[PATCH v14 00/15] Support query and use SGX
As agreed here, I've taken posted patches, did some changes and fixes and posted them: https://listman.redhat.com/archives/libvir-list/2022-July/233164.html The v13 version can be found here: https://listman.redhat.com/archives/libvir-list/2022-July/232679.html diff to v13: - I've worked my comments in (couple of memleaks, naming issues, ...) - Fixed problem with CGroups and namespaces - Fixed a problem with <memoryBacking> <source type='memfd'/>, which prevented domain from starting. Simply because wrong memory-backend was picked for SGX (-memfd was picked instead of -sgx). - Some cleanups, formatted before original patches (more tests, validation, code separation, ...) You can find these patches on my gitlab (among with green pipeline): https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx_rework Haibin Huang (4): domain_capabilities: Define SGX capabilities structs qemu: Get SGX capabilities form QMP Convert QMP capabilities to domain capabilities conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC element into device memory xml qemu: Add command-line to generate SGX EPC memory backend Michal Prívozník (9): qemuxml2argvtest: Switch memory-hotplug-dimm-addr to latest caps qemuxml2xmltest: Test memory-hotplug-dimm-addr conf: Validate virDomainMemoryDef::targetNode qemu_command: Separate domain features building into a helper qemu_command: Separate domain memory building into a helper qemu_cgroup: Don't ignore ENOENT in qemuCgroupAllowDevicesPaths() qemu_cgroup: Allow SGX in devices controller qemu_namespace: Create SGX related nodes in domain's namespace security_dac: Set DAC label on SGX /dev nodes docs/formatdomain.rst | 25 +- docs/formatdomaincaps.rst | 40 +++ src/conf/domain_capabilities.c | 46 +++ src/conf/domain_capabilities.h | 22 ++ src/conf/domain_conf.c | 30 ++ src/conf/domain_conf.h | 1 + src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 22 ++ src/conf/schemas/domaincaps.rng | 40 +++ src/conf/schemas/domaincommon.rng | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 6 +- src/qemu/qemu_capabilities.c | 222 +++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_cgroup.c | 82 ++++- src/qemu/qemu_command.c | 293 +++++++++++------- src/qemu/qemu_domain.c | 48 ++- src/qemu/qemu_domain.h | 2 + src/qemu/qemu_domain_address.c | 6 + src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 + src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 148 ++++++++- src/qemu/qemu_monitor_json.h | 4 + src/qemu/qemu_namespace.c | 20 +- src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 8 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 44 ++- src/security/security_selinux.c | 2 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 6 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 6 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 6 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 10 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 10 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 10 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 10 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 10 + .../caps_6.2.0.x86_64.replies | 24 +- .../caps_6.2.0.x86_64.xml | 7 + .../caps_7.0.0.x86_64.replies | 34 +- .../caps_7.0.0.x86_64.xml | 11 + .../caps_7.1.0.x86_64.replies | 34 +- .../caps_7.1.0.x86_64.xml | 11 + .../aarch64-aavmf-virtio-mmio.args | 2 +- .../aarch64-cpu-passthrough.args | 2 +- ...fault-cpu-kvm-virt-4.2.aarch64-latest.args | 2 +- ...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 2 +- .../aarch64-features-sve.aarch64-latest.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-host.args | 2 +- .../aarch64-gic-none-tcg.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-v2.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-v3.args | 2 +- .../qemuxml2argvdata/aarch64-pci-serial.args | 2 +- .../aarch64-tpm.aarch64-latest.args | 2 +- .../aarch64-traditional-pci.args | 2 +- .../aarch64-usb-controller-nec-xhci.args | 2 +- .../aarch64-usb-controller-qemu-xhci.args | 2 +- .../aarch64-video-default.args | 2 +- .../aarch64-video-virtio-gpu-pci.args | 2 +- .../aarch64-virt-2.6-virtio-pci-default.args | 2 +- .../aarch64-virt-default-nic.args | 2 +- .../aarch64-virt-graphics.aarch64-latest.args | 2 +- .../aarch64-virt-headless.aarch64-latest.args | 2 +- .../qemuxml2argvdata/aarch64-virt-virtio.args | 2 +- .../aarch64-virtio-pci-default.args | 2 +- .../aarch64-virtio-pci-manual-addresses.args | 2 +- .../balloon-mmio-deflate.args | 2 +- .../clock-timer-armvtimer.aarch64-latest.args | 2 +- ...ult-video-type-aarch64.aarch64-latest.args | 2 +- ...mware-auto-efi-aarch64.aarch64-latest.args | 2 +- ...-auto-efi-enrolled-keys.x86_64-latest.args | 2 +- ...-auto-efi-loader-secure.x86_64-latest.args | 2 +- ...to-efi-no-enrolled-keys.x86_64-latest.args | 2 +- ...are-auto-efi-no-secboot.x86_64-latest.args | 2 +- ...firmware-auto-efi-nvram.x86_64-latest.args | 2 +- ...rmware-auto-efi-secboot.x86_64-latest.args | 2 +- ...ware-auto-efi-stateless.x86_64-latest.args | 2 +- .../firmware-auto-efi.x86_64-latest.args | 2 +- ...manual-bios-rw-implicit.x86_64-latest.args | 2 +- ...firmware-manual-bios-rw.x86_64-latest.args | 2 +- .../firmware-manual-efi-acpi-aarch64.args | 2 +- .../firmware-manual-efi-noacpi-aarch64.args | 2 +- ...e-manual-efi-nvram-file.x86_64-latest.args | 2 +- ...efi-nvram-network-iscsi.x86_64-latest.args | 2 +- ...l-efi-nvram-network-nbd.x86_64-latest.args | 2 +- ...nual-efi-nvram-template.x86_64-latest.args | 2 +- ...re-manual-efi-stateless.x86_64-latest.args | 2 +- .../firmware-manual-noefi-noacpi-aarch64.args | 2 +- .../hvf-aarch64-virt-headless.args | 2 +- .../intel-iommu-aw-bits.x86_64-latest.args | 2 +- ...ntel-iommu-caching-mode.x86_64-latest.args | 2 +- ...ntel-iommu-device-iotlb.x86_64-latest.args | 2 +- .../intel-iommu-eim.x86_64-latest.args | 2 +- .../iommu-smmuv3.aarch64-latest.args | 2 +- .../launch-security-s390-pv.s390x-latest.args | 2 +- ...nch-security-sev-direct.x86_64-latest.args | 2 +- ...ev-missing-platform-info.x86_64-6.0.0.args | 2 +- .../launch-security-sev.x86_64-6.0.0.args | 2 +- .../mach-virt-console-virtio.args | 2 +- .../mach-virt-serial-native.args | 2 +- .../mach-virt-serial-pci.args | 2 +- .../mach-virt-serial-usb.args | 2 +- .../machine-aeskeywrap-off-cap.args | 2 +- .../machine-aeskeywrap-off-caps.args | 2 +- .../machine-aeskeywrap-on-cap.args | 2 +- .../machine-aeskeywrap-on-caps.args | 2 +- .../machine-deakeywrap-off-cap.args | 2 +- .../machine-deakeywrap-off-caps.args | 2 +- .../machine-deakeywrap-on-cap.args | 2 +- .../machine-deakeywrap-on-caps.args | 2 +- ...emory-hotplug-dimm-addr.x86_64-latest.args | 42 +++ .../memory-hotplug-dimm-addr.xml | 2 +- .../memory-hotplug-invalid-targetnode.err | 1 + .../memory-hotplug-invalid-targetnode.xml | 42 +++ ...e-expander-bus-aarch64.aarch64-latest.args | 2 +- ...eries-cpu-compat-power10.ppc64-latest.args | 2 +- ...series-cpu-compat-power9.ppc64-latest.args | 2 +- tests/qemuxml2argvdata/pseries-features.args | 2 +- .../sgx-epc-numa.x86_64-latest.args | 40 +++ tests/qemuxml2argvdata/sgx-epc-numa.xml | 64 ++++ ...mm-addr.args => sgx-epc.x86_64-6.2.0.args} | 29 +- tests/qemuxml2argvdata/sgx-epc.xml | 52 ++++ .../virtio-iommu-aarch64.aarch64-latest.args | 2 +- tests/qemuxml2argvtest.c | 7 +- ...memory-hotplug-dimm-addr.x86_64-latest.xml | 63 ++++ .../sgx-epc-numa.x86_64-latest.xml | 1 + .../sgx-epc.x86_64-6.2.0.xml | 1 + tests/qemuxml2xmltest.c | 4 + 189 files changed, 1621 insertions(+), 266 deletions(-) create mode 100644 tests/qemuxml2argvdata/memory-hotplug-dimm-addr.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.xml rename tests/qemuxml2argvdata/{memory-hotplug-dimm-addr.args => sgx-epc.x86_64-6.2.0.args} (39%) create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 100644 tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml -- 2.35.1
So far, we are testing memory-hotplug-dimm-addr against a set of explicitly listed capabilities. While this works, lets switch it to DO_TEST_CAPS_LATEST() so that the latest capabilities are used. This in turn means, we have to update the <emulator/> because the latest capabilities don't contain caps for qemu-system-i386. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- ...mory-hotplug-dimm-addr.x86_64-latest.args} | 30 +++++++++++-------- .../memory-hotplug-dimm-addr.xml | 2 +- tests/qemuxml2argvtest.c | 3 +- 3 files changed, 19 insertions(+), 16 deletions(-) rename tests/qemuxml2argvdata/{memory-hotplug-dimm-addr.args => memory-hotplug-dimm-addr.x86_64-latest.args} (32%) diff --git a/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.args b/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.x86_64-latest.args similarity index 32% rename from tests/qemuxml2argvdata/memory-hotplug-dimm-addr.args rename to tests/qemuxml2argvdata/memory-hotplug-dimm-addr.x86_64-latest.args index 110b1a32b7..ac24c77a2b 100644 --- a/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.args +++ b/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.x86_64-latest.args @@ -6,17 +6,18 @@ LOGNAME=test \ XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \ XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -QEMU_AUDIO_DRV=none \ -/usr/bin/qemu-system-i386 \ +/usr/bin/qemu-system-x86_64 \ -name guest=QEMUGuest1,debug-threads=on \ -S \ --object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ -machine pc,usb=off,dump-guest-core=off \ -accel tcg \ +-cpu qemu64 \ -m size=219136k,slots=16,maxmem=1099511627776k \ -overcommit mem-lock=off \ --smp 2,sockets=2,cores=1,threads=1 \ --numa node,nodeid=0,cpus=0-1,mem=214 \ +-smp 2,sockets=2,dies=1,cores=1,threads=1 \ +-object '{"qom-type":"memory-backend-ram","id":"ram-node0","size":224395264}' \ +-numa node,nodeid=0,cpus=0-1,memdev=ram-node0 \ -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ -display none \ -no-user-config \ @@ -27,12 +28,15 @@ QEMU_AUDIO_DRV=none \ -no-shutdown \ -no-acpi \ -boot strict=on \ --usb \ --object memory-backend-file,id=memdimm0,mem-path=/dev/hugepages2M/libvirt/qemu/-1-QEMUGuest1,prealloc=on,size=536870912,host-nodes=1-3,policy=bind \ --device pc-dimm,node=0,memdev=memdimm0,id=dimm0,slot=0,addr=4294967296 \ --object memory-backend-ram,id=memdimm2,size=536870912 \ --device pc-dimm,node=0,memdev=memdimm2,id=dimm2,slot=2 \ --drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ --device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \ --device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \ +-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ +-object '{"qom-type":"memory-backend-file","id":"memdimm0","mem-path":"/dev/hugepages2M/libvirt/qemu/-1-QEMUGuest1","prealloc":true,"size":536870912,"host-nodes":[1,2,3],"policy":"bind"}' \ +-device '{"driver":"pc-dimm","node":0,"memdev":"memdimm0","id":"dimm0","slot":0,"addr":4294967296}' \ +-object '{"qom-type":"memory-backend-ram","id":"memdimm2","size":536870912}' \ +-device '{"driver":"pc-dimm","node":0,"memdev":"memdimm2","id":"dimm2","slot":2}' \ +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \ +-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}' \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ -msg timestamp=on diff --git a/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.xml b/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.xml index ea4f4fd745..92ea679bbe 100644 --- a/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.xml +++ b/tests/qemuxml2argvdata/memory-hotplug-dimm-addr.xml @@ -20,7 +20,7 @@ <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> - <emulator>/usr/bin/qemu-system-i386</emulator> + <emulator>/usr/bin/qemu-system-x86_64</emulator> <disk type='block' device='disk'> <source dev='/dev/HostVG/QEMUGuest1'/> <target dev='hda' bus='ide'/> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index b72d61c3bc..d1a36f653c 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3083,8 +3083,7 @@ mymain(void) DO_TEST("memory-hotplug", QEMU_CAPS_DEVICE_PC_DIMM, QEMU_CAPS_NUMA); DO_TEST("memory-hotplug-dimm", QEMU_CAPS_DEVICE_PC_DIMM, QEMU_CAPS_NUMA, QEMU_CAPS_OBJECT_MEMORY_RAM, QEMU_CAPS_OBJECT_MEMORY_FILE); - DO_TEST("memory-hotplug-dimm-addr", QEMU_CAPS_DEVICE_PC_DIMM, QEMU_CAPS_NUMA, - QEMU_CAPS_OBJECT_MEMORY_RAM, QEMU_CAPS_OBJECT_MEMORY_FILE); + DO_TEST_CAPS_LATEST("memory-hotplug-dimm-addr"); DO_TEST("memory-hotplug-ppc64-nonuma", QEMU_CAPS_KVM, QEMU_CAPS_DEVICE_PC_DIMM, QEMU_CAPS_NUMA, QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE, QEMU_CAPS_OBJECT_MEMORY_RAM, QEMU_CAPS_OBJECT_MEMORY_FILE); -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:47 +0200, Michal Privoznik wrote:
So far, we are testing memory-hotplug-dimm-addr against a set of explicitly listed capabilities. While this works, lets switch it to DO_TEST_CAPS_LATEST() so that the latest capabilities are used. This in turn means, we have to update the <emulator/> because the latest capabilities don't contain caps for qemu-system-i386.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- ...mory-hotplug-dimm-addr.x86_64-latest.args} | 30 +++++++++++-------- .../memory-hotplug-dimm-addr.xml | 2 +- tests/qemuxml2argvtest.c | 3 +- 3 files changed, 19 insertions(+), 16 deletions(-) rename tests/qemuxml2argvdata/{memory-hotplug-dimm-addr.args => memory-hotplug-dimm-addr.x86_64-latest.args} (32%)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
After previous commit, when memory-hotplug-dimm-addr.xml file was fixed, we can also introduce the test case to qemuxml2xmltest. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- ...memory-hotplug-dimm-addr.x86_64-latest.xml | 63 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 2 files changed, 64 insertions(+) create mode 100644 tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml diff --git a/tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml b/tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml new file mode 100644 index 0000000000..ef671fcfa3 --- /dev/null +++ b/tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml @@ -0,0 +1,63 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <maxMemory slots='16' unit='KiB'>1099511627776</maxMemory> + <memory unit='KiB'>7434230</memory> + <currentMemory unit='KiB'>7434230</currentMemory> + <vcpu placement='static' cpuset='0-1'>2</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + <topology sockets='2' dies='1' cores='1' threads='1'/> + <numa> + <cell id='0' cpus='0-1' memory='219136' unit='KiB'/> + </numa> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <disk type='block' device='disk'> + <driver name='qemu' type='raw'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='hda' bus='ide'/> + <address type='drive' controller='0' bus='0' target='0' unit='0'/> + </disk> + <controller type='ide' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> + </controller> + <controller type='usb' index='0' model='piix3-uhci'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> + </memballoon> + <memory model='dimm'> + <source> + <nodemask>1-3</nodemask> + <pagesize unit='KiB'>2048</pagesize> + </source> + <target> + <size unit='KiB'>524287</size> + <node>0</node> + </target> + <address type='dimm' slot='0' base='0x100000000'/> + </memory> + <memory model='dimm'> + <target> + <size unit='KiB'>524287</size> + <node>0</node> + </target> + <address type='dimm' slot='2'/> + </memory> + </devices> +</domain> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 8cac50c767..4cbf380e44 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1175,6 +1175,7 @@ mymain(void) QEMU_CAPS_OBJECT_MEMORY_FILE, QEMU_CAPS_LAST, ARG_END); DO_TEST_NOCAPS("memory-hotplug"); DO_TEST("memory-hotplug-dimm", QEMU_CAPS_DEVICE_PC_DIMM); + DO_TEST_CAPS_LATEST("memory-hotplug-dimm-addr"); DO_TEST("memory-hotplug-nvdimm", QEMU_CAPS_DEVICE_NVDIMM); DO_TEST("memory-hotplug-nvdimm-access", QEMU_CAPS_DEVICE_NVDIMM); DO_TEST("memory-hotplug-nvdimm-label", QEMU_CAPS_DEVICE_NVDIMM); -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:48 +0200, Michal Privoznik wrote:
After previous commit, when memory-hotplug-dimm-addr.xml file was fixed, we can also introduce the test case to qemuxml2xmltest.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- ...memory-hotplug-dimm-addr.x86_64-latest.xml | 63 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 2 files changed, 64 insertions(+) create mode 100644 tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Almost all of memory models we currently support allow setting virDomainMemoryDef::targetNode so that the memory module is associated with given guest NUMA node. And we do have a check whether the requested node is within bounds, but it's executed only when building QEMU's cmd line. Move it into validation phase. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_validate.c | 13 ++++++ src/qemu/qemu_command.c | 9 ---- .../memory-hotplug-invalid-targetnode.err | 1 + .../memory-hotplug-invalid-targetnode.xml | 42 +++++++++++++++++++ tests/qemuxml2argvtest.c | 1 + 5 files changed, 57 insertions(+), 9 deletions(-) create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index cfd868fafa..e673e4b81a 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2227,6 +2227,19 @@ virDomainMemoryDefValidate(const virDomainMemoryDef *mem, { unsigned long long thpSize; + /* Guest NUMA nodes are continuous and indexed from zero. */ + if (mem->targetNode != -1) { + const size_t nodeCount = virDomainNumaGetNodeCount(def->numa); + + if (mem->targetNode >= nodeCount) { + virReportError(VIR_ERR_XML_DETAIL, + _("can't add memory backend for guest node '%d' as the guest has only '%zu' NUMA nodes configured"), + mem->targetNode, nodeCount); + return -1; + } + } + + switch (mem->model) { case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: if (!mem->nvdimmPath) { diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 30c9bbbf2e..77f5644b1c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -3695,15 +3695,6 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps, *backendProps = NULL; if (mem->targetNode >= 0) { - /* memory devices could provide a invalid guest node */ - if (mem->targetNode >= virDomainNumaGetNodeCount(def->numa)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("can't add memory backend for guest node '%d' as " - "the guest has only '%zu' NUMA nodes configured"), - mem->targetNode, virDomainNumaGetNodeCount(def->numa)); - return -1; - } - if (memAccess == VIR_DOMAIN_MEMORY_ACCESS_DEFAULT) memAccess = virDomainNumaGetNodeMemoryAccessMode(def->numa, mem->targetNode); diff --git a/tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err b/tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err new file mode 100644 index 0000000000..a72e38bfaf --- /dev/null +++ b/tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err @@ -0,0 +1 @@ +can't add memory backend for guest node '1' as the guest has only '1' NUMA nodes configured diff --git a/tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml b/tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml new file mode 100644 index 0000000000..feb11368a8 --- /dev/null +++ b/tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml @@ -0,0 +1,42 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <maxMemory slots='16' unit='KiB'>1099511627776</maxMemory> + <memory unit='KiB'>1267710</memory> + <currentMemory unit='KiB'>1267710</currentMemory> + <vcpu placement='static' cpuset='0-1'>2</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <cpu> + <topology sockets='2' dies='1' cores='1' threads='1'/> + <numa> + <cell id='0' cpus='0-1' memory='219136' unit='KiB'/> + </numa> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <disk type='block' device='disk'> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='hda' bus='ide'/> + <address type='drive' controller='0' bus='0' target='0' unit='0'/> + </disk> + <controller type='ide' index='0'/> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'/> + <memory model='dimm'> + <target> + <size unit='KiB'>523264</size> + <node>1</node> + </target> + </memory> + </devices> +</domain> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index d1a36f653c..05537d9e96 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3079,6 +3079,7 @@ mymain(void) DO_TEST_FAILURE_NOCAPS("memory-align-fail"); DO_TEST_PARSE_ERROR("memory-hotplug-nonuma", QEMU_CAPS_DEVICE_PC_DIMM); + DO_TEST_PARSE_ERROR_NOCAPS("memory-hotplug-invalid-targetnode"); DO_TEST_NOCAPS("memory-hotplug"); DO_TEST("memory-hotplug", QEMU_CAPS_DEVICE_PC_DIMM, QEMU_CAPS_NUMA); DO_TEST("memory-hotplug-dimm", QEMU_CAPS_DEVICE_PC_DIMM, QEMU_CAPS_NUMA, -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:49 +0200, Michal Privoznik wrote:
Almost all of memory models we currently support allow setting virDomainMemoryDef::targetNode so that the memory module is associated with given guest NUMA node. And we do have a check whether the requested node is within bounds, but it's executed only when building QEMU's cmd line. Move it into validation phase.
The commit message should also point out, that while this commit is moving the validation to a place that does _not_ validate all the possible code paths, it's okay, because only the explicit memory device has user-configurable target node which could break the assumption.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_validate.c | 13 ++++++ src/qemu/qemu_command.c | 9 ---- .../memory-hotplug-invalid-targetnode.err | 1 + .../memory-hotplug-invalid-targetnode.xml | 42 +++++++++++++++++++ tests/qemuxml2argvtest.c | 1 + 5 files changed, 57 insertions(+), 9 deletions(-) create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
The qemuBuildMachineCommandLine() function is needlessly long. Separate out parts that generate arguments based on domainDef->features[] into qemuAppendDomainFeaturesMachineParam(). Unfortunately, expected outputs for some qemuxml2argvdata cases needed to be updated because the order in which features are generated is changed. But there's no functional change. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_command.c | 154 ++++++++++-------- ...-auto-efi-enrolled-keys.x86_64-latest.args | 2 +- ...-auto-efi-loader-secure.x86_64-latest.args | 2 +- ...firmware-auto-efi-nvram.x86_64-latest.args | 2 +- ...rmware-auto-efi-secboot.x86_64-latest.args | 2 +- .../firmware-auto-efi.x86_64-latest.args | 2 +- .../firmware-manual-efi-secure.args | 2 +- .../machine-smm-off.x86_64-latest.args | 2 +- .../machine-smm-on.x86_64-latest.args | 2 +- .../qemuxml2argvdata/machine-vmport-opt.args | 2 +- .../q35-virt-manager-basic.args | 2 +- .../tseg-explicit-size.x86_64-latest.args | 2 +- 12 files changed, 95 insertions(+), 81 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 77f5644b1c..b5f1d7de0a 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6956,48 +6956,21 @@ qemuBuildNameCommandLine(virCommand *cmd, return 0; } + static int -qemuBuildMachineCommandLine(virCommand *cmd, - virQEMUDriverConfig *cfg, - const virDomainDef *def, - virQEMUCaps *qemuCaps, - qemuDomainObjPrivate *priv) +qemuAppendDomainFeaturesMachineParam(virBuffer *buf, + const virDomainDef *def, + virQEMUCaps *qemuCaps) { virTristateSwitch vmport = def->features[VIR_DOMAIN_FEATURE_VMPORT]; virTristateSwitch smm = def->features[VIR_DOMAIN_FEATURE_SMM]; - virCPUDef *cpu = def->cpu; - g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; - size_t i; - - virCommandAddArg(cmd, "-machine"); - virBufferAdd(&buf, def->os.machine, -1); - - /* To avoid the collision of creating USB controllers when calling - * machine->init in QEMU, it needs to set usb=off - */ - virBufferAddLit(&buf, ",usb=off"); if (vmport != VIR_TRISTATE_SWITCH_ABSENT) - virBufferAsprintf(&buf, ",vmport=%s", + virBufferAsprintf(buf, ",vmport=%s", virTristateSwitchTypeToString(vmport)); - if (smm) - virBufferAsprintf(&buf, ",smm=%s", virTristateSwitchTypeToString(smm)); - - if (def->mem.dump_core) { - virBufferAsprintf(&buf, ",dump-guest-core=%s", - virTristateSwitchTypeToString(def->mem.dump_core)); - } else { - virBufferAsprintf(&buf, ",dump-guest-core=%s", - cfg->dumpGuestCore ? "on" : "off"); - } - - if (def->mem.nosharepages) - virBufferAddLit(&buf, ",mem-merge=off"); - - if (def->keywrap && - !qemuAppendKeyWrapMachineParms(&buf, qemuCaps, def->keywrap)) - return -1; + if (smm != VIR_TRISTATE_SWITCH_ABSENT) + virBufferAsprintf(buf, ",smm=%s", virTristateSwitchTypeToString(smm)); if (def->features[VIR_DOMAIN_FEATURE_GIC] == VIR_TRISTATE_SWITCH_ON) { bool hasGICVersionOption = virQEMUCapsGet(qemuCaps, @@ -7025,7 +6998,7 @@ qemuBuildMachineCommandLine(virCommand *cmd, return -1; } - virBufferAsprintf(&buf, ",gic-version=%s", + virBufferAsprintf(buf, ",gic-version=%s", virGICVersionTypeToString(def->gic_version)); break; @@ -7036,38 +7009,13 @@ qemuBuildMachineCommandLine(virCommand *cmd, } } - if (def->iommu) { - switch (def->iommu->model) { - case VIR_DOMAIN_IOMMU_MODEL_SMMUV3: - virBufferAddLit(&buf, ",iommu=smmuv3"); - break; - - case VIR_DOMAIN_IOMMU_MODEL_INTEL: - case VIR_DOMAIN_IOMMU_MODEL_VIRTIO: - /* These IOMMUs are formatted in qemuBuildIOMMUCommandLine */ - break; - - case VIR_DOMAIN_IOMMU_MODEL_LAST: - default: - virReportEnumRangeError(virDomainIOMMUModel, def->iommu->model); - return -1; - } - } - - for (i = 0; i < def->nmems; i++) { - if (def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM) { - virBufferAddLit(&buf, ",nvdimm=on"); - break; - } - } - if (def->features[VIR_DOMAIN_FEATURE_IOAPIC] != VIR_DOMAIN_IOAPIC_NONE) { switch ((virDomainIOAPIC) def->features[VIR_DOMAIN_FEATURE_IOAPIC]) { case VIR_DOMAIN_IOAPIC_QEMU: - virBufferAddLit(&buf, ",kernel_irqchip=split"); + virBufferAddLit(buf, ",kernel_irqchip=split"); break; case VIR_DOMAIN_IOAPIC_KVM: - virBufferAddLit(&buf, ",kernel_irqchip=on"); + virBufferAddLit(buf, ",kernel_irqchip=on"); break; case VIR_DOMAIN_IOAPIC_NONE: case VIR_DOMAIN_IOAPIC_LAST: @@ -7078,12 +7026,12 @@ qemuBuildMachineCommandLine(virCommand *cmd, if (def->features[VIR_DOMAIN_FEATURE_HPT] == VIR_TRISTATE_SWITCH_ON) { if (def->hpt_resizing != VIR_DOMAIN_HPT_RESIZING_NONE) { - virBufferAsprintf(&buf, ",resize-hpt=%s", + virBufferAsprintf(buf, ",resize-hpt=%s", virDomainHPTResizingTypeToString(def->hpt_resizing)); } if (def->hpt_maxpagesize > 0) { - virBufferAsprintf(&buf, ",cap-hpt-max-page-size=%lluk", + virBufferAsprintf(buf, ",cap-hpt-max-page-size=%lluk", def->hpt_maxpagesize); } } @@ -7091,34 +7039,100 @@ qemuBuildMachineCommandLine(virCommand *cmd, if (def->features[VIR_DOMAIN_FEATURE_HTM] != VIR_TRISTATE_SWITCH_ABSENT) { const char *str; str = virTristateSwitchTypeToString(def->features[VIR_DOMAIN_FEATURE_HTM]); - virBufferAsprintf(&buf, ",cap-htm=%s", str); + virBufferAsprintf(buf, ",cap-htm=%s", str); } if (def->features[VIR_DOMAIN_FEATURE_NESTED_HV] != VIR_TRISTATE_SWITCH_ABSENT) { const char *str; str = virTristateSwitchTypeToString(def->features[VIR_DOMAIN_FEATURE_NESTED_HV]); - virBufferAsprintf(&buf, ",cap-nested-hv=%s", str); + virBufferAsprintf(buf, ",cap-nested-hv=%s", str); } if (def->features[VIR_DOMAIN_FEATURE_CCF_ASSIST] != VIR_TRISTATE_SWITCH_ABSENT) { const char *str; str = virTristateSwitchTypeToString(def->features[VIR_DOMAIN_FEATURE_CCF_ASSIST]); - virBufferAsprintf(&buf, ",cap-ccf-assist=%s", str); + virBufferAsprintf(buf, ",cap-ccf-assist=%s", str); } if (def->features[VIR_DOMAIN_FEATURE_CFPC] != VIR_DOMAIN_CFPC_NONE) { const char *str = virDomainCFPCTypeToString(def->features[VIR_DOMAIN_FEATURE_CFPC]); - virBufferAsprintf(&buf, ",cap-cfpc=%s", str); + virBufferAsprintf(buf, ",cap-cfpc=%s", str); } if (def->features[VIR_DOMAIN_FEATURE_SBBC] != VIR_DOMAIN_SBBC_NONE) { const char *str = virDomainSBBCTypeToString(def->features[VIR_DOMAIN_FEATURE_SBBC]); - virBufferAsprintf(&buf, ",cap-sbbc=%s", str); + virBufferAsprintf(buf, ",cap-sbbc=%s", str); } if (def->features[VIR_DOMAIN_FEATURE_IBS] != VIR_DOMAIN_IBS_NONE) { const char *str = virDomainIBSTypeToString(def->features[VIR_DOMAIN_FEATURE_IBS]); - virBufferAsprintf(&buf, ",cap-ibs=%s", str); + virBufferAsprintf(buf, ",cap-ibs=%s", str); + } + + return 0; +} + + +static int +qemuBuildMachineCommandLine(virCommand *cmd, + virQEMUDriverConfig *cfg, + const virDomainDef *def, + virQEMUCaps *qemuCaps, + qemuDomainObjPrivate *priv) +{ + virCPUDef *cpu = def->cpu; + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + size_t i; + + virCommandAddArg(cmd, "-machine"); + virBufferAdd(&buf, def->os.machine, -1); + + /* To avoid the collision of creating USB controllers when calling + * machine->init in QEMU, it needs to set usb=off + */ + virBufferAddLit(&buf, ",usb=off"); + + if (def->mem.dump_core) { + virBufferAsprintf(&buf, ",dump-guest-core=%s", + virTristateSwitchTypeToString(def->mem.dump_core)); + } else { + virBufferAsprintf(&buf, ",dump-guest-core=%s", + cfg->dumpGuestCore ? "on" : "off"); + } + + if (def->mem.nosharepages) + virBufferAddLit(&buf, ",mem-merge=off"); + + if (def->keywrap && + !qemuAppendKeyWrapMachineParms(&buf, qemuCaps, def->keywrap)) + return -1; + + if (qemuAppendDomainFeaturesMachineParam(&buf, def, qemuCaps) < 0) + return -1; + + if (def->iommu) { + switch (def->iommu->model) { + case VIR_DOMAIN_IOMMU_MODEL_SMMUV3: + virBufferAddLit(&buf, ",iommu=smmuv3"); + break; + + case VIR_DOMAIN_IOMMU_MODEL_INTEL: + case VIR_DOMAIN_IOMMU_MODEL_VIRTIO: + /* These IOMMUs are formatted in qemuBuildIOMMUCommandLine */ + break; + + case VIR_DOMAIN_IOMMU_MODEL_LAST: + default: + virReportEnumRangeError(virDomainIOMMUModel, def->iommu->model); + return -1; + } + } + + for (i = 0; i < def->nmems; i++) { + if (def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM) { + virBufferAddLit(&buf, ",nvdimm=on"); + break; + } } if (cpu && cpu->model && diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args index 7479b05af4..a9391d7921 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args index 7479b05af4..a9391d7921 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args index 1061e93554..9795dedc7c 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/path/to/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args index 7479b05af4..a9391d7921 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args index 7479b05af4..a9391d7921 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-secure.args b/tests/qemuxml2argvdata/firmware-manual-efi-secure.args index fe0f78599b..1a5f83e489 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-secure.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-secure.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=test-bios,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-test-bios/master-key.aes \ --machine q35,usb=off,smm=on,dump-guest-core=off \ +-machine q35,usb=off,dump-guest-core=off,smm=on \ -accel tcg \ -global driver=cfi.pflash01,property=secure,value=on \ -drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on \ diff --git a/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args b/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args index 46f6a4a70c..83462bec68 100644 --- a/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args +++ b/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,smm=off,dump-guest-core=off,memory-backend=pc.ram \ +-machine q35,usb=off,dump-guest-core=off,smm=off,memory-backend=pc.ram \ -accel tcg \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args b/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args index 6fde375523..53a03124b4 100644 --- a/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args +++ b/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram \ +-machine q35,usb=off,dump-guest-core=off,smm=on,memory-backend=pc.ram \ -accel tcg \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/machine-vmport-opt.args b/tests/qemuxml2argvdata/machine-vmport-opt.args index c95c972803..769f3d67e5 100644 --- a/tests/qemuxml2argvdata/machine-vmport-opt.args +++ b/tests/qemuxml2argvdata/machine-vmport-opt.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine pc,usb=off,vmport=off,dump-guest-core=off \ +-machine pc,usb=off,dump-guest-core=off,vmport=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/q35-virt-manager-basic.args b/tests/qemuxml2argvdata/q35-virt-manager-basic.args index 32875f291c..b4c9715717 100644 --- a/tests/qemuxml2argvdata/q35-virt-manager-basic.args +++ b/tests/qemuxml2argvdata/q35-virt-manager-basic.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=spice \ -name guest=virt-manager-basic,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-virt-manager-basic/master-key.aes \ --machine q35,usb=off,vmport=off,dump-guest-core=off \ +-machine q35,usb=off,dump-guest-core=off,vmport=off \ -accel kvm \ -m 4096 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args b/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args index 3371199be5..e05f295c4f 100644 --- a/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args +++ b/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine pc-q35-2.10,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram \ +-machine pc-q35-2.10,usb=off,dump-guest-core=off,smm=on,memory-backend=pc.ram \ -accel tcg \ -global mch.extended-tseg-mbytes=48 \ -cpu qemu64 \ -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:50 +0200, Michal Privoznik wrote:
The qemuBuildMachineCommandLine() function is needlessly long. Separate out parts that generate arguments based on domainDef->features[] into qemuAppendDomainFeaturesMachineParam(). Unfortunately, expected outputs for some qemuxml2argvdata cases needed to be updated because the order in which features are generated is changed. But there's no functional change.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_command.c | 154 ++++++++++-------- ...-auto-efi-enrolled-keys.x86_64-latest.args | 2 +- ...-auto-efi-loader-secure.x86_64-latest.args | 2 +- ...firmware-auto-efi-nvram.x86_64-latest.args | 2 +- ...rmware-auto-efi-secboot.x86_64-latest.args | 2 +- .../firmware-auto-efi.x86_64-latest.args | 2 +- .../firmware-manual-efi-secure.args | 2 +- .../machine-smm-off.x86_64-latest.args | 2 +- .../machine-smm-on.x86_64-latest.args | 2 +- .../qemuxml2argvdata/machine-vmport-opt.args | 2 +- .../q35-virt-manager-basic.args | 2 +- .../tseg-explicit-size.x86_64-latest.args | 2 +- 12 files changed, 95 insertions(+), 81 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
The qemuBuildMachineCommandLine() function is needlessly long. Separate out parts that generate memory related arguments into qemuAppendDomainMemoryMachineParams(). Unfortunately, expected outputs for some qemuxml2argvdata cases needed to be updated because the order in which arguments are generated is changed. But there's no functional change. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_command.c | 87 +++++++++++-------- .../aarch64-aavmf-virtio-mmio.args | 2 +- .../aarch64-cpu-passthrough.args | 2 +- ...fault-cpu-kvm-virt-4.2.aarch64-latest.args | 2 +- ...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 2 +- .../aarch64-features-sve.aarch64-latest.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-host.args | 2 +- .../aarch64-gic-none-tcg.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-v2.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-v3.args | 2 +- .../qemuxml2argvdata/aarch64-pci-serial.args | 2 +- .../aarch64-tpm.aarch64-latest.args | 2 +- .../aarch64-traditional-pci.args | 2 +- .../aarch64-usb-controller-nec-xhci.args | 2 +- .../aarch64-usb-controller-qemu-xhci.args | 2 +- .../aarch64-video-default.args | 2 +- .../aarch64-video-virtio-gpu-pci.args | 2 +- .../aarch64-virt-2.6-virtio-pci-default.args | 2 +- .../aarch64-virt-default-nic.args | 2 +- .../aarch64-virt-graphics.aarch64-latest.args | 2 +- .../aarch64-virt-headless.aarch64-latest.args | 2 +- .../qemuxml2argvdata/aarch64-virt-virtio.args | 2 +- .../aarch64-virtio-pci-default.args | 2 +- .../aarch64-virtio-pci-manual-addresses.args | 2 +- .../balloon-mmio-deflate.args | 2 +- .../clock-timer-armvtimer.aarch64-latest.args | 2 +- ...ult-video-type-aarch64.aarch64-latest.args | 2 +- ...mware-auto-efi-aarch64.aarch64-latest.args | 2 +- ...-auto-efi-enrolled-keys.x86_64-latest.args | 2 +- ...-auto-efi-loader-secure.x86_64-latest.args | 2 +- ...to-efi-no-enrolled-keys.x86_64-latest.args | 2 +- ...are-auto-efi-no-secboot.x86_64-latest.args | 2 +- ...firmware-auto-efi-nvram.x86_64-latest.args | 2 +- ...rmware-auto-efi-secboot.x86_64-latest.args | 2 +- ...ware-auto-efi-stateless.x86_64-latest.args | 2 +- .../firmware-auto-efi.x86_64-latest.args | 2 +- ...manual-bios-rw-implicit.x86_64-latest.args | 2 +- ...firmware-manual-bios-rw.x86_64-latest.args | 2 +- .../firmware-manual-efi-acpi-aarch64.args | 2 +- .../firmware-manual-efi-noacpi-aarch64.args | 2 +- ...e-manual-efi-nvram-file.x86_64-latest.args | 2 +- ...efi-nvram-network-iscsi.x86_64-latest.args | 2 +- ...l-efi-nvram-network-nbd.x86_64-latest.args | 2 +- ...nual-efi-nvram-template.x86_64-latest.args | 2 +- .../firmware-manual-efi-secure.args | 2 +- ...re-manual-efi-stateless.x86_64-latest.args | 2 +- .../firmware-manual-noefi-noacpi-aarch64.args | 2 +- .../hvf-aarch64-virt-headless.args | 2 +- .../intel-iommu-aw-bits.x86_64-latest.args | 2 +- ...ntel-iommu-caching-mode.x86_64-latest.args | 2 +- ...ntel-iommu-device-iotlb.x86_64-latest.args | 2 +- .../intel-iommu-eim.x86_64-latest.args | 2 +- .../iommu-smmuv3.aarch64-latest.args | 2 +- .../launch-security-s390-pv.s390x-latest.args | 2 +- ...nch-security-sev-direct.x86_64-latest.args | 2 +- ...ev-missing-platform-info.x86_64-6.0.0.args | 2 +- .../launch-security-sev.x86_64-6.0.0.args | 2 +- .../mach-virt-console-virtio.args | 2 +- .../mach-virt-serial-native.args | 2 +- .../mach-virt-serial-pci.args | 2 +- .../mach-virt-serial-usb.args | 2 +- .../machine-aeskeywrap-off-cap.args | 2 +- .../machine-aeskeywrap-off-caps.args | 2 +- .../machine-aeskeywrap-on-cap.args | 2 +- .../machine-aeskeywrap-on-caps.args | 2 +- .../machine-deakeywrap-off-cap.args | 2 +- .../machine-deakeywrap-off-caps.args | 2 +- .../machine-deakeywrap-on-cap.args | 2 +- .../machine-deakeywrap-on-caps.args | 2 +- .../machine-smm-off.x86_64-latest.args | 2 +- .../machine-smm-on.x86_64-latest.args | 2 +- .../qemuxml2argvdata/machine-vmport-opt.args | 2 +- ...e-expander-bus-aarch64.aarch64-latest.args | 2 +- ...eries-cpu-compat-power10.ppc64-latest.args | 2 +- ...series-cpu-compat-power9.ppc64-latest.args | 2 +- tests/qemuxml2argvdata/pseries-features.args | 2 +- .../q35-virt-manager-basic.args | 2 +- .../tseg-explicit-size.x86_64-latest.args | 2 +- .../virtio-iommu-aarch64.aarch64-latest.args | 2 +- 79 files changed, 128 insertions(+), 115 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index b5f1d7de0a..8699b88220 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7073,6 +7073,54 @@ qemuAppendDomainFeaturesMachineParam(virBuffer *buf, } +static int +qemuAppendDomainMemoryMachineParams(virBuffer *buf, + virQEMUDriverConfig *cfg, + const virDomainDef *def, + virQEMUCaps *qemuCaps) +{ + size_t i; + + if (def->mem.dump_core) { + virBufferAsprintf(buf, ",dump-guest-core=%s", + virTristateSwitchTypeToString(def->mem.dump_core)); + } else { + virBufferAsprintf(buf, ",dump-guest-core=%s", + cfg->dumpGuestCore ? "on" : "off"); + } + + if (def->mem.nosharepages) + virBufferAddLit(buf, ",mem-merge=off"); + + for (i = 0; i < def->nmems; i++) { + if (def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM) { + virBufferAddLit(buf, ",nvdimm=on"); + break; + } + } + + if (!virDomainNumaGetNodeCount(def->numa)) { + const char *defaultRAMid = NULL; + + /* QEMU is obsoleting -mem-path and -mem-prealloc. That means we have + * to switch to memory-backend-* even for regular RAM and to keep + * domain migratable we have to set the same ID as older QEMUs would. + * If domain has no NUMA nodes and QEMU is new enough to expose ID of + * the default RAM we want to use it for default RAM (construct + * memory-backend-* with corresponding attributes instead of obsolete + * -mem-path and -mem-prealloc). + * This generates only reference for the memory-backend-* object added + * later in qemuBuildMemCommandLine() */ + defaultRAMid = virQEMUCapsGetMachineDefaultRAMid(qemuCaps, + def->virtType, + def->os.machine); + if (defaultRAMid) + virBufferAsprintf(buf, ",memory-backend=%s", defaultRAMid); + } + + return 0; +} + static int qemuBuildMachineCommandLine(virCommand *cmd, virQEMUDriverConfig *cfg, @@ -7082,7 +7130,6 @@ qemuBuildMachineCommandLine(virCommand *cmd, { virCPUDef *cpu = def->cpu; g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; - size_t i; virCommandAddArg(cmd, "-machine"); virBufferAdd(&buf, def->os.machine, -1); @@ -7092,17 +7139,6 @@ qemuBuildMachineCommandLine(virCommand *cmd, */ virBufferAddLit(&buf, ",usb=off"); - if (def->mem.dump_core) { - virBufferAsprintf(&buf, ",dump-guest-core=%s", - virTristateSwitchTypeToString(def->mem.dump_core)); - } else { - virBufferAsprintf(&buf, ",dump-guest-core=%s", - cfg->dumpGuestCore ? "on" : "off"); - } - - if (def->mem.nosharepages) - virBufferAddLit(&buf, ",mem-merge=off"); - if (def->keywrap && !qemuAppendKeyWrapMachineParms(&buf, qemuCaps, def->keywrap)) return -1; @@ -7128,12 +7164,8 @@ qemuBuildMachineCommandLine(virCommand *cmd, } } - for (i = 0; i < def->nmems; i++) { - if (def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM) { - virBufferAddLit(&buf, ",nvdimm=on"); - break; - } - } + if (qemuAppendDomainMemoryMachineParams(&buf, cfg, def, qemuCaps) < 0) + return -1; if (cpu && cpu->model && cpu->mode == VIR_CPU_MODE_HOST_MODEL && @@ -7174,25 +7206,6 @@ qemuBuildMachineCommandLine(virCommand *cmd, if (virDomainNumaHasHMAT(def->numa)) virBufferAddLit(&buf, ",hmat=on"); - if (!virDomainNumaGetNodeCount(def->numa)) { - const char *defaultRAMid = NULL; - - /* QEMU is obsoleting -mem-path and -mem-prealloc. That means we have - * to switch to memory-backend-* even for regular RAM and to keep - * domain migratable we have to set the same ID as older QEMUs would. - * If domain has no NUMA nodes and QEMU is new enough to expose ID of - * the default RAM we want to use it for default RAM (construct - * memory-backend-* with corresponding attributes instead of obsolete - * -mem-path and -mem-prealloc). - * This generates only reference for the memory-backend-* object added - * later in qemuBuildMemCommandLine() */ - defaultRAMid = virQEMUCapsGetMachineDefaultRAMid(qemuCaps, - def->virtType, - def->os.machine); - if (defaultRAMid) - virBufferAsprintf(&buf, ",memory-backend=%s", defaultRAMid); - } - /* On x86 targets, graphics=off activates the serial console * output mode in the firmware. On non-x86 targets it has * various other undesirable effects that we certainly do diff --git a/tests/qemuxml2argvdata/aarch64-aavmf-virtio-mmio.args b/tests/qemuxml2argvdata/aarch64-aavmf-virtio-mmio.args index f41907ce2b..bce0fb3be2 100644 --- a/tests/qemuxml2argvdata/aarch64-aavmf-virtio-mmio.args +++ b/tests/qemuxml2argvdata/aarch64-aavmf-virtio-mmio.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a53 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-cpu-passthrough.args b/tests/qemuxml2argvdata/aarch64-cpu-passthrough.args index b22f8b1de4..365a9b95bd 100644 --- a/tests/qemuxml2argvdata/aarch64-cpu-passthrough.args +++ b/tests/qemuxml2argvdata/aarch64-cpu-passthrough.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel kvm \ -cpu host \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-default-cpu-kvm-virt-4.2.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-default-cpu-kvm-virt-4.2.aarch64-latest.args index c17bcad5cf..ea798c2511 100644 --- a/tests/qemuxml2argvdata/aarch64-default-cpu-kvm-virt-4.2.aarch64-latest.args +++ b/tests/qemuxml2argvdata/aarch64-default-cpu-kvm-virt-4.2.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-guest/master-key.aes"}' \ --machine virt-4.2,usb=off,dump-guest-core=off,gic-version=3,memory-backend=mach-virt.ram \ +-machine virt-4.2,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel kvm \ -m 4096 \ -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":4294967296}' \ diff --git a/tests/qemuxml2argvdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args index 12d80b1f02..793584c4eb 100644 --- a/tests/qemuxml2argvdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args +++ b/tests/qemuxml2argvdata/aarch64-default-cpu-tcg-virt-4.2.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-guest/master-key.aes"}' \ --machine virt-4.2,usb=off,dump-guest-core=off,gic-version=2,memory-backend=mach-virt.ram \ +-machine virt-4.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel tcg \ -cpu cortex-a15 \ -m 4096 \ diff --git a/tests/qemuxml2argvdata/aarch64-features-sve.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-features-sve.aarch64-latest.args index 9b5485c957..7c4e011e57 100644 --- a/tests/qemuxml2argvdata/aarch64-features-sve.aarch64-latest.args +++ b/tests/qemuxml2argvdata/aarch64-features-sve.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-guest/master-key.aes"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=3,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel kvm \ -cpu host,sve512=on,sve384=off,sve256=on,sve128=on,sve=on \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-gic-host.args b/tests/qemuxml2argvdata/aarch64-gic-host.args index a064d52b7d..a3afd2393d 100644 --- a/tests/qemuxml2argvdata/aarch64-gic-host.args +++ b/tests/qemuxml2argvdata/aarch64-gic-host.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=host \ +-machine virt,usb=off,gic-version=host,dump-guest-core=off \ -accel kvm \ -cpu host \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-gic-none-tcg.args b/tests/qemuxml2argvdata/aarch64-gic-none-tcg.args index 48c856f517..5925c3768f 100644 --- a/tests/qemuxml2argvdata/aarch64-gic-none-tcg.args +++ b/tests/qemuxml2argvdata/aarch64-gic-none-tcg.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a57 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-gic-v2.args b/tests/qemuxml2argvdata/aarch64-gic-v2.args index 43e142372d..76efb79ef1 100644 --- a/tests/qemuxml2argvdata/aarch64-gic-v2.args +++ b/tests/qemuxml2argvdata/aarch64-gic-v2.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel kvm \ -cpu host \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-gic-v3.args b/tests/qemuxml2argvdata/aarch64-gic-v3.args index 2cc39ab3b5..14363365cd 100644 --- a/tests/qemuxml2argvdata/aarch64-gic-v3.args +++ b/tests/qemuxml2argvdata/aarch64-gic-v3.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=3 \ +-machine virt,usb=off,gic-version=3,dump-guest-core=off \ -accel kvm \ -cpu host \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-pci-serial.args b/tests/qemuxml2argvdata/aarch64-pci-serial.args index 89dee4243e..1e25999906 100644 --- a/tests/qemuxml2argvdata/aarch64-pci-serial.args +++ b/tests/qemuxml2argvdata/aarch64-pci-serial.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 1024 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args index 3125460a95..89ae9bc61c 100644 --- a/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args +++ b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-aarch64test/.config \ -name guest=aarch64test,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-aarch64test/master-key.aes"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=2,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel tcg \ -cpu cortex-a15 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-traditional-pci.args b/tests/qemuxml2argvdata/aarch64-traditional-pci.args index 939e938231..204ecd621e 100644 --- a/tests/qemuxml2argvdata/aarch64-traditional-pci.args +++ b/tests/qemuxml2argvdata/aarch64-traditional-pci.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 1024 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/aarch64-usb-controller-nec-xhci.args b/tests/qemuxml2argvdata/aarch64-usb-controller-nec-xhci.args index fbb40f8529..6d5308f6c3 100644 --- a/tests/qemuxml2argvdata/aarch64-usb-controller-nec-xhci.args +++ b/tests/qemuxml2argvdata/aarch64-usb-controller-nec-xhci.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/aarch64-usb-controller-qemu-xhci.args b/tests/qemuxml2argvdata/aarch64-usb-controller-qemu-xhci.args index f7deb39419..8f3d2a3aba 100644 --- a/tests/qemuxml2argvdata/aarch64-usb-controller-qemu-xhci.args +++ b/tests/qemuxml2argvdata/aarch64-usb-controller-qemu-xhci.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/aarch64-video-default.args b/tests/qemuxml2argvdata/aarch64-video-default.args index 19050eb340..94d771cfd9 100644 --- a/tests/qemuxml2argvdata/aarch64-video-default.args +++ b/tests/qemuxml2argvdata/aarch64-video-default.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64-vgpu,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64-vgpu/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a57 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-video-virtio-gpu-pci.args b/tests/qemuxml2argvdata/aarch64-video-virtio-gpu-pci.args index ce9144c820..a376806bc6 100644 --- a/tests/qemuxml2argvdata/aarch64-video-virtio-gpu-pci.args +++ b/tests/qemuxml2argvdata/aarch64-video-virtio-gpu-pci.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64-vgpu,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64-vgpu/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a57 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-virt-2.6-virtio-pci-default.args b/tests/qemuxml2argvdata/aarch64-virt-2.6-virtio-pci-default.args index ac5cf85c85..228d7aaac3 100644 --- a/tests/qemuxml2argvdata/aarch64-virt-2.6-virtio-pci-default.args +++ b/tests/qemuxml2argvdata/aarch64-virt-2.6-virtio-pci-default.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt-2.6,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt-2.6,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a53 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-virt-default-nic.args b/tests/qemuxml2argvdata/aarch64-virt-default-nic.args index 229c2fca89..b7c9f566a4 100644 --- a/tests/qemuxml2argvdata/aarch64-virt-default-nic.args +++ b/tests/qemuxml2argvdata/aarch64-virt-default-nic.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64-virt-default-nic,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64-virt-default/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a53 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-virt-graphics.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-virt-graphics.aarch64-latest.args index 4d670b6663..27cd328007 100644 --- a/tests/qemuxml2argvdata/aarch64-virt-graphics.aarch64-latest.args +++ b/tests/qemuxml2argvdata/aarch64-virt-graphics.aarch64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/some/user/nvram/path/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=2,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu cortex-a15 \ -m 4096 \ diff --git a/tests/qemuxml2argvdata/aarch64-virt-headless.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-virt-headless.aarch64-latest.args index 37e3fdeeeb..5dc81dc18b 100644 --- a/tests/qemuxml2argvdata/aarch64-virt-headless.aarch64-latest.args +++ b/tests/qemuxml2argvdata/aarch64-virt-headless.aarch64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/some/user/nvram/path/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=2,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu cortex-a15 \ -m 4096 \ diff --git a/tests/qemuxml2argvdata/aarch64-virt-virtio.args b/tests/qemuxml2argvdata/aarch64-virt-virtio.args index c20f80928c..7d5e0a7924 100644 --- a/tests/qemuxml2argvdata/aarch64-virt-virtio.args +++ b/tests/qemuxml2argvdata/aarch64-virt-virtio.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a53 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-virtio-pci-default.args b/tests/qemuxml2argvdata/aarch64-virtio-pci-default.args index 4c63049723..813a67eb7d 100644 --- a/tests/qemuxml2argvdata/aarch64-virtio-pci-default.args +++ b/tests/qemuxml2argvdata/aarch64-virtio-pci-default.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a53 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/aarch64-virtio-pci-manual-addresses.args b/tests/qemuxml2argvdata/aarch64-virtio-pci-manual-addresses.args index 4951a60cd0..a9b865e171 100644 --- a/tests/qemuxml2argvdata/aarch64-virtio-pci-manual-addresses.args +++ b/tests/qemuxml2argvdata/aarch64-virtio-pci-manual-addresses.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a53 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/balloon-mmio-deflate.args b/tests/qemuxml2argvdata/balloon-mmio-deflate.args index 6837a3e578..ed11e80733 100644 --- a/tests/qemuxml2argvdata/balloon-mmio-deflate.args +++ b/tests/qemuxml2argvdata/balloon-mmio-deflate.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=aarch64test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-aarch64test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -cpu cortex-a53 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/clock-timer-armvtimer.aarch64-latest.args b/tests/qemuxml2argvdata/clock-timer-armvtimer.aarch64-latest.args index 1a5fc89d8a..ce489c3711 100644 --- a/tests/qemuxml2argvdata/clock-timer-armvtimer.aarch64-latest.args +++ b/tests/qemuxml2argvdata/clock-timer-armvtimer.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-guest/master-key.aes"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=3,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel kvm \ -cpu host,kvm-no-adjvtime=on \ -m 4096 \ diff --git a/tests/qemuxml2argvdata/default-video-type-aarch64.aarch64-latest.args b/tests/qemuxml2argvdata/default-video-type-aarch64.aarch64-latest.args index e13a2be3f0..6afb7a8f18 100644 --- a/tests/qemuxml2argvdata/default-video-type-aarch64.aarch64-latest.args +++ b/tests/qemuxml2argvdata/default-video-type-aarch64.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-default-video-type-a/.config \ -name guest=default-video-type-aarch64-test,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-default-video-type-a/master-key.aes"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=3,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel kvm \ -m 1024 \ -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args index 93f808aba9..b8959f89f4 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-aarch64test/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/aarch64test_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine virt-4.0,usb=off,dump-guest-core=off,gic-version=2,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=mach-virt.ram \ +-machine virt-4.0,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu cortex-a15 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args index a9391d7921..0b02464963 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args index a9391d7921..0b02464963 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args index b2cc6d3ab8..a1ef95ee03 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel kvm \ -cpu qemu64 \ -m 8 \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args index b2cc6d3ab8..a1ef95ee03 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel kvm \ -cpu qemu64 \ -m 8 \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args index 9795dedc7c..3659889bf3 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/path/to/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args index a9391d7921..0b02464963 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args index 89f733761e..b79c141b18 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args @@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}' \ -blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF.sev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format \ -accel kvm \ -cpu qemu64 \ -m 8 \ diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args index a9391d7921..0b02464963 100644 --- a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc-q35-4.0,usb=off,dump-guest-core=off,smm=on,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel kvm \ -cpu qemu64 \ -global driver=cfi.pflash01,property=secure,value=on \ diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args index 9830078318..7a0d663f81 100644 --- a/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args @@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-test-bios/master-key.aes"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/test-bios.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":false,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format \ -accel tcg \ -cpu qemu64 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args index 9830078318..7a0d663f81 100644 --- a/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args @@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-test-bios/master-key.aes"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/test-bios.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":false,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format \ -accel tcg \ -cpu qemu64 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args index ef98c940f7..e2f03f697c 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -drive file=/usr/share/AAVMF/AAVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \ -drive file=/some/user/nvram/path/guest_VARS.fd,if=pflash,format=raw,unit=1 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args index f3aa947e52..06da86c827 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -drive file=/usr/share/AAVMF/AAVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \ -drive file=/some/user/nvram/path/guest_VARS.fd,if=pflash,format=raw,unit=1 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args index bede23b678..d3ee7c0fee 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu qemu64 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args index 868a5c6465..07f2180cd8 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args @@ -15,7 +15,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \ -object '{"qom-type":"secret","id":"libvirt-pflash1-storage-auth-secret0","data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","keyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw==","format":"base64"}' \ -blockdev '{"driver":"iscsi","portal":"example.com:6000","target":"iqn.2013-07.com.example:iscsi-nopool","lun":0,"transport":"tcp","user":"myname","password-secret":"libvirt-pflash1-storage-auth-secret0","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu qemu64 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args index 7ea855e02c..f2864f6086 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"nbd","server":{"type":"inet","host":"example.org","port":"6000"},"export":"bar","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu qemu64 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args index de7245fed0..1d24a734c6 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/test-bios_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu qemu64 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-secure.args b/tests/qemuxml2argvdata/firmware-manual-efi-secure.args index 1a5f83e489..fe0f78599b 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-secure.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-secure.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=test-bios,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-test-bios/master-key.aes \ --machine q35,usb=off,dump-guest-core=off,smm=on \ +-machine q35,usb=off,smm=on,dump-guest-core=off \ -accel tcg \ -global driver=cfi.pflash01,property=secure,value=on \ -drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on \ diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args index fa4a677ce9..e87c2d6638 100644 --- a/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args +++ b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args @@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-test-bios/master-key.aes"}' \ -blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format \ -accel tcg \ -cpu qemu64 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args index 293085b105..b175607f1a 100644 --- a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args +++ b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 1024 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/hvf-aarch64-virt-headless.args b/tests/qemuxml2argvdata/hvf-aarch64-virt-headless.args index 3c7747ee51..24de5707db 100644 --- a/tests/qemuxml2argvdata/hvf-aarch64-virt-headless.args +++ b/tests/qemuxml2argvdata/hvf-aarch64-virt-headless.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=test,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-test/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel hvf \ -drive file=/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw,if=pflash,format=raw,unit=0,readonly=on \ -drive file=/some/user/nvram/path/guest_VARS.fd,if=pflash,format=raw,unit=1 \ diff --git a/tests/qemuxml2argvdata/intel-iommu-aw-bits.x86_64-latest.args b/tests/qemuxml2argvdata/intel-iommu-aw-bits.x86_64-latest.args index df11e3ddab..417b5fb9dc 100644 --- a/tests/qemuxml2argvdata/intel-iommu-aw-bits.x86_64-latest.args +++ b/tests/qemuxml2argvdata/intel-iommu-aw-bits.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,dump-guest-core=off,kernel_irqchip=split,memory-backend=pc.ram \ +-machine q35,usb=off,kernel_irqchip=split,dump-guest-core=off,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/intel-iommu-caching-mode.x86_64-latest.args b/tests/qemuxml2argvdata/intel-iommu-caching-mode.x86_64-latest.args index 47976fa6a7..bfcfc35e28 100644 --- a/tests/qemuxml2argvdata/intel-iommu-caching-mode.x86_64-latest.args +++ b/tests/qemuxml2argvdata/intel-iommu-caching-mode.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,dump-guest-core=off,kernel_irqchip=split,memory-backend=pc.ram \ +-machine q35,usb=off,kernel_irqchip=split,dump-guest-core=off,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/intel-iommu-device-iotlb.x86_64-latest.args b/tests/qemuxml2argvdata/intel-iommu-device-iotlb.x86_64-latest.args index af36c45292..95cd9d26ef 100644 --- a/tests/qemuxml2argvdata/intel-iommu-device-iotlb.x86_64-latest.args +++ b/tests/qemuxml2argvdata/intel-iommu-device-iotlb.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,dump-guest-core=off,kernel_irqchip=split,memory-backend=pc.ram \ +-machine q35,usb=off,kernel_irqchip=split,dump-guest-core=off,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/intel-iommu-eim.x86_64-latest.args b/tests/qemuxml2argvdata/intel-iommu-eim.x86_64-latest.args index 8e2b54d1f9..12113a2800 100644 --- a/tests/qemuxml2argvdata/intel-iommu-eim.x86_64-latest.args +++ b/tests/qemuxml2argvdata/intel-iommu-eim.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,dump-guest-core=off,kernel_irqchip=split,memory-backend=pc.ram \ +-machine q35,usb=off,kernel_irqchip=split,dump-guest-core=off,memory-backend=pc.ram \ -accel kvm \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/iommu-smmuv3.aarch64-latest.args b/tests/qemuxml2argvdata/iommu-smmuv3.aarch64-latest.args index d839dc3758..68aa2f6cf5 100644 --- a/tests/qemuxml2argvdata/iommu-smmuv3.aarch64-latest.args +++ b/tests/qemuxml2argvdata/iommu-smmuv3.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-guest/master-key.aes"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=2,iommu=smmuv3,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=2,iommu=smmuv3,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel tcg \ -cpu cortex-a15 \ -m 1024 \ diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args index 1bb7b3f084..dcf496ccfb 100644 --- a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args +++ b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=s390.ram \ +-machine s390-ccw-virtio,usb=off,dump-guest-core=off,memory-backend=s390.ram,confidential-guest-support=lsec0 \ -accel kvm \ -cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \ -m 214 \ diff --git a/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args index dac312e301..4f3aefb90e 100644 --- a/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args +++ b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine pc,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0 \ -accel kvm \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-6.0.0.args b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-6.0.0.args index 5dfaf69063..ff46b52403 100644 --- a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-6.0.0.args +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-6.0.0.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine pc-i440fx-6.0,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram \ +-machine pc-i440fx-6.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0 \ -accel kvm \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args b/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args index 5dfaf69063..ff46b52403 100644 --- a/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args +++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine pc-i440fx-6.0,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram \ +-machine pc-i440fx-6.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0 \ -accel kvm \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/mach-virt-console-virtio.args b/tests/qemuxml2argvdata/mach-virt-console-virtio.args index ad3ea235ae..eb1ee12a0a 100644 --- a/tests/qemuxml2argvdata/mach-virt-console-virtio.args +++ b/tests/qemuxml2argvdata/mach-virt-console-virtio.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 512 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/mach-virt-serial-native.args b/tests/qemuxml2argvdata/mach-virt-serial-native.args index a5f60e10b2..e76ff0ee06 100644 --- a/tests/qemuxml2argvdata/mach-virt-serial-native.args +++ b/tests/qemuxml2argvdata/mach-virt-serial-native.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 512 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/mach-virt-serial-pci.args b/tests/qemuxml2argvdata/mach-virt-serial-pci.args index 3f6f66bd0a..f5cbf6bdae 100644 --- a/tests/qemuxml2argvdata/mach-virt-serial-pci.args +++ b/tests/qemuxml2argvdata/mach-virt-serial-pci.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 512 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/mach-virt-serial-usb.args b/tests/qemuxml2argvdata/mach-virt-serial-usb.args index 7b65f5bbbc..ef6a042fb0 100644 --- a/tests/qemuxml2argvdata/mach-virt-serial-usb.args +++ b/tests/qemuxml2argvdata/mach-virt-serial-usb.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine virt,usb=off,dump-guest-core=off,gic-version=2 \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off \ -accel tcg \ -m 512 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-aeskeywrap-off-cap.args b/tests/qemuxml2argvdata/machine-aeskeywrap-off-cap.args index 276edec05b..a4355ad261 100644 --- a/tests/qemuxml2argvdata/machine-aeskeywrap-off-cap.args +++ b/tests/qemuxml2argvdata/machine-aeskeywrap-off-cap.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,aes-key-wrap=off \ +-machine s390-ccw-virtio,usb=off,aes-key-wrap=off,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-aeskeywrap-off-caps.args b/tests/qemuxml2argvdata/machine-aeskeywrap-off-caps.args index 276edec05b..a4355ad261 100644 --- a/tests/qemuxml2argvdata/machine-aeskeywrap-off-caps.args +++ b/tests/qemuxml2argvdata/machine-aeskeywrap-off-caps.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,aes-key-wrap=off \ +-machine s390-ccw-virtio,usb=off,aes-key-wrap=off,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-aeskeywrap-on-cap.args b/tests/qemuxml2argvdata/machine-aeskeywrap-on-cap.args index 373deaed52..735135e625 100644 --- a/tests/qemuxml2argvdata/machine-aeskeywrap-on-cap.args +++ b/tests/qemuxml2argvdata/machine-aeskeywrap-on-cap.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,aes-key-wrap=on \ +-machine s390-ccw-virtio,usb=off,aes-key-wrap=on,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-aeskeywrap-on-caps.args b/tests/qemuxml2argvdata/machine-aeskeywrap-on-caps.args index 373deaed52..735135e625 100644 --- a/tests/qemuxml2argvdata/machine-aeskeywrap-on-caps.args +++ b/tests/qemuxml2argvdata/machine-aeskeywrap-on-caps.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,aes-key-wrap=on \ +-machine s390-ccw-virtio,usb=off,aes-key-wrap=on,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-deakeywrap-off-cap.args b/tests/qemuxml2argvdata/machine-deakeywrap-off-cap.args index 55db1edc3f..03a3f5941e 100644 --- a/tests/qemuxml2argvdata/machine-deakeywrap-off-cap.args +++ b/tests/qemuxml2argvdata/machine-deakeywrap-off-cap.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,dea-key-wrap=off \ +-machine s390-ccw-virtio,usb=off,dea-key-wrap=off,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-deakeywrap-off-caps.args b/tests/qemuxml2argvdata/machine-deakeywrap-off-caps.args index 55db1edc3f..03a3f5941e 100644 --- a/tests/qemuxml2argvdata/machine-deakeywrap-off-caps.args +++ b/tests/qemuxml2argvdata/machine-deakeywrap-off-caps.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,dea-key-wrap=off \ +-machine s390-ccw-virtio,usb=off,dea-key-wrap=off,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-deakeywrap-on-cap.args b/tests/qemuxml2argvdata/machine-deakeywrap-on-cap.args index 3617cdccac..62dd284c81 100644 --- a/tests/qemuxml2argvdata/machine-deakeywrap-on-cap.args +++ b/tests/qemuxml2argvdata/machine-deakeywrap-on-cap.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,dea-key-wrap=on \ +-machine s390-ccw-virtio,usb=off,dea-key-wrap=on,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-deakeywrap-on-caps.args b/tests/qemuxml2argvdata/machine-deakeywrap-on-caps.args index 3617cdccac..62dd284c81 100644 --- a/tests/qemuxml2argvdata/machine-deakeywrap-on-caps.args +++ b/tests/qemuxml2argvdata/machine-deakeywrap-on-caps.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine s390-ccw-virtio,usb=off,dump-guest-core=off,dea-key-wrap=on \ +-machine s390-ccw-virtio,usb=off,dea-key-wrap=on,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args b/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args index 83462bec68..46f6a4a70c 100644 --- a/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args +++ b/tests/qemuxml2argvdata/machine-smm-off.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,dump-guest-core=off,smm=off,memory-backend=pc.ram \ +-machine q35,usb=off,smm=off,dump-guest-core=off,memory-backend=pc.ram \ -accel tcg \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args b/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args index 53a03124b4..6fde375523 100644 --- a/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args +++ b/tests/qemuxml2argvdata/machine-smm-on.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine q35,usb=off,dump-guest-core=off,smm=on,memory-backend=pc.ram \ +-machine q35,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram \ -accel tcg \ -cpu qemu64 \ -m 214 \ diff --git a/tests/qemuxml2argvdata/machine-vmport-opt.args b/tests/qemuxml2argvdata/machine-vmport-opt.args index 769f3d67e5..c95c972803 100644 --- a/tests/qemuxml2argvdata/machine-vmport-opt.args +++ b/tests/qemuxml2argvdata/machine-vmport-opt.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ --machine pc,usb=off,dump-guest-core=off,vmport=off \ +-machine pc,usb=off,vmport=off,dump-guest-core=off \ -accel tcg \ -m 214 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/pcie-expander-bus-aarch64.aarch64-latest.args b/tests/qemuxml2argvdata/pcie-expander-bus-aarch64.aarch64-latest.args index 4f4d5f9a08..b4c331c895 100644 --- a/tests/qemuxml2argvdata/pcie-expander-bus-aarch64.aarch64-latest.args +++ b/tests/qemuxml2argvdata/pcie-expander-bus-aarch64.aarch64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-pcie-expander-bus-te/.config \ -name guest=pcie-expander-bus-test,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-pcie-expander-bus-te/master-key.aes"}' \ --machine virt,usb=off,dump-guest-core=off,gic-version=2,memory-backend=mach-virt.ram \ +-machine virt,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram \ -accel tcg \ -cpu cortex-a15 \ -m 2048 \ diff --git a/tests/qemuxml2argvdata/pseries-cpu-compat-power10.ppc64-latest.args b/tests/qemuxml2argvdata/pseries-cpu-compat-power10.ppc64-latest.args index 6986d835eb..01a330f748 100644 --- a/tests/qemuxml2argvdata/pseries-cpu-compat-power10.ppc64-latest.args +++ b/tests/qemuxml2argvdata/pseries-cpu-compat-power10.ppc64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine pseries,usb=off,dump-guest-core=off,max-cpu-compat=power10,memory-backend=ppc_spapr.ram \ +-machine pseries,usb=off,dump-guest-core=off,memory-backend=ppc_spapr.ram,max-cpu-compat=power10 \ -accel kvm \ -cpu host \ -m 256 \ diff --git a/tests/qemuxml2argvdata/pseries-cpu-compat-power9.ppc64-latest.args b/tests/qemuxml2argvdata/pseries-cpu-compat-power9.ppc64-latest.args index f458999291..b357551120 100644 --- a/tests/qemuxml2argvdata/pseries-cpu-compat-power9.ppc64-latest.args +++ b/tests/qemuxml2argvdata/pseries-cpu-compat-power9.ppc64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine pseries,usb=off,dump-guest-core=off,max-cpu-compat=power9,memory-backend=ppc_spapr.ram \ +-machine pseries,usb=off,dump-guest-core=off,memory-backend=ppc_spapr.ram,max-cpu-compat=power9 \ -accel kvm \ -cpu host \ -m 256 \ diff --git a/tests/qemuxml2argvdata/pseries-features.args b/tests/qemuxml2argvdata/pseries-features.args index 5452a57bb0..d085000dda 100644 --- a/tests/qemuxml2argvdata/pseries-features.args +++ b/tests/qemuxml2argvdata/pseries-features.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \ --machine pseries,usb=off,dump-guest-core=off,resize-hpt=required,cap-hpt-max-page-size=1048576k,cap-htm=on,cap-nested-hv=off,cap-ccf-assist=on,cap-cfpc=fixed,cap-sbbc=broken,cap-ibs=fixed-ccd \ +-machine pseries,usb=off,resize-hpt=required,cap-hpt-max-page-size=1048576k,cap-htm=on,cap-nested-hv=off,cap-ccf-assist=on,cap-cfpc=fixed,cap-sbbc=broken,cap-ibs=fixed-ccd,dump-guest-core=off \ -accel tcg \ -m 512 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/q35-virt-manager-basic.args b/tests/qemuxml2argvdata/q35-virt-manager-basic.args index b4c9715717..32875f291c 100644 --- a/tests/qemuxml2argvdata/q35-virt-manager-basic.args +++ b/tests/qemuxml2argvdata/q35-virt-manager-basic.args @@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=spice \ -name guest=virt-manager-basic,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-virt-manager-basic/master-key.aes \ --machine q35,usb=off,dump-guest-core=off,vmport=off \ +-machine q35,usb=off,vmport=off,dump-guest-core=off \ -accel kvm \ -m 4096 \ -overcommit mem-lock=off \ diff --git a/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args b/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args index e05f295c4f..3371199be5 100644 --- a/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args +++ b/tests/qemuxml2argvdata/tseg-explicit-size.x86_64-latest.args @@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ --machine pc-q35-2.10,usb=off,dump-guest-core=off,smm=on,memory-backend=pc.ram \ +-machine pc-q35-2.10,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram \ -accel tcg \ -global mch.extended-tseg-mbytes=48 \ -cpu qemu64 \ diff --git a/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args b/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args index 54f069c350..a88078818d 100644 --- a/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args +++ b/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args @@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ --machine virt-6.0,usb=off,dump-guest-core=off,gic-version=2,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=mach-virt.ram \ +-machine virt-6.0,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -accel tcg \ -cpu cortex-a15 \ -m 1024 \ -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:51 +0200, Michal Privoznik wrote:
The qemuBuildMachineCommandLine() function is needlessly long. Separate out parts that generate memory related arguments into qemuAppendDomainMemoryMachineParams(). Unfortunately, expected outputs for some qemuxml2argvdata cases needed to be updated because the order in which arguments are generated is changed. But there's no functional change.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
There's no need to skip over ENOENT error in qemuCgroupAllowDevicesPaths(). The path must exists when qemuCgroupAllowDevicePath() is called because of virFileExists() check done right above. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_cgroup.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 51702b52e1..d6f27a5a4d 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -76,16 +76,12 @@ qemuCgroupAllowDevicesPaths(virDomainObj *vm, size_t i; for (i = 0; deviceACL[i] != NULL; i++) { - int rv; - if (!virFileExists(deviceACL[i])) { VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]); continue; } - rv = qemuCgroupAllowDevicePath(vm, deviceACL[i], perms, ignoreEacces); - if (rv < 0 && - !virLastErrorIsSystemErrno(ENOENT)) + if (qemuCgroupAllowDevicePath(vm, deviceACL[i], perms, ignoreEacces) < 0) return -1; } -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:52 +0200, Michal Privoznik wrote:
There's no need to skip over ENOENT error in qemuCgroupAllowDevicesPaths(). The path must exists when qemuCgroupAllowDevicePath() is called because of virFileExists() check done right above.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_cgroup.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
From: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_capabilities.c | 11 +++++++++++ src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++ src/libvirt_private.syms | 1 + 3 files changed, 34 insertions(+) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 653123f293..1d3bba3019 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -76,6 +76,17 @@ virSEVCapabilitiesFree(virSEVCapability *cap) } +void +virSGXCapabilitiesFree(virSGXCapability *cap) +{ + if (!cap) + return; + + g_free(cap->sections); + g_free(cap); +} + + static void virDomainCapsDispose(void *obj) { diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index a526969cda..e4654a65cd 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -193,6 +193,22 @@ struct _virSEVCapability { unsigned int max_es_guests; }; +typedef struct _virSection virSection; +struct _virSection { + unsigned long long size; + int node; +}; + +typedef struct _virSGXCapability virSGXCapability; +struct _virSGXCapability { + bool flc; + bool sgx1; + bool sgx2; + unsigned long long section_size; + size_t nsections; + virSection *sections; +}; + typedef enum { VIR_DOMAIN_CAPS_FEATURE_IOTHREADS = 0, VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO, @@ -229,6 +245,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapability *sev; + virSGXCapability *sgx; /* add new domain features here */ virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; @@ -277,3 +294,8 @@ void virSEVCapabilitiesFree(virSEVCapability *capabilities); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSEVCapability, virSEVCapabilitiesFree); + +void +virSGXCapabilitiesFree(virSGXCapability *capabilities); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 6a5c5600df..08ed484900 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -216,6 +216,7 @@ virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; virSEVCapabilitiesFree; +virSGXCapabilitiesFree; # conf/domain_conf.h -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:53 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_capabilities.c | 11 +++++++++++ src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++ src/libvirt_private.syms | 1 + 3 files changed, 34 insertions(+)
[...]
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index a526969cda..e4654a65cd 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -193,6 +193,22 @@ struct _virSEVCapability { unsigned int max_es_guests; };
+typedef struct _virSection virSection;
This name feels a bit too generic and not much reusable. On the other hand changing it feels pointless. Reviewed-by: Peter Krempa <pkrempa@redhat.com>
On Thu, Jul 28, 2022 at 10:04:23AM +0200, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:53 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_capabilities.c | 11 +++++++++++ src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++ src/libvirt_private.syms | 1 + 3 files changed, 34 insertions(+)
[...]
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index a526969cda..e4654a65cd 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -193,6 +193,22 @@ struct _virSEVCapability { unsigned int max_es_guests; };
+typedef struct _virSection virSection;
This name feels a bit too generic and not much reusable. On the other hand changing it feels pointless.
Clearly it should be virSGXSection With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-----Original Message----- From: Daniel P. Berrangé <berrange@redhat.com> Sent: Thursday, July 28, 2022 4:36 PM To: Peter Krempa <pkrempa@redhat.com> Cc: Michal Privoznik <mprivozn@redhat.com>; libvir-list@redhat.com; Yang, Lin A <lin.a.yang@intel.com>; Ding, Jian-feng <jian-feng.ding@intel.com>; Huang, Haibin <haibin.huang@intel.com> Subject: Re: [PATCH v14 07/15] domain_capabilities: Define SGX capabilities structs
On Thu, Jul 28, 2022 at 10:04:23AM +0200, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:53 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_capabilities.c | 11 +++++++++++ src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++ src/libvirt_private.syms | 1 + 3 files changed, 34 insertions(+)
[...]
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index a526969cda..e4654a65cd 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -193,6 +193,22 @@ struct _virSEVCapability { unsigned int max_es_guests; };
+typedef struct _virSection virSection;
This name feels a bit too generic and not much reusable. On the other hand changing it feels pointless.
Clearly it should be virSGXSection [Haibin] good idea, I will modify it.
With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 7/28/22 10:35, Daniel P. Berrangé wrote:
On Thu, Jul 28, 2022 at 10:04:23AM +0200, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:53 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_capabilities.c | 11 +++++++++++ src/conf/domain_capabilities.h | 22 ++++++++++++++++++++++ src/libvirt_private.syms | 1 + 3 files changed, 34 insertions(+)
[...]
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index a526969cda..e4654a65cd 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -193,6 +193,22 @@ struct _virSEVCapability { unsigned int max_es_guests; };
+typedef struct _virSection virSection;
This name feels a bit too generic and not much reusable. On the other hand changing it feels pointless.
Ooops yes, of course. Been looking too much into these patches lately.
Clearly it should be virSGXSection
Indeed, fixed. Michal
From: Haibin Huang <haibin.huang@intel.com> Generate the QMP command for query-sgx-capabilities and the command return SGX capabilities from QMP. {"execute":"query-sgx-capabilities"} the right reply: {"return": { "sgx": true, "section-size": 197132288, "flc": true } } the error reply: {"error": {"class": "GenericError", "desc": "SGX is not enabled in KVM"} } Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_monitor.c | 10 ++++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 107 +++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++ 4 files changed, 124 insertions(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 6ebdeb46f3..92fda605d4 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3615,6 +3615,16 @@ qemuMonitorGetSEVCapabilities(qemuMonitor *mon, } +int +qemuMonitorGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetSGXCapabilities(mon, capabilities); +} + + int qemuMonitorNBDServerStart(qemuMonitor *mon, const virStorageNetHostDef *server, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index b82f198285..98b8df2824 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -853,6 +853,9 @@ int qemuMonitorGetGICCapabilities(qemuMonitor *mon, int qemuMonitorGetSEVCapabilities(qemuMonitor *mon, virSEVCapability **capabilities); +int qemuMonitorGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND = 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK = 1 << 1, /* migration with non-shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 941596563a..b045efa203 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6395,6 +6395,113 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, return 1; } + +/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx-capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns: -1 on error, + * 0 if SGX is not supported, and + * 1 if SGX is supported on the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities) +{ + g_autoptr(virJSONValue) cmd = NULL; + g_autoptr(virJSONValue) reply = NULL; + g_autoptr(virSGXCapability) capability = NULL; + virJSONValue *sections = NULL; + virJSONValue *caps; + bool flc = false; + bool sgx1 = false; + bool sgx2 = false; + unsigned long long section_size = 0; + unsigned long long size; + size_t i; + + *capabilities = NULL; + capability = g_new0(virSGXCapability, 1); + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) + return 0; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'flc' field")); + return -1; + } + capability->flc = flc; + + if (virJSONValueObjectGetBoolean(caps, "sgx1", &sgx1) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx1' field")); + return -1; + } + capability->sgx1 = sgx1; + + if (virJSONValueObjectGetBoolean(caps, "sgx2", &sgx2) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx2' field")); + return -1; + } + capability->sgx2 = sgx2; + + if (virJSONValueObjectGetNumberUlong(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'section-size' field")); + return -1; + } + capability->section_size = section_size / 1024; + + if ((sections = virJSONValueObjectGetArray(caps, "sections"))) { + /* Got the section, the QEMU version is above 7.0.0 */ + capability->nsections = virJSONValueArraySize(sections); + capability->sections = g_new0(virSection, capability->nsections); + + for (i = 0; i < capability->nsections; i++) { + virJSONValue *elem = virJSONValueArrayGet(sections, i); + + if (virJSONValueObjectGetNumberUlong(elem, "size", &size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'size' field")); + return -1; + } + capability->sections[i].size = size / 1024; + + if (virJSONValueObjectGetNumberInt(elem, "node", + &capability->sections[i].node) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'node' field")); + return -1; + } + } + } + + *capabilities = g_steal_pointer(&capability); + return 1; +} + + static virJSONValue * qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port) diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index e4c65e250e..24d2fe90f1 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -175,6 +175,10 @@ int qemuMonitorJSONGetGICCapabilities(qemuMonitor *mon, virGICCapability **capabilities); +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities); + int qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, virSEVCapability **capabilities); -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:54 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Generate the QMP command for query-sgx-capabilities and the command return SGX capabilities from QMP.
{"execute":"query-sgx-capabilities"}
the right reply: {"return": { "sgx": true, "section-size": 197132288, "flc": true } }
the error reply: {"error": {"class": "GenericError", "desc": "SGX is not enabled in KVM"} }
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_monitor.c | 10 ++++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 107 +++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++ 4 files changed, 124 insertions(+)
[...]
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 941596563a..b045efa203 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6395,6 +6395,113 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, return 1; }
+ +/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx-capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns: -1 on error, + * 0 if SGX is not supported, and + * 1 if SGX is supported on the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities) +{ + g_autoptr(virJSONValue) cmd = NULL; + g_autoptr(virJSONValue) reply = NULL; + g_autoptr(virSGXCapability) capability = NULL; + virJSONValue *sections = NULL; + virJSONValue *caps; + bool flc = false; + bool sgx1 = false; + bool sgx2 = false;
These temporary booleans feel a bit redundant ...
+ unsigned long long section_size = 0; + unsigned long long size; + size_t i; + + *capabilities = NULL; + capability = g_new0(virSGXCapability, 1); + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) + return 0; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'flc' field")); + return -1; + } + capability->flc = flc;
Because you assign the value directly back to the struct. Passing the pointer to the field in the struct directly to virJSONValueObjectGetBoolean avoids the need.
+ + if (virJSONValueObjectGetBoolean(caps, "sgx1", &sgx1) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx1' field")); + return -1; + } + capability->sgx1 = sgx1; + + if (virJSONValueObjectGetBoolean(caps, "sgx2", &sgx2) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx2' field")); + return -1; + } + capability->sgx2 = sgx2; + + if (virJSONValueObjectGetNumberUlong(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'section-size' field")); + return -1; + } + capability->section_size = section_size / 1024;
The 'section-size' field is marked as deprecated in the QMP schema. Thus we must not report error if it vanishes. Is there any reason to extract it in the first place? If yes, the code must be fixed to handle the possibility properly.
+ + if ((sections = virJSONValueObjectGetArray(caps, "sections"))) { + /* Got the section, the QEMU version is above 7.0.0 */ + capability->nsections = virJSONValueArraySize(sections); + capability->sections = g_new0(virSection, capability->nsections); + + for (i = 0; i < capability->nsections; i++) { + virJSONValue *elem = virJSONValueArrayGet(sections, i); + + if (virJSONValueObjectGetNumberUlong(elem, "size", &size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'size' field")); + return -1; + } + capability->sections[i].size = size / 1024; + + if (virJSONValueObjectGetNumberInt(elem, "node", + &capability->sections[i].node) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'node' field")); + return -1; + } + } + } + + *capabilities = g_steal_pointer(&capability); + return 1; +} + + static virJSONValue * qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port)
On 7/28/22 10:15, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:54 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Generate the QMP command for query-sgx-capabilities and the command return SGX capabilities from QMP.
{"execute":"query-sgx-capabilities"}
the right reply: {"return": { "sgx": true, "section-size": 197132288, "flc": true } }
the error reply: {"error": {"class": "GenericError", "desc": "SGX is not enabled in KVM"} }
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_monitor.c | 10 ++++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 107 +++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++ 4 files changed, 124 insertions(+)
[...]
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 941596563a..b045efa203 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6395,6 +6395,113 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, return 1; }
+ +/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx-capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns: -1 on error, + * 0 if SGX is not supported, and + * 1 if SGX is supported on the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities) +{ + g_autoptr(virJSONValue) cmd = NULL; + g_autoptr(virJSONValue) reply = NULL; + g_autoptr(virSGXCapability) capability = NULL; + virJSONValue *sections = NULL; + virJSONValue *caps; + bool flc = false; + bool sgx1 = false; + bool sgx2 = false;
These temporary booleans feel a bit redundant ...
+ unsigned long long section_size = 0; + unsigned long long size; + size_t i; + + *capabilities = NULL; + capability = g_new0(virSGXCapability, 1); + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) + return 0; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'flc' field")); + return -1; + } + capability->flc = flc;
Because you assign the value directly back to the struct. Passing the pointer to the field in the struct directly to virJSONValueObjectGetBoolean avoids the need.
+ + if (virJSONValueObjectGetBoolean(caps, "sgx1", &sgx1) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx1' field")); + return -1; + } + capability->sgx1 = sgx1; + + if (virJSONValueObjectGetBoolean(caps, "sgx2", &sgx2) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx2' field")); + return -1; + } + capability->sgx2 = sgx2; + + if (virJSONValueObjectGetNumberUlong(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'section-size' field")); + return -1; + } + capability->section_size = section_size / 1024;
The 'section-size' field is marked as deprecated in the QMP schema. Thus we must not report error if it vanishes.
Is there any reason to extract it in the first place?
If yes, the code must be fixed to handle the possibility properly.
The idea is that this allows us to work with qemu-6.2.0 and qemu-7.0.0; The former reports section-size only, the latter marked it obsolete and reports array of 'sections' so that sections per NUMA node can be reported. Now, section-size is nothing but a sum of individual per NUMA node sections. So I guess we can do the summation once QEMU stops reporting it. NB, presence of per NUMA node sections (this code below) is then used when generating cmd line, because qemu-7.0.0 requires slightly different cmd line (due to those NUMA nodes). Alternatively, we may pronounce qemu-6.2.0 not worth supporting and aim on 7.0.0 only and not deal with deprecated interface at all (i.e. don't parse/report aggregated sum).
+ + if ((sections = virJSONValueObjectGetArray(caps, "sections"))) { + /* Got the section, the QEMU version is above 7.0.0 */ + capability->nsections = virJSONValueArraySize(sections); + capability->sections = g_new0(virSection, capability->nsections); + + for (i = 0; i < capability->nsections; i++) { + virJSONValue *elem = virJSONValueArrayGet(sections, i); + + if (virJSONValueObjectGetNumberUlong(elem, "size", &size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'size' field")); + return -1; + } + capability->sections[i].size = size / 1024; + + if (virJSONValueObjectGetNumberInt(elem, "node", + &capability->sections[i].node) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'node' field")); + return -1; + } + } + } + + *capabilities = g_steal_pointer(&capability); + return 1; +} + + static virJSONValue * qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port)
Michal
On Thu, Jul 28, 2022 at 16:05:08 +0200, Michal Prívozník wrote:
On 7/28/22 10:15, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:54 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Generate the QMP command for query-sgx-capabilities and the command return SGX capabilities from QMP.
{"execute":"query-sgx-capabilities"}
the right reply: {"return": { "sgx": true, "section-size": 197132288, "flc": true } }
the error reply: {"error": {"class": "GenericError", "desc": "SGX is not enabled in KVM"} }
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_monitor.c | 10 ++++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 107 +++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++ 4 files changed, 124 insertions(+)
[...]
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 941596563a..b045efa203 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6395,6 +6395,113 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, return 1; }
+ +/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx-capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns: -1 on error, + * 0 if SGX is not supported, and + * 1 if SGX is supported on the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities) +{ + g_autoptr(virJSONValue) cmd = NULL; + g_autoptr(virJSONValue) reply = NULL; + g_autoptr(virSGXCapability) capability = NULL; + virJSONValue *sections = NULL; + virJSONValue *caps; + bool flc = false; + bool sgx1 = false; + bool sgx2 = false;
These temporary booleans feel a bit redundant ...
+ unsigned long long section_size = 0; + unsigned long long size; + size_t i; + + *capabilities = NULL; + capability = g_new0(virSGXCapability, 1); + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) + return 0; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'flc' field")); + return -1; + } + capability->flc = flc;
Because you assign the value directly back to the struct. Passing the pointer to the field in the struct directly to virJSONValueObjectGetBoolean avoids the need.
+ + if (virJSONValueObjectGetBoolean(caps, "sgx1", &sgx1) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx1' field")); + return -1; + } + capability->sgx1 = sgx1; + + if (virJSONValueObjectGetBoolean(caps, "sgx2", &sgx2) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx2' field")); + return -1; + } + capability->sgx2 = sgx2; + + if (virJSONValueObjectGetNumberUlong(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'section-size' field")); + return -1; + } + capability->section_size = section_size / 1024;
The 'section-size' field is marked as deprecated in the QMP schema. Thus we must not report error if it vanishes.
Is there any reason to extract it in the first place?
If yes, the code must be fixed to handle the possibility properly.
The idea is that this allows us to work with qemu-6.2.0 and qemu-7.0.0; The former reports section-size only, the latter marked it obsolete and reports array of 'sections' so that sections per NUMA node can be reported. Now, section-size is nothing but a sum of individual per NUMA node sections. So I guess we can do the summation once QEMU stops reporting it.
Either way, we must not report an error if it is not present, because we'd specifically be adding code that will break in the future.
NB, presence of per NUMA node sections (this code below) is then used when generating cmd line, because qemu-7.0.0 requires slightly different cmd line (due to those NUMA nodes).
Alternatively, we may pronounce qemu-6.2.0 not worth supporting and aim on 7.0.0 only and not deal with deprecated interface at all (i.e. don't parse/report aggregated sum).
I'm definitely for skipping 6.2 if possible rather than have code which is going to work for one release only.
On 7/28/22, 7:21 AM, "Peter Krempa" <pkrempa@redhat.com> wrote:
On Thu, Jul 28, 2022 at 16:05:08 +0200, Michal Prívozník wrote:
On 7/28/22 10:15, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:54 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Generate the QMP command for query-sgx-capabilities and the command return SGX capabilities from QMP.
{"execute":"query-sgx-capabilities"}
the right reply: {"return": { "sgx": true, "section-size": 197132288, "flc": true } }
the error reply: {"error": {"class": "GenericError", "desc": "SGX is not enabled in KVM"} }
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_monitor.c | 10 ++++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 107 +++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++ 4 files changed, 124 insertions(+)
[...]
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 941596563a..b045efa203 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6395,6 +6395,113 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, return 1; }
+ +/** + * qemuMonitorJSONGetSGXCapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a SGX capability structure to be filled + * + * This function queries and fills in INTEL's SGX platform-specific data. + * Note that from QEMU's POV both -object sgx-epc and query-sgx-capabilities + * can be present even if SGX is not available, which basically leaves us with + * checking for JSON "GenericError" in order to differentiate between compiled-in + * support and actual SGX support on the platform. + * + * Returns: -1 on error, + * 0 if SGX is not supported, and + * 1 if SGX is supported on the platform. + */ +int +qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities) +{ + g_autoptr(virJSONValue) cmd = NULL; + g_autoptr(virJSONValue) reply = NULL; + g_autoptr(virSGXCapability) capability = NULL; + virJSONValue *sections = NULL; + virJSONValue *caps; + bool flc = false; + bool sgx1 = false; + bool sgx2 = false;
These temporary booleans feel a bit redundant ...
+ unsigned long long section_size = 0; + unsigned long long size; + size_t i; + + *capabilities = NULL; + capability = g_new0(virSGXCapability, 1); + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sgx-capabilities", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + /* QEMU has only compiled-in support of SGX */ + if (qemuMonitorJSONHasError(reply, "GenericError")) + return 0; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + caps = virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "flc", &flc) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'flc' field")); + return -1; + } + capability->flc = flc;
Because you assign the value directly back to the struct. Passing the pointer to the field in the struct directly to virJSONValueObjectGetBoolean avoids the need.
+ + if (virJSONValueObjectGetBoolean(caps, "sgx1", &sgx1) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx1' field")); + return -1; + } + capability->sgx1 = sgx1; + + if (virJSONValueObjectGetBoolean(caps, "sgx2", &sgx2) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'sgx2' field")); + return -1; + } + capability->sgx2 = sgx2; + + if (virJSONValueObjectGetNumberUlong(caps, "section-size", §ion_size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sgx-capabilities reply was missing 'section-size' field")); + return -1; + } + capability->section_size = section_size / 1024;
The 'section-size' field is marked as deprecated in the QMP schema. Thus we must not report error if it vanishes.
Is there any reason to extract it in the first place?
If yes, the code must be fixed to handle the possibility properly.
The idea is that this allows us to work with qemu-6.2.0 and qemu-7.0.0; The former reports section-size only, the latter marked it obsolete and reports array of 'sections' so that sections per NUMA node can be reported. Now, section-size is nothing but a sum of individual per NUMA node sections. So I guess we can do the summation once QEMU stops reporting it.
Either way, we must not report an error if it is not present, because we'd specifically be adding code that will break in the future.
NB, presence of per NUMA node sections (this code below) is then used when generating cmd line, because qemu-7.0.0 requires slightly different cmd line (due to those NUMA nodes).
Alternatively, we may pronounce qemu-6.2.0 not worth supporting and aim on 7.0.0 only and not deal with deprecated interface at all (i.e. don't parse/report aggregated sum).
I'm definitely for skipping 6.2 if possible rather than have code which is going to work for one release only.
I see, let me drop 6.2 support and only aim on 7.0 in v15 patch. @Michal, do you have any updated for v14 patches? If yes, I can rework on top of your changes and submit for review. https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx_rework ? Or any way you preferred for this collaboration in this case? Thanks, Lin.
On 8/22/22 06:34, Yang, Lin A wrote:
@Michal, do you have any updated for v14 patches? If yes, I can rework on
top of your changes and submit for review.
https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx_rework <https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx_rework> ?
It's sgx_rework_v2 but it hasn't worked all Peter's suggestion in, yet. Anyway, I've experimented with plain QEMU a bit (I think Peter asked this somewhere in the review) and the way SGX works is by using a memory that QEMU already has, e.g.: ./qemu-system-x86_64 \ -S \ -machine pc-q35-6.2,usb=off,dump-guest-core=off,sgx-epc.0.memdev=memepc0,sgx-epc.0.node=0,sgx-epc.1.memdev=memepc1,sgx-epc.1.node=0 \ -accel tcg \ -cpu qemu64 \ -m 128 \ -device virtio-balloon-pci,id=balloon0 \ -object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864}' \ -object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":167}' \ -qmp stdio {"QMP": {"version": {"qemu": {"micro": 93, "minor": 0, "major": 7}, "package": "v7.1.0-rc3-30-g08eb7aa318"}, "capabilities": ["oob"]}} {"execute":"qmp_capabilities"} {"return": {}} {"execute":"query-memory-size-summary"} {"return": {"base-memory": 134217728, "plugged-memory": 0}} {"execute":"query-balloon"} {"return": {"actual": 134217728}} {"execute":"query-memory-devices"} {"return": [{"type": "sgx-epc", "data": {"memdev": "/objects/memepc0", "memaddr": 4294967296, "size": 67108864, "node": 0}}, {"type": "sgx-epc", "data": {"memdev": "/objects/memepc1", "memaddr": 4362076160, "size": 167, "node": 0}}]} {"execute":"query-memdev"} {"return": [{"share": true, "reserve": true, "prealloc": true, "host-nodes": [], "size": 167, "merge": false, "dump": false, "policy": "default", "id": "memepc1"}, {"share": false, "reserve": true, "prealloc": false, "host-nodes": [], "size": 134217728, "merge": true, "dump": false, "policy": "default", "id": "pc.ram"}, {"share": true, "reserve": true, "prealloc": true, "host-nodes": [], "size": 67108864, "merge": false, "dump": false, "policy": "default", "id": "memepc0"}]} IOW, it looks like memory-backend-epc does not add any additional memory (like other backends do). Therefore I'm not sure whether <memory/> device is the right element to represent this, but I don't have a good alternative either. Feel free to take my patches and rework them as I'll be traveling in near future and might not get enough time to work on this. Michal
From: Haibin Huang <haibin.huang@intel.com> the QMP capabilities: {"return": { "sgx": true, "section-size": 1024, "flc": true } } the domain capabilities: <sgx> <flc>yes</flc> <epc_size>1</epc_size> </sgx> Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 206 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + .../caps_6.2.0.x86_64.replies | 24 +- .../caps_6.2.0.x86_64.xml | 7 + .../caps_7.0.0.x86_64.replies | 34 ++- .../caps_7.0.0.x86_64.xml | 11 + .../caps_7.1.0.x86_64.replies | 34 ++- .../caps_7.1.0.x86_64.xml | 11 + 8 files changed, 321 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b002fb98ed..c734cd9439 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -673,6 +673,9 @@ VIR_ENUM_IMPL(virQEMUCaps, "iothread.thread-pool-max", /* QEMU_CAPS_IOTHREAD_THREAD_POOL_MAX */ "usb-host.guest-resets-all", /* QEMU_CAPS_USB_HOST_GUESTS_RESETS_ALL */ "migration.blocked-reasons", /* QEMU_CAPS_MIGRATION_BLOCKED_REASONS */ + + /* 435 */ + "sgx-epc", /* QEMU_CAPS_SGX_EPC */ ); @@ -754,6 +757,8 @@ struct _virQEMUCaps { virSEVCapability *sevCapabilities; + virSGXCapability *sgxCapabilities; + /* Capabilities which may differ depending on the accelerator. */ virQEMUCapsAccel kvm; virQEMUCapsAccel hvf; @@ -1396,6 +1401,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "s390-pv-guest", QEMU_CAPS_S390_PV_GUEST }, { "virtio-mem-pci", QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI }, { "virtio-iommu-pci", QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI }, + { "sgx-epc", QEMU_CAPS_SGX_EPC }, }; @@ -1973,6 +1979,36 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, } +static int +virQEMUCapsSGXInfoCopy(virSGXCapability **dst, + virSGXCapability *src) +{ + g_autoptr(virSGXCapability) tmp = NULL; + + if (!src) { + *dst = NULL; + return 0; + } + + tmp = g_new0(virSGXCapability, 1); + + tmp->flc = src->flc; + tmp->sgx1 = src->sgx1; + tmp->sgx2 = src->sgx2; + tmp->section_size = src->section_size; + + if (src->nsections > 0) { + tmp->sections = g_new0(virSection, src->nsections); + memcpy(tmp->sections, src->sections, + src->nsections * sizeof(*tmp->sections)); + tmp->nsections = src->nsections; + } + + *dst = g_steal_pointer(&tmp); + return 0; +} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccel *dst, virQEMUCapsAccel *src) @@ -2054,6 +2090,12 @@ virQEMUCaps *virQEMUCapsNewCopy(virQEMUCaps *qemuCaps) qemuCaps->sevCapabilities) < 0) return NULL; + + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) && + virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities, + qemuCaps->sgxCapabilities) < 0) + return NULL; + return g_steal_pointer(&ret); } @@ -2092,6 +2134,7 @@ void virQEMUCapsDispose(void *obj) virCPUDataFree(qemuCaps->cpuData); virSEVCapabilitiesFree(qemuCaps->sevCapabilities); + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); virQEMUCapsAccelClear(&qemuCaps->kvm); virQEMUCapsAccelClear(&qemuCaps->hvf); @@ -2617,6 +2660,13 @@ virQEMUCapsGetSEVCapabilities(virQEMUCaps *qemuCaps) } +virSGXCapability * +virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps) +{ + return qemuCaps->sgxCapabilities; +} + + static int virQEMUCapsProbeQMPCommands(virQEMUCaps *qemuCaps, qemuMonitor *mon) @@ -3443,6 +3493,31 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuCaps, } +static int +virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemuCaps, + qemuMonitor *mon) +{ + int rc = -1; + virSGXCapability *caps = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if ((rc = qemuMonitorGetSGXCapabilities(mon, &caps)) < 0) + return -1; + + /* SGX isn't actually supported */ + if (rc == 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_SGX_EPC); + return 0; + } + + virSGXCapabilitiesFree(qemuCaps->sgxCapabilities); + qemuCaps->sgxCapabilities = caps; + return 0; +} + + /* * Filter for features which should never be passed to QEMU. Either because * QEMU never supported them or they were dropped as they never did anything @@ -4221,6 +4296,98 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXPathContextPtr ctxt) } +static int +virQEMUCapsParseSGXInfo(virQEMUCaps *qemuCaps, + xmlXPathContextPtr ctxt) +{ + g_autoptr(virSGXCapability) sgx = NULL; + xmlNodePtr sections = NULL; + g_autofree char *flc = NULL; + g_autofree char *sgx1 = NULL; + g_autofree char *sgx2 = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0; + + if (virXPathBoolean("boolean(./sgx)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform data in QEMU capabilities cache")); + return -1; + } + + sgx = g_new0(virSGXCapability, 1); + + if ((!(flc = virXPathString("string(./sgx/flc)", ctxt))) || + virStringParseYesNo(flc, &sgx->flc) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform flc in QEMU capabilities cache")); + return -1; + } + + if ((!(sgx1 = virXPathString("string(./sgx/sgx1)", ctxt))) || + virStringParseYesNo(sgx1, &sgx->sgx1) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform sgx1 in QEMU capabilities cache")); + return -1; + } + + if ((!(sgx2 = virXPathString("string(./sgx/sgx2)", ctxt))) || + virStringParseYesNo(sgx2, &sgx->sgx2) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform sgx2 in QEMU capabilities cache")); + return -1; + } + + if (virXPathULongLong("string(./sgx/section_size)", ctxt, + &sgx->section_size) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SGX platform section_size in QEMU capabilities cache")); + return -1; + } + + if ((sections = virXPathNode("./sgx/sections", ctxt))) { + g_autofree xmlNodePtr *sectionNodes = NULL; + int nsections = 0; + size_t i; + VIR_XPATH_NODE_AUTORESTORE(ctxt); + + ctxt->node = sections; + nsections = virXPathNodeSet("./section", ctxt, §ionNodes); + + if (nsections < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("failed to parse SGX sections in QEMU capabilities cache")); + return -1; + } + + sgx->nsections = nsections; + sgx->sections = g_new0(virSection, nsections); + + for (i = 0; i < nsections; i++) { + g_autofree char * strNode = NULL; + g_autofree char * strSize = NULL; + + if (!(strNode = virXMLPropString(sectionNodes[i], "node")) || + virStrToLong_i(strNode, NULL, 10, &sgx->sections[i].node) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing node name in QEMU capabilities cache")); + return -1; + } + + if (!(strSize = virXMLPropString(sectionNodes[i], "size")) || + virStrToLong_ull(strSize, NULL, 10, &(sgx->sections[i].size)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing size name in QEMU capabilities cache")); + return -1; + } + } + } + + qemuCaps->sgxCapabilities = g_steal_pointer(&sgx); + return 0; +} + + static int virQEMUCapsParseFlags(virQEMUCaps *qemuCaps, xmlXPathContextPtr ctxt) { @@ -4523,6 +4690,9 @@ virQEMUCapsLoadCache(virArch hostArch, if (virQEMUCapsParseSEVInfo(qemuCaps, ctxt) < 0) return -1; + if (virQEMUCapsParseSGXInfo(qemuCaps, ctxt) < 0) + return -1; + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM)) virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM); if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_HVF)) @@ -4708,6 +4878,37 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virBuffer *buf) } +static void +virQEMUCapsFormatSGXInfo(virQEMUCaps *qemuCaps, + virBuffer *buf) +{ + virSGXCapability *sgx = virQEMUCapsGetSGXCapabilities(qemuCaps); + + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx1>%s</sgx1>\n", sgx->sgx1 ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx2>%s</sgx2>\n", sgx->sgx2 ? "yes" : "no"); + virBufferAsprintf(buf, "<section_size unit='KiB'>%llu</section_size>\n", sgx->section_size); + + if (sgx->nsections > 0) { + size_t i; + virBufferAddLit(buf, "<sections>\n"); + + for (i = 0; i < sgx->nsections; i++) { + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<section node='%u' ", sgx->sections[i].node); + virBufferAsprintf(buf, "size='%llu'/>\n", sgx->sections[i].size); + virBufferAdjustIndent(buf, -2); + } + virBufferAddLit(buf, "</sections>\n"); + } + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); +} + + char * virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) { @@ -4789,6 +4990,9 @@ virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf); + if (qemuCaps->sgxCapabilities) + virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->kvmSupportsNesting) virBufferAddLit(&buf, "<kvmSupportsNesting/>\n"); @@ -5456,6 +5660,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps, return -1; if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) + return -1; virQEMUCapsInitProcessCaps(qemuCaps); diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 8f3090e2ce..a564bec037 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -653,6 +653,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_USB_HOST_GUESTS_RESETS_ALL, /* -device usb-host.guest-resets-all */ QEMU_CAPS_MIGRATION_BLOCKED_REASONS, /* query-migrate returns 'blocked-reasons */ + /* 435 */ + QEMU_CAPS_SGX_EPC, /* -object sgx-epc,... */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; @@ -845,6 +848,9 @@ virQEMUCapsCPUFeatureFromQEMU(virQEMUCaps *qemuCaps, virSEVCapability * virQEMUCapsGetSEVCapabilities(virQEMUCaps *qemuCaps); +virSGXCapability * +virQEMUCapsGetSGXCapabilities(virQEMUCaps *qemuCaps); + bool virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps) G_NO_INLINE; diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies index e235532d62..57558dcd3f 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies @@ -32707,6 +32707,22 @@ } } +{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "return": { + "sgx": true, + "flc": false, + "sgx1": true, + "sgx2": false, + "section-size": 2048 + }, + "id": "libvirt-51" +} + { "execute": "query-cpu-model-expansion", "arguments": { @@ -32715,7 +32731,7 @@ "name": "host" } }, - "id": "libvirt-51" + "id": "libvirt-52" } { @@ -33048,7 +33064,7 @@ } } }, - "id": "libvirt-51" + "id": "libvirt-52" } { @@ -33062,7 +33078,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } { @@ -33395,7 +33411,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } { diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml index 1a1a9643d4..eb81917472 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml @@ -237,6 +237,7 @@ <flag name='chardev.qemu-vdagent'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='sgx-epc'/> <version>6002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100244</microcodeVersion> @@ -3705,4 +3706,10 @@ <machine type='tcg' name='pc-q35-2.5' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-i440fx-3.0' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-2.11' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + </sgx> </qemuCaps> diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies index 620442704a..9f806412f7 100644 --- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.replies @@ -33317,6 +33317,32 @@ } } +{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "return": { + "sgx": true, + "flc": false, + "sgx1": true, + "sgx2": false, + "section-size": 2048, + "sections": [ + { + "node": 0, + "size": 1024 + }, + { + "node": 1, + "size": 1024 + } + ] + }, + "id": "libvirt-51" +} + { "execute": "query-cpu-model-expansion", "arguments": { @@ -33325,7 +33351,7 @@ "name": "host" } }, - "id": "libvirt-51" + "id": "libvirt-52" } { @@ -33662,7 +33688,7 @@ } } }, - "id": "libvirt-51" + "id": "libvirt-52" } { @@ -33676,7 +33702,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } { @@ -34013,7 +34039,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } { diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml index 8ce423557e..9a9e15c1fa 100644 --- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml @@ -242,6 +242,7 @@ <flag name='display-dbus'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='sgx-epc'/> <version>7000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100243</microcodeVersion> @@ -3770,4 +3771,14 @@ <machine type='tcg' name='pc-q35-2.5' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-i440fx-3.0' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-2.11' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </qemuCaps> diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies index d893d67ea8..c221b9e034 100644 --- a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies @@ -34006,6 +34006,32 @@ } } +{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "return": { + "sgx": true, + "flc": false, + "sgx1": true, + "sgx2": false, + "section-size": 2048, + "sections": [ + { + "node": 0, + "size": 1024 + }, + { + "node": 1, + "size": 1024 + } + ] + }, + "id": "libvirt-51" +} + { "execute": "query-cpu-model-expansion", "arguments": { @@ -34014,7 +34040,7 @@ "name": "host" } }, - "id": "libvirt-51" + "id": "libvirt-52" } { @@ -34352,7 +34378,7 @@ } } }, - "id": "libvirt-51" + "id": "libvirt-52" } { @@ -34366,7 +34392,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } { @@ -34704,7 +34730,7 @@ } } }, - "id": "libvirt-52" + "id": "libvirt-53" } { diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml index 2e30fc5f2e..549f642db9 100644 --- a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml @@ -243,6 +243,7 @@ <flag name='iothread.thread-pool-max'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='sgx-epc'/> <version>7000050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100244</microcodeVersion> @@ -3568,4 +3569,14 @@ <machine type='tcg' name='pc-q35-2.5' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-i440fx-3.0' hotplugCpus='yes' maxCpus='255' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> <machine type='tcg' name='pc-q35-2.11' hotplugCpus='yes' maxCpus='288' defaultCPU='qemu64-x86_64-cpu' numaMemSupported='yes' defaultRAMid='pc.ram'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </qemuCaps> -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:55 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
the QMP capabilities: {"return": { "sgx": true, "section-size": 1024, "flc": true } }
the domain capabilities: <sgx> <flc>yes</flc> <epc_size>1</epc_size> </sgx>
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 206 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + .../caps_6.2.0.x86_64.replies | 24 +- .../caps_6.2.0.x86_64.xml | 7 + .../caps_7.0.0.x86_64.replies | 34 ++- .../caps_7.0.0.x86_64.xml | 11 + .../caps_7.1.0.x86_64.replies | 34 ++- .../caps_7.1.0.x86_64.xml | 11 +
Preferrably do not mix addition to capability probing with other stuff such as the capabiltiies XML formatter/parser next time. You can always add the formatter/parser first and then do the minimum required to add capability flag and probe it.
8 files changed, 321 insertions(+), 12 deletions(-)
[...]
@@ -1973,6 +1979,36 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, }
+static int +virQEMUCapsSGXInfoCopy(virSGXCapability **dst, + virSGXCapability *src) +{ + g_autoptr(virSGXCapability) tmp = NULL; + + if (!src) { + *dst = NULL; + return 0; + } + + tmp = g_new0(virSGXCapability, 1); + + tmp->flc = src->flc; + tmp->sgx1 = src->sgx1; + tmp->sgx2 = src->sgx2; + tmp->section_size = src->section_size; + + if (src->nsections > 0) { + tmp->sections = g_new0(virSection, src->nsections); + memcpy(tmp->sections, src->sections, + src->nsections * sizeof(*tmp->sections)); + tmp->nsections = src->nsections; + } + + *dst = g_steal_pointer(&tmp); + return 0; +} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccel *dst, virQEMUCapsAccel *src) @@ -2054,6 +2090,12 @@ virQEMUCaps *virQEMUCapsNewCopy(virQEMUCaps *qemuCaps) qemuCaps->sevCapabilities) < 0) return NULL;
+ + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) &&
This doesn't seem to be needed ...
+ virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities,
as this doesn't copy anything if 'src' is NULL.
+ qemuCaps->sgxCapabilities) < 0) + return NULL; + return g_steal_pointer(&ret); }
[...]
@@ -4221,6 +4296,98 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXPathContextPtr ctxt) }
+static int +virQEMUCapsParseSGXInfo(virQEMUCaps *qemuCaps, + xmlXPathContextPtr ctxt) +{ + g_autoptr(virSGXCapability) sgx = NULL; + xmlNodePtr sections = NULL; + g_autofree char *flc = NULL; + g_autofree char *sgx1 = NULL; + g_autofree char *sgx2 = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0;
Note that this flag
+ + if (virXPathBoolean("boolean(./sgx)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform data in QEMU capabilities cache")); + return -1; + } + + sgx = g_new0(virSGXCapability, 1); + + if ((!(flc = virXPathString("string(./sgx/flc)", ctxt))) || + virStringParseYesNo(flc, &sgx->flc) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform flc in QEMU capabilities cache")); + return -1; + } + + if ((!(sgx1 = virXPathString("string(./sgx/sgx1)", ctxt))) || + virStringParseYesNo(sgx1, &sgx->sgx1) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform sgx1 in QEMU capabilities cache")); + return -1; + } + + if ((!(sgx2 = virXPathString("string(./sgx/sgx2)", ctxt))) || + virStringParseYesNo(sgx2, &sgx->sgx2) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform sgx2 in QEMU capabilities cache")); + return -1; + } + + if (virXPathULongLong("string(./sgx/section_size)", ctxt, + &sgx->section_size) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SGX platform section_size in QEMU capabilities cache")); + return -1; + } + + if ((sections = virXPathNode("./sgx/sections", ctxt))) { + g_autofree xmlNodePtr *sectionNodes = NULL; + int nsections = 0; + size_t i; + VIR_XPATH_NODE_AUTORESTORE(ctxt); + + ctxt->node = sections; + nsections = virXPathNodeSet("./section", ctxt, §ionNodes); + + if (nsections < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("failed to parse SGX sections in QEMU capabilities cache")); + return -1; + } + + sgx->nsections = nsections; + sgx->sections = g_new0(virSection, nsections); + + for (i = 0; i < nsections; i++) { + g_autofree char * strNode = NULL; + g_autofree char * strSize = NULL; + + if (!(strNode = virXMLPropString(sectionNodes[i], "node")) || + virStrToLong_i(strNode, NULL, 10, &sgx->sections[i].node) < 0) {
We have helpers such as virXMLPropUInt and similar, removing the need for temporary strings and explicit parsing of the numbers. I'd prefer if you use them instead of this open coding .... in the whole function.
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing node name in QEMU capabilities cache")); + return -1; + } + + if (!(strSize = virXMLPropString(sectionNodes[i], "size")) || + virStrToLong_ull(strSize, NULL, 10, &(sgx->sections[i].size)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing size name in QEMU capabilities cache")); + return -1; + } + } + } + + qemuCaps->sgxCapabilities = g_steal_pointer(&sgx); + return 0; +} + +
[...]
+static void +virQEMUCapsFormatSGXInfo(virQEMUCaps *qemuCaps, + virBuffer *buf) +{ + virSGXCapability *sgx = virQEMUCapsGetSGXCapabilities(qemuCaps); + + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx1>%s</sgx1>\n", sgx->sgx1 ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx2>%s</sgx2>\n", sgx->sgx2 ? "yes" : "no"); + virBufferAsprintf(buf, "<section_size unit='KiB'>%llu</section_size>\n", sgx->section_size);
If the 'section_size' vanishes from qemu, will this field need to be removed?
+ + if (sgx->nsections > 0) { + size_t i; + virBufferAddLit(buf, "<sections>\n"); + + for (i = 0; i < sgx->nsections; i++) { + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<section node='%u' ", sgx->sections[i].node); + virBufferAsprintf(buf, "size='%llu'/>\n", sgx->sections[i].size); + virBufferAdjustIndent(buf, -2); + } + virBufferAddLit(buf, "</sections>\n"); + } + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); +} + + char * virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) { @@ -4789,6 +4990,9 @@ virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf);
+ if (qemuCaps->sgxCapabilities)
As example for my comment about copying the caps, here you don't check the capability.
+ virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->kvmSupportsNesting) virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
[...]
diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies index d893d67ea8..c221b9e034 100644 --- a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies @@ -34006,6 +34006,32 @@ } }
+{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "return": { + "sgx": true, + "flc": false, + "sgx1": true, + "sgx2": false, + "section-size": 2048, + "sections": [ + { + "node": 0, + "size": 1024 + }, + { + "node": 1, + "size": 1024 + }
Next time I'll be re-generating the capabilities this will get overwritten by: + "id": "libvirt-51", + "error": { + "class": "GenericError", + "desc": "SGX is not enabled in KVM" + } as my box does not support it. I'd strongly prefer to use this syntax to avoid changes in my caps bump patch.
On 7/28/22 10:53, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:55 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
the QMP capabilities: {"return": { "sgx": true, "section-size": 1024, "flc": true } }
the domain capabilities: <sgx> <flc>yes</flc> <epc_size>1</epc_size> </sgx>
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_capabilities.c | 206 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + .../caps_6.2.0.x86_64.replies | 24 +- .../caps_6.2.0.x86_64.xml | 7 + .../caps_7.0.0.x86_64.replies | 34 ++- .../caps_7.0.0.x86_64.xml | 11 + .../caps_7.1.0.x86_64.replies | 34 ++- .../caps_7.1.0.x86_64.xml | 11 +
Preferrably do not mix addition to capability probing with other stuff such as the capabiltiies XML formatter/parser next time.
You can always add the formatter/parser first and then do the minimum required to add capability flag and probe it.
Fair enough, let me split it.
8 files changed, 321 insertions(+), 12 deletions(-)
[...]
@@ -1973,6 +1979,36 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, }
+static int +virQEMUCapsSGXInfoCopy(virSGXCapability **dst, + virSGXCapability *src) +{ + g_autoptr(virSGXCapability) tmp = NULL; + + if (!src) { + *dst = NULL; + return 0; + } + + tmp = g_new0(virSGXCapability, 1); + + tmp->flc = src->flc; + tmp->sgx1 = src->sgx1; + tmp->sgx2 = src->sgx2; + tmp->section_size = src->section_size; + + if (src->nsections > 0) { + tmp->sections = g_new0(virSection, src->nsections); + memcpy(tmp->sections, src->sections, + src->nsections * sizeof(*tmp->sections)); + tmp->nsections = src->nsections; + } + + *dst = g_steal_pointer(&tmp); + return 0; +} + + static void virQEMUCapsAccelCopyMachineTypes(virQEMUCapsAccel *dst, virQEMUCapsAccel *src) @@ -2054,6 +2090,12 @@ virQEMUCaps *virQEMUCapsNewCopy(virQEMUCaps *qemuCaps) qemuCaps->sevCapabilities) < 0) return NULL;
+ + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC) &&
This doesn't seem to be needed ...
+ virQEMUCapsSGXInfoCopy(&ret->sgxCapabilities,
as this doesn't copy anything if 'src' is NULL.
+ qemuCaps->sgxCapabilities) < 0) + return NULL; + return g_steal_pointer(&ret); }
[...]
@@ -4221,6 +4296,98 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXPathContextPtr ctxt) }
+static int +virQEMUCapsParseSGXInfo(virQEMUCaps *qemuCaps, + xmlXPathContextPtr ctxt) +{ + g_autoptr(virSGXCapability) sgx = NULL; + xmlNodePtr sections = NULL; + g_autofree char *flc = NULL; + g_autofree char *sgx1 = NULL; + g_autofree char *sgx2 = NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) + return 0;
Note that this flag
Yep, noted :-D
+ + if (virXPathBoolean("boolean(./sgx)", ctxt) == 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing SGX platform data in QEMU capabilities cache")); + return -1; + } + + sgx = g_new0(virSGXCapability, 1); + + if ((!(flc = virXPathString("string(./sgx/flc)", ctxt))) || + virStringParseYesNo(flc, &sgx->flc) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform flc in QEMU capabilities cache")); + return -1; + } + + if ((!(sgx1 = virXPathString("string(./sgx/sgx1)", ctxt))) || + virStringParseYesNo(sgx1, &sgx->sgx1) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform sgx1 in QEMU capabilities cache")); + return -1; + } + + if ((!(sgx2 = virXPathString("string(./sgx/sgx2)", ctxt))) || + virStringParseYesNo(sgx2, &sgx->sgx2) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or invalid SGX platform sgx2 in QEMU capabilities cache")); + return -1; + } + + if (virXPathULongLong("string(./sgx/section_size)", ctxt, + &sgx->section_size) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing or malformed SGX platform section_size in QEMU capabilities cache")); + return -1; + } + + if ((sections = virXPathNode("./sgx/sections", ctxt))) { + g_autofree xmlNodePtr *sectionNodes = NULL; + int nsections = 0; + size_t i; + VIR_XPATH_NODE_AUTORESTORE(ctxt); + + ctxt->node = sections; + nsections = virXPathNodeSet("./section", ctxt, §ionNodes); + + if (nsections < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("failed to parse SGX sections in QEMU capabilities cache")); + return -1; + } + + sgx->nsections = nsections; + sgx->sections = g_new0(virSection, nsections); + + for (i = 0; i < nsections; i++) { + g_autofree char * strNode = NULL; + g_autofree char * strSize = NULL; + + if (!(strNode = virXMLPropString(sectionNodes[i], "node")) || + virStrToLong_i(strNode, NULL, 10, &sgx->sections[i].node) < 0) {
We have helpers such as virXMLPropUInt and similar, removing the need for temporary strings and explicit parsing of the numbers.
I'd prefer if you use them instead of this open coding .... in the whole function.
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing node name in QEMU capabilities cache")); + return -1; + } + + if (!(strSize = virXMLPropString(sectionNodes[i], "size")) || + virStrToLong_ull(strSize, NULL, 10, &(sgx->sections[i].size)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing size name in QEMU capabilities cache")); + return -1; + } + } + } + + qemuCaps->sgxCapabilities = g_steal_pointer(&sgx); + return 0; +} + +
[...]
+static void +virQEMUCapsFormatSGXInfo(virQEMUCaps *qemuCaps, + virBuffer *buf) +{ + virSGXCapability *sgx = virQEMUCapsGetSGXCapabilities(qemuCaps); + + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx1>%s</sgx1>\n", sgx->sgx1 ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx2>%s</sgx2>\n", sgx->sgx2 ? "yes" : "no"); + virBufferAsprintf(buf, "<section_size unit='KiB'>%llu</section_size>\n", sgx->section_size);
If the 'section_size' vanishes from qemu, will this field need to be removed?
+ + if (sgx->nsections > 0) { + size_t i; + virBufferAddLit(buf, "<sections>\n"); + + for (i = 0; i < sgx->nsections; i++) { + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<section node='%u' ", sgx->sections[i].node); + virBufferAsprintf(buf, "size='%llu'/>\n", sgx->sections[i].size); + virBufferAdjustIndent(buf, -2); + } + virBufferAddLit(buf, "</sections>\n"); + } + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); +} + + char * virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) { @@ -4789,6 +4990,9 @@ virQEMUCapsFormatCache(virQEMUCaps *qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf);
+ if (qemuCaps->sgxCapabilities)
As example for my comment about copying the caps, here you don't check the capability.
+ virQEMUCapsFormatSGXInfo(qemuCaps, &buf); + if (qemuCaps->kvmSupportsNesting) virBufferAddLit(&buf, "<kvmSupportsNesting/>\n");
[...] capability->sections[i].size
diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies index d893d67ea8..c221b9e034 100644 --- a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.replies @@ -34006,6 +34006,32 @@ } }
+{ + "execute": "query-sgx-capabilities", + "id": "libvirt-51" +} + +{ + "return": { + "sgx": true, + "flc": false, + "sgx1": true, + "sgx2": false, + "section-size": 2048, + "sections": [ + { + "node": 0, + "size": 1024 + }, + { + "node": 1, + "size": 1024 + }
Next time I'll be re-generating the capabilities this will get overwritten by:
+ "id": "libvirt-51", + "error": { + "class": "GenericError", + "desc": "SGX is not enabled in KVM" + }
as my box does not support it. I'd strongly prefer to use this syntax to avoid changes in my caps bump patch.
Alright. We have examples in other versions to show the code working. Michal
From: Haibin Huang <haibin.huang@intel.com> Extend hypervisor capabilities to include sgx feature. When available, the hypervisor supports launching an VM with SGX on Intel platfrom. The SGX feature tag privides additional details like section size and sgx1 or sgx2. Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/formatdomaincaps.rst | 40 +++++++++++++++++++ src/conf/domain_capabilities.c | 35 ++++++++++++++++ src/conf/schemas/domaincaps.rng | 40 +++++++++++++++++++ src/qemu/qemu_capabilities.c | 16 ++++++++ tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 6 +++ .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 6 +++ .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 6 +++ .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 +++++ .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 10 +++++ .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 10 +++++ .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 10 +++++ .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 10 +++++ tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 10 +++++ 72 files changed, 268 insertions(+) diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst index 70f46b972a..bca5389931 100644 --- a/docs/formatdomaincaps.rst +++ b/docs/formatdomaincaps.rst @@ -554,6 +554,16 @@ capabilities. All features occur as children of the main ``features`` element. <cbitpos>47</cbitpos> <reduced-phys-bits>1</reduced-phys-bits> </sev> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </features> </domainCapabilities> @@ -633,3 +643,33 @@ in domain XML <formatdomain.html#launch-security>`__ ``maxESGuests`` The maximum number of SEV-ES guests that can be launched on the host. This value may be configurable in the firmware for some hosts. + +SGX capabilities +^^^^^^^^^^^^^^^^ + +Intel Software Guard Extensions (Intel SGX) capabilities are exposed under the +``sgx`` element. + +Intel SGX helps protect data in use via unique application isolation technology. +Protect selected code and data from modification using hardened enclaves with +Intel SGX. + +For more details on the SGX feature, please follow resources in the SGX developer's +document store. In order to use SGX with libvirt have a look at formatdomain.rst +Memory devices. + +``flc`` + FLC (Flexible Launch Control), not strictly part of SGX2, but was not part of + original SGX hardware either. + +``sgx1`` + the sgx version 1. + +``sgx2`` + The sgx version 2. + +``section_size`` + The size of the SGX enclave page cache (called EPC). + +``sections`` + The sections of the SGX enclave page cache (called EPC). diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 1d3bba3019..ef41612494 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -99,6 +99,7 @@ virDomainCapsDispose(void *obj) virObjectUnref(caps->cpu.custom); virCPUDefFree(caps->cpu.hostModel); virSEVCapabilitiesFree(caps->sev); + virSGXCapabilitiesFree(caps->sgx); values = &caps->os.loader.values; for (i = 0; i < values->nvalues; i++) @@ -621,6 +622,39 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf, virBufferAddLit(buf, "</sev>\n"); } +static void +virDomainCapsFeatureSGXFormat(virBuffer *buf, + const virSGXCapability *sgx) +{ + if (!sgx) { + virBufferAddLit(buf, "<sgx supported='no'/>\n"); + return; + } + + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx1>%s</sgx1>\n", sgx->sgx1 ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx2>%s</sgx2>\n", sgx->sgx2 ? "yes" : "no"); + virBufferAsprintf(buf, "<section_size unit='KiB'>%llu</section_size>\n", sgx->section_size); + + if (sgx->nsections > 0) { + size_t i; + + virBufferAddLit(buf, "<sections>\n"); + + for (i = 0; i < sgx->nsections; i++) { + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<section node='%d' ", sgx->sections[i].node); + virBufferAsprintf(buf, "size='%llu'/>\n", sgx->sections[i].size); + virBufferAdjustIndent(buf, -2); + } + virBufferAddLit(buf, "</sections>\n"); + } + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n"); +} static void virDomainCapsFormatFeatures(const virDomainCaps *caps, @@ -641,6 +675,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, } virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); virXMLFormatElement(buf, "features", NULL, &childBuf); } diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng index 9cbc2467ab..7aec9fbf85 100644 --- a/src/conf/schemas/domaincaps.rng +++ b/src/conf/schemas/domaincaps.rng @@ -270,6 +270,9 @@ <optional> <ref name="sev"/> </optional> + <optional> + <ref name="sgx"/> + </optional> </element> </define> @@ -330,6 +333,43 @@ </element> </define> + <define name="sgx"> + <element name="sgx"> + <ref name="supported"/> + <optional> + <element name="flc"> + <ref name="virYesNo"/> + </element> + <element name="sgx1"> + <ref name="virYesNo"/> + </element> + <element name="sgx2"> + <ref name="virYesNo"/> + </element> + <element name="section_size"> + <attribute name="unit"> + <value>KiB</value> + </attribute> + <data type="unsignedLong"/> + </element> + <optional> + <element name="sections"> + <zeroOrMore> + <element name="section"> + <attribute name="node"> + <data type="unsignedInt"/> + </attribute> + <attribute name="size"> + <data type="unsignedLong"/> + </attribute> + </element> + </zeroOrMore> + </element> + </optional> + </optional> + </element> + </define> + <define name="value"> <zeroOrMore> <element name="value"> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index c734cd9439..ec6a4e5fb8 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -6730,6 +6730,21 @@ virQEMUCapsFillDomainFeatureS390PVCaps(virQEMUCaps *qemuCaps, } } +/** + * virQEMUCapsFillDomainFeatureSGXCaps: + * @qemuCaps: QEMU capabilities + * @domCaps: domain capabilities + * + * Take the information about SGX capabilities that has been obtained + * using the 'query-sgx-capabilities' QMP command and stored in @qemuCaps + * and convert it to a form suitable for @domCaps. + */ +static void +virQEMUCapsFillDomainFeatureSGXCaps(virQEMUCaps *qemuCaps, + virDomainCaps *domCaps) +{ + virQEMUCapsSGXInfoCopy(&domCaps->sgx, qemuCaps->sgxCapabilities); +} int virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, @@ -6782,6 +6797,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureS390PVCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps); return 0; } diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml b/tests/domaincapsdata/bhyve_basic.x86_64.xml index 745f325531..dd054577c0 100644 --- a/tests/domaincapsdata/bhyve_basic.x86_64.xml +++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml @@ -33,5 +33,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml index bb11c02ae9..0b1d9c17d7 100644 --- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml +++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml @@ -50,5 +50,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml b/tests/domaincapsdata/bhyve_uefi.x86_64.xml index dfd2360d74..69fff197a7 100644 --- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml +++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml @@ -42,5 +42,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml index d3e2d89b60..97752ca04a 100644 --- a/tests/domaincapsdata/empty.xml +++ b/tests/domaincapsdata/empty.xml @@ -13,5 +13,6 @@ </devices> <features> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/libxl-xenfv.xml index cc5b3847e2..c71d759517 100644 --- a/tests/domaincapsdata/libxl-xenfv.xml +++ b/tests/domaincapsdata/libxl-xenfv.xml @@ -76,5 +76,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/libxl-xenpv.xml index 325f1e50b3..8ae2370b7e 100644 --- a/tests/domaincapsdata/libxl-xenpv.xml +++ b/tests/domaincapsdata/libxl-xenpv.xml @@ -66,5 +66,6 @@ <vmcoreinfo supported='no'/> <genid supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml index c4277c53a1..381cc9a4ec 100644 --- a/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-q35.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml index 2a65cb0ad9..28868f1c0b 100644 --- a/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0-tcg.x86_64.xml @@ -226,5 +226,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml index 8035f7230a..3176d7044f 100644 --- a/tests/domaincapsdata/qemu_3.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.ppc64.xml @@ -134,5 +134,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml index 6e3ddda356..db9bb1dd9f 100644 --- a/tests/domaincapsdata/qemu_3.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_3.1.0.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml index 8f3911b4b3..b99301af1f 100644 --- a/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-q35.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml index a4dc7bafc9..da58e85b72 100644 --- a/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-tcg.x86_64.xml @@ -226,5 +226,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml index 7108efe3b4..65aa9403c5 100644 --- a/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0-virt.aarch64.xml @@ -175,5 +175,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml index 1e7db635d0..d3e2ac0621 100644 --- a/tests/domaincapsdata/qemu_4.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.aarch64.xml @@ -169,5 +169,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml index f109d36266..076820c5bc 100644 --- a/tests/domaincapsdata/qemu_4.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.ppc64.xml @@ -135,5 +135,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.s390x.xml b/tests/domaincapsdata/qemu_4.0.0.s390x.xml index b810ad737a..821d467bd9 100644 --- a/tests/domaincapsdata/qemu_4.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.0.0.s390x.xml @@ -232,5 +232,6 @@ <backup supported='no'/> <s390-pv supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml index 24e732d9c3..3dac8ff1ae 100644 --- a/tests/domaincapsdata/qemu_4.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.0.0.x86_64.xml @@ -207,5 +207,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml index 3ee7feea48..2f9dc00689 100644 --- a/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-q35.x86_64.xml @@ -213,5 +213,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml index b20c02cb68..13540675b6 100644 --- a/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0-tcg.x86_64.xml @@ -229,5 +229,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml index 0f1d398e2c..bb7d6b9219 100644 --- a/tests/domaincapsdata/qemu_4.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.1.0.x86_64.xml @@ -213,5 +213,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml index c8a77cdd41..9fef4ccd37 100644 --- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml @@ -221,5 +221,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml index d0ee3f7b7a..76636c0c37 100644 --- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml @@ -236,5 +236,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml index 05d606967b..1a87fc417b 100644 --- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml @@ -177,5 +177,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml index f19ad5e6db..943c3605d8 100644 --- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml @@ -171,5 +171,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml index 4c3a2c6d98..e0187041db 100644 --- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml @@ -141,5 +141,6 @@ <backingStoreInput supported='no'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml index fb162ea578..8150e5119a 100644 --- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml @@ -247,5 +247,6 @@ <backup supported='no'/> <s390-pv supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml index 6578fd04b6..8f3edfce70 100644 --- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml @@ -221,5 +221,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml index 8a6797c2f1..4c6ea67c99 100644 --- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml @@ -223,5 +223,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml index d277c96426..e0536347e5 100644 --- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml @@ -238,5 +238,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml index f8cea230d9..3a70b34001 100644 --- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml @@ -186,5 +186,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml index ab72b7ffeb..6a8c1027c0 100644 --- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml @@ -180,5 +180,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml index d196676b14..ec6c9d097a 100644 --- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml index 51ca1d98e0..74f297c2e7 100644 --- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml @@ -223,5 +223,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml index 3468fb2e72..ceafdd35e7 100644 --- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml @@ -224,5 +224,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml index 4f1ffbb2ba..ae9754a14c 100644 --- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml @@ -238,5 +238,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsdata/qemu_5.1.0.sparc.xml index 5c1c0c4680..ae8474a696 100644 --- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml +++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml @@ -113,5 +113,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml index 8ff49c7899..37d053c086 100644 --- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml @@ -224,5 +224,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml index 2301a475eb..4e68dc46f4 100644 --- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml @@ -224,5 +224,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml index 6cff0f815e..a8914a90b2 100644 --- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml @@ -238,5 +238,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml index a863a6052d..41bb7ecb45 100644 --- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml @@ -186,5 +186,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml index ab72b7ffeb..6a8c1027c0 100644 --- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml @@ -180,5 +180,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml index b2c0577be9..fa29ac8c23 100644 --- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsdata/qemu_5.2.0.s390x.xml index 2a2ca8abcf..496c08dd34 100644 --- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml @@ -249,5 +249,6 @@ <backup supported='no'/> <s390-pv supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml index 41a54985d7..df653b95e3 100644 --- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml @@ -224,5 +224,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml index 4595e70f61..95627a1f9c 100644 --- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml @@ -230,5 +230,6 @@ <maxGuests>59</maxGuests> <maxESGuests>450</maxESGuests> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml index 65f4459bcb..4ac6365cad 100644 --- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml @@ -244,5 +244,6 @@ <maxGuests>59</maxGuests> <maxESGuests>450</maxESGuests> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml index 61eab9de0e..bda348ac18 100644 --- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml @@ -187,5 +187,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml index fa722b5fd3..d1478dedde 100644 --- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml @@ -181,5 +181,6 @@ <backingStoreInput supported='yes'/> <backup supported='no'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsdata/qemu_6.0.0.s390x.xml index 13fa3a637e..ccb6536dfc 100644 --- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml @@ -250,5 +250,6 @@ <backup supported='no'/> <s390-pv supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml index a6fa374211..621cf5032c 100644 --- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml @@ -230,5 +230,6 @@ <maxGuests>59</maxGuests> <maxESGuests>450</maxESGuests> </sev> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml index f4d0fcf673..93194d4f99 100644 --- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml @@ -226,5 +226,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml index 40bc875e3c..9828fb4192 100644 --- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml @@ -239,5 +239,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml index 67fc449f5d..0948e9cf14 100644 --- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml @@ -226,5 +226,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml index 9d68c0a404..f23ce1180a 100644 --- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml @@ -226,5 +226,11 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml index a439dda190..e9530e76e5 100644 --- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml @@ -240,5 +240,11 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml index f6045623f5..7494df031f 100644 --- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml index 35e18adcd5..2946a36b04 100644 --- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml @@ -183,5 +183,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml index b07072778b..fb92d1fc5a 100644 --- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml @@ -145,5 +145,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml index 0f89790b60..6d20218543 100644 --- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml @@ -226,5 +226,11 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml index 4e6ff06125..5eff1a0ff9 100644 --- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml @@ -228,5 +228,15 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml index ed80a7892f..bd3fe5cf25 100644 --- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml @@ -242,5 +242,15 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml index 7a8cb9f113..514f673e4c 100644 --- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml @@ -189,5 +189,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml index d48c87dc3a..797affc12f 100644 --- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml @@ -183,5 +183,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml index ec171bcdd9..73816bcd85 100644 --- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml @@ -147,5 +147,6 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='no'/> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml index a20395c6d4..2a77af73eb 100644 --- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml @@ -228,5 +228,15 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml index 4e96c5104a..6de62c1707 100644 --- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml @@ -227,5 +227,15 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml index 46542c8b5b..5f3017d6b5 100644 --- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml @@ -240,5 +240,15 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml index 02b43e318f..3a982d4659 100644 --- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml @@ -227,5 +227,15 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/> + </sections> + </sgx> </features> </domainCapabilities> -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:56 +0200, Michal Privoznik wrote:
From: Haibin Huang <haibin.huang@intel.com>
Extend hypervisor capabilities to include sgx feature. When available, the hypervisor supports launching an VM with SGX on Intel platfrom. The SGX feature tag privides additional details like section size and sgx1 or sgx2.
Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
[...]
diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst index 70f46b972a..bca5389931 100644 --- a/docs/formatdomaincaps.rst +++ b/docs/formatdomaincaps.rst @@ -554,6 +554,16 @@ capabilities. All features occur as children of the main ``features`` element. <cbitpos>47</cbitpos> <reduced-phys-bits>1</reduced-phys-bits> </sev> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size>2</section_size>
This element has "unit='KiB'" in the output data in the tests.
+ <sections> + <section node='0' size='1'/> + <section node='1' size='1'/>
And this one should get a unit too, since the above has it.
+ </sections> + </sgx> </features> </domainCapabilities>
@@ -633,3 +643,33 @@ in domain XML <formatdomain.html#launch-security>`__ ``maxESGuests`` The maximum number of SEV-ES guests that can be launched on the host. This value may be configurable in the firmware for some hosts. + +SGX capabilities +^^^^^^^^^^^^^^^^ + +Intel Software Guard Extensions (Intel SGX) capabilities are exposed under the +``sgx`` element. + +Intel SGX helps protect data in use via unique application isolation technology. +Protect selected code and data from modification using hardened enclaves with +Intel SGX. + +For more details on the SGX feature, please follow resources in the SGX developer's +document store. In order to use SGX with libvirt have a look at formatdomain.rst +Memory devices.
This should be a real RST link to the document/section you are refering to.
+ +``flc`` + FLC (Flexible Launch Control), not strictly part of SGX2, but was not part of + original SGX hardware either. + +``sgx1`` + the sgx version 1. + +``sgx2`` + The sgx version 2. + +``section_size`` + The size of the SGX enclave page cache (called EPC). + +``sections`` + The sections of the SGX enclave page cache (called EPC). diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 1d3bba3019..ef41612494 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c
[...]
@@ -621,6 +622,39 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf, virBufferAddLit(buf, "</sev>\n"); }
+static void +virDomainCapsFeatureSGXFormat(virBuffer *buf, + const virSGXCapability *sgx) +{ + if (!sgx) { + virBufferAddLit(buf, "<sgx supported='no'/>\n"); + return; + } + + virBufferAddLit(buf, "<sgx supported='yes'>\n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<flc>%s</flc>\n", sgx->flc ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx1>%s</sgx1>\n", sgx->sgx1 ? "yes" : "no"); + virBufferAsprintf(buf, "<sgx2>%s</sgx2>\n", sgx->sgx2 ? "yes" : "no"); + virBufferAsprintf(buf, "<section_size unit='KiB'>%llu</section_size>\n", sgx->section_size); + + if (sgx->nsections > 0) { + size_t i; + + virBufferAddLit(buf, "<sections>\n"); + + for (i = 0; i < sgx->nsections; i++) { + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<section node='%d' ", sgx->sections[i].node); + virBufferAsprintf(buf, "size='%llu'/>\n", sgx->sections[i].size);
I think you want to ad a unit field too here.
+ virBufferAdjustIndent(buf, -2); + } + virBufferAddLit(buf, "</sections>\n"); + } + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</sgx>\n");
This looks almost identical to the formatter for the qemu capability cache. Would it make sense to factor it out and reuse it instead of reimplementing? [...]
diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml index 4e6ff06125..5eff1a0ff9 100644 --- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml @@ -228,5 +228,15 @@ <backingStoreInput supported='yes'/> <backup supported='yes'/> <sev supported='no'/> + <sgx supported='yes'> + <flc>no</flc> + <sgx1>yes</sgx1> + <sgx2>no</sgx2> + <section_size unit='KiB'>2</section_size> + <sections> + <section node='0' size='1'/> + <section node='1' size='1'/>
This looks weird without unit.
+ </sections> + </sgx> </features> </domainCapabilities>
From: Lin Yang <lin.a.yang@intel.com> With NUMA config: <devices> ... <memory model='sgx-epc'> <source> <nodemask>0-1</nodemask> </source> <target> <size unit='KiB'>512</size> <node>0</node> </target> </memory> ... </devices> Without NUMA config: <devices> ... <memory model='sgx-epc'> <target> <size unit='KiB'>512</size> </target> </memory> ... </devices> Signed-off-by: Lin Yang <lin.a.yang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/formatdomain.rst | 25 +++++++- src/conf/domain_conf.c | 30 +++++++++ src/conf/domain_conf.h | 1 + src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 9 +++ src/conf/schemas/domaincommon.rng | 1 + src/qemu/qemu_alias.c | 3 + src/qemu/qemu_command.c | 1 + src/qemu/qemu_domain.c | 48 ++++++++++---- src/qemu/qemu_domain_address.c | 6 ++ src/qemu/qemu_driver.c | 1 + src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 8 +++ src/security/security_apparmor.c | 1 + src/security/security_dac.c | 2 + src/security/security_selinux.c | 2 + tests/qemuxml2argvdata/sgx-epc-numa.xml | 64 +++++++++++++++++++ tests/qemuxml2argvdata/sgx-epc.xml | 52 +++++++++++++++ .../sgx-epc-numa.x86_64-latest.xml | 1 + .../sgx-epc.x86_64-6.2.0.xml | 1 + tests/qemuxml2xmltest.c | 3 + 21 files changed, 247 insertions(+), 15 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.xml create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 1ed969ac3e..bdd0fcea8e 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -7940,6 +7940,20 @@ Example: usage of the memory devices <current unit='KiB'>524288</current> </target> </memory> + <memory model='sgx-epc'> + <source> + <nodemask>0-1</nodemask> + </source> + <target> + <size unit='KiB'>16384</size> + <node>0</node> + </target> + </memory> + <memory model='sgx-epc'> + <target> + <size unit='KiB'>16384</size> + </target> + </memory> </devices> ... @@ -7948,7 +7962,9 @@ Example: usage of the memory devices 1.2.14` Provide ``nvdimm`` model that adds a Non-Volatile DIMM module. :since:`Since 3.2.0` Provide ``virtio-pmem`` model to add a paravirtualized persistent memory device. :since:`Since 7.1.0` Provide ``virtio-mem`` model - to add paravirtualized memory device. :since:`Since 7.9.0` + to add paravirtualized memory device. :since:`Since 7.9.0` Provide + ``sgx-epc`` model to add a SGX enclave page cache (EPC) memory to the guest. + :since:`Since 8.7.0 and QEMU 6.2.0` ``access`` An optional attribute ``access`` ( :since:`since 3.2.0` ) that provides @@ -8008,6 +8024,13 @@ Example: usage of the memory devices Represents a path in the host that backs the virtio memory module in the guest. It is mandatory. + For model ``sgx-epc`` this element is optional. The following optional + elements may be used: + + ``nodemask`` + This element can be used to override the default set of NUMA nodes where + the memory would be allocated. :since:`Since 8.7.0 and QEMU 7.0.0` + ``target`` The mandatory ``target`` element configures the placement and sizing of the added memory from the perspective of the guest. diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index e85cc1f809..a1f64b4fcb 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1440,6 +1440,7 @@ VIR_ENUM_IMPL(virDomainMemoryModel, "nvdimm", "virtio-pmem", "virtio-mem", + "sgx-epc", ); VIR_ENUM_IMPL(virDomainShmemModel, @@ -13303,6 +13304,20 @@ virDomainMemorySourceDefParseXML(xmlNodePtr node, def->nvdimmPath = virXPathString("string(./path)", ctxt); break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if ((nodemask = virXPathString("string(./nodemask)", ctxt))) { + if (virBitmapParse(nodemask, &def->sourceNodes, + VIR_DOMAIN_CPUMASK_LEN) < 0) + return -1; + + if (virBitmapIsAllClear(def->sourceNodes)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Invalid value of 'nodemask': %s"), nodemask); + return -1; + } + } + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; @@ -13371,6 +13386,7 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } @@ -15167,6 +15183,11 @@ virDomainMemoryFindByDefInternal(virDomainDef *def, continue; break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (!virBitmapEqual(tmp->sourceNodes, mem->sourceNodes)) + continue; + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; @@ -24778,6 +24799,15 @@ virDomainMemorySourceDefFormat(virBuffer *buf, virBufferEscapeString(&childBuf, "<path>%s</path>\n", def->nvdimmPath); break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (def->sourceNodes) { + if (!(bitmap = virBitmapFormat(def->sourceNodes))) + return -1; + + virBufferAsprintf(&childBuf, "<nodemask>%s</nodemask>\n", bitmap); + } + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 060c395943..4fda47118f 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2573,6 +2573,7 @@ typedef enum { VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device */ VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM, /* virtio-pmem memory device */ VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM, /* virtio-mem memory device */ + VIR_DOMAIN_MEMORY_MODEL_SGX_EPC, /* SGX enclave page cache */ VIR_DOMAIN_MEMORY_MODEL_LAST } virDomainMemoryModel; diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c index df59de2d0d..9a3e8f494c 100644 --- a/src/conf/domain_postparse.c +++ b/src/conf/domain_postparse.c @@ -645,6 +645,7 @@ virDomainMemoryDefPostParse(virDomainMemoryDef *mem, break; case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index e673e4b81a..bc24c68a05 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2334,6 +2334,15 @@ virDomainMemoryDefValidate(const virDomainMemoryDef *mem, case VIR_DOMAIN_MEMORY_MODEL_DIMM: break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (mem->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("memory device address is not supported for model '%s'"), + virDomainMemoryModelTypeToString(mem->model)); + return -1; + } + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: default: diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng index c4f293a4c3..ca779ba66b 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -6838,6 +6838,7 @@ <value>nvdimm</value> <value>virtio-pmem</value> <value>virtio-mem</value> + <value>sgx-epc</value> </choice> </attribute> <optional> diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index 7b91fe3141..e7f76068cb 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -515,6 +515,9 @@ qemuAssignDeviceMemoryAlias(virDomainDef *def, case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: prefix = "virtiomem"; break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + prefix = "epc"; + break; case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: default: diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 8699b88220..f3f6870c58 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4001,6 +4001,7 @@ qemuBuildMemoryDeviceProps(virQEMUDriverConfig *cfg, return NULL; break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: default: diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index b02ffc9a2e..fb287a9623 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -8449,6 +8449,7 @@ qemuDomainUpdateMemoryDeviceInfo(virQEMUDriver *driver, break; case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; @@ -9130,6 +9131,12 @@ qemuDomainDefValidateMemoryHotplugDevice(const virDomainMemoryDef *mem, } break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("hotplug is not supported for the %s device"), + virDomainMemoryModelTypeToString(mem->model)); + return -1; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: return -1; @@ -9165,7 +9172,7 @@ int qemuDomainDefValidateMemoryHotplug(const virDomainDef *def, const virDomainMemoryDef *mem) { - unsigned int nmems = def->nmems; + unsigned int hotplugNum = 0; unsigned long long hotplugSpace; unsigned long long hotplugMemory = 0; size_t i; @@ -9173,15 +9180,37 @@ qemuDomainDefValidateMemoryHotplug(const virDomainDef *def, hotplugSpace = def->mem.max_memory - virDomainDefGetMemoryInitial(def); if (mem) { - nmems++; + hotplugNum++; hotplugMemory = mem->size; if (qemuDomainDefValidateMemoryHotplugDevice(mem, def) < 0) return -1; } + for (i = 0; i < def->nmems; i++) { + switch (def->mems[i]->model) { + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + hotplugMemory += def->mems[i]->size; + hotplugNum++; + /* already existing devices don't need to be checked on hotplug */ + if (!mem && + qemuDomainDefValidateMemoryHotplugDevice(def->mems[i], def) < 0) + return -1; + break; + + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + /* sgx epc memory does not support hotplug */ + case VIR_DOMAIN_MEMORY_MODEL_LAST: + case VIR_DOMAIN_MEMORY_MODEL_NONE: + break; + } + } + if (!virDomainDefHasMemoryHotplug(def)) { - if (nmems) { + if (hotplugNum) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("cannot use/hotplug a memory device when domain " "'maxMemory' is not defined")); @@ -9204,22 +9233,13 @@ qemuDomainDefValidateMemoryHotplug(const virDomainDef *def, } } - if (nmems > def->mem.memory_slots) { + if (hotplugNum > def->mem.memory_slots) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("memory device count '%u' exceeds slots count '%u'"), - nmems, def->mem.memory_slots); + hotplugNum, def->mem.memory_slots); return -1; } - for (i = 0; i < def->nmems; i++) { - hotplugMemory += def->mems[i]->size; - - /* already existing devices don't need to be checked on hotplug */ - if (!mem && - qemuDomainDefValidateMemoryHotplugDevice(def->mems[i], def) < 0) - return -1; - } - if (hotplugMemory > hotplugSpace) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("memory device total size exceeds hotplug space")); diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index 026be99ba9..08cc995bfa 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -389,6 +389,7 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDef *def, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } @@ -1039,6 +1040,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDef *dev, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: return 0; } @@ -2421,6 +2423,7 @@ qemuDomainAssignDevicePCISlots(virDomainDef *def, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } @@ -3081,6 +3084,7 @@ qemuDomainAssignMemoryDeviceSlot(virDomainObj *vm, return qemuDomainEnsurePCIAddress(vm, &dev); break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; @@ -3107,6 +3111,7 @@ qemuDomainReleaseMemoryDeviceSlot(virDomainObj *vm, qemuDomainReleaseDeviceAddress(vm, &mem->info); break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; @@ -3140,6 +3145,7 @@ qemuDomainAssignMemorySlots(virDomainDef *def) case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: /* handled in qemuDomainAssignPCIAddresses() */ break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 9013e6fb8d..530011fe4a 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -7170,6 +7170,7 @@ qemuDomainChangeMemoryLiveValidateChange(const virDomainMemoryDef *oldDef, case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("cannot modify memory of model '%s'"), diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index d42333195a..554eb482fb 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3936,6 +3936,7 @@ qemuProcessDomainMemoryDefNeedHugepagesPath(const virDomainMemoryDef *mem, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: /* None of these can be backed by hugepages. */ return false; @@ -4010,6 +4011,7 @@ qemuProcessNeedMemoryBackingPath(virDomainDef *def, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: /* Backed by user provided path. Not stored in memory * backing dir anyway. */ diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 764d5b029e..259636f7e7 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -5181,6 +5181,14 @@ qemuValidateDomainDeviceDefMemory(virDomainMemoryDef *mem, } break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("sgx epc isn't supported by this QEMU binary")); + return -1; + } + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 008384dee8..36e8ce42b5 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -687,6 +687,7 @@ AppArmorSetMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 21cebae694..d94995c9cf 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1853,6 +1853,7 @@ virSecurityDACRestoreMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: case VIR_DOMAIN_MEMORY_MODEL_NONE: ret = 0; @@ -2040,6 +2041,7 @@ virSecurityDACSetMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: case VIR_DOMAIN_MEMORY_MODEL_NONE: ret = 0; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 9f2872decc..98044d1847 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1580,6 +1580,7 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } @@ -1608,6 +1609,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: ret = 0; diff --git a/tests/qemuxml2argvdata/sgx-epc-numa.xml b/tests/qemuxml2argvdata/sgx-epc-numa.xml new file mode 100644 index 0000000000..9029977f20 --- /dev/null +++ b/tests/qemuxml2argvdata/sgx-epc-numa.xml @@ -0,0 +1,64 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>2</vcpu> + <os> + <type arch='x86_64' machine='q35'>hvm</type> + <boot dev='hd'/> + </os> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + <numa> + <cell id='0' cpus='0' memory='109550' unit='KiB'/> + <cell id='1' cpus='1' memory='109550' unit='KiB'/> + </numa> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='pci' index='0' model='pcie-root'/> + <controller type='pci' index='1' model='pcie-root-port'> + <model name='pcie-root-port'/> + <target chassis='1' port='0x8'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> + </controller> + <controller type='pci' index='2' model='pcie-root-port'> + <model name='pcie-root-port'/> + <target chassis='2' port='0x9'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> + </controller> + <controller type='usb' index='0' model='none'/> + <controller type='sata' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> + </controller> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> + </memballoon> + <memory model='sgx-epc'> + <source> + <nodemask>0-1</nodemask> + </source> + <target> + <size unit='KiB'>65536</size> + <node>0</node> + </target> + </memory> + <memory model='sgx-epc'> + <source> + <nodemask>2-3</nodemask> + </source> + <target> + <size unit='KiB'>16384</size> + <node>1</node> + </target> + </memory> + </devices> +</domain> diff --git a/tests/qemuxml2argvdata/sgx-epc.xml b/tests/qemuxml2argvdata/sgx-epc.xml new file mode 100644 index 0000000000..8b46a799dc --- /dev/null +++ b/tests/qemuxml2argvdata/sgx-epc.xml @@ -0,0 +1,52 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc-q35-6.2'>hvm</type> + <boot dev='hd'/> + </os> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='pci' index='0' model='pcie-root'/> + <controller type='pci' index='1' model='pcie-root-port'> + <model name='pcie-root-port'/> + <target chassis='1' port='0x8'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> + </controller> + <controller type='pci' index='2' model='pcie-root-port'> + <model name='pcie-root-port'/> + <target chassis='2' port='0x9'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> + </controller> + <controller type='usb' index='0' model='none'/> + <controller type='sata' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> + </controller> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> + </memballoon> + <memory model='sgx-epc'> + <target> + <size unit='KiB'>65536</size> + </target> + </memory> + <memory model='sgx-epc'> + <target> + <size unit='KiB'>16384</size> + </target> + </memory> + </devices> +</domain> diff --git a/tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml b/tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml new file mode 120000 index 0000000000..fa27d9b2a2 --- /dev/null +++ b/tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml @@ -0,0 +1 @@ +../qemuxml2argvdata/sgx-epc-numa.xml \ No newline at end of file diff --git a/tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml b/tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml new file mode 120000 index 0000000000..cc2263ac99 --- /dev/null +++ b/tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml @@ -0,0 +1 @@ +../qemuxml2argvdata/sgx-epc.xml \ No newline at end of file diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 4cbf380e44..033efad646 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1462,6 +1462,9 @@ mymain(void) DO_TEST_CAPS_LATEST("channel-qemu-vdagent"); DO_TEST_CAPS_LATEST("channel-qemu-vdagent-features"); + DO_TEST_CAPS_VER("sgx-epc", "6.2.0"); + DO_TEST_CAPS_LATEST("sgx-epc-numa"); + cleanup: if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) virFileDeleteTree(fakerootdir); -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:57 +0200, Michal Privoznik wrote:
From: Lin Yang <lin.a.yang@intel.com>
With NUMA config:
<devices> ... <memory model='sgx-epc'> <source> <nodemask>0-1</nodemask> </source> <target> <size unit='KiB'>512</size> <node>0</node> </target> </memory> ... </devices>
Without NUMA config:
<devices> ... <memory model='sgx-epc'> <target> <size unit='KiB'>512</size> </target> </memory> ... </devices>
Signed-off-by: Lin Yang <lin.a.yang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
[...]
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 1ed969ac3e..bdd0fcea8e 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -7940,6 +7940,20 @@ Example: usage of the memory devices <current unit='KiB'>524288</current> </target> </memory> + <memory model='sgx-epc'> + <source> + <nodemask>0-1</nodemask> + </source> + <target> + <size unit='KiB'>16384</size> + <node>0</node> + </target> + </memory> + <memory model='sgx-epc'> + <target> + <size unit='KiB'>16384</size> + </target> + </memory> </devices> ...
@@ -7948,7 +7962,9 @@ Example: usage of the memory devices 1.2.14` Provide ``nvdimm`` model that adds a Non-Volatile DIMM module. :since:`Since 3.2.0` Provide ``virtio-pmem`` model to add a paravirtualized persistent memory device. :since:`Since 7.1.0` Provide ``virtio-mem`` model - to add paravirtualized memory device. :since:`Since 7.9.0` + to add paravirtualized memory device. :since:`Since 7.9.0` Provide + ``sgx-epc`` model to add a SGX enclave page cache (EPC) memory to the guest. + :since:`Since 8.7.0 and QEMU 6.2.0`
I don't quite understand from this description whether this is real memory usable by the guest OS or something for internal use by the hypervisor. Specifically which leads me to questioning this is that the example sizes are very tiny compared to real memory sizing. Additionally in qemuDomainDefValidateMemoryHotplug you are changing the code to specifically exclude the sizing of the 'sgx-epc' memory devices from the total size of the memory, but this contrasts with the memory _not_ being excluded from the initial memory calculation in virDomainDefGetMemoryInitial which is used to format the initial memory argument ('-m size=...'). Thus at least one of them is wrong. If this is not guest usable memory, then the <memory> element should not be used to bolt this on, but rather add a new element similarly to what we have when AMD SEV is in use.
``access`` An optional attribute ``access`` ( :since:`since 3.2.0` ) that provides @@ -8008,6 +8024,13 @@ Example: usage of the memory devices Represents a path in the host that backs the virtio memory module in the guest. It is mandatory.
+ For model ``sgx-epc`` this element is optional. The following optional + elements may be used: + + ``nodemask`` + This element can be used to override the default set of NUMA nodes where + the memory would be allocated. :since:`Since 8.7.0 and QEMU 7.0.0` + ``target`` The mandatory ``target`` element configures the placement and sizing of the added memory from the perspective of the guest. diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index e85cc1f809..a1f64b4fcb 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1440,6 +1440,7 @@ VIR_ENUM_IMPL(virDomainMemoryModel, "nvdimm", "virtio-pmem", "virtio-mem", + "sgx-epc", );
VIR_ENUM_IMPL(virDomainShmemModel, @@ -13303,6 +13304,20 @@ virDomainMemorySourceDefParseXML(xmlNodePtr node, def->nvdimmPath = virXPathString("string(./path)", ctxt); break;
+ case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if ((nodemask = virXPathString("string(./nodemask)", ctxt))) { + if (virBitmapParse(nodemask, &def->sourceNodes, + VIR_DOMAIN_CPUMASK_LEN) < 0) + return -1; + + if (virBitmapIsAllClear(def->sourceNodes)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
A more appropriate error code would be VIR_ERR_XML_DETAIL or VIR_ERR_INVALID_ARG
+ _("Invalid value of 'nodemask': %s"), nodemask); + return -1; + } + } + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; @@ -13371,6 +13386,7 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } @@ -15167,6 +15183,11 @@ virDomainMemoryFindByDefInternal(virDomainDef *def, continue; break;
+ case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (!virBitmapEqual(tmp->sourceNodes, mem->sourceNodes)) + continue; + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; @@ -24778,6 +24799,15 @@ virDomainMemorySourceDefFormat(virBuffer *buf, virBufferEscapeString(&childBuf, "<path>%s</path>\n", def->nvdimmPath); break;
+ case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (def->sourceNodes) { + if (!(bitmap = virBitmapFormat(def->sourceNodes))) + return -1; + + virBufferAsprintf(&childBuf, "<nodemask>%s</nodemask>\n", bitmap); + } + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break;
[...]
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 764d5b029e..259636f7e7 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -5181,6 +5181,14 @@ qemuValidateDomainDeviceDefMemory(virDomainMemoryDef *mem, } break;
+ case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SGX_EPC)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("sgx epc isn't supported by this QEMU binary")); + return -1; + } + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 008384dee8..36e8ce42b5 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -687,6 +687,7 @@ AppArmorSetMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 21cebae694..d94995c9cf 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1853,6 +1853,7 @@ virSecurityDACRestoreMemoryLabel(virSecurityManager *mgr,
case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: case VIR_DOMAIN_MEMORY_MODEL_NONE: ret = 0; @@ -2040,6 +2041,7 @@ virSecurityDACSetMemoryLabel(virSecurityManager *mgr,
case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: case VIR_DOMAIN_MEMORY_MODEL_NONE: ret = 0; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 9f2872decc..98044d1847 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1580,6 +1580,7 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManager *mgr, case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } @@ -1608,6 +1609,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManager *mgr,
case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_NONE: case VIR_DOMAIN_MEMORY_MODEL_LAST: ret = 0; diff --git a/tests/qemuxml2argvdata/sgx-epc-numa.xml b/tests/qemuxml2argvdata/sgx-epc-numa.xml new file mode 100644 index 0000000000..9029977f20 --- /dev/null +++ b/tests/qemuxml2argvdata/sgx-epc-numa.xml @@ -0,0 +1,64 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>2</vcpu> + <os> + <type arch='x86_64' machine='q35'>hvm</type> + <boot dev='hd'/> + </os> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + <numa> + <cell id='0' cpus='0' memory='109550' unit='KiB'/> + <cell id='1' cpus='1' memory='109550' unit='KiB'/> + </numa> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='pci' index='0' model='pcie-root'/> + <controller type='pci' index='1' model='pcie-root-port'> + <model name='pcie-root-port'/> + <target chassis='1' port='0x8'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> + </controller> + <controller type='pci' index='2' model='pcie-root-port'> + <model name='pcie-root-port'/> + <target chassis='2' port='0x9'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> + </controller> + <controller type='usb' index='0' model='none'/> + <controller type='sata' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> + </controller> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> + </memballoon> + <memory model='sgx-epc'> + <source> + <nodemask>0-1</nodemask> + </source> + <target> + <size unit='KiB'>65536</size> + <node>0</node> + </target> + </memory> + <memory model='sgx-epc'> + <source> + <nodemask>2-3</nodemask> + </source> + <target> + <size unit='KiB'>16384</size> + <node>1</node> + </target> + </memory> + </devices> +</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 4cbf380e44..033efad646 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1462,6 +1462,9 @@ mymain(void) DO_TEST_CAPS_LATEST("channel-qemu-vdagent"); DO_TEST_CAPS_LATEST("channel-qemu-vdagent-features");
+ DO_TEST_CAPS_VER("sgx-epc", "6.2.0"); + DO_TEST_CAPS_LATEST("sgx-epc-numa");
This test will break once I re-generate latest caps. Please pin it to qemu-7.0.
On 7/28/22 14:41, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:57 +0200, Michal Privoznik wrote:
From: Lin Yang <lin.a.yang@intel.com>
With NUMA config:
<devices> ... <memory model='sgx-epc'> <source> <nodemask>0-1</nodemask> </source> <target> <size unit='KiB'>512</size> <node>0</node> </target> </memory> ... </devices>
Without NUMA config:
<devices> ... <memory model='sgx-epc'> <target> <size unit='KiB'>512</size> </target> </memory> ... </devices>
Signed-off-by: Lin Yang <lin.a.yang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
[...]
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 1ed969ac3e..bdd0fcea8e 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -7940,6 +7940,20 @@ Example: usage of the memory devices <current unit='KiB'>524288</current> </target> </memory> + <memory model='sgx-epc'> + <source> + <nodemask>0-1</nodemask> + </source> + <target> + <size unit='KiB'>16384</size> + <node>0</node> + </target> + </memory> + <memory model='sgx-epc'> + <target> + <size unit='KiB'>16384</size> + </target> + </memory> </devices> ...
@@ -7948,7 +7962,9 @@ Example: usage of the memory devices 1.2.14` Provide ``nvdimm`` model that adds a Non-Volatile DIMM module. :since:`Since 3.2.0` Provide ``virtio-pmem`` model to add a paravirtualized persistent memory device. :since:`Since 7.1.0` Provide ``virtio-mem`` model - to add paravirtualized memory device. :since:`Since 7.9.0` + to add paravirtualized memory device. :since:`Since 7.9.0` Provide + ``sgx-epc`` model to add a SGX enclave page cache (EPC) memory to the guest. + :since:`Since 8.7.0 and QEMU 6.2.0`
I don't quite understand from this description whether this is real memory usable by the guest OS or something for internal use by the hypervisor.
Specifically which leads me to questioning this is that the example sizes are very tiny compared to real memory sizing.
I admit that I don't know all the details and let somebody from Intel to provide them. But basically, SGX works by reserving a chunk of RAM (on each NUMA node) which is then encrypted and the processor controls access to it. This chunk is referred to as Processor Reserved Memory and to my understanding is the maximum size of an enclave. Thus I can understand why new <memory/> model was used. But I'm not sure how QEMU accounts for this memory, whether say 16KiB worth of SGX is added to whatever current guest has OR it's taken from an existing memory.
Additionally in qemuDomainDefValidateMemoryHotplug you are changing the code to specifically exclude the sizing of the 'sgx-epc' memory devices from the total size of the memory, but this contrasts with the memory _not_ being excluded from the initial memory calculation in virDomainDefGetMemoryInitial which is used to format the initial memory argument ('-m size=...'). Thus at least one of them is wrong.
If this is not guest usable memory, then the <memory> element should not be used to bolt this on, but rather add a new element similarly to what we have when AMD SEV is in use.
Alright, I'm hold off reworking these patches per your review until we are clear on this. Michal
On Fri, Jul 29, 2022 at 09:38:35 +0200, Michal Prívozník wrote:
On 7/28/22 14:41, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:57 +0200, Michal Privoznik wrote:
From: Lin Yang <lin.a.yang@intel.com>
With NUMA config:
<devices> ... <memory model='sgx-epc'> <source> <nodemask>0-1</nodemask> </source> <target> <size unit='KiB'>512</size> <node>0</node> </target> </memory> ... </devices>
Without NUMA config:
<devices> ... <memory model='sgx-epc'> <target> <size unit='KiB'>512</size> </target> </memory> ... </devices>
Signed-off-by: Lin Yang <lin.a.yang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
[...]
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 1ed969ac3e..bdd0fcea8e 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -7940,6 +7940,20 @@ Example: usage of the memory devices <current unit='KiB'>524288</current> </target> </memory> + <memory model='sgx-epc'> + <source> + <nodemask>0-1</nodemask> + </source> + <target> + <size unit='KiB'>16384</size> + <node>0</node> + </target> + </memory> + <memory model='sgx-epc'> + <target> + <size unit='KiB'>16384</size> + </target> + </memory> </devices> ...
@@ -7948,7 +7962,9 @@ Example: usage of the memory devices 1.2.14` Provide ``nvdimm`` model that adds a Non-Volatile DIMM module. :since:`Since 3.2.0` Provide ``virtio-pmem`` model to add a paravirtualized persistent memory device. :since:`Since 7.1.0` Provide ``virtio-mem`` model - to add paravirtualized memory device. :since:`Since 7.9.0` + to add paravirtualized memory device. :since:`Since 7.9.0` Provide + ``sgx-epc`` model to add a SGX enclave page cache (EPC) memory to the guest. + :since:`Since 8.7.0 and QEMU 6.2.0`
I don't quite understand from this description whether this is real memory usable by the guest OS or something for internal use by the hypervisor.
Specifically which leads me to questioning this is that the example sizes are very tiny compared to real memory sizing.
I admit that I don't know all the details and let somebody from Intel to provide them. But basically, SGX works by reserving a chunk of RAM (on each NUMA node) which is then encrypted and the processor controls access to it. This chunk is referred to as Processor Reserved Memory and to my understanding is the maximum size of an enclave. Thus I can understand why new <memory/> model was used.
Even this interpretation would not sit well with the semantics of the <memory> element.
But I'm not sure how QEMU accounts for this memory, whether say 16KiB worth of SGX is added to whatever current guest has OR it's taken from an existing memory.
Note that the name expands to "enclave page cache", so even the name doesn't really seem to be hinting that the memory declared like this is used by the guest OS. Preferrably the documentation added in this patch will clarify that, because if it is not clarified by the documentation, we will be getting clarification requests and it's very apparent that we can't answer them since neither of us actually knows what's going on.
Additionally in qemuDomainDefValidateMemoryHotplug you are changing the code to specifically exclude the sizing of the 'sgx-epc' memory devices from the total size of the memory, but this contrasts with the memory _not_ being excluded from the initial memory calculation in virDomainDefGetMemoryInitial which is used to format the initial memory argument ('-m size=...'). Thus at least one of them is wrong.
If this is not guest usable memory, then the <memory> element should not be used to bolt this on, but rather add a new element similarly to what we have when AMD SEV is in use.
Alright, I'm hold off reworking these patches per your review until we are clear on this.
Michal
On Fri, Jul 29, 2022 at 09:38:35 +0200, Michal Prívozník wrote:
On 7/28/22 14:41, Peter Krempa wrote:
On Wed, Jul 27, 2022 at 12:34:57 +0200, Michal Privoznik wrote:
From: Lin Yang <lin.a.yang@intel.com>
With NUMA config:
<devices> ... <memory model='sgx-epc'> <source> <nodemask>0-1</nodemask> </source> <target> <size unit='KiB'>512</size> <node>0</node> </target> </memory> ... </devices>
Without NUMA config:
<devices> ... <memory model='sgx-epc'> <target> <size unit='KiB'>512</size> </target> </memory> ... </devices>
Signed-off-by: Lin Yang <lin.a.yang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
[...]
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 1ed969ac3e..bdd0fcea8e 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -7940,6 +7940,20 @@ Example: usage of the memory devices <current unit='KiB'>524288</current> </target> </memory> + <memory model='sgx-epc'> + <source> + <nodemask>0-1</nodemask> + </source> + <target> + <size unit='KiB'>16384</size> + <node>0</node> + </target> + </memory> + <memory model='sgx-epc'> + <target> + <size unit='KiB'>16384</size> + </target> + </memory> </devices> ...
@@ -7948,7 +7962,9 @@ Example: usage of the memory devices 1.2.14` Provide ``nvdimm`` model that adds a Non-Volatile DIMM module. :since:`Since 3.2.0` Provide ``virtio-pmem`` model to add a paravirtualized persistent memory device. :since:`Since 7.1.0` Provide ``virtio-mem`` model - to add paravirtualized memory device. :since:`Since 7.9.0` + to add paravirtualized memory device. :since:`Since 7.9.0` Provide + ``sgx-epc`` model to add a SGX enclave page cache (EPC) memory to the guest. + :since:`Since 8.7.0 and QEMU 6.2.0`
I don't quite understand from this description whether this is real memory usable by the guest OS or something for internal use by the hypervisor.
Specifically which leads me to questioning this is that the example sizes are very tiny compared to real memory sizing.
I admit that I don't know all the details and let somebody from Intel to provide them. But basically, SGX works by reserving a chunk of RAM (on each NUMA node) which is then encrypted and the processor controls access to it. This chunk is referred to as Processor Reserved Memory and to my understanding is the maximum size of an enclave. Thus I can understand why new <memory/> model was used.
Even this interpretation would not sit well with the semantics of the <memory> element.
But I'm not sure how QEMU accounts for this memory, whether say 16KiB worth of SGX is added to whatever current guest has OR it's taken from an existing memory.
Note that the name expands to "enclave page cache", so even the name doesn't really seem to be hinting that the memory declared like this is used by the guest OS.
Preferrably the documentation added in this patch will clarify that, because if it is not clarified by the documentation, we will be getting clarification requests and it's very apparent that we can't answer them since neither of us actually knows what's going on.
Additionally in qemuDomainDefValidateMemoryHotplug you are changing the code to specifically exclude the sizing of the 'sgx-epc' memory devices from the total size of the memory, but this contrasts with the memory _not_ being excluded from the initial memory calculation in virDomainDefGetMemoryInitial which is used to format the initial memory argument ('-m size=...'). Thus at least one of them is wrong.
If this is not guest usable memory, then the <memory> element should not be used to bolt this on, but rather add a new element similarly to what we have when AMD SEV is in use.
Alright, I'm hold off reworking these patches per your review until we are clear on this.
Basically sgx-epc memory created here is usable by guest OS. KVM SGX creates One new misc device, and QEMU will open '/dev/sgx_vepc' device node to mmap() host EPC memory to guest. The sgx-epc memory is a separate memory range. Its size will not change the guest OS size that is initialized by ‘-m size=…’. So it should be excluded from calculation in virDomainDefGetMemoryInitial. Thanks for pointing this out. Thanks, Lin.
SGX memory backend needs to access /dev/sgx_vepc (which allows userspace to allocate "raw" EPC without an associated enclave) and /dev/sgx_provision (which allows creating provisioning enclaves). Allow these two devices in CGroups if a domain is configured so. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_cgroup.c | 76 +++++++++++++++++++++++++++++++++++------- src/qemu/qemu_domain.h | 2 ++ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index d6f27a5a4d..6b1d9afd5f 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -120,6 +120,28 @@ qemuCgroupDenyDevicePath(virDomainObj *vm, } +static int +qemuCgroupDenyDevicesPaths(virDomainObj *vm, + const char *const *paths, + int perms, + bool ignoreEacces) +{ + size_t i; + + for (i = 0; paths[i] != NULL; i++) { + if (!virFileExists(paths[i])) { + VIR_DEBUG("Ignoring non-existent device %s", paths[i]); + continue; + } + + if (qemuCgroupDenyDevicePath(vm, paths[i], perms, ignoreEacces) < 0) + return -1; + } + + return 0; +} + + static int qemuSetupImagePathCgroup(virDomainObj *vm, const char *path, @@ -520,16 +542,31 @@ qemuSetupMemoryDevicesCgroup(virDomainObj *vm, virDomainMemoryDef *mem) { qemuDomainObjPrivate *priv = vm->privateData; - - if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM && - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM) - return 0; + const char *const sgxPaths[] = { QEMU_DEV_SGX_VEPVC, + QEMU_DEV_SGX_PROVISION, NULL }; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) return 0; - return qemuCgroupAllowDevicePath(vm, mem->nvdimmPath, - VIR_CGROUP_DEVICE_RW, false); + switch (mem->model) { + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + if (qemuCgroupAllowDevicePath(vm, mem->nvdimmPath, + VIR_CGROUP_DEVICE_RW, false) < 0) + return -1; + break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (qemuCgroupAllowDevicesPaths(vm, sgxPaths, VIR_CGROUP_DEVICE_RW, false) < 0) + return -1; + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_LAST: + break; + } + + return 0; } @@ -538,16 +575,31 @@ qemuTeardownMemoryDevicesCgroup(virDomainObj *vm, virDomainMemoryDef *mem) { qemuDomainObjPrivate *priv = vm->privateData; - - if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM && - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM) - return 0; + const char *const sgxPaths[] = { QEMU_DEV_SGX_VEPVC, + QEMU_DEV_SGX_PROVISION, NULL }; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) return 0; - return qemuCgroupDenyDevicePath(vm, mem->nvdimmPath, - VIR_CGROUP_DEVICE_RWM, false); + switch (mem->model) { + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + if (qemuCgroupDenyDevicePath(vm, mem->nvdimmPath, + VIR_CGROUP_DEVICE_RWM, false) < 0) + return -1; + break; + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + if (qemuCgroupDenyDevicesPaths(vm, sgxPaths, VIR_CGROUP_DEVICE_RW, false) < 0) + return -1; + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_LAST: + break; + } + + return 0; } diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 4680df1098..0fd5c87ae3 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -81,6 +81,8 @@ struct _qemuDomainUnpluggingDevice { #define QEMU_DEVPREFIX "/dev/" #define QEMU_DEV_VFIO "/dev/vfio/vfio" #define QEMU_DEV_SEV "/dev/sev" +#define QEMU_DEV_SGX_VEPVC "/dev/sgx_vepc" +#define QEMU_DEV_SGX_PROVISION "/dev/sgx_provision" #define QEMU_DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control" -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:58 +0200, Michal Privoznik wrote:
SGX memory backend needs to access /dev/sgx_vepc (which allows userspace to allocate "raw" EPC without an associated enclave) and /dev/sgx_provision (which allows creating provisioning enclaves). Allow these two devices in CGroups if a domain is configured so.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_cgroup.c | 76 +++++++++++++++++++++++++++++++++++------- src/qemu/qemu_domain.h | 2 ++ 2 files changed, 66 insertions(+), 12 deletions(-)
[...]
@@ -538,16 +575,31 @@ qemuTeardownMemoryDevicesCgroup(virDomainObj *vm, virDomainMemoryDef *mem) { qemuDomainObjPrivate *priv = vm->privateData; - - if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM && - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM) - return 0; + const char *const sgxPaths[] = { QEMU_DEV_SGX_VEPVC, + QEMU_DEV_SGX_PROVISION, NULL };
Preferrably use the same alignment as in qemuSetupMemoryDevicesCgroup. Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This is similar to the previous commit. SGX memory backend needs to access /dev/sgx_vepc and /dev/sgx_provision. Create these nodes in domain's private /dev when required by domain's config. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_namespace.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 98cd794666..8fba39a690 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -350,11 +350,23 @@ static int qemuDomainSetupMemory(virDomainMemoryDef *mem, GSList **paths) { - if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM && - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM) - return 0; + switch (mem->model) { + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + *paths = g_slist_prepend(*paths, g_strdup(mem->nvdimmPath)); + break; - *paths = g_slist_prepend(*paths, g_strdup(mem->nvdimmPath)); + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + *paths = g_slist_prepend(*paths, g_strdup(QEMU_DEV_SGX_VEPVC)); + *paths = g_slist_prepend(*paths, g_strdup(QEMU_DEV_SGX_PROVISION)); + break; + + case VIR_DOMAIN_MEMORY_MODEL_NONE: + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_LAST: + break; + } return 0; } -- 2.35.1
On Wed, Jul 27, 2022 at 12:34:59 +0200, Michal Privoznik wrote:
This is similar to the previous commit. SGX memory backend needs to access /dev/sgx_vepc and /dev/sgx_provision. Create these nodes in domain's private /dev when required by domain's config.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_namespace.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
As advertised in previous commits, QEMU needs to access /dev/sgx_vepc and /dev/sgx_provision files when SGX memory backend is configured. And if it weren't for QEMU's namespaces, we wouldn't dare to relabel them, because they are system wide files. But if namespaces are used, then we can set label on domain's private copies, just like we do for /dev/sev. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_dac.c | 46 ++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index d94995c9cf..5ca63e30f4 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -48,6 +48,8 @@ VIR_LOG_INIT("security.security_dac"); #define SECURITY_DAC_NAME "dac" #define DEV_SEV "/dev/sev" +#define DEV_SGX_VEPC "/dev/sgx_vepc" +#define DEV_SGX_PROVISION "/dev/sgx_provision" typedef struct _virSecurityDACData virSecurityDACData; struct _virSecurityDACData { @@ -1843,24 +1845,24 @@ virSecurityDACRestoreMemoryLabel(virSecurityManager *mgr, virDomainDef *def G_GNUC_UNUSED, virDomainMemoryDef *mem) { - int ret = -1; - switch (mem->model) { case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: - ret = virSecurityDACRestoreFileLabel(mgr, mem->nvdimmPath); + return virSecurityDACRestoreFileLabel(mgr, mem->nvdimmPath); + + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + /* We set label on SGX /dev nodes iff running with namespaces, so we + * don't need to restore anything. */ break; case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: - case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: case VIR_DOMAIN_MEMORY_MODEL_NONE: - ret = 0; break; } - return ret; + return 0; } @@ -2020,35 +2022,43 @@ virSecurityDACSetMemoryLabel(virSecurityManager *mgr, { virSecurityDACData *priv = virSecurityManagerGetPrivateData(mgr); virSecurityLabelDef *seclabel; - int ret = -1; uid_t user; gid_t group; + seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); + if (seclabel && !seclabel->relabel) + return 0; + + if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0) + return -1; + switch (mem->model) { case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: - seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); - if (seclabel && !seclabel->relabel) - return 0; + return virSecurityDACSetOwnership(mgr, NULL, + mem->nvdimmPath, + user, group, true); - if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0) + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + /* Skip chowning SGX if namespaces are disabled. */ + if (priv->mountNamespace && + (virSecurityDACSetOwnership(mgr, NULL, + DEV_SGX_VEPC, + user, group, true) < 0 || + virSecurityDACSetOwnership(mgr, NULL, + DEV_SGX_PROVISION, + user, group, true) < 0)) return -1; - - ret = virSecurityDACSetOwnership(mgr, NULL, - mem->nvdimmPath, - user, group, true); break; case VIR_DOMAIN_MEMORY_MODEL_DIMM: case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: - case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: case VIR_DOMAIN_MEMORY_MODEL_LAST: case VIR_DOMAIN_MEMORY_MODEL_NONE: - ret = 0; break; } - return ret; + return 0; } -- 2.35.1
On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote:
As advertised in previous commits, QEMU needs to access /dev/sgx_vepc and /dev/sgx_provision files when SGX memory backend is configured. And if it weren't for QEMU's namespaces, we wouldn't dare to relabel them, because they are system wide files. But if namespaces are used, then we can set label on domain's private copies, just like we do for /dev/sev.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_dac.c | 46 ++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 18 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Isn't something similar needed also for the apparmor driver?
From: Lin Yang <lin.a.yang@intel.com> According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line. With NUMA config: #qemu-system-x86_64 \ ...... \ -object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864,"host-nodes":[0,1],"policy":"bind"}' \ -object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216,"host-nodes":[2,3],"policy":"bind"}' \ -machine sgx-epc.0.memdev=memepc0,sgx-epc.0.node=0,sgx-epc.1.memdev=memepc1,sgx-epc.1.node=1 Without NUMA config: #qemu-system-x86_64 \ ...... \ -object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864}' \ -object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216}' \ -machine sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1 Signed-off-by: Lin Yang <lin.a.yang@intel.com> Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_alias.c | 3 +- src/qemu/qemu_command.c | 82 +++++++++++++++++-- src/qemu/qemu_monitor_json.c | 41 ++++++++-- .../sgx-epc-numa.x86_64-latest.args | 40 +++++++++ .../sgx-epc.x86_64-6.2.0.args | 37 +++++++++ tests/qemuxml2argvtest.c | 3 + 6 files changed, 190 insertions(+), 16 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index e7f76068cb..273b97697f 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -466,7 +466,8 @@ qemuDeviceMemoryGetAliasID(virDomainDef *def, * valid */ if (!oldAlias && mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM && - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM) + mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM && + mem->model != VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) return mem->info.addr.dimm.slot; for (i = 0; i < def->nmems; i++) { diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f3f6870c58..304a2ae6d1 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -3718,7 +3718,11 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps, props = virJSONValueNewObject(); - if (!mem->nvdimmPath && + if (mem->model == VIR_DOMAIN_MEMORY_MODEL_SGX_EPC) { + backendType = "memory-backend-epc"; + if (!priv->memPrealloc) + prealloc = true; + } else if (!mem->nvdimmPath && def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_MEMFD) { backendType = "memory-backend-memfd"; @@ -3733,7 +3737,6 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps, if (systemMemory) disableCanonicalPath = true; - } else if (useHugepage || mem->nvdimmPath || memAccess || def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_FILE) { @@ -7080,6 +7083,9 @@ qemuAppendDomainMemoryMachineParams(virBuffer *buf, const virDomainDef *def, virQEMUCaps *qemuCaps) { + virSGXCapability *sgxCaps = virQEMUCapsGetSGXCapabilities(qemuCaps); + bool nvdimmAdded = false; + int epcNum = 0; size_t i; if (def->mem.dump_core) { @@ -7094,8 +7100,52 @@ qemuAppendDomainMemoryMachineParams(virBuffer *buf, virBufferAddLit(buf, ",mem-merge=off"); for (i = 0; i < def->nmems; i++) { - if (def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM) { - virBufferAddLit(buf, ",nvdimm=on"); + int targetNode = def->mems[i]->targetNode; + + switch (def->mems[i]->model) { + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + if (!nvdimmAdded) { + virBufferAddLit(buf, ",nvdimm=on"); + nvdimmAdded = true; + } + break; + + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + /* add sgx epc memory to -machine parameter */ + + if (targetNode < 0) { + /* set NUMA target node to 0 by default if user doesn't + * specify it. */ + targetNode = 0; + } + + if (sgxCaps->nsections == 0) { + /* Assume QEMU cannot specify guest NUMA node for each SGX EPC, + * because it doesn't provide EPC NUMA info + */ + if (targetNode > 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("can't add SGX EPC for guest node '%d' because this QEMU version didn't provide SGX EPC NUMA info"), + targetNode); + return -1; + } + + virBufferAsprintf(buf, ",sgx-epc.%d.memdev=mem%s", + epcNum, def->mems[i]->info.alias); + } else { + /* The .node attribute is required since QEMU provide EPC NUMA info */ + virBufferAsprintf(buf, ",sgx-epc.%d.memdev=mem%s,sgx-epc.%d.node=%d", + epcNum, def->mems[i]->info.alias, epcNum, targetNode); + } + + epcNum++; + break; + + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_NONE: + case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } } @@ -7813,11 +7863,27 @@ qemuBuildMemoryDeviceCommandLine(virCommand *cmd, if (qemuBuildMemoryDimmBackendStr(cmd, def->mems[i], def, cfg, priv) < 0) return -1; - if (!(props = qemuBuildMemoryDeviceProps(cfg, priv, def, def->mems[i]))) - return -1; + switch (def->mems[i]->model) { + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + if (!(props = qemuBuildMemoryDeviceProps(cfg, priv, def, def->mems[i]))) + return -1; - if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, priv->qemuCaps) < 0) - return -1; + if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, priv->qemuCaps) < 0) + return -1; + + break; + + /* sgx epc memory will be added to -machine parameter, so skip here */ + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + break; + + case VIR_DOMAIN_MEMORY_MODEL_NONE: + case VIR_DOMAIN_MEMORY_MODEL_LAST: + break; + } } return 0; diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index b045efa203..c41a6355ba 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -7575,13 +7575,25 @@ qemuMonitorJSONGetMemoryDeviceInfo(qemuMonitor *mon, return -1; } - /* While 'id' attribute is marked as optional in QEMU's QAPI - * specification, Libvirt always sets it. Thus we can fail if not - * present. */ - if (!(devalias = virJSONValueObjectGetString(dimminfo, "id"))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("dimm memory info data is missing 'id'")); - return -1; + if (STREQ(type, "dimm") || STREQ(type, "nvdimm") || STREQ(type, "virtio-mem")) { + /* While 'id' attribute is marked as optional in QEMU's QAPI + * specification, Libvirt always sets it. Thus we can fail if not + * present. */ + if (!(devalias = virJSONValueObjectGetString(dimminfo, "id"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("dimm memory info data is missing 'id'")); + return -1; + } + } else if (STREQ(type, "sgx-epc")) { + if (!(devalias = virJSONValueObjectGetString(dimminfo, "memdev"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("sgx-epc memory info data is missing 'memdev'")); + return -1; + } + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s memory device info is not handled yet"), type); + return -1; } meminfo = g_new0(qemuMonitorMemoryDeviceInfo, 1); @@ -7625,6 +7637,21 @@ qemuMonitorJSONGetMemoryDeviceInfo(qemuMonitor *mon, _("malformed/missing size in virtio memory info")); return -1; } + } else if (STREQ(type, "sgx-epc")) { + /* sgx-epc memory devices */ + if (virJSONValueObjectGetNumberUlong(dimminfo, "memaddr", + &meminfo->address) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("malformed/missing memaddr in sgx-epc memory info")); + return -1; + } + + if (virJSONValueObjectGetNumberUlong(dimminfo, "size", + &meminfo->size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("malformed/missing size in sgx-epc memory info")); + return -1; + } } else { /* type not handled yet */ continue; diff --git a/tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args b/tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args new file mode 100644 index 0000000000..59c1041679 --- /dev/null +++ b/tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args @@ -0,0 +1,40 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/tmp/lib/domain--1-QEMUGuest1 \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=QEMUGuest1,debug-threads=on \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ +-machine q35,usb=off,dump-guest-core=off,sgx-epc.0.memdev=memepc0,sgx-epc.0.node=0,sgx-epc.1.memdev=memepc1,sgx-epc.1.node=1 \ +-accel tcg \ +-cpu qemu64 \ +-m 214 \ +-overcommit mem-lock=off \ +-smp 2,sockets=2,cores=1,threads=1 \ +-object '{"qom-type":"memory-backend-ram","id":"ram-node0","size":112197632}' \ +-numa node,nodeid=0,cpus=0,memdev=ram-node0 \ +-object '{"qom-type":"memory-backend-ram","id":"ram-node1","size":112197632}' \ +-numa node,nodeid=1,cpus=1,memdev=ram-node1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-no-acpi \ +-boot strict=on \ +-device '{"driver":"pcie-root-port","port":8,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x1"}' \ +-device '{"driver":"pcie-root-port","port":9,"chassis":2,"id":"pci.2","bus":"pcie.0","addr":"0x1.0x1"}' \ +-object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864,"host-nodes":[0,1],"policy":"bind"}' \ +-object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216,"host-nodes":[2,3],"policy":"bind"}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.1","addr":"0x0"}' \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args b/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args new file mode 100644 index 0000000000..57a0ee0724 --- /dev/null +++ b/tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args @@ -0,0 +1,37 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/tmp/lib/domain--1-QEMUGuest1 \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=QEMUGuest1,debug-threads=on \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \ +-machine pc-q35-6.2,usb=off,dump-guest-core=off,sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1,memory-backend=pc.ram \ +-accel tcg \ +-cpu qemu64 \ +-m 134 \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":140509184}' \ +-overcommit mem-lock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-no-acpi \ +-boot strict=on \ +-device pcie-root-port,port=8,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x1 \ +-device pcie-root-port,port=9,chassis=2,id=pci.2,bus=pcie.0,addr=0x1.0x1 \ +-object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864}' \ +-object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device virtio-balloon-pci,id=balloon0,bus=pci.1,addr=0x0 \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 05537d9e96..7a4c09b172 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3470,6 +3470,9 @@ mymain(void) /* HVF guests should not work on Linux with KVM */ DO_TEST_CAPS_LATEST_PARSE_ERROR("hvf-x86_64-q35-headless"); + DO_TEST_CAPS_VER("sgx-epc", "6.2.0"); + DO_TEST_CAPS_LATEST("sgx-epc-numa"); + if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) virFileDeleteTree(fakerootdir); -- 2.35.1
On Wed, Jul 27, 2022 at 12:35:01 +0200, Michal Privoznik wrote:
From: Lin Yang <lin.a.yang@intel.com>
According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line.
With NUMA config:
#qemu-system-x86_64 \ ...... \ -object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864,"host-nodes":[0,1],"policy":"bind"}' \ -object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216,"host-nodes":[2,3],"policy":"bind"}' \ -machine sgx-epc.0.memdev=memepc0,sgx-epc.0.node=0,sgx-epc.1.memdev=memepc1,sgx-epc.1.node=1
Without NUMA config:
#qemu-system-x86_64 \ ...... \ -object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864}' \ -object '{"qom-type":"memory-backend-epc","id":"memepc1","prealloc":true,"size":16777216}' \ -machine sgx-epc.0.memdev=memepc0,sgx-epc.1.memdev=memepc1
Signed-off-by: Lin Yang <lin.a.yang@intel.com> Signed-off-by: Haibin Huang <haibin.huang@intel.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_alias.c | 3 +- src/qemu/qemu_command.c | 82 +++++++++++++++++-- src/qemu/qemu_monitor_json.c | 41 ++++++++-- .../sgx-epc-numa.x86_64-latest.args | 40 +++++++++ .../sgx-epc.x86_64-6.2.0.args | 37 +++++++++ tests/qemuxml2argvtest.c | 3 + 6 files changed, 190 insertions(+), 16 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-6.2.0.args
[...]
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f3f6870c58..304a2ae6d1 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c
[...]
@@ -3733,7 +3737,6 @@ qemuBuildMemoryBackendProps(virJSONValue **backendProps,
if (systemMemory) disableCanonicalPath = true; - } else if (useHugepage || mem->nvdimmPath || memAccess ||
Spurious whitespace change.
def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_FILE) {
[...]
@@ -7094,8 +7100,52 @@ qemuAppendDomainMemoryMachineParams(virBuffer *buf, virBufferAddLit(buf, ",mem-merge=off");
for (i = 0; i < def->nmems; i++) { - if (def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM) { - virBufferAddLit(buf, ",nvdimm=on"); + int targetNode = def->mems[i]->targetNode; + + switch (def->mems[i]->model) { + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + if (!nvdimmAdded) { + virBufferAddLit(buf, ",nvdimm=on"); + nvdimmAdded = true; + } + break; + + case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC: + /* add sgx epc memory to -machine parameter */ + + if (targetNode < 0) { + /* set NUMA target node to 0 by default if user doesn't + * specify it. */ + targetNode = 0; + } + + if (sgxCaps->nsections == 0) { + /* Assume QEMU cannot specify guest NUMA node for each SGX EPC, + * because it doesn't provide EPC NUMA info + */
The previous patches in this series spend quite a lot of effort in extracting the section sizes, but they are not used for anything related to the actual command generation besides checking the presence. What is the point of the size reported by qemu then? Is the user supposed to use it somehow? If there are restrictions, e.g. by requiring the user to set the size as multiple of the value reported in capabilities I'd expect that the code would validate that in such case.
+ if (targetNode > 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("can't add SGX EPC for guest node '%d' because this QEMU version didn't provide SGX EPC NUMA info"), + targetNode); + return -1; + } + + virBufferAsprintf(buf, ",sgx-epc.%d.memdev=mem%s", + epcNum, def->mems[i]->info.alias); + } else { + /* The .node attribute is required since QEMU provide EPC NUMA info */ + virBufferAsprintf(buf, ",sgx-epc.%d.memdev=mem%s,sgx-epc.%d.node=%d", + epcNum, def->mems[i]->info.alias, epcNum, targetNode); + } + + epcNum++; + break; + + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM: + case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM: + case VIR_DOMAIN_MEMORY_MODEL_NONE: + case VIR_DOMAIN_MEMORY_MODEL_LAST: break; } }
[...]
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index b045efa203..c41a6355ba 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -7575,13 +7575,25 @@ qemuMonitorJSONGetMemoryDeviceInfo(qemuMonitor *mon, return -1; }
- /* While 'id' attribute is marked as optional in QEMU's QAPI - * specification, Libvirt always sets it. Thus we can fail if not - * present. */ - if (!(devalias = virJSONValueObjectGetString(dimminfo, "id"))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("dimm memory info data is missing 'id'")); - return -1; + if (STREQ(type, "dimm") || STREQ(type, "nvdimm") || STREQ(type, "virtio-mem")) { + /* While 'id' attribute is marked as optional in QEMU's QAPI + * specification, Libvirt always sets it. Thus we can fail if not + * present. */ + if (!(devalias = virJSONValueObjectGetString(dimminfo, "id"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("dimm memory info data is missing 'id'")); + return -1; + } + } else if (STREQ(type, "sgx-epc")) { + if (!(devalias = virJSONValueObjectGetString(dimminfo, "memdev"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("sgx-epc memory info data is missing 'memdev'")); + return -1;
This code is really looking for the alias of the device frontend, so that we can match it later on, so looking for the alias of the backend seems wrong. Based on the comment below I dont' think this code should even handle SGX related objects at all.
+ } + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s memory device info is not handled yet"), type); + return -1; }
meminfo = g_new0(qemuMonitorMemoryDeviceInfo, 1); @@ -7625,6 +7637,21 @@ qemuMonitorJSONGetMemoryDeviceInfo(qemuMonitor *mon, _("malformed/missing size in virtio memory info")); return -1; } + } else if (STREQ(type, "sgx-epc")) { + /* sgx-epc memory devices */ + if (virJSONValueObjectGetNumberUlong(dimminfo, "memaddr", + &meminfo->address) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("malformed/missing memaddr in sgx-epc memory info"));
In patch 11/15 in code added to virDomainMemoryDefValidate it's explicitly forbidden to provide address for the 'sgx-epc' memory device, thus I don't really understand why you collect it here. Can you please clarify? The code adding the machine parameters in qemuAppendDomainMemoryMachineParams doesn't support passing address to qemu, so if this was needed e.g. for migration it wouldn't even work.
+ return -1; + } + + if (virJSONValueObjectGetNumberUlong(dimminfo, "size", + &meminfo->size) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("malformed/missing size in sgx-epc memory info")); + return -1; + } } else { /* type not handled yet */ continue;
[...]
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 05537d9e96..7a4c09b172 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3470,6 +3470,9 @@ mymain(void) /* HVF guests should not work on Linux with KVM */ DO_TEST_CAPS_LATEST_PARSE_ERROR("hvf-x86_64-q35-headless");
+ DO_TEST_CAPS_VER("sgx-epc", "6.2.0"); + DO_TEST_CAPS_LATEST("sgx-epc-numa");
As noted before, you need to make this test pinned to 7.0.0 or else it will break when I re-generate capabilities as my box does not support SGX.
participants (6)
-
Daniel P. Berrangé -
Huang, Haibin -
Michal Privoznik -
Michal Prívozník
-
Peter Krempa -
Yang, Lin A