[libvirt][PATCH v16 0/9] Support query and use SGX
Lin Yang
lin.a.yang at intel.com
Sat Oct 8 03:59:27 UTC 2022
The previous v15 version can be found here:
https://listman.redhat.com/archives/libvir-list/2022-August/234030.html
v14 version:
https://listman.redhat.com/archives/libvir-list/2022-July/233257.html
Diff to v15:
- Updated libvirt target verion to latest 8.9.0 in formatdomain.rst
- Sum up all sgx section size when parse QEMU QMP command
"query-sgx-capabilities" response. Use it instead of "section-size"
if it does not exist
- Resolved conflict to master branch
- Fixed inconsistent EPC size in formatdomaincaps.rst
Diff v15 to v14:
- Dropped SGX support for QEMU 6.2.0, only focus on QEMU 7.0.0 (BTW, I
noticed the default QEMU version in RHEL9 is still 6.2.0, so those
user cannot access this feature unless manually upgrade QEMU)
- Removed total EPC size from domain capability, since the corresponding
attribute is marked as deprecated in QMP command
"query-sgx-capabilities"
- Some cleanups to address comments (pin test to 7.0.0, more validations
on qemu_validate.c, name issue, use built-in functions, ...)
Haibin Huang (4):
domain_capabilities: Define SGX capabilities structs
qemu: Get SGX capabilities form QMP
Convert QMP capabilities to domain capabilities
conf: expose SGX feature in domain capabilities
Lin Yang (2):
conf: Introduce SGX EPC element into device memory xml
qemu: Add command-line to generate SGX EPC memory backend
Michal Prívozník (3):
qemu_cgroup: Allow SGX in devices controller
qemu_namespace: Create SGX related nodes in domain's namespace
security_dac: Set DAC label on SGX /dev nodes
docs/formatdomain.rst | 25 +-
docs/formatdomaincaps.rst | 40 ++++
src/conf/domain_capabilities.c | 47 ++++
src/conf/domain_capabilities.h | 22 ++
src/conf/domain_conf.c | 30 +++
src/conf/domain_conf.h | 1 +
src/conf/domain_postparse.c | 1 +
src/conf/domain_validate.c | 9 +
src/conf/schemas/domaincaps.rng | 43 ++++
src/conf/schemas/domaincommon.rng | 1 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_alias.c | 6 +-
src/qemu/qemu_capabilities.c | 220 ++++++++++++++++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_cgroup.c | 78 ++++++-
src/qemu/qemu_command.c | 66 +++++-
src/qemu/qemu_domain.c | 48 ++--
src/qemu/qemu_domain.h | 2 +
src/qemu/qemu_domain_address.c | 6 +
src/qemu/qemu_driver.c | 1 +
src/qemu/qemu_monitor.c | 10 +
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 154 +++++++++++-
src/qemu/qemu_monitor_json.h | 4 +
src/qemu/qemu_namespace.c | 20 +-
src/qemu/qemu_process.c | 2 +
src/qemu/qemu_validate.c | 40 ++++
src/security/security_apparmor.c | 1 +
src/security/security_dac.c | 46 ++--
src/security/security_selinux.c | 2 +
tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 +
tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 +
tests/domaincapsdata/empty.xml | 1 +
tests/domaincapsdata/libxl-xenfv.xml | 1 +
tests/domaincapsdata/libxl-xenpv.xml | 1 +
.../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 +
.../qemu_4.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 +
.../qemu_5.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 +
tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 +
.../qemu_5.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 +
.../qemu_6.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 +
tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 +
.../qemu_6.2.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 +
.../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 +
.../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 10 +
.../qemu_7.0.0-virt.aarch64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 +
tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 10 +
.../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 +
.../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 +
tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 +
.../caps_6.2.0.x86_64.replies | 21 +-
.../caps_7.0.0.x86_64.replies | 34 ++-
.../caps_7.0.0.x86_64.xml | 11 +
.../caps_7.1.0.x86_64.replies | 21 +-
.../sgx-epc.x86_64-7.0.0.args | 40 ++++
tests/qemuxml2argvdata/sgx-epc.xml | 64 +++++
tests/qemuxml2argvtest.c | 2 +
.../sgx-epc.x86_64-7.0.0.xml | 1 +
tests/qemuxml2xmltest.c | 2 +
93 files changed, 1134 insertions(+), 76 deletions(-)
create mode 100644 tests/qemuxml2argvdata/sgx-epc.x86_64-7.0.0.args
create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml
create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-7.0.0.xml
--
2.25.1
More information about the libvir-list
mailing list