[libvirt] [PATCH v4 0/8] Virtio-crypto device support

older
[libvirt] [RFC/WIP] [PATCH 0/5]...

Longpeng(Mike)

7 Jul 2017 7 Jul '17

8:07 a.m.

As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt. --- Changes since v3: - spilt the capabilities part into a separate patch. [Boris] - include Boris's virtio-crypto ccw support(PATCH 6 & 8). [Boris] - add the missing capabilities in caps_2.9.0.x86_64.xml. [Boris] - fix Indentation and missing virDomainCryptoDefFree. [Marc] Changes since v2: - PATCH 1: modify docs as Martin & Boris's suggestion. [Martin & Boris] - PATCH 2: add the missing 'ToString'. [Martin] - PATCH 3: use virAsprintf instead of virBufferAsprintf. [Martin] remove pointless virBufferCheckError. [Martin] - rebase on master. [Longpeng] Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei] --- Boris Fiuczynski (2): qemu: virtio-crypto: add ccw support qemu: virtio-crypto: add test for ccw support Longpeng(Mike) (6): docs: schema: Add basic documentation for the virtual docs: news: Add virtio-crypto devices conf: Parse virtio-crypto in the domain XML caps: Add qemu capabilities about virtio-crypto qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto parsing docs/formatdomain.html.in | 61 ++++++ docs/news.xml | 10 + docs/schemas/domaincommon.rng | 30 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 5 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 130 +++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto-ccw.args | 22 +++ .../qemuxml2argv-virtio-crypto-ccw.xml | 16 ++ .../qemuxml2argv-virtio-crypto.args | 22 +++ tests/qemuxml2argvtest.c | 6 + .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 25 files changed, 679 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml -- 1.8.3.1

Show replies by date

Longpeng(Mike)

7 Jul 7 Jul

8:07 a.m.

New subject: [libvirt] [PATCH v4 1/8] docs: schema: Add basic documentation for the virtual

This patch documents XML elements used for support of virtual crypto devices. In the devices section in the domain XML users may specify: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> to enable the crypto device for guests. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- docs/formatdomain.html.in | 61 +++++++++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 30 +++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 36bea67..7c27ae7 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7547,6 +7547,67 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl> + <h4><a name="elementCrypto">Crypto device</a></h4> + + <p> + The virtual crypto device is a virtual crypto accelerator + card(provides crypto services, such as CIPHER, MAC, HASH, + and AEAD) for virtual machines and it can be added to the + guest via the <code>crypto</code> element. + <span class="since">Since 3.1.0, QEMU and KVM only</span> + </p> + + <p> + Example: usage of the crypto device: + </p> +<pre> + ... + <devices> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> + ... +</pre> + <dl> + <dt><code>model</code></dt> + <dd> + <p> + The required <code>model</code> attribute specifies what + type of crypto device is provide. + Currently only 'virtio' is supported and it needs virtio-crypto + guest driver. + </p> + </dd> + <dt><code>backend</code></dt> + <dd> + <p> + The <code>backend</code> element specifies the type and + number of queues of the crypto device to be used for the + domain. + </p> + <dl> + <dt><code>type</code></dt> + <dd> + <p> + The required <code>type</code> element specifies the + type of the crypto device. + Currently only supports 'builtin' which uses QEMU's + crypto APIs to complete the crypto operations. + </p> + </dd> + <dt><code>queues</code></dt> + <dd> + <p> + The optional <code>queues</code> element specifies the + number of queues of the crypto device, the default number + of queues is 1. + </p> + </dd> + </dl> + </dd> + </dl> + <h3><a name="seclabel">Security label</a></h3> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index bdf7103..6e3b0fd 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4506,6 +4506,7 @@ <ref name="tpm"/> <ref name="shmem"/> <ref name="memorydev"/> + <ref name="crypto"/> </choice> </zeroOrMore> <optional> @@ -5052,6 +5053,35 @@ </optional> </define> + <define name="crypto"> + <element name="crypto"> + <attribute name="model"> + <choice> + <value>virtio</value> + </choice> + </attribute> + <ref name="crypto-backend"/> + <optional> + <ref name="address"/> + </optional> + </element> + </define> + + <define name="crypto-backend"> + <element name="backend"> + <attribute name="type"> + <choice> + <value>builtin</value> + </choice> + </attribute> + <optional> + <attribute name="queues"> + <ref name="positiveInteger"/> + </attribute> + </optional> + </element> + </define> + <define name="usbmaster"> <element name="master"> <attribute name="startport"> -- 1.8.3.1

John Ferlan

3 Aug 3 Aug

9:33 p.m.

New subject: [libvirt] [PATCH v4 1/8] docs: schema: Add basic documentation for the virtual

On 07/07/2017 04:07 AM, Longpeng(Mike) wrote:

...

This patch documents XML elements used for support of virtual crypto devices.

In the devices section in the domain XML users may specify: <crypto model='virtio'> <backend type='builtin' queues='1'/>

Add an example <address... > too.

...

</crypto> to enable the crypto device for guests.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>

Is this the "legal name" that would be used for a commit? Generally we prefer to see a more legal name rather than someone's email name. There's plenty of examples in git history.

...

--- docs/formatdomain.html.in | 61 +++++++++++++++++++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 30 +++++++++++++++++++++ 2 files changed, 91 insertions(+)

For some reason I'm only seeing this patch from the series come through. Whether that's something specific to the RH email or in general, I'm not sure. Similarly for your v3 series, just the first patch came through. Since they were close together - I have to wonder if the RH email system was having one it's clogged or senior moments and the patches are still stuck in some queue somewhere. It's happened before, but usually everything gets backed up, not just one series from one submittor. I see from the archive you pinged on 7/25 looking for a review on the series, but even that didn't come through. It's very strange. Still I think you need to repost and adjust anyway. Here's some thoughts looking just at the archives though... Patches 1 & 3 have a "relationship" insomuch as as you're documenting in patch 1 before the domain_conf code exists. I think it's best to combine them. * For both, will the default of MODEL_VIRTIO and BACKEND_BUILTIN live for perpetuity? Or is it possible that at some point a "default" or "unknown" would be required? I ask only since both would be equal to zero for the enum and VIR_ALLOC means default to zero. So sometimes adding a "default" or "none" type entry ensures that something does get set and it's not some default as a result of the allocation algorithm that takes over. * When you add the XML parsing code, you should add the xml2xml tests. That means grabbing qemuxml2xmltest.c and xml from patches 7 & 8 and moving them into here. * For new functions, make sure there's 2 blank lines before and after the function... virDomainCryptoDefFree only has 1 before. * For the queues parse, use virStrToLong_uip to ensure no negative is supplied (per the rng below using positiveInteger) Patch 2 should be the last patch as news is always last. Patch 4 is going to need some merge conflict resolution. There is also now some tests/qemucapabilitiesdata/*ppc* replies/xml that exist - whether that relates here or not I'm not sure, but something that I think may have been added since you last posted... Patch 5... * There's an error message that has "faile" instead of "failed". * There's a switch for dev->data.crypto->model that uses VIR_DOMAIN_RNG_MODEL_LAST for a case. * Should the alias include the "virtio" in some way. Would it ever be reasonable for a domain to use two different types for different devices? Maybe virtio is supplied today and becomes legacy and who knows what is the new sleek thing next year, but both are allowed so you have to change the alias then. * You may way to create an accessor that prints the "obj%s" alias since it's formatted twice. It'll be useful if you support hotplug as well. * What about hotplug? You either should support or explicitly deny. I'm kind of surprised you didn't get build warnings because VIR_DOMAIN_DEVICE_CRYPTO wasn't added to qemu_driver.c and qemu_hotplug.c since the switch ((virDomainDeviceType) def->type) is there. * This is when the qemuxml2argvtest should be adjusted. Patch 6... Put the comma on the AddLit rather than the next virBufferAsprintf.... although since PPC and CCW are supported from the start, I'd say add them both at the same time. Although I do understand and appreciate why they're separate. Still it's not "new" functionality for CCW support, so just do it all at once. Patch 7... Tests are usually added at the time the command is adjusted. This looks merge-able with patches 3 and 5 Patch 8... Looks merge-able with patches 3 and 6 Couple more comments below...

...

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 36bea67..7c27ae7 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7547,6 +7547,67 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl>

+ <h4><a name="elementCrypto">Crypto device</a></h4> + + <p> + The virtual crypto device is a virtual crypto accelerator + card(provides crypto services, such as CIPHER, MAC, HASH,

s/card(provides/card (provides)

...

+ and AEAD) for virtual machines and it can be added to the + guest via the <code>crypto</code> element. + <span class="since">Since 3.1.0, QEMU and KVM only</span>

It'd be 3.7.0 at the earliest

...

+ </p> + + <p> + Example: usage of the crypto device: + </p> +<pre> + ... + <devices> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> + ... +</pre> + <dl> + <dt><code>model</code></dt> + <dd> + <p> + The required <code>model</code> attribute specifies what + type of crypto device is provide.

either "is provided" or "to provide"

...

+ Currently only 'virtio' is supported and it needs virtio-crypto + guest driver. + </p> + </dd> + <dt><code>backend</code></dt> + <dd> + <p> + The <code>backend</code> element specifies the type and + number of queues of the crypto device to be used for the

s/of the crypto/for the crypto/

...

+ domain. + </p> + <dl> + <dt><code>type</code></dt> + <dd> + <p> + The required <code>type</code> element specifies the + type of the crypto device. + Currently only supports 'builtin' which uses QEMU's + crypto APIs to complete the crypto operations. + </p> + </dd> + <dt><code>queues</code></dt> + <dd> + <p> + The optional <code>queues</code> element specifies the + number of queues of the crypto device, the default number + of queues is 1.

Again for the crypto device reads better to me, but it's a bit redundant with the first sentence. This makes me wonder what happens if someone uses 100 or 1000 or ... queues. Is there some maximum (I didn't check the qemu code). Beyond that what use does increasing the number of queues have?

...

+ </p> + </dd> + </dl> + </dd> + </dl> +

There's also an <address> that is required to be "pci" or "ccw" - that should be mentioned here. You can use a link from here to the device address section IIRC. Hopefully the next time posted, the series will show up for me too! John

...

<h3><a name="seclabel">Security label</a></h3>

<p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index bdf7103..6e3b0fd 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4506,6 +4506,7 @@ <ref name="tpm"/> <ref name="shmem"/> <ref name="memorydev"/> + <ref name="crypto"/> </choice> </zeroOrMore> <optional> @@ -5052,6 +5053,35 @@ </optional> </define>

+ <define name="crypto"> + <element name="crypto"> + <attribute name="model"> + <choice> + <value>virtio</value> + </choice> + </attribute> + <ref name="crypto-backend"/> + <optional> + <ref name="address"/> + </optional> + </element> + </define> + + <define name="crypto-backend"> + <element name="backend"> + <attribute name="type"> + <choice> + <value>builtin</value> + </choice> + </attribute> + <optional> + <attribute name="queues"> + <ref name="positiveInteger"/> + </attribute> + </optional> + </element> + </define> + <define name="usbmaster"> <element name="master"> <attribute name="startport">

Longpeng(Mike)

7 Jul 7 Jul

8:07 a.m.

New subject: [libvirt] [PATCH v4 2/8] docs: news: Add virtio-crypto devices

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- docs/news.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index a886e2c..b766984 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -35,6 +35,16 @@ <libvirt> <release version="v3.6.0" date="unreleased"> <section title="New features"> + <change> + <summary> + qemu: Add support for virtio-crypto device + </summary> + <description> + QEMU 2.8 introduced the support of virtio-crypto device, which is a + virtual crypto accelerator card for VMs. Users can now configure one + or more virtio-crypto devices for the VM in the XML. + </description> + </change> </section> <section title="Improvements"> </section> -- 1.8.3.1

Longpeng(Mike)

8:07 a.m.

New subject: [libvirt] [PATCH v4 3/8] conf: Parse virtio-crypto in the domain XML

This patch parse the domain XML with virtio-crypto support, the virtio-crypto XML looks like this: <crypto model='virtio'> <backend type='builtin' queues='1'/> </crypto> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 32 +++++++ src/libvirt_private.syms | 5 + src/qemu/qemu_domain_address.c | 1 + src/qemu/qemu_driver.c | 6 ++ src/qemu/qemu_hotplug.c | 1 + 6 files changed, 257 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c3149f9..4c4568d 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -253,7 +253,8 @@ VIR_ENUM_IMPL(virDomainDevice, VIR_DOMAIN_DEVICE_LAST, "tpm", "panic", "memory", - "iommu") + "iommu", + "crypto") VIR_ENUM_IMPL(virDomainDeviceAddress, VIR_DOMAIN_DEVICE_ADDRESS_TYPE_LAST, "none", @@ -830,6 +831,14 @@ VIR_ENUM_IMPL(virDomainRNGBackend, "random", "egd"); +VIR_ENUM_IMPL(virDomainCryptoModel, + VIR_DOMAIN_CRYPTO_MODEL_LAST, + "virtio"); + +VIR_ENUM_IMPL(virDomainCryptoBackend, + VIR_DOMAIN_CRYPTO_BACKEND_LAST, + "builtin"); + VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST, "tpm-tis") @@ -2617,6 +2626,9 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def) case VIR_DOMAIN_DEVICE_IOMMU: VIR_FREE(def->data.iommu); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + virDomainCryptoDefFree(def->data.crypto); + break; case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: break; @@ -2866,6 +2878,10 @@ void virDomainDefFree(virDomainDefPtr def) VIR_FREE(def->iommu); + for (i = 0; i < def->ncryptos; i++) + virDomainCryptoDefFree(def->cryptos[i]); + VIR_FREE(def->cryptos); + VIR_FREE(def->idmap.uidmap); VIR_FREE(def->idmap.gidmap); @@ -3453,6 +3469,8 @@ virDomainDeviceGetInfo(virDomainDeviceDefPtr device) return &device->data.panic->info; case VIR_DOMAIN_DEVICE_MEMORY: return &device->data.memory->info; + case VIR_DOMAIN_DEVICE_CRYPTO: + return &device->data.crypto->info; /* The following devices do not contain virDomainDeviceInfo */ case VIR_DOMAIN_DEVICE_LEASE: @@ -3768,6 +3786,13 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def, return -1; } + device.type = VIR_DOMAIN_DEVICE_CRYPTO; + for (i = 0; i < def->ncryptos; i++) { + device.data.crypto = def->cryptos[i]; + if (cb(def, &device, &def->cryptos[i]->info, opaque) < 0) + return -1; + } + /* Coverity is not very happy with this - all dead_error_condition */ #if !STATIC_ANALYSIS /* This switch statement is here to trigger compiler warning when adding @@ -3802,6 +3827,7 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def, case VIR_DOMAIN_DEVICE_RNG: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -5095,6 +5121,7 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -13048,6 +13075,88 @@ virDomainRNGDefParseXML(virDomainXMLOptionPtr xmlopt, } +static virDomainCryptoDefPtr +virDomainCryptoDefParseXML(xmlNodePtr node, + xmlXPathContextPtr ctxt, + unsigned int flags) +{ + char *model = NULL; + char *backend = NULL; + char *queues = NULL; + virDomainCryptoDefPtr def; + xmlNodePtr save = ctxt->node; + xmlNodePtr *backends = NULL; + int nbackends; + + if (VIR_ALLOC(def) < 0) + return NULL; + + if (!(model = virXMLPropString(node, "model"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing Crypto device model")); + goto error; + } + + if ((def->model = virDomainCryptoModelTypeFromString(model)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown Crypto model '%s'"), model); + goto error; + } + + ctxt->node = node; + + if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0) + goto error; + + if (nbackends != 1) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only one Crypto backend is supported")); + goto error; + } + + if (!(backend = virXMLPropString(backends[0], "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing Crypto device backend type")); + goto error; + } + + if ((def->backend = virDomainCryptoBackendTypeFromString(backend)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown Crypto backend model '%s'"), backend); + goto error; + } + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + queues = virXMLPropString(backends[0], "queues"); + if (queues && virStrToLong_ui(queues, NULL, 10, &def->queues) < 0) { + virReportError(VIR_ERR_XML_ERROR, + _("Malformed 'queues' value '%s'"), queues); + } + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0) + goto error; + + cleanup: + VIR_FREE(model); + VIR_FREE(backend); + VIR_FREE(queues); + VIR_FREE(backends); + ctxt->node = save; + return def; + + error: + virDomainCryptoDefFree(def); + def = NULL; + goto cleanup; +} + + static virDomainMemballoonDefPtr virDomainMemballoonDefParseXML(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -14643,6 +14752,10 @@ virDomainDeviceDefParse(const char *xmlStr, if (!(dev->data.iommu = virDomainIOMMUDefParseXML(node, ctxt))) goto error; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + if (!(dev->data.crypto = virDomainCryptoDefParseXML(node, ctxt, flags))) + goto error; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -17709,6 +17822,22 @@ virDomainDefParseXML(xmlDocPtr xml, } VIR_FREE(nodes); + /* Parse the crypto devices */ + if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0) + goto error; + if (n && VIR_ALLOC_N(def->cryptos, n) < 0) + goto error; + for (i = 0; i < n; i++) { + virDomainCryptoDefPtr crypto = virDomainCryptoDefParseXML(nodes[i], + ctxt, + flags); + if (!crypto) + goto error; + + def->cryptos[def->ncryptos++] = crypto; + } + VIR_FREE(nodes); + if (virCPUDefParseXML(ctxt, "./cpu[1]", VIR_CPU_TYPE_GUEST, &def->cpu) < 0) goto error; @@ -19815,6 +19944,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src, static bool +virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src, + virDomainCryptoDefPtr dst) +{ + if (src->model != dst->model) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target Crypto model '%s' does not match source '%s'"), + virDomainCryptoModelTypeToString(dst->model), + virDomainCryptoModelTypeToString(src->model)); + return false; + } + + if (!virDomainDeviceInfoCheckABIStability(&src->info, &dst->info)) + return false; + + return true; +} + + +static bool virDomainHubDefCheckABIStability(virDomainHubDefPtr src, virDomainHubDefPtr dst) { @@ -20718,6 +20866,17 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, !xmlopt->abi.domain(src, dst)) goto error; + if (src->ncryptos != dst->ncryptos) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Target domain crypto device count %zu " + "does not match source %zu"), dst->ncryptos, src->ncryptos); + goto error; + } + + for (i = 0; i < src->ncryptos; i++) + if (!virDomainCryptoDefCheckABIStability(src->cryptos[i], dst->cryptos[i])) + goto error; + /* Coverity is not very happy with this - all dead_error_condition */ #if !STATIC_ANALYSIS /* This switch statement is here to trigger compiler warning when adding @@ -20751,6 +20910,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src, case VIR_DOMAIN_DEVICE_SHMEM: case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -23387,6 +23547,49 @@ virDomainRNGDefFree(virDomainRNGDefPtr def) static int +virDomainCryptoDefFormat(virBufferPtr buf, + virDomainCryptoDefPtr def, + unsigned int flags) +{ + const char *model = virDomainCryptoModelTypeToString(def->model); + const char *backend = virDomainCryptoBackendTypeToString(def->backend); + + virBufferAsprintf(buf, "<crypto model='%s'>\n", model); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<backend type='%s'", backend); + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (def->queues) + virBufferAsprintf(buf, " queues='%u'", def->queues); + + virBufferAddLit(buf, "/>\n"); + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0) + return -1; + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</crypto>\n"); + return 0; +} + +void +virDomainCryptoDefFree(virDomainCryptoDefPtr def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + VIR_FREE(def); +} + + +static int virDomainMemorySourceDefFormat(virBufferPtr buf, virDomainMemoryDefPtr def) { @@ -25418,6 +25621,11 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error; } + for (n = 0; n < def->ncryptos; n++) { + if (virDomainCryptoDefFormat(buf, def->cryptos[n], flags)) + goto error; + } + if (def->iommu) virDomainIOMMUDefFormat(buf, def->iommu); @@ -26500,6 +26708,9 @@ virDomainDeviceDefCopy(virDomainDeviceDefPtr src, case VIR_DOMAIN_DEVICE_SHMEM: rc = virDomainShmemDefFormat(&buf, src->data.shmem, flags); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + rc = virDomainCryptoDefFormat(&buf, src->data.crypto, flags); + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_SMARTCARD: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 964bc02..3dd809a 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -159,6 +159,9 @@ typedef virDomainIOMMUDef *virDomainIOMMUDefPtr; typedef struct _virDomainVirtioOptions virDomainVirtioOptions; typedef virDomainVirtioOptions *virDomainVirtioOptionsPtr; +typedef struct _virDomainCryptoDef virDomainCryptoDef; +typedef virDomainCryptoDef *virDomainCryptoDefPtr; + /* Flags for the 'type' field in virDomainDeviceDef */ typedef enum { VIR_DOMAIN_DEVICE_NONE = 0, @@ -185,6 +188,7 @@ typedef enum { VIR_DOMAIN_DEVICE_PANIC, VIR_DOMAIN_DEVICE_MEMORY, VIR_DOMAIN_DEVICE_IOMMU, + VIR_DOMAIN_DEVICE_CRYPTO, VIR_DOMAIN_DEVICE_LAST } virDomainDeviceType; @@ -217,6 +221,7 @@ struct _virDomainDeviceDef { virDomainPanicDefPtr panic; virDomainMemoryDefPtr memory; virDomainIOMMUDefPtr iommu; + virDomainCryptoDefPtr crypto; } data; }; @@ -2043,6 +2048,26 @@ struct _virDomainRNGDef { }; typedef enum { + VIR_DOMAIN_CRYPTO_MODEL_VIRTIO, + + VIR_DOMAIN_CRYPTO_MODEL_LAST +} virDomainCryptoModel; + +typedef enum { + VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN, + + VIR_DOMAIN_CRYPTO_BACKEND_LAST +} virDomainCryptoBackend; + +struct _virDomainCryptoDef { + int model; + int backend; + unsigned int queues; /* Multiqueue virtio-crypto */ + + virDomainDeviceInfo info; +}; + +typedef enum { VIR_DOMAIN_MEMORY_MODEL_NONE, VIR_DOMAIN_MEMORY_MODEL_DIMM, /* dimm hotpluggable memory device */ VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device */ @@ -2380,6 +2405,9 @@ struct _virDomainDef { size_t npanics; virDomainPanicDefPtr *panics; + size_t ncryptos; + virDomainCryptoDefPtr *cryptos; + /* Only 1 */ virDomainWatchdogDefPtr watchdog; virDomainMemballoonDefPtr memballoon; @@ -2908,6 +2936,8 @@ int virDomainDefCompatibleDevice(virDomainDefPtr def, void virDomainRNGDefFree(virDomainRNGDefPtr def); +void virDomainCryptoDefFree(virDomainCryptoDefPtr def); + int virDomainDiskIndexByAddress(virDomainDefPtr def, virPCIDeviceAddressPtr pci_controller, unsigned int bus, unsigned int target, @@ -3236,6 +3266,8 @@ VIR_ENUM_DECL(virDomainShutdownReason) VIR_ENUM_DECL(virDomainShutoffReason) VIR_ENUM_DECL(virDomainCrashedReason) VIR_ENUM_DECL(virDomainPMSuspendedReason) +VIR_ENUM_DECL(virDomainCryptoModel) +VIR_ENUM_DECL(virDomainCryptoBackend) const char *virDomainStateReasonToString(virDomainState state, int reason); int virDomainStateReasonFromString(virDomainState state, const char *reason); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 888412a..8d6bcb6 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -237,6 +237,11 @@ virDomainControllerRemove; virDomainControllerTypeToString; virDomainCpuPlacementModeTypeFromString; virDomainCpuPlacementModeTypeToString; +virDomainCryptoBackendTypeFromString; +virDomainCryptoBackendTypeToString; +virDomainCryptoDefFree; +virDomainCryptoModelTypeFromString; +virDomainCryptoModelTypeToString; virDomainDefAddController; virDomainDefAddImplicitDevices; virDomainDefAddUSBController; diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index b5b863f..5209fbe 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -796,6 +796,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index cdb727b..1c2342c 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -7526,6 +7526,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live attach of device '%s' is not supported"), @@ -7619,6 +7620,7 @@ qemuDomainDetachDeviceLive(virDomainObjPtr vm, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live detach of device '%s' is not supported"), @@ -7735,6 +7737,7 @@ qemuDomainUpdateDeviceLive(virConnectPtr conn, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("live update of device '%s' is not supported"), @@ -7910,6 +7913,7 @@ qemuDomainAttachDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent attach of device '%s' is not supported"), @@ -8076,6 +8080,7 @@ qemuDomainDetachDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent detach of device '%s' is not supported"), @@ -8163,6 +8168,7 @@ qemuDomainUpdateDeviceConfig(virDomainDefPtr vmdef, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent update of device '%s' is not supported"), diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index b5b62df..c7db125 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -4325,6 +4325,7 @@ qemuDomainRemoveDevice(virQEMUDriverPtr driver, case VIR_DOMAIN_DEVICE_TPM: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("don't know how to remove a %s device"), -- 1.8.3.1

Longpeng(Mike)

8:07 a.m.

New subject: [libvirt] [PATCH v4 4/8] caps: Add qemu capabilities about virtio-crypto

Two capabilities bits are added to track support for those: QEMU_CAPS_DEVICE_VIRTIO_CRYPTO - for the device support and QEMU_CAPS_OBJECT_CRYPTO_BUILTIN - for the backend support. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/qemu/qemu_capabilities.c | 6 ++++++ src/qemu/qemu_capabilities.h | 4 ++++ tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 ++ tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 ++ tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 2 ++ 5 files changed, 16 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 61c9a10..01005d5 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -430,6 +430,10 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "virtio.iommu_platform", "virtio.ats", "loadparm", + "cryptodev-backend-builtin", + + /* 265 */ + "virtio-crypto", ); @@ -1679,6 +1683,8 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "nvdimm", QEMU_CAPS_DEVICE_NVDIMM }, { "pcie-root-port", QEMU_CAPS_DEVICE_PCIE_ROOT_PORT }, { "qemu-xhci", QEMU_CAPS_DEVICE_QEMU_XHCI }, + { "cryptodev-backend-builtin", QEMU_CAPS_OBJECT_CRYPTO_BUILTIN }, + { "virtio-crypto-device", QEMU_CAPS_DEVICE_VIRTIO_CRYPTO }, }; static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBalloon[] = { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 6e95876..50bb7a5 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -416,6 +416,10 @@ typedef enum { QEMU_CAPS_VIRTIO_PCI_IOMMU_PLATFORM, /* virtio-*-pci.iommu_platform */ QEMU_CAPS_VIRTIO_PCI_ATS, /* virtio-*-pci.ats */ QEMU_CAPS_LOADPARM, /* -machine loadparm */ + QEMU_CAPS_OBJECT_CRYPTO_BUILTIN, /* -object cryptodev-backend-builtin */ + + /* 265 */ + QEMU_CAPS_DEVICE_VIRTIO_CRYPTO, /* -device virtio-crypto-pci */ QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml index 51be9bc..527c765 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml @@ -134,6 +134,8 @@ <flag name='query-named-block-nodes'/> <flag name='kernel-irqchip'/> <flag name='kernel-irqchip.split'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2007093</version> <kvmVersion>0</kvmVersion> <package></package> diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml index 01edbc8..f10833c 100644 --- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml @@ -207,6 +207,8 @@ <flag name='kernel-irqchip.split'/> <flag name='intel-iommu.intremap'/> <flag name='intel-iommu.eim'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2008000</version> <kvmVersion>0</kvmVersion> <package> (v2.8.0)</package> diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml index 58dd9f6..af141cc 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml @@ -218,6 +218,8 @@ <flag name='intel-iommu.device-iotlb'/> <flag name='virtio.iommu_platform'/> <flag name='virtio.ats'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='virtio-crypto'/> <version>2009000</version> <kvmVersion>0</kvmVersion> <package> (v2.9.0)</package> -- 1.8.3.1

Longpeng(Mike)

8:07 a.m.

New subject: [libvirt] [PATCH v4 5/8] qemu: Implement support for 'builtin' backend for virtio-crypto

This patch implements support for the virtio-crypto-pci device and the builtin backend in qemu. qemu is invoked with these additional parameters if the device id enabled: (to add the backend) -object cryptodev-backend-builtin,id=objcrypto0,queues=1 (to add the device) -device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0 Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- src/qemu/qemu_alias.c | 20 +++++++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_command.c | 126 +++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 26 ++++++++- 5 files changed, 177 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index 914b2b9..2b6e049 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -332,6 +332,26 @@ qemuAssignDeviceRNGAlias(virDomainDefPtr def, } +int +qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto) +{ + size_t i; + int maxidx = 0; + int idx; + + for (i = 0; i < def->ncryptos; i++) { + if ((idx = qemuDomainDeviceAliasIndex(&def->cryptos[i]->info, "crypto")) >= maxidx) + maxidx = idx + 1; + } + + if (virAsprintf(&crypto->info.alias, "crypto%d", maxidx) < 0) + return -1; + + return 0; +} + + /** * qemuAssignDeviceMemoryAlias: * @def: domain definition. Necessary only if @oldAlias is true. diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index 300fd4d..fe59928 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -57,6 +57,9 @@ int qemuAssignDeviceRedirdevAlias(virDomainDefPtr def, int qemuAssignDeviceRNGAlias(virDomainDefPtr def, virDomainRNGDefPtr rng); +int qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto); + int qemuAssignDeviceMemoryAlias(virDomainDefPtr def, virDomainMemoryDefPtr mems, bool oldAlias); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c53ab97..5278edc 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5992,6 +5992,129 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager, static char * +qemuBuildCryptoBackendStr(virDomainCryptoDefPtr crypto, + virQEMUCapsPtr qemuCaps) +{ + const char *type = NULL; + char *alias = NULL; + char *queue = NULL; + char *backstr = NULL; + + if (virAsprintf(&alias, "obj%s", crypto->info.alias) < 0) + goto cleanup; + + if (crypto->queues > 0) { + if (virAsprintf(&queue, "queues=%u", crypto->queues) < 0) + goto cleanup; + } + + switch ((virDomainCryptoBackend)crypto->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_BUILTIN)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("this qemu doesn't support the builtin backend")); + goto cleanup; + } + + type = "cryptodev-backend-builtin"; + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("unknown crypto backend")); + goto cleanup; + } + + if (queue) + ignore_value(virAsprintf(&backstr, "%s,id=%s,%s", type, alias, queue)); + else + ignore_value(virAsprintf(&backstr, "%s,id=%s", type, alias)); + + cleanup: + VIR_FREE(alias); + return backstr; +} + + +char * +qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + + if (dev->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("this qemu doesn't support crypto device model '%s'"), + virDomainRNGModelTypeToString(dev->model)); + goto error; + } + + if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported address type %s for virtio crypto device"), + virDomainDeviceAddressTypeToString(dev->info.type)); + goto error; + } + + virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=obj%s,id=%s", + dev->info.alias, dev->info.alias); + + if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0) + goto error; + + return virBufferContentAndReset(&buf); + + error: + virBufferFreeAndReset(&buf); + return NULL; +} + + +static int +qemuBuildCryptoCommandLine(virCommandPtr cmd, + const virDomainDef *def, + virQEMUCapsPtr qemuCaps) +{ + size_t i; + + for (i = 0; i < def->ncryptos; i++) { + virDomainCryptoDefPtr crypto = def->cryptos[i]; + char *tmp; + + if (qemuAssignDeviceCryptoAlias(def, crypto)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device assign alias faile")); + return -1; + } + + if (!crypto->info.alias) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device is missing alias")); + return -1; + } + + /* add the crypto backend */ + if (!(tmp = qemuBuildCryptoBackendStr(crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-object", tmp, NULL); + VIR_FREE(tmp); + + /* add the device */ + if (!(tmp = qemuBuildCryptoDevStr(def, crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-device", tmp, NULL); + VIR_FREE(tmp); + } + + return 0; +} + + +static char * qemuBuildSmbiosBiosStr(virSysinfoBIOSDefPtr def) { virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -10220,6 +10343,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, chardevStdioLogd) < 0) goto error; + if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0) + goto error; + if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0) goto error; diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index f5e3e5f..996840d 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -204,6 +204,9 @@ char *qemuBuildShmemDevStr(virDomainDefPtr def, virQEMUCapsPtr qemuCaps) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); +char *qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps); #endif /* __QEMU_COMMAND_H__*/ diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index 5209fbe..9bd064b 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -331,6 +331,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr def, def->rngs[i]->info.type = type; } + for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model == VIR_DOMAIN_CRYPTO_MODEL_VIRTIO && + def->cryptos[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) + def->cryptos[i]->info.type = type; + } + if (type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) { for (i = 0; i < def->nfss; i++) { if (def->fss[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) @@ -738,6 +744,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, return 0; } + case VIR_DOMAIN_DEVICE_CRYPTO: + switch ((virDomainCryptoModel) dev->data.crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + return virtioFlags; + + case VIR_DOMAIN_RNG_MODEL_LAST: + return 0; + } + case VIR_DOMAIN_DEVICE_VIDEO: switch ((virDomainVideoType) dev->data.video->type) { case VIR_DOMAIN_VIDEO_TYPE_VIRTIO: @@ -796,7 +811,6 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: - case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0; @@ -1775,6 +1789,16 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def, goto error; } + /* VirtIO CRYPTO */ + for (i = 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virDeviceInfoPCIAddressWanted(&def->cryptos[i]->info)) + continue; + + if (qemuDomainPCIAddressReserveNextAddr(addrs, &def->cryptos[i]->info) < 0) + goto error; + } + /* A watchdog - check if it is a PCI device */ if (def->watchdog && def->watchdog->model == VIR_DOMAIN_WATCHDOG_MODEL_I6300ESB && -- 1.8.3.1

Longpeng(Mike)

8:07 a.m.

New subject: [libvirt] [PATCH v4 6/8] qemu: virtio-crypto: add ccw support

From: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Add device address type ccw which is supported since qemu 2.9.0. Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> --- src/qemu/qemu_command.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 5278edc..65dfc61 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6051,14 +6051,18 @@ qemuBuildCryptoDevStr(const virDomainDef *def, goto error; } - if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { + if (dev->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { + virBufferAddLit(&buf, "virtio-crypto-pci"); + } else if (dev->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) { + virBufferAddLit(&buf, "virtio-crypto-ccw"); + } else { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unsupported address type %s for virtio crypto device"), virDomainDeviceAddressTypeToString(dev->info.type)); goto error; } - virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=obj%s,id=%s", + virBufferAsprintf(&buf, ",cryptodev=obj%s,id=%s", dev->info.alias, dev->info.alias); if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0) -- 1.8.3.1

Longpeng(Mike)

8:07 a.m.

New subject: [libvirt] [PATCH v4 7/8] tests: Add testcase for virtio-crypto parsing

Adds XML parsing and qemu commandline tests for the virtio-crypto device support. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- .../qemuxml2argv-virtio-crypto-builtin.xml | 26 ++++++++++++++++++ .../qemuxml2argv-virtio-crypto.args | 22 +++++++++++++++ .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 ++++++++++++++++++++++ tests/qemuxml2xmltest.c | 2 ++ 4 files changed, 81 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml new file mode 100644 index 0000000..f4e78fa --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml @@ -0,0 +1,26 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'/> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args new file mode 100644 index 0000000..430c061 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args @@ -0,0 +1,22 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/home/test \ +USER=test \ +LOGNAME=test \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-m 214 \ +-smp 1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \ +-object cryptodev-backend-builtin,id=objcrypto0,queues=1 \ +-device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0,bus=pci.0,addr=0x4 diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml new file mode 100644 index 0000000..1f06aeb --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml @@ -0,0 +1,31 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='virtio'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> + </memballoon> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> + </crypto> + </devices> +</domain> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 1307299..6975af3 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1045,6 +1045,8 @@ mymain(void) DO_TEST("smbios", NONE); DO_TEST("smbios-multiple-type2", NONE); + DO_TEST("virtio-crypto-builtin", NONE); + DO_TEST("aarch64-aavmf-virtio-mmio", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DTB, QEMU_CAPS_DEVICE_VIRTIO_MMIO, -- 1.8.3.1

Longpeng(Mike)

8:07 a.m.

New subject: [libvirt] [PATCH v4 8/8] qemu: virtio-crypto: add test for ccw support

From: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Add qemu command line tests for virtio-crypto ccw support. Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> --- .../qemuxml2argv-virtio-crypto-ccw.args | 22 ++++++++++++++++++++++ .../qemuxml2argv-virtio-crypto-ccw.xml | 16 ++++++++++++++++ tests/qemuxml2argvtest.c | 6 ++++++ 3 files changed, 44 insertions(+) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args new file mode 100644 index 0000000..1a59a2d --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args @@ -0,0 +1,22 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/home/test \ +USER=test \ +LOGNAME=test \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-s390x \ +-name QEMUGuest1 \ +-S \ +-M s390-ccw \ +-m 214 \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefconfig \ +-nodefaults \ +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\ +server,nowait \ +-mon chardev=charmonitor,id=monitor,mode=readline \ +-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0000 \ +-object cryptodev-backend-builtin,id=objcrypto0,queues=1 \ +-device virtio-crypto-ccw,cryptodev=objcrypto0,id=crypto0,devno=fe.0.0001 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml new file mode 100644 index 0000000..b8d07ff --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml @@ -0,0 +1,16 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory>219100</memory> + <currentMemory>219100</currentMemory> + <os> + <type arch='s390x' machine='s390-ccw'>hvm</type> + </os> + <devices> + <emulator>/usr/bin/qemu-system-s390x</emulator> + <memballoon model='virtio'/> + <crypto model='virtio'> + <backend type='builtin' queues='1'/> + </crypto> + </devices> +</domain> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 27eea70..70f85cd 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1781,6 +1781,12 @@ mymain(void) QEMU_CAPS_VIRTIO_S390, QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_RANDOM); + DO_TEST("virtio-crypto-ccw", + QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG, + QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW, + QEMU_CAPS_VIRTIO_S390, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO, + QEMU_CAPS_OBJECT_CRYPTO_BUILTIN); + DO_TEST("s390-allow-bogus-usb-none", QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_S390, -- 1.8.3.1

Longpeng (Mike)

25 Jul 25 Jul

7:42 a.m.

Ping... On 2017/7/7 16:07, Longpeng(Mike) wrote:

...

As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.

--- Changes since v3: - spilt the capabilities part into a separate patch. [Boris] - include Boris's virtio-crypto ccw support(PATCH 6 & 8). [Boris] - add the missing capabilities in caps_2.9.0.x86_64.xml. [Boris] - fix Indentation and missing virDomainCryptoDefFree. [Marc]

Changes since v2: - PATCH 1: modify docs as Martin & Boris's suggestion. [Martin & Boris] - PATCH 2: add the missing 'ToString'. [Martin] - PATCH 3: use virAsprintf instead of virBufferAsprintf. [Martin] remove pointless virBufferCheckError. [Martin] - rebase on master. [Longpeng]

Changes since v1: - split patch [Martin] - rebase on master [Martin] - add docs/tests/schema [Martin] - fix typos [Gonglei]

--- Boris Fiuczynski (2): qemu: virtio-crypto: add ccw support qemu: virtio-crypto: add test for ccw support

Longpeng(Mike) (6): docs: schema: Add basic documentation for the virtual docs: news: Add virtio-crypto devices conf: Parse virtio-crypto in the domain XML caps: Add qemu capabilities about virtio-crypto qemu: Implement support for 'builtin' backend for virtio-crypto tests: Add testcase for virtio-crypto parsing

docs/formatdomain.html.in | 61 ++++++ docs/news.xml | 10 + docs/schemas/domaincommon.rng | 30 +++ src/conf/domain_conf.c | 213 ++++++++++++++++++++- src/conf/domain_conf.h | 32 ++++ src/libvirt_private.syms | 5 + src/qemu/qemu_alias.c | 20 ++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_capabilities.c | 6 + src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 130 +++++++++++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 25 +++ src/qemu/qemu_driver.c | 6 + src/qemu/qemu_hotplug.c | 1 + tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 2 + .../qemuxml2argv-virtio-crypto-builtin.xml | 26 +++ .../qemuxml2argv-virtio-crypto-ccw.args | 22 +++ .../qemuxml2argv-virtio-crypto-ccw.xml | 16 ++ .../qemuxml2argv-virtio-crypto.args | 22 +++ tests/qemuxml2argvtest.c | 6 + .../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 +++ tests/qemuxml2xmltest.c | 2 + 25 files changed, 679 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml

-- Regards, Longpeng(Mike)

Matthew Rosato

25 Oct 25 Oct

3:14 p.m.

On 07/07/2017 04:07 AM, Longpeng(Mike) wrote:

...

As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.

---

Hi Mike, Seems like this topic has gone quiet.. Is there a v5 in the works? Matt

Longpeng (Mike)

26 Oct 26 Oct

1:31 a.m.

On 2017/10/25 23:14, Matthew Rosato wrote:

...

On 07/07/2017 04:07 AM, Longpeng(Mike) wrote:

...
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.

---

Hi Mike,

Seems like this topic has gone quiet.. Is there a v5 in the works?

Hi Matt, V5 is always in our plan, but we want to make the virtio-crypto spec (the latest version is V20) upstream first. I mainly work on an amazing and interesting project these two weeks, so even the virtio-crypto spec is delayed. I'll take some time to work on the V21 spec these days.

...

Matt

-- Regards, Longpeng(Mike)

Marc Hartmayer

16 Nov 16 Nov

3:34 p.m.

On Thu, Oct 26, 2017 at 03:31 AM +0200, "Longpeng (Mike)" <longpeng2@huawei.com> wrote:

...

On 2017/10/25 23:14, Matthew Rosato wrote:

...
On 07/07/2017 04:07 AM, Longpeng(Mike) wrote:

...
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.

---

Hi Mike,

Seems like this topic has gone quiet.. Is there a v5 in the works?

Hi Matt,

V5 is always in our plan, but we want to make the virtio-crypto spec (the latest version is V20) upstream first.

I mainly work on an amazing and interesting project these two weeks, so even the virtio-crypto spec is delayed.

I'll take some time to work on the V21 spec these days.

...
Matt

-- Regards, Longpeng(Mike)

Hi Longpeng, any updates so far? Is a v5 still planned? Kind regards / Beste Grüße Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294

Longpeng (Mike)

19 Nov 19 Nov

1:55 a.m.

On 2018/11/16 23:34, Marc Hartmayer wrote:

...

On Thu, Oct 26, 2017 at 03:31 AM +0200, "Longpeng (Mike)" <longpeng2@huawei.com> wrote:

...
On 2017/10/25 23:14, Matthew Rosato wrote:

...
On 07/07/2017 04:07 AM, Longpeng(Mike) wrote:

...
As virtio-crypto has been supported in QEMU 2.8 and the frontend driver has been merged in linux 4.10, so it's necessary to support virtio-crypto in libvirt.

---

Hi Mike,

Seems like this topic has gone quiet.. Is there a v5 in the works?

Hi Matt,

V5 is always in our plan, but we want to make the virtio-crypto spec (the latest version is V20) upstream first.

I mainly work on an amazing and interesting project these two weeks, so even the virtio-crypto spec is delayed.

I'll take some time to work on the V21 spec these days.

...
Matt

-- Regards, Longpeng(Mike)

Hi Longpeng,

any updates so far? Is a v5 still planned?

Hi Marc, The virtio-crypto spec is merged recently , we prefer to update the qemu virtio-crypto backend according the new spec first. Feel free to send v5 if you or someone like :)

...

Kind regards / Beste Grüße Marc Hartmayer

IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294

.

-- Regards, Longpeng(Mike)

2480

Age (days ago)

2980

Last active (days ago)

List overview

Download

14 comments

5 participants

participants (5)

John Ferlan
Longpeng (Mike)
Longpeng(Mike)
Marc Hartmayer
Matthew Rosato