The previous v14 version can be found here: https://listman.redhat.com/archives/libvir-list/2022-July/233257.html Diff to v14: - Dropped SGX support for QEMU 6.2.0, only focus on QEMU 7.0.0 (BTW, I noticed the default QEMU version in RHEL9 is still 6.2.0, so those user cannot access this feature unless manually upgrade QEMU) - Removed total EPC size from domain capability, since the corresponding attribute is marked as deprecated in QMP command "query-sgx-capabilities" - Some cleanups to address comments (pin test to 7.0.0, more validations on qemu_validate.c, name issue, use built-in functions, ...) BTW, it still adds SGX EPC as memory device, since basically SGX EPC is one kind of memory. More specifically, a private region of memory, so didn't add additional general memory. QEMU allocate part of them and pass through to guest VM. I don't have a better alternative to represent it in domain definition. Haibin Huang (4): domain_capabilities: Define SGX capabilities structs qemu: Get SGX capabilities form QMP Convert QMP capabilities to domain capabilities conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC element into device memory xml qemu: Add command-line to generate SGX EPC memory backend Michal Prívozník (3): qemu_cgroup: Allow SGX in devices controller qemu_namespace: Create SGX related nodes in domain's namespace security_dac: Set DAC label on SGX /dev nodes docs/formatdomain.rst | 25 +- docs/formatdomaincaps.rst | 40 ++++ src/conf/domain_capabilities.c | 46 ++++ src/conf/domain_capabilities.h | 21 ++ src/conf/domain_conf.c | 30 +++ src/conf/domain_conf.h | 1 + src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 9 + src/conf/schemas/domaincaps.rng | 37 +++ src/conf/schemas/domaincommon.rng | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 6 +- src/qemu/qemu_capabilities.c | 219 ++++++++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_cgroup.c | 76 +++++- src/qemu/qemu_command.c | 66 +++++- src/qemu/qemu_domain.c | 48 ++-- src/qemu/qemu_domain.h | 2 + src/qemu/qemu_domain_address.c | 6 + src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 + src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 137 ++++++++++- src/qemu/qemu_monitor_json.h | 4 + src/qemu/qemu_namespace.c | 20 +- src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 40 ++++ src/security/security_apparmor.c | 1 + src/security/security_dac.c | 46 ++-- src/security/security_selinux.c | 2 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 9 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 9 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 9 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + .../caps_6.2.0.x86_64.replies | 27 ++- .../caps_7.0.0.x86_64.replies | 34 ++- .../caps_7.0.0.x86_64.xml | 10 + .../caps_7.1.0.x86_64.replies | 21 +- .../sgx-epc.x86_64-7.0.0.args | 40 ++++ tests/qemuxml2argvdata/sgx-epc.xml | 64 +++++ tests/qemuxml2argvtest.c | 2 + .../sgx-epc.x86_64-7.0.0.xml | 1 + tests/qemuxml2xmltest.c | 2 + 93 files changed, 1107 insertions(+), 79 deletions(-) create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-7.0.0.args create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-7.0.0.xml -- 2.25.1