<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/15/2015 12:23 PM, Ján Tomko
wrote:<br>
</div>
<blockquote cite="mid:20150515162359.GI16247@snc.brq.redhat.com"
type="cite">
<pre wrap="">On Fri, May 15, 2015 at 04:43:29PM +0200, Michal Privoznik wrote:
</pre>
<blockquote type="cite">
<pre wrap="">From: Tony Krowiak <a class="moz-txt-link-rfc2396E" href="mailto:aekrowia@us.ibm.com"><aekrowia@us.ibm.com></a>
Introduces two new -machine option parameters to the QEMU command to
enable/disable the CPACF protected key management operations for a guest:
aes-key-wrap='on|off'
dea-key-wrap='on|off'
The QEMU code maps the corresponding domain configuration elements to the
QEMU -machine option parameters to create the QEMU command:
<cipher name='aes' state='on'> --> aes-key-wrap=on
<cipher name='aes' state='off'> --> aes-key-wrap=off
<cipher name='dea' state='on'> --> dea-key-wrap=on
<cipher name='dea' state='off'> --> dea-key-wrap=off
Signed-off-by: Tony Krowiak <a class="moz-txt-link-rfc2396E" href="mailto:akrowiak@linux.vnet.ibm.com"><akrowiak@linux.vnet.ibm.com></a>
Signed-off-by: Daniel Hansel <a class="moz-txt-link-rfc2396E" href="mailto:daniel.hansel@linux.vnet.ibm.com"><daniel.hansel@linux.vnet.ibm.com></a>
Signed-off-by: Boris Fiuczynski <a class="moz-txt-link-rfc2396E" href="mailto:fiuczy@linux.vnet.ibm.com"><fiuczy@linux.vnet.ibm.com></a>
Reviewed-by: Boris Fiuczynski <a class="moz-txt-link-rfc2396E" href="mailto:fiuczy@linux.vnet.ibm.com"><fiuczy@linux.vnet.ibm.com></a>
Signed-off-by: Michal Privoznik <a class="moz-txt-link-rfc2396E" href="mailto:mprivozn@redhat.com"><mprivozn@redhat.com></a>
---
src/qemu/qemu_capabilities.c | 4 +++
src/qemu/qemu_capabilities.h | 2 ++
src/qemu/qemu_command.c | 73 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 79 insertions(+)
</pre>
</blockquote>
<pre wrap="">
So the difference to v1 is that they are no longer turned on by default
if QEMU supports it. (I hope I did not miss anything else; it would
have been helpful if you listed the important changes)
I agree that this should not be done on XML parsing as was done in v1.
Would it make sense to treat the missing option (STATE_ABSENT) as
'turn it on if qemu supports it'?
</pre>
<blockquote type="cite">
<pre wrap="">diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 2939f8d..98fc5f8 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -38,6 +38,7 @@
#include "virnetdevbridge.h"
#include "virstring.h"
#include "virtime.h"
+#include "virutil.h"
</pre>
</blockquote>
<pre wrap="">
Why is this include needed?
</pre>
<blockquote type="cite">
<pre wrap=""> #include "viruuid.h"
#include "c-ctype.h"
#include "domain_nwfilter.h"
@@ -7286,6 +7287,39 @@ qemuBuildObsoleteAccelArg(virCommandPtr cmd,
return 0;
}
+static bool
+qemuAppendKeyWrapMachineParm(virBuffer *buf, virQEMUCapsPtr qemuCaps,
+ int flag, const char *pname, int pstate)
+{
+ if (pstate != VIR_TRISTATE_SWITCH_ABSENT) {
+ if (!virQEMUCapsGet(qemuCaps, flag)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("%s is not available with this QEMU binary"), pname);
+ return false;
+ }
</pre>
</blockquote>
<pre wrap="">
Can't we allow state='off' with QEMU that does not support it?
You have an ACK from me with the include removed. Please wait for
feedback from the author before pushing.</pre>
</blockquote>
These changes will break the test cases, so they will need to be
updated to reflect <br>
these changes before pushing.<br>
<blockquote cite="mid:20150515162359.GI16247@snc.brq.redhat.com"
type="cite">
<pre wrap="">
Jan
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
libvir-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:libvir-list@redhat.com">libvir-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/libvir-list">https://www.redhat.com/mailman/listinfo/libvir-list</a></pre>
</blockquote>
<br>
</body>
</html>