[libvirt] [PATCH v2 0/4] Virtio-crypto device support
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt. --- Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei] --- Longpeng(Mike) (4): docs: schema: Add basic documentation for the virtual crypto device support conf: Parse virtio-crypto in the domain XML qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto XML parsing docs/formatdomain.html.in | 60 ++++++ docs/schemas/domaincommon.rng | 27 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 2 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 132 +++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain.c | 2 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto.args | 22 +++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 21 files changed, 616 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml -- 1.8.3.1
This patch documents XML elements used for support of virtual crypto devices. In the devices section in the domain XML users may specify: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> to enable the crypto device for guests. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- docs/formatdomain.html.in | 60 +++++++++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 27 +++++++++++++++++++ 2 files changed, 87 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 39f5a88..1ad666c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7081,6 +7081,66 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl> + <h4><a name="elementCrypto">Crypto device</a></h4> + + <p> + The virtual crypto device is a kind of virtual hardware for + virtual machines and it can be added to the guest via the + <code>crypto</code> element. + <span class="since">Since 3.0.0, QEMU and KVM only</span> + </p> + + <p> + Example: usage of the Crypto device: + </p> +<pre> + ... + <devices> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> + ... +</pre> + <dl> + <dt><code>model</code></dt> + <dd> + <p> + The required <code>model</code> attribute specifies what + type of crypto device is provide. Currently the valid values + are: + </p> + <ul> + <li>'virtio' — needs virtio-crypto guest driver</li> + </ul> + </dd> + <dt><code>backend</code></dt> + <dd> + <p> + The <code>backend</code> element specifies the type and + number of queues of the crypto device to be used for the + domain. + </p> + <dl> + <dt><code>type</code></dt> + <dd> + <p> + The required <code>type</code> element specifies the + type of the crypto device. + </p> + </dd> + <dt><code>queues</code></dt> + <dd> + <p> + The optional <code>queues</code> element specifies the + number of queues of the crypto device, the default number + of queues is 1. + </p> + </dd> + </dl> + </dd> + </dl> + <h3><a name="seclabel">Security label</a></h3> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index be0a609..0878245 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4320,6 +4320,7 @@ <ref name="tpm"/> <ref name="shmem"/> <ref name="memorydev"/> + <ref name="crypto"/> </choice> </zeroOrMore> <optional> @@ -4804,6 +4805,32 @@ </element> </define> + <define name="crypto"> + <element name="crypto"> + <attribute name="model"> + <choice> + <value>virtio</value> + </choice> + </attribute> + <ref name="crypto-backend"/> + </element> + </define> + + <define name="crypto-backend"> + <element name="backend"> + <attribute name="type"> + <choice> + <value>builtin</value> + </choice> + </attribute> + <optional> + <attribute name="queues"> + <ref name="positiveInteger"/> + </attribute> + </optional> + </element> + </define> + <define name="usbmaster"> <element name="master"> <attribute name="startport"> -- 1.8.3.1
On Wed, Jan 11, 2017 at 04:28:23PM +0800, Longpeng(Mike) wrote:
This patch documents XML elements used for support of virtual crypto devices.
In the devices section in the domain XML users may specify: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> to enable the crypto device for guests.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- docs/formatdomain.html.in | 60 +++++++++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 27 +++++++++++++++++++ 2 files changed, 87 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 39f5a88..1ad666c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7081,6 +7081,66 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl>
+ <h4><a name="elementCrypto">Crypto device</a></h4> + + <p> + The virtual crypto device is a kind of virtual hardware for + virtual machines and it can be added to the guest via the + <code>crypto</code> element.
"kind of a virtual hardware" doesn't tell me anything about it.
+ <span class="since">Since 3.0.0, QEMU and KVM only</span> + </p> + + <p> + Example: usage of the Crypto device: + </p> +<pre> + ... + <devices> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> + ... +</pre> + <dl> + <dt><code>model</code></dt> + <dd> + <p> + The required <code>model</code> attribute specifies what + type of crypto device is provide. Currently the valid values
+ are: + </p> + <ul> + <li>'virtio' — needs virtio-crypto guest driver</li>
list of values with one item, just throw away the list and jspecify it inline.
+ </ul> + </dd> + <dt><code>backend</code></dt> + <dd> + <p> + The <code>backend</code> element specifies the type and + number of queues of the crypto device to be used for the + domain. + </p> + <dl> + <dt><code>type</code></dt> + <dd> + <p> + The required <code>type</code> element specifies the + type of the crypto device.
What types are possible? Only builtin? That should be specified here. Also "builtin" is very non-descriptive.
+ </p> + </dd> + <dt><code>queues</code></dt> + <dd> + <p> + The optional <code>queues</code> element specifies the + number of queues of the crypto device, the default number + of queues is 1. + </p> + </dd> + </dl> + </dd> + </dl> + <h3><a name="seclabel">Security label</a></h3>
<p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index be0a609..0878245 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4320,6 +4320,7 @@ <ref name="tpm"/> <ref name="shmem"/> <ref name="memorydev"/> + <ref name="crypto"/> </choice> </zeroOrMore> <optional> @@ -4804,6 +4805,32 @@ </element> </define>
+ <define name="crypto"> + <element name="crypto"> + <attribute name="model"> + <choice> + <value>virtio</value> + </choice> + </attribute> + <ref name="crypto-backend"/> + </element> + </define> + + <define name="crypto-backend"> + <element name="backend"> + <attribute name="type"> + <choice> + <value>builtin</value> + </choice> + </attribute> + <optional> + <attribute name="queues"> + <ref name="positiveInteger"/> + </attribute> + </optional> + </element> + </define> + <define name="usbmaster"> <element name="master"> <attribute name="startport"> -- 1.8.3.1
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Hi Martin, On 2017/2/7 19:11, Martin Kletzander wrote:
On Wed, Jan 11, 2017 at 04:28:23PM +0800, Longpeng(Mike) wrote:
This patch documents XML elements used for support of virtual ... + <dt><code>type</code></dt> + <dd> + <p> + The required <code>type</code> element specifies the + type of the crypto device.
What types are possible? Only builtin? That should be specified here. Also "builtin" is very non-descriptive.
QEMU cryptodev only support builtin currently, QEMU could adds other types of cryptodev backend in the future. I will specify this and describe "builtin" in V3.
+ </p> + </dd> ... -- 1.8.3.1
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- Regards, Longpeng(Mike)
On 01/11/2017 09:28 AM, Longpeng(Mike) wrote:
This patch documents XML elements used for support of virtual crypto devices.
In the devices section in the domain XML users may specify: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> to enable the crypto device for guests.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- docs/formatdomain.html.in | 60 +++++++++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 27 +++++++++++++++++++ 2 files changed, 87 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 39f5a88..1ad666c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7081,6 +7081,66 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl>
+ <h4><a name="elementCrypto">Crypto device</a></h4> + + <p> + The virtual crypto device is a kind of virtual hardware for + virtual machines and it can be added to the guest via the + <code>crypto</code> element. + <span class="since">Since 3.0.0, QEMU and KVM only</span> + </p> + + <p> + Example: usage of the Crypto device: + </p> +<pre> + ... + <devices> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> + ... +</pre> + <dl> + <dt><code>model</code></dt> + <dd> + <p> + The required <code>model</code> attribute specifies what + type of crypto device is provide. Currently the valid values + are: + </p> + <ul> + <li>'virtio' — needs virtio-crypto guest driver</li> + </ul> + </dd> + <dt><code>backend</code></dt> + <dd> + <p> + The <code>backend</code> element specifies the type and + number of queues of the crypto device to be used for the + domain. + </p> + <dl> + <dt><code>type</code></dt> + <dd> + <p> + The required <code>type</code> element specifies the + type of the crypto device. + </p> + </dd> + <dt><code>queues</code></dt> + <dd> + <p> + The optional <code>queues</code> element specifies the + number of queues of the crypto device, the default number + of queues is 1. + </p> + </dd> + </dl> + </dd> + </dl> + <h3><a name="seclabel">Security label</a></h3>
<p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index be0a609..0878245 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4320,6 +4320,7 @@ <ref name="tpm"/> <ref name="shmem"/> <ref name="memorydev"/> + <ref name="crypto"/> </choice> </zeroOrMore> <optional> @@ -4804,6 +4805,32 @@ </element> </define>
+ <define name="crypto"> + <element name="crypto"> + <attribute name="model"> + <choice> + <value>virtio</value> + </choice> + </attribute> + <ref name="crypto-backend"/>
You should add <optional> <ref name="address"/> </optional> Otherwise the tests are failing.
+ </element> + </define> + ...
-- Mit freundlichen Grüßen/Kind regards Boris Fiuczynski IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Köderitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 32 +++++++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 2 + src/qemu/qemu_domain_address.c | 1 + src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_hotplug.c | 1 + 7 files changed, 256 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 52aee2b..ef44930 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -244,7 +244,8 @@ VIR_ENUM_IMPL(virDomainDevice, VIR_DOMAIN_DEVICE_LAST, "tpm", "panic", "memory", - "iommu") + "iommu", + "crypto") VIR_ENUM_IMPL(virDomainDeviceAddress, VIR_DOMAIN_DEVICE_ADDRESS_TYPE_LAST, "none", @@ -811,6 +812,14 @@ VIR_ENUM_IMPL(virDomainRNGBackend, "random", "egd"); +VIR_ENUM_IMPL(virDomainCryptoModel, + VIR_DOMAIN_CRYPTO_MODEL_LAST, + "virtio"); + +VIR_ENUM_IMPL(virDomainCryptoBackend, + VIR_DOMAIN_CRYPTO_BACKEND_LAST, + "builtin"); + VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST, "tpm-tis") @@ -2487,6 +2496,9 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def) case VIR_DOMAIN_DEVICE_IOMMU: VIR_FREE(def->data.iommu); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + virDomainCryptoDefFree(def->data.crypto); + break; case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: break; @@ -2735,6 +2747,10 @@ void virDomainDefFree(virDomainDefPtr def) VIR_FREE(def->iommu); + for (i = 0; i < def->ncryptos; i++) + virDomainCryptoDefFree(def->cryptos[i]); + VIR_FREE(def->cryptos); + VIR_FREE(def->idmap.uidmap); VIR_FREE(def->idmap.gidmap); @@ -3322,6 +3338,8 @@ virDomainDeviceGetInfo(virDomainDeviceDefPtr device) return &device->data.panic->info; case VIR_DOMAIN_DEVICE_MEMORY: return &device->data.memory->info; + case VIR_DOMAIN_DEVICE_CRYPTO: + return &device->data.crypto->info; /* The following devices do not contain virDomainDeviceInfo */ case VIR_DOMAIN_DEVICE_LEASE: @@ -3620,6 +3638,13 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def, return -1; } + device.type = VIR_DOMAIN_DEVICE_CRYPTO; + for (i = 0; i < def->ncryptos; i++) { + device.data.crypto = def->cryptos[i]; + if (cb(def, &device, &def->cryptos[i]->info, opaque) < 0) + return -1; + } + /* Coverity is not very happy with this - all dead_error_condition */ #if !STATIC_ANALYSIS /* This switch statement is here to trigger compiler warning when adding @@ -3654,6 +3679,7 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def, case VIR_DOMAIN_DEVICE_RNG: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -4839,6 +4865,7 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -12501,6 +12528,88 @@ virDomainRNGDefParseXML(virDomainXMLOptionPtr xmlopt, } +static virDomainCryptoDefPtr +virDomainCryptoDefParseXML(xmlNodePtr node, + xmlXPathContextPtr ctxt, + unsigned int flags) +{ + char *model = NULL; + char *backend = NULL; + char *queues = NULL; + virDomainCryptoDefPtr def; + xmlNodePtr save = ctxt->node; + xmlNodePtr *backends = NULL; + int nbackends; + + if (VIR_ALLOC(def) < 0) + return NULL; + + if (!(model = virXMLPropString(node, "model"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing Crypto device model")); + goto error; + } + + if ((def->model = virDomainCryptoModelTypeFromString(model)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown Crypto model '%s'"), model); + goto error; + } + + ctxt->node = node; + + if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0) + goto error; + + if (nbackends != 1) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only one Crypto backend is supported")); + goto error; + } + + if (!(backend = virXMLPropString(backends[0], "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing Crypto device backend type")); + goto error; + } + + if ((def->backend = virDomainCryptoBackendTypeFromString(backend)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown Crypto backend model '%s'"), backend); + goto error; + } + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + queues = virXMLPropString(backends[0], "queues"); + if (queues && virStrToLong_ui(queues, NULL, 10, &def->queues) < 0) { + virReportError(VIR_ERR_XML_ERROR, + _("Malformed 'queues' value '%s'"), queues); + } + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0) + goto error; + +cleanup: + VIR_FREE(model); + VIR_FREE(backend); + VIR_FREE(queues); + VIR_FREE(backends); + ctxt->node = save; + return def; + +error: + virDomainCryptoDefFree(def); + def = NULL; + goto cleanup; +} + + static virDomainMemballoonDefPtr virDomainMemballoonDefParseXML(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -13957,6 +14066,10 @@ virDomainDeviceDefParse(const char *xmlStr, if (!(dev->data.iommu = virDomainIOMMUDefParseXML(node))) goto error; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + if (!(dev->data.crypto = virDomainCryptoDefParseXML(node, ctxt, flags))) + goto error; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -17854,6 +17967,22 @@ virDomainDefParseXML(xmlDocPtr xml, VIR_FREE(nodes); } + /* Parse the crypto devices */ + if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0) + goto error; + if (n && VIR_ALLOC_N(def->cryptos, n) < 0) + goto error; + for (i = 0; i < n; i++) { + virDomainCryptoDefPtr crypto = virDomainCryptoDefParseXML(nodes[i], + ctxt, + flags); + if (!crypto) + goto error; + + def->cryptos[def->ncryptos++] = crypto; + } + VIR_FREE(nodes); + /* analysis of the hub devices */ if ((n = virXPathNodeSet("./devices/hub", ctxt, &nodes)) < 0) goto error; @@ -18967,6 +19096,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src, static bool +virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src, + virDomainCryptoDefPtr dst) +{ + if (src->model != dst->model) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target Crypto model '%s' does not match source '%s'"), + virDomainCryptoModelTypeToString(dst->model), + virDomainCryptoModelTypeToString(src->model)); + return false; + } + + if (!virDomainDeviceInfoCheckABIStability(&src->info, &dst->info)) + return false; + + return true; +} + + +static bool virDomainHubDefCheckABIStability(virDomainHubDefPtr src, virDomainHubDefPtr dst) { @@ -19782,6 +19930,17 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, goto error; } + if (src->ncryptos != dst->ncryptos) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain crypto device count %zu " + "does not match source %zu"), dst->ncryptos, src->ncryptos); + goto error; + } + + for (i = 0; i < src->ncryptos; i++) + if (!virDomainCryptoDefCheckABIStability(src->cryptos[i], dst->cryptos[i])) + goto error; + /* Coverity is not very happy with this - all dead_error_condition */ #if !STATIC_ANALYSIS /* This switch statement is here to trigger compiler warning when adding @@ -19815,6 +19974,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, case VIR_DOMAIN_DEVICE_SHMEM: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -22404,6 +22564,49 @@ virDomainRNGDefFree(virDomainRNGDefPtr def) static int +virDomainCryptoDefFormat(virBufferPtr buf, + virDomainCryptoDefPtr def, + unsigned int flags) +{ + const char *model = virDomainCryptoModelTypeToString(def->model); + const char *backend = virDomainCryptoBackendTypeToString(def->backend); + + virBufferAsprintf(buf, "<crypto model='%s'>\n", model); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<backend type='%s'", backend); + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (def->queues) + virBufferAsprintf(buf, " queues='%u'", def->queues); + + virBufferAddLit(buf, "/>\n"); + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0) + return -1; + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</crypto>\n"); + return 0; +} + +void +virDomainCryptoDefFree(virDomainCryptoDefPtr def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + VIR_FREE(def); +} + + +static int virDomainMemorySourceDefFormat(virBufferPtr buf, virDomainMemoryDefPtr def) { @@ -24292,6 +24495,11 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error; } + for (n = 0; n < def->ncryptos; n++) { + if (virDomainCryptoDefFormat(buf, def->cryptos[n], flags)) + goto error; + } + if (def->iommu) { virBufferAsprintf(buf, "<iommu model='%s'/>\n", virDomainIOMMUModelTypeToString(def->iommu->model)); @@ -25413,6 +25621,9 @@ virDomainDeviceDefCopy(virDomainDeviceDefPtr src, case VIR_DOMAIN_DEVICE_SHMEM: rc = virDomainShmemDefFormat(&buf, src->data.shmem, flags); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + rc = virDomainCryptoDefFormat(&buf, src->data.crypto, flags); + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_SMARTCARD: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 78a3db4..d0c7ba1 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -154,6 +154,9 @@ typedef virDomainTPMDef *virDomainTPMDefPtr; typedef struct _virDomainIOMMUDef virDomainIOMMUDef; typedef virDomainIOMMUDef *virDomainIOMMUDefPtr; +typedef struct _virDomainCryptoDef virDomainCryptoDef; +typedef virDomainCryptoDef *virDomainCryptoDefPtr; + /* Flags for the 'type' field in virDomainDeviceDef */ typedef enum { VIR_DOMAIN_DEVICE_NONE = 0, @@ -180,6 +183,7 @@ typedef enum { VIR_DOMAIN_DEVICE_PANIC, VIR_DOMAIN_DEVICE_MEMORY, VIR_DOMAIN_DEVICE_IOMMU, + VIR_DOMAIN_DEVICE_CRYPTO, VIR_DOMAIN_DEVICE_LAST } virDomainDeviceType; @@ -212,6 +216,7 @@ struct _virDomainDeviceDef { virDomainPanicDefPtr panic; virDomainMemoryDefPtr memory; virDomainIOMMUDefPtr iommu; + virDomainCryptoDefPtr crypto; } data; }; @@ -1976,6 +1981,26 @@ struct _virDomainRNGDef { }; typedef enum { + VIR_DOMAIN_CRYPTO_MODEL_VIRTIO, + + VIR_DOMAIN_CRYPTO_MODEL_LAST +} virDomainCryptoModel; + +typedef enum { + VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN, + + VIR_DOMAIN_CRYPTO_BACKEND_LAST +} virDomainCryptoBackend; + +struct _virDomainCryptoDef { + int model; + int backend; + unsigned int queues; /* Multiqueue virtio-crypto */ + + virDomainDeviceInfo info; +}; + +typedef enum { VIR_DOMAIN_MEMORY_MODEL_NONE, VIR_DOMAIN_MEMORY_MODEL_DIMM, /* dimm hotpluggable memory device */ @@ -2294,6 +2319,9 @@ struct _virDomainDef { size_t npanics; virDomainPanicDefPtr *panics; + size_t ncryptos; + virDomainCryptoDefPtr *cryptos; + /* Only 1 */ virDomainWatchdogDefPtr watchdog; virDomainMemballoonDefPtr memballoon; @@ -2801,6 +2829,8 @@ int virDomainDefCompatibleDevice(virDomainDefPtr def, void virDomainRNGDefFree(virDomainRNGDefPtr def); +void virDomainCryptoDefFree(virDomainCryptoDefPtr def); + int virDomainDiskIndexByAddress(virDomainDefPtr def, virPCIDeviceAddressPtr pci_controller, unsigned int bus, unsigned int target, @@ -3116,6 +3146,8 @@ VIR_ENUM_DECL(virDomainMemoryModel) VIR_ENUM_DECL(virDomainMemoryBackingModel) VIR_ENUM_DECL(virDomainIOMMUModel) VIR_ENUM_DECL(virDomainShmemModel) +VIR_ENUM_DECL(virDomainCryptoModel) +VIR_ENUM_DECL(virDomainCryptoBackend) /* from libvirt.h */ VIR_ENUM_DECL(virDomainState) VIR_ENUM_DECL(virDomainNostateReason) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4d16620..cceb576 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -228,6 +228,8 @@ virDomainControllerRemove; virDomainControllerTypeToString; virDomainCpuPlacementModeTypeFromString; virDomainCpuPlacementModeTypeToString; +virDomainCryptoBackendTypeFromString; +virDomainCryptoModelTypeFromString; virDomainDefAddController; virDomainDefAddImplicitDevices; virDomainDefAddUSBController; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index b26c02b..6eec915 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7581,6 +7581,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unexpected device type %d"), @@ -7717,6 +7718,7 @@ qemuDomainDetachDeviceUnlink(virQEMUDriverPtr driver, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unexpected device type %d"), diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index d2f7953..e17476a 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -784,6 +784,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 42f9889..1807c5f 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -7653,6 +7653,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live attach of device '%s' is not supported"), @@ -7746,6 +7747,7 @@ qemuDomainDetachDeviceLive(virDomainObjPtr vm, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live detach of device '%s' is not supported"), @@ -7862,6 +7864,7 @@ qemuDomainUpdateDeviceLive(virConnectPtr conn, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("live update of device '%s' is not supported"), @@ -8037,6 +8040,7 @@ qemuDomainAttachDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent attach of device '%s' is not supported"), @@ -8203,6 +8207,7 @@ qemuDomainDetachDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent detach of device '%s' is not supported"), @@ -8290,6 +8295,7 @@ qemuDomainUpdateDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent update of device '%s' is not supported"), diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index f2e9846..a818775 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -4244,6 +4244,7 @@ qemuDomainRemoveDevice(virQEMUDriverPtr driver, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("don't know how to remove a %s device"), -- 1.8.3.1
On Wed, Jan 11, 2017 at 04:28:24PM +0800, Longpeng(Mike) wrote:
This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this:
<crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 32 +++++++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 2 + src/qemu/qemu_domain_address.c | 1 + src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_hotplug.c | 1 + 7 files changed, 256 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 52aee2b..ef44930 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -18967,6 +19096,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src,
static bool +virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src, + virDomainCryptoDefPtr dst) +{ + if (src->model != dst->model) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target Crypto model '%s' does not match source '%s'"), + virDomainCryptoModelTypeToString(dst->model), + virDomainCryptoModelTypeToString(src->model)); + return false; + } +
The number of queues is not part of ABI? That'd make sense, I'm just making sure.
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4d16620..cceb576 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -228,6 +228,8 @@ virDomainControllerRemove; virDomainControllerTypeToString; virDomainCpuPlacementModeTypeFromString; virDomainCpuPlacementModeTypeToString; +virDomainCryptoBackendTypeFromString; +virDomainCryptoModelTypeFromString;
You're missing the other variants (ToString). That will be apparent when you will implement FormatXML of the device as well. One xml2xml test case and it would be caught.
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index d2f7953..e17476a 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -784,6 +784,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO:
Why are you adding this to the list of devices that don't hae DeviceInfo when this device clearly has one? You need to ensure proper allocation
case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0;
Hi Martin, On 2017/2/7 20:15, Martin Kletzander wrote:
On Wed, Jan 11, 2017 at 04:28:24PM +0800, Longpeng(Mike) wrote:
This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this:
<crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 32 +++++++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 2 + src/qemu/qemu_domain_address.c | 1 + src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_hotplug.c | 1 + 7 files changed, 256 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 52aee2b..ef44930 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -18967,6 +19096,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src,
static bool +virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src, + virDomainCryptoDefPtr dst) +{ + if (src->model != dst->model) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target Crypto model '%s' does not match source '%s'"), + virDomainCryptoModelTypeToString(dst->model), + virDomainCryptoModelTypeToString(src->model)); + return false; + } +
The number of queues is not part of ABI? That'd make sense, I'm just making sure.
Oh, yep! I think it's necessary to check 'queues' for future scalability, although QEMU cryptodev only support one queue currently. I will take all your other suggestions and rebase the patchset on master in V3. Thanks. :)
...
case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0;
-- Regards, Longpeng(Mike)
On Wed, Feb 08, 2017 at 11:25:21AM +0800, Longpeng (Mike) wrote:
Hi Martin,
On 2017/2/7 20:15, Martin Kletzander wrote:
On Wed, Jan 11, 2017 at 04:28:24PM +0800, Longpeng(Mike) wrote:
This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this:
<crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 32 +++++++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 2 + src/qemu/qemu_domain_address.c | 1 + src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_hotplug.c | 1 + 7 files changed, 256 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 52aee2b..ef44930 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -18967,6 +19096,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src,
static bool +virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src, + virDomainCryptoDefPtr dst) +{ + if (src->model != dst->model) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target Crypto model '%s' does not match source '%s'"), + virDomainCryptoModelTypeToString(dst->model), + virDomainCryptoModelTypeToString(src->model)); + return false; + } +
The number of queues is not part of ABI? That'd make sense, I'm just making sure.
Oh, yep! I think it's necessary to check 'queues' for future scalability, although QEMU cryptodev only support one queue currently.
Just try migrating (or restoring) a domain with one queue to a domain with multiple queues. If that works, there is no need to check for the number of queues in this function.
I will take all your other suggestions and rebase the patchset on master in V3.
Thanks. :)
...
case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0;
-- Regards, Longpeng(Mike)
This patch implements support for the virtio-crypto-pci device and the builtin backend in qemu. Two capabilities bits are added to track support for those: QEMU_CAPS_DEVICE_VIRTIO_CRYPTO - for the device support and QEMU_CAPS_OBJECT_CRYPTO_BUILTIN - for the backend support. qemu is invoked with these additional parameters if the device id enabled: (to add the backend) -object cryptodev-backend-builtin,id=objcrypto0,queues=1 (to add the device) -device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0 Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 4 +- src/qemu/qemu_alias.c | 20 +++++++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 4 ++ src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 132 +++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 26 +++++++- 8 files changed, 191 insertions(+), 3 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ef44930..cf77af5 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -12595,7 +12595,7 @@ virDomainCryptoDefParseXML(xmlNodePtr node, if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0) goto error; -cleanup: + cleanup: VIR_FREE(model); VIR_FREE(backend); VIR_FREE(queues); @@ -12603,7 +12603,7 @@ cleanup: ctxt->node = save; return def; -error: + error: virDomainCryptoDefFree(def); def = NULL; goto cleanup; diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index 8521a44..00e5521 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -332,6 +332,26 @@ qemuAssignDeviceRNGAlias(virDomainDefPtr def, } +int +qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto) +{ + size_t i; + int maxidx = 0; + int idx; + + for (i = 0; i < def->ncryptos; i++) { + if ((idx = qemuDomainDeviceAliasIndex(&def->cryptos[i]->info, "crypto")) >= maxidx) + maxidx = idx + 1; + } + + if (virAsprintf(&crypto->info.alias, "crypto%d", maxidx) < 0) + return -1; + + return 0; +} + + /** * qemuAssignDeviceMemoryAlias: * @def: domain definition. Necessary only if @oldAlias is true. diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index dea05cf..8588ed1 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -57,6 +57,9 @@ int qemuAssignDeviceRedirdevAlias(virDomainDefPtr def, int qemuAssignDeviceRNGAlias(virDomainDefPtr def, virDomainRNGDefPtr rng); +int qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto); + int qemuAssignDeviceMemoryAlias(virDomainDefPtr def, virDomainMemoryDefPtr mems, bool oldAlias); diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 2512e48..880c4e2 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -356,6 +356,8 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "drive-iotune-group", "query-cpu-model-expansion", /* 245 */ + "cryptodev-backend-builtin", + "virtio-crypto", ); @@ -1623,6 +1625,8 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "ivshmem-plain", QEMU_CAPS_DEVICE_IVSHMEM_PLAIN }, { "ivshmem-doorbell", QEMU_CAPS_DEVICE_IVSHMEM_DOORBELL }, { "vhost-scsi", QEMU_CAPS_DEVICE_VHOST_SCSI }, + { "cryptodev-backend-builtin", QEMU_CAPS_OBJECT_CRYPTO_BUILTIN }, + { "virtio-crypto-device", QEMU_CAPS_DEVICE_VIRTIO_CRYPTO }, }; static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBalloon[] = { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index b5ad95e..81deb2b 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -392,6 +392,8 @@ typedef enum { /* 245 */ QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION, /* qmp query-cpu-model-expansion */ + QEMU_CAPS_OBJECT_CRYPTO_BUILTIN, /* -object cryptodev-backend-builtin */ + QEMU_CAPS_DEVICE_VIRTIO_CRYPTO, /* -device virtio-crypto-pci */ QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index d459f8e..afebe69 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5787,6 +5787,135 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager, static char * +qemuBuildCryptoBackendStr(virDomainCryptoDefPtr crypto, + virQEMUCapsPtr qemuCaps) +{ + const char *type = NULL; + char *alias = NULL; + char *queue = NULL; + char *ret = NULL; + virBuffer buf = VIR_BUFFER_INITIALIZER; + + if (virAsprintf(&alias, "obj%s", crypto->info.alias) < 0) + goto cleanup; + + if (crypto->queues > 0) { + if (virAsprintf(&queue, "queues=%u", crypto->queues) < 0) + goto cleanup; + } + + switch ((virDomainCryptoBackend)crypto->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_BUILTIN)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("this qemu doesn't support the builtin backend")); + goto cleanup; + } + + type = "cryptodev-backend-builtin"; + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("unknown crypto backend")); + goto cleanup; + } + + if (queue) + virBufferAsprintf(&buf, "%s,id=%s,%s", type, alias, queue); + else + virBufferAsprintf(&buf, "%s,id=%s", type, alias); + + ret = virBufferContentAndReset(&buf); + + cleanup: + VIR_FREE(alias); + return ret; +} + + +char * +qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + + if (dev->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("this qemu doesn't support crypto device model '%s'"), + virDomainRNGModelTypeToString(dev->model)); + goto error; + } + + if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported address type %s for virtio crypto device"), + virDomainDeviceAddressTypeToString(dev->info.type)); + goto error; + } + + virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=obj%s,id=%s", + dev->info.alias, dev->info.alias); + + if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0) + goto error; + + if (virBufferCheckError(&buf) < 0) + goto error; + + return virBufferContentAndReset(&buf); + + error: + virBufferFreeAndReset(&buf); + return NULL; +} + + +static int +qemuBuildCryptoCommandLine(virCommandPtr cmd, + const virDomainDef *def, + virQEMUCapsPtr qemuCaps) +{ + size_t i; + + for (i = 0; i < def->ncryptos; i++) { + virDomainCryptoDefPtr crypto = def->cryptos[i]; + char *tmp; + + if (qemuAssignDeviceCryptoAlias(def, crypto)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device assign alias faile")); + return -1; + } + + if (!crypto->info.alias) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device is missing alias")); + return -1; + } + + /* add the Crypto backend */ + if (!(tmp = qemuBuildCryptoBackendStr(crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-object", tmp, NULL); + VIR_FREE(tmp); + + /* add the device */ + if (!(tmp = qemuBuildCryptoDevStr(def, crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-device", tmp, NULL); + VIR_FREE(tmp); + } + + return 0; +} + + +static char * qemuBuildSmbiosBiosStr(virSysinfoBIOSDefPtr def) { virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -9793,6 +9922,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildRNGCommandLine(logManager, cmd, cfg, def, qemuCaps) < 0) goto error; + if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0) + goto error; + if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0) goto error; diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index 3bcfdc6..9b49ccd 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -201,6 +201,9 @@ char *qemuBuildShmemDevStr(virDomainDefPtr def, virQEMUCapsPtr qemuCaps) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); +char *qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps); #endif /* __QEMU_COMMAND_H__*/ diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index e17476a..62bbd1c 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -331,6 +331,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr def, def->rngs[i]->info.type = type; } + for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model == VIR_DOMAIN_CRYPTO_MODEL_VIRTIO && + def->cryptos[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) + def->cryptos[i]->info.type = type; + } + if (type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) { for (i = 0; i < def->nfss; i++) { if (def->fss[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) @@ -727,6 +733,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, return 0; } + case VIR_DOMAIN_DEVICE_CRYPTO: + switch ((virDomainCryptoModel) dev->data.crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + return virtioFlags; + + case VIR_DOMAIN_RNG_MODEL_LAST: + return 0; + } + case VIR_DOMAIN_DEVICE_VIDEO: switch ((virDomainVideoType) dev->data.video->type) { case VIR_DOMAIN_VIDEO_TYPE_VIRTIO: @@ -784,7 +799,6 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: - case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0; @@ -1770,6 +1784,16 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def, goto error; } + /* VirtIO CRYPTO */ + for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virDeviceInfoPCIAddressWanted(&def->cryptos[i]->info)) + continue; + + if (qemuDomainPCIAddressReserveNextSlot(addrs, &def->cryptos[i]->info) < 0) + goto error; + } + /* A watchdog - check if it is a PCI device */ if (def->watchdog && def->watchdog->model == VIR_DOMAIN_WATCHDOG_MODEL_I6300ESB && -- 1.8.3.1
On Wed, Jan 11, 2017 at 04:28:25PM +0800, Longpeng(Mike) wrote:
This patch implements support for the virtio-crypto-pci device and the builtin backend in qemu.
Two capabilities bits are added to track support for those:
QEMU_CAPS_DEVICE_VIRTIO_CRYPTO - for the device support and QEMU_CAPS_OBJECT_CRYPTO_BUILTIN - for the backend support.
qemu is invoked with these additional parameters if the device id enabled:
(to add the backend) -object cryptodev-backend-builtin,id=objcrypto0,queues=1 (to add the device) -device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 4 +- src/qemu/qemu_alias.c | 20 +++++++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 4 ++ src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 132 +++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 26 +++++++- 8 files changed, 191 insertions(+), 3 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index ef44930..cf77af5 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -12595,7 +12595,7 @@ virDomainCryptoDefParseXML(xmlNodePtr node, if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0) goto error;
-cleanup: + cleanup: VIR_FREE(model); VIR_FREE(backend); VIR_FREE(queues); @@ -12603,7 +12603,7 @@ cleanup: ctxt->node = save; return def;
-error: + error:
Make sure you run make check and make syntax check after *every* patch. Otherwise we end up with hunks like this that clearly don't belong here.
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index d459f8e..afebe69 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5787,6 +5787,135 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager,
static char * +qemuBuildCryptoBackendStr(virDomainCryptoDefPtr crypto, + virQEMUCapsPtr qemuCaps) +{ + const char *type = NULL; + char *alias = NULL; + char *queue = NULL; + char *ret = NULL; + virBuffer buf = VIR_BUFFER_INITIALIZER; + + if (virAsprintf(&alias, "obj%s", crypto->info.alias) < 0) + goto cleanup; + + if (crypto->queues > 0) { + if (virAsprintf(&queue, "queues=%u", crypto->queues) < 0) + goto cleanup; + } + + switch ((virDomainCryptoBackend)crypto->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_BUILTIN)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("this qemu doesn't support the builtin backend")); + goto cleanup; + } + + type = "cryptodev-backend-builtin"; + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("unknown crypto backend")); + goto cleanup; + } + + if (queue) + virBufferAsprintf(&buf, "%s,id=%s,%s", type, alias, queue); + else + virBufferAsprintf(&buf, "%s,id=%s", type, alias); + + ret = virBufferContentAndReset(&buf);
The advantage of using buffer is that you can act on it multiple times. If you just want one asprintf, you can just do virAsprintf instead. But in this case I would just append every parameter as you go.
+ + cleanup: + VIR_FREE(alias); + return ret; +} + + +char * +qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + + if (dev->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("this qemu doesn't support crypto device model '%s'"), + virDomainRNGModelTypeToString(dev->model)); + goto error; + } + + if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported address type %s for virtio crypto device"), + virDomainDeviceAddressTypeToString(dev->info.type)); + goto error; + } + + virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=obj%s,id=%s", + dev->info.alias, dev->info.alias); + + if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0) + goto error; + + if (virBufferCheckError(&buf) < 0) + goto error; +
This ^^ is pointless since this vv will return NULL and not leak either.
+ return virBufferContentAndReset(&buf); + + error: + virBufferFreeAndReset(&buf); + return NULL; +} + + +static int +qemuBuildCryptoCommandLine(virCommandPtr cmd, + const virDomainDef *def, + virQEMUCapsPtr qemuCaps) +{ + size_t i; + + for (i = 0; i < def->ncryptos; i++) { + virDomainCryptoDefPtr crypto = def->cryptos[i]; + char *tmp; + + if (qemuAssignDeviceCryptoAlias(def, crypto)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device assign alias faile")); + return -1; + } + + if (!crypto->info.alias) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device is missing alias")); + return -1; + } + + /* add the Crypto backend */
I see you keep calling it Crypto (with uppercase 'C'). It's OK here, but shouldn't be in the middle of the sentence in a documentation, for example.
+ if (!(tmp = qemuBuildCryptoBackendStr(crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-object", tmp, NULL); + VIR_FREE(tmp); + + /* add the device */ + if (!(tmp = qemuBuildCryptoDevStr(def, crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-device", tmp, NULL); + VIR_FREE(tmp); + } + + return 0; +} + + +static char * qemuBuildSmbiosBiosStr(virSysinfoBIOSDefPtr def) { virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -9793,6 +9922,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildRNGCommandLine(logManager, cmd, cfg, def, qemuCaps) < 0) goto error;
+ if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0) + goto error; + if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0) goto error;
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index 3bcfdc6..9b49ccd 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -201,6 +201,9 @@ char *qemuBuildShmemDevStr(virDomainDefPtr def, virQEMUCapsPtr qemuCaps) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+char *qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps);
#endif /* __QEMU_COMMAND_H__*/ diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index e17476a..62bbd1c 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -331,6 +331,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr def, def->rngs[i]->info.type = type; }
+ for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model == VIR_DOMAIN_CRYPTO_MODEL_VIRTIO && + def->cryptos[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) + def->cryptos[i]->info.type = type; + } + if (type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) { for (i = 0; i < def->nfss; i++) { if (def->fss[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) @@ -727,6 +733,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, return 0; }
+ case VIR_DOMAIN_DEVICE_CRYPTO: + switch ((virDomainCryptoModel) dev->data.crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + return virtioFlags; + + case VIR_DOMAIN_RNG_MODEL_LAST: + return 0; + } + case VIR_DOMAIN_DEVICE_VIDEO: switch ((virDomainVideoType) dev->data.video->type) { case VIR_DOMAIN_VIDEO_TYPE_VIRTIO: @@ -784,7 +799,6 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: - case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0;
Oh, here it is, why didn't you put it here right away? Oh, because now this patch implements this device. Well, that's a way to do it, OK.
@@ -1770,6 +1784,16 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def, goto error; }
+ /* VirtIO CRYPTO */ + for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virDeviceInfoPCIAddressWanted(&def->cryptos[i]->info)) + continue; + + if (qemuDomainPCIAddressReserveNextSlot(addrs, &def->cryptos[i]->info) < 0) + goto error; + } + /* A watchdog - check if it is a PCI device */ if (def->watchdog && def->watchdog->model == VIR_DOMAIN_WATCHDOG_MODEL_I6300ESB && -- 1.8.3.1
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Adds XML parsing and qemu commandline tests for the virtio-crypto device support. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 ++ tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 ++ .../qemuxml2argv-virtio-crypto-builtin.xml | 26 ++++++++++++++++++ .../qemuxml2argv-virtio-crypto.args | 22 +++++++++++++++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 ++++++++++++++++++++++ tests/qemuxml2xmltest.c | 2 ++ 6 files changed, 85 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml index c4c9bf9..a6659e7 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml @@ -129,6 +129,8 @@ <flag name='vhost-scsi'/> <flag name='drive-iotune-group'/> <flag name='query-cpu-model-expansion'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2007093</version> <kvmVersion>0</kvmVersion> <package></package> diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml index 9757bd2..9917e56 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml @@ -198,6 +198,8 @@ <flag name='gluster.debug_level'/> <flag name='vhost-scsi'/> <flag name='drive-iotune-group'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2007093</version> <kvmVersion>0</kvmVersion> <package> (v2.8.0-rc3-dirty)</package> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml new file mode 100644 index 0000000..35559ae --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml @@ -0,0 +1,26 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'/> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args new file mode 100644 index 0000000..6d0ab56 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args @@ -0,0 +1,22 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/home/test \ +USER=test \ +LOGNAME=test \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-m 214 \ +-smp 1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \ +-object cryptodev-backend-builtin,id=objcrypto0,queues=1 \ +-device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0,bus=pci.0,addr=0x4 diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml new file mode 100644 index 0000000..3c4b546 --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml @@ -0,0 +1,31 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <controller type='usb' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> + </memballoon> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> + </crypto> + </devices> +</domain> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index bbd4687..bb32dbc 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -955,6 +955,8 @@ mymain(void) DO_TEST("smbios", NONE); DO_TEST("smbios-multiple-type2", NONE); + DO_TEST("virtio-crypto-builtin", NONE); + DO_TEST("aarch64-aavmf-virtio-mmio", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DTB, QEMU_CAPS_DEVICE_VIRTIO_MMIO, -- 1.8.3.1
Hi, Ping... :) Regards, Longpeng(Mike) On 2017/1/11 16:28, Longpeng(Mike) wrote:
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.
--- Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei]
--- Longpeng(Mike) (4): docs: schema: Add basic documentation for the virtual crypto device support conf: Parse virtio-crypto in the domain XML qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto XML parsing
docs/formatdomain.html.in | 60 ++++++ docs/schemas/domaincommon.rng | 27 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 2 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 132 +++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain.c | 2 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto.args | 22 +++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 21 files changed, 616 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml
-- Regards, Longpeng(Mike)
Hi guys, Does anyone have any comments ? :) -- Regards, Longpeng(Mike) On 2017/1/11 16:28, Longpeng(Mike) wrote:
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.
--- Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei]
--- Longpeng(Mike) (4): docs: schema: Add basic documentation for the virtual crypto device support conf: Parse virtio-crypto in the domain XML qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto XML parsing
docs/formatdomain.html.in | 60 ++++++ docs/schemas/domaincommon.rng | 27 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 2 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_command.c | 132 +++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain.c | 2 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto.args | 22 +++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 21 files changed, 616 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml
-- Regards, Longpeng(Mike)
participants (4)
-
Boris Fiuczynski -
Longpeng (Mike) -
Longpeng(Mike)
-
Martin Kletzander