[libvirt][PATCH v5 1/6] conf: Introduce SGX related element into domain xml

Haibin Huang haibin.huang at intel.com
Thu Jul 15 07:02:56 UTC 2021 

From: Lin Yang <lin.a.yang at intel.com>

  <launchSecurity type='sgx'>
    <epc_size unit='KiB'>1024</epc_size>
  </launchSecurity>
---
 docs/schemas/domaincommon.rng |  62 +++++++++-------
 src/conf/domain_conf.c        | 128 ++++++++++++++++++++++++++--------
 src/conf/domain_conf.h        |  10 +++
 src/conf/virconftypes.h       |   3 +
 4 files changed, 149 insertions(+), 54 deletions(-)

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 0d0dcbc5ce..24fa8b030c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -460,35 +460,45 @@
 
   <define name="launchSecurity">
     <element name="launchSecurity">
-      <attribute name="type">
-        <value>sev</value>
-      </attribute>
-      <interleave>
-        <element name="cbitpos">
-          <data type='unsignedInt'/>
-        </element>
-        <element name="reducedPhysBits">
-          <data type='unsignedInt'/>
-        </element>
-        <element name="policy">
-          <ref name='hexuint'/>
-        </element>
-        <optional>
-          <element name="handle">
-            <ref name='unsignedInt'/>
+      <choice>
+        <group>
+          <attribute name="type">
+            <value>sev</value>
+          </attribute>
+          <element name="cbitpos">
+            <data type='unsignedInt'/>
           </element>
-        </optional>
-        <optional>
-          <element name="dhCert">
-            <data type="string"/>
+          <element name="reducedPhysBits">
+            <data type='unsignedInt'/>
           </element>
-        </optional>
-        <optional>
-          <element name="session">
-            <data type="string"/>
+          <element name="policy">
+            <ref name='hexuint'/>
           </element>
-        </optional>
-      </interleave>
+          <optional>
+            <element name="handle">
+              <ref name='unsignedInt'/>
+            </element>
+          </optional>
+          <optional>
+            <element name="dhCert">
+              <data type="string"/>
+            </element>
+          </optional>
+          <optional>
+            <element name="session">
+              <data type="string"/>
+            </element>
+          </optional>
+        </group>
+        <group>
+          <attribute name="type">
+            <value>sgx</value>
+          </attribute>
+          <element name="epc_size">
+            <ref name='scaledInteger'/>
+          </element>
+        </group>
+      </choice>
     </element>
   </define>
 
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index ef67efa1da..22ee02a540 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1336,6 +1336,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
               VIR_DOMAIN_LAUNCH_SECURITY_LAST,
               "",
               "sev",
+              "sgx",
 );
 
 static virClassPtr virDomainObjClass;
@@ -3409,6 +3410,16 @@ virDomainSEVDefFree(virDomainSEVDefPtr def)
 }
 
 
+static void
+virDomainSGXDefFree(virDomainSGXDefPtr def)
+{
+    if (!def)
+        return;
+
+    VIR_FREE(def);
+}
+
+
 void virDomainDefFree(virDomainDefPtr def)
 {
     size_t i;
@@ -3597,6 +3608,7 @@ void virDomainDefFree(virDomainDefPtr def)
         (def->ns.free)(def->namespaceData);
 
     virDomainSEVDefFree(def->sev);
+    virDomainSGXDefFree(def->sgx);
 
     xmlFreeNode(def->metadata);
 
@@ -16700,39 +16712,17 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
     return 0;
 }
 
-
 static virDomainSEVDefPtr
-virDomainSEVDefParseXML(xmlNodePtr sevNode,
-                        xmlXPathContextPtr ctxt)
+virDomainSEVDefParseXML(xmlXPathContextPtr ctxt)
 {
     VIR_XPATH_NODE_AUTORESTORE(ctxt);
     virDomainSEVDefPtr def;
     unsigned long policy;
-    g_autofree char *type = NULL;
 
     if (VIR_ALLOC(def) < 0)
         return NULL;
 
-    ctxt->node = sevNode;
-
-    if (!(type = virXMLPropString(sevNode, "type"))) {
-        virReportError(VIR_ERR_XML_ERROR, "%s",
-                       _("missing launch security type"));
-        goto error;
-    }
-
-    def->sectype = virDomainLaunchSecurityTypeFromString(type);
-    switch ((virDomainLaunchSecurity) def->sectype) {
-    case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
-        break;
-    case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
-    case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
-    default:
-        virReportError(VIR_ERR_XML_ERROR,
-                       _("unsupported launch security type '%s'"),
-                       type);
-        goto error;
-    }
+    def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SEV;
 
     if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
@@ -16764,6 +16754,66 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
     return NULL;
 }
 
+static virDomainSGXDefPtr
+virDomainSGXDefParseXML(xmlXPathContextPtr ctxt)
+{
+    virDomainSGXDefPtr def;
+
+    if (VIR_ALLOC(def) < 0)
+        return NULL;
+
+    def->sectype = VIR_DOMAIN_LAUNCH_SECURITY_SGX;
+
+    if (virDomainParseMemory("./epc_size", "./epc_size/@unit", ctxt,
+                             &def->epc_size, false, false) < 0)
+        goto error;
+
+    return def;
+
+ error:
+    virDomainSGXDefFree(def);
+    return NULL;
+}
+
+static int
+virDomainLaunchSecurityDefParseXML(xmlNodePtr launchSecurityNode,
+                                   xmlXPathContextPtr ctxt,
+                                   virDomainDefPtr def)
+{
+    VIR_XPATH_NODE_AUTORESTORE(ctxt);
+    g_autofree char *type = NULL;
+
+    ctxt->node = launchSecurityNode;
+
+    if (!(type = virXMLPropString(launchSecurityNode, "type"))) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing launch security type"));
+        return -1;
+    }
+
+    switch ((virDomainLaunchSecurity) virDomainLaunchSecurityTypeFromString(type)) {
+    case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+        def->sev = virDomainSEVDefParseXML(ctxt);
+        if (def->sev == NULL)
+            return -1;
+        break;
+    case VIR_DOMAIN_LAUNCH_SECURITY_SGX:
+        def->sgx = virDomainSGXDefParseXML(ctxt);
+        if (def->sgx == NULL)
+            return -1;
+        break;
+    case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+    case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+    default:
+        virReportError(VIR_ERR_XML_ERROR,
+                       _("unsupported launch security type '%s'"),
+                       type);
+        return -1;
+    }
+
+    return 0;
+}
+
 static virDomainMemoryDefPtr
 virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
                            xmlNodePtr memdevNode,
@@ -22227,12 +22277,15 @@ virDomainDefParseXML(xmlDocPtr xml,
     ctxt->node = node;
     VIR_FREE(nodes);
 
-    /* Check for SEV feature */
-    if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
-        def->sev = virDomainSEVDefParseXML(node, ctxt);
-        if (!def->sev)
+    /* analysis of launch security */
+    if ((n = virXPathNodeSet("./launchSecurity", ctxt, &nodes)) < 0)
+        goto error;
+
+    for (i = 0; i < n; i++) {
+        if (virDomainLaunchSecurityDefParseXML(nodes[i], ctxt, def) != 0)
             goto error;
     }
+    VIR_FREE(nodes);
 
     /* analysis of memory devices */
     if ((n = virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
@@ -28697,6 +28750,24 @@ virDomainSEVDefFormat(virBufferPtr buf, virDomainSEVDefPtr sev)
 }
 
 
+static void
+virDomainSGXDefFormat(virBufferPtr buf, virDomainSGXDefPtr sgx)
+{
+    if (!sgx)
+        return;
+
+    virBufferAsprintf(buf, "<launchSecurity type='%s'>\n",
+                      virDomainLaunchSecurityTypeToString(sgx->sectype));
+    virBufferAdjustIndent(buf, 2);
+
+    virBufferAsprintf(buf, "<epc_size unit='KiB'>%llu</epc_size>\n",
+                      sgx->epc_size);
+
+    virBufferAdjustIndent(buf, -2);
+    virBufferAddLit(buf, "</launchSecurity>\n");
+}
+
+
 static void
 virDomainPerfDefFormat(virBufferPtr buf, virDomainPerfDefPtr perf)
 {
@@ -30122,6 +30193,7 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
         virDomainKeyWrapDefFormat(buf, def->keywrap);
 
     virDomainSEVDefFormat(buf, def->sev);
+    virDomainSGXDefFormat(buf, def->sgx);
 
     if (def->namespaceData && def->ns.format) {
         if ((def->ns.format)(buf, def->namespaceData) < 0)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 011bf66cb4..88adf461df 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2447,6 +2447,7 @@ struct _virDomainKeyWrapDef {
 typedef enum {
     VIR_DOMAIN_LAUNCH_SECURITY_NONE,
     VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+    VIR_DOMAIN_LAUNCH_SECURITY_SGX,
 
     VIR_DOMAIN_LAUNCH_SECURITY_LAST,
 } virDomainLaunchSecurity;
@@ -2462,6 +2463,12 @@ struct _virDomainSEVDef {
 };
 
 
+struct _virDomainSGXDef {
+    int sectype; /* enum virDomainLaunchSecurity */
+    unsigned long long epc_size; /* kibibytes */
+};
+
+
 typedef enum {
     VIR_DOMAIN_IOMMU_MODEL_INTEL,
     VIR_DOMAIN_IOMMU_MODEL_SMMUV3,
@@ -2670,6 +2677,9 @@ struct _virDomainDef {
     /* SEV-specific domain */
     virDomainSEVDefPtr sev;
 
+    /* SGX-specific domain */
+    virDomainSGXDefPtr sgx;
+
     /* Application-specific custom metadata */
     xmlNodePtr metadata;
 
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 1c62cde251..084bcc7687 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -291,6 +291,9 @@ typedef virDomainResourceDef *virDomainResourceDefPtr;
 typedef struct _virDomainSEVDef virDomainSEVDef;
 typedef virDomainSEVDef *virDomainSEVDefPtr;
 
+typedef struct _virDomainSGXDef virDomainSGXDef;
+typedef virDomainSGXDef *virDomainSGXDefPtr;
+
 typedef struct _virDomainShmemDef virDomainShmemDef;
 typedef virDomainShmemDef *virDomainShmemDefPtr;
 
-- 
2.17.1

More information about the libvir-list mailing list