,31 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> + </memballoon> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> + </crypto> + </devices> +</domain> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 1307299..6975af3 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1045,6 +1045,8 @@ mymain(void) DO_TEST("smbios", NONE); DO_TEST("smbios-multiple-type2", NONE); + DO_TEST("virtio-crypto-builtin", NONE); + DO_TEST("aarch64-aavmf-virtio-mmio", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DTB, QEMU_CAPS_DEVICE_VIRTIO_MMIO, -- 1.8.3.1
Hi Mike, I am going to send a set of patches based on your series adding ccw support since your patch series contains only pci support. Feel free to include or append my patches (in)to your series. libvirt contributor guidelines now require to update docs/news.xml and note that the change has to be in a separate patch. virtio-crypto should be listed in the "New features" section. I also noticed build errors after applying patch 3 due to missing capabilities in the test xmls tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml (located in patch 4) tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml (missing) tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml (located in patch 4) I suggest to put the introduction of the capabilities "cryptodev- backend-builtin" and "virtio-crypto" including the changes in tests in a separate patch. Here is the missing part: diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml index 58dd9f6..af141cc 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml @@ -218,6 +218,8 @@ <flag name='intel-iommu.device-iotlb'/> <flag name='virtio.iommu_platform'/> <flag name='virtio.ats'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2009000</version> <kvmVersion>0</kvmVersion> <package> (v2.9.0)</package> On 07/05/2017 01:17 PM, Longpeng(Mike) wrote:
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.
--- Hi guys, Sorry for the long delay...
Changes since v2: - PATCH 1: modify docs as Martin & Boris's suggestion. [Martin & Boris] - PATCH 2: add the missing 'ToString'. [Martin] - PATCH 3: use virAsprintf instead of virBufferAsprintf. [Martin] remove pointless virBufferCheckError. [Martin] - rebase on master. [Longpeng]
Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei]
--- Longpeng(Mike) (4): docs: schema: Add basic documentation for the virtual conf: Parse virtio-crypto in the domain XML qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto XML parsing
docs/formatdomain.html.in | 61 ++++++ docs/schemas/domaincommon.rng | 30 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 4 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 126 ++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto.args | 22 +++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 20 files changed, 618 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml
-- Mit freundlichen Grüßen/Kind regards Boris Fiuczynski IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Köderitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
Hi Boris, On 2017/7/6 20:28, Boris Fiuczynski wrote:
Hi Mike, I am going to send a set of patches based on your series adding ccw support since your patch series contains only pci support. Feel free to include or append my patches (in)to your series.
Okay :) you can send your patches to me or to mail-list, and I'll including your patches in v4.
libvirt contributor guidelines now require to update docs/news.xml and note that the change has to be in a separate patch. virtio-crypto should be listed in the "New features" section.
I see, thanks.
I also noticed build errors after applying patch 3 due to missing capabilities in the test xmls tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml (located in patch 4) tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml (missing) tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml (located in patch 4)
I'll add the missing part :)
I suggest to put the introduction of the capabilities "cryptodev- backend-builtin" and "virtio-crypto" including the changes in tests in a separate patch.
Sorry, I don't quite understand this, could you explain it in detail? -- Regards, Longpeng(Mike)
Here is the missing part: diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml index 58dd9f6..af141cc 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml @@ -218,6 +218,8 @@ <flag name='intel-iommu.device-iotlb'/> <flag name='virtio.iommu_platform'/> <flag name='virtio.ats'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2009000</version> <kvmVersion>0</kvmVersion> <package> (v2.9.0)</package>
On 07/05/2017 01:17 PM, Longpeng(Mike) wrote:
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.
--- Hi guys, Sorry for the long delay...
Changes since v2: - PATCH 1: modify docs as Martin & Boris's suggestion. [Martin & Boris] - PATCH 2: add the missing 'ToString'. [Martin] - PATCH 3: use virAsprintf instead of virBufferAsprintf. [Martin] remove pointless virBufferCheckError. [Martin] - rebase on master. [Longpeng]
Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei]
--- Longpeng(Mike) (4): docs: schema: Add basic documentation for the virtual conf: Parse virtio-crypto in the domain XML qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto XML parsing
docs/formatdomain.html.in | 61 ++++++ docs/schemas/domaincommon.rng | 30 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 4 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 126 ++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto.args | 22 +++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 20 files changed, 618 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml
-- Regards, Longpeng(Mike)
On 07/06/2017 03:47 PM, Longpeng (Mike) wrote:
Hi Boris,
On 2017/7/6 20:28, Boris Fiuczynski wrote:
Hi Mike, I am going to send a set of patches based on your series adding ccw support since your patch series contains only pci support. Feel free to include or append my patches (in)to your series.
Okay :) you can send your patches to me or to mail-list, and I'll including your patches in v4.
libvirt contributor guidelines now require to update docs/news.xml and note that the change has to be in a separate patch. virtio-crypto should be listed in the "New features" section.
I see, thanks.
I also noticed build errors after applying patch 3 due to missing capabilities in the test xmls tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml (located in patch 4) tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml (missing) tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml (located in patch 4)
I'll add the missing part :)
I suggest to put the introduction of the capabilities "cryptodev- backend-builtin" and "virtio-crypto" including the changes in tests in a separate patch.
Sorry, I don't quite understand this, could you explain it in detail? Put the required changes for the capabilities in files
tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml src/qemu/qemu_capabilities.c src/qemu/qemu_capabilities.h into one separate patch. Does that explain it better? -- Mit freundlichen Grüßen/Kind regards Boris Fiuczynski IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Köderitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
Hi Boris, On 2017/7/6 23:01, Boris Fiuczynski wrote:
On 07/06/2017 03:47 PM, Longpeng (Mike) wrote:
Hi Boris,
On 2017/7/6 20:28, Boris Fiuczynski wrote:
Hi Mike, I am going to send a set of patches based on your series adding ccw support since your patch series contains only pci support. Feel free to include or append my patches (in)to your series.
Okay :) you can send your patches to me or to mail-list, and I'll including your patches in v4.
libvirt contributor guidelines now require to update docs/news.xml and note that the change has to be in a separate patch. virtio-crypto should be listed in the "New features" section.
I see, thanks.
I also noticed build errors after applying patch 3 due to missing capabilities in the test xmls tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml (located in patch 4) tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml (missing) tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml (located in patch 4)
I'll add the missing part :)
I suggest to put the introduction of the capabilities "cryptodev- backend-builtin" and "virtio-crypto" including the changes in tests in a separate patch.
Sorry, I don't quite understand this, could you explain it in detail? Put the required changes for the capabilities in files
tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml src/qemu/qemu_capabilities.c src/qemu/qemu_capabilities.h
into one separate patch. Does that explain it better?
I see, thanks :) -- Regards, Longpeng(Mike)
On Wed, Jul 05, 2017 at 01:17 PM +0200, "Longpeng(Mike)" <longpeng2@huawei.com> wrote:
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.
--- Hi guys, Sorry for the long delay...
Changes since v2: - PATCH 1: modify docs as Martin & Boris's suggestion. [Martin & Boris] - PATCH 2: add the missing 'ToString'. [Martin] - PATCH 3: use virAsprintf instead of virBufferAsprintf. [Martin] remove pointless virBufferCheckError. [Martin] - rebase on master. [Longpeng]
Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei]
--- Longpeng(Mike) (4): docs: schema: Add basic documentation for the virtual conf: Parse virtio-crypto in the domain XML qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto XML parsing
docs/formatdomain.html.in | 61 ++++++ docs/schemas/domaincommon.rng | 30 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 4 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 126 ++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto.args | 22 +++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 20 files changed, 618 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml
-- 1.8.3.1
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Everything for 'qemuParseCommandLine' is missing (frankly, I'm not sure if this is important). Beste Grüße / Kind regards Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
participants (4)
-
Boris Fiuczynski -
Longpeng (Mike) -
Longpeng(Mike)
-
Marc Hartmayer