packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libvirt/Add-cvm-parameter-into-the-type-of-LaunchSecurity-wh.patch

190 lines
6.8 KiB
Diff
Raw Permalink Normal View History

libvirt update to version 9.10.0-14: - Bugfix: Enhance the capability to trace the shutdown status of large VMS - conf: qemu: support provide inject secret for Hygon CSV - conf: qemu: add libvirt support reuse id for hygon CSV - Automatically unbind all devices' driver under same root port and bind to vfio-pci in the context of CVM. - Consistent coding style with opensource. - build: Make daemons depend on generated *_protocol.[ch] - Add the get tmm memory info API into libvirt-host. Also should add the RPC calls into libvirtd for API calling. - Add cvm parameter into the type of LaunchSecurity which is a optional filed for libvirt xml Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit d6a30a53977380d182cdf5f873c4ceb1ec29a85a)
2024-12-12 20:29:06 +08:00
From ddf9053ad7df4553ec4abb04370e74f90bb134cf Mon Sep 17 00:00:00 2001
From: ikarosYuuki <tujipei@huawei.com>
Date: Fri, 2 Aug 2024 14:16:37 +0800
Subject: [PATCH] Add cvm parameter into the type of LaunchSecurity which is a
optional filed for libvirt xml. Its purpose is to pass the cvm parameter
through to qemu. Also this patch support virsh edit to save cvm parameter
into libvirt temporary xml.
---
src/conf/domain_conf.c | 4 ++++
src/conf/domain_conf.h | 1 +
src/conf/schemas/domaincommon.rng | 9 +++++++++
src/qemu/qemu_command.c | 5 +++++
src/qemu/qemu_driver.c | 8 ++++++++
src/qemu/qemu_firmware.c | 1 +
src/qemu/qemu_namespace.c | 1 +
src/qemu/qemu_process.c | 1 +
src/qemu/qemu_validate.c | 2 ++
9 files changed, 32 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 4798d01d12..db49355788 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1516,6 +1516,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
"",
"sev",
"s390-pv",
+ "cvm",
);
typedef enum {
@@ -3829,6 +3830,7 @@ virDomainSecDefFree(virDomainSecDef *def)
g_free(def->data.sev.session);
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
break;
@@ -13570,6 +13572,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
return NULL;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -26614,6 +26617,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
}
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index e8a75afa2c..a687895726 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2858,6 +2858,7 @@ typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
VIR_DOMAIN_LAUNCH_SECURITY_PV,
+ VIR_DOMAIN_LAUNCH_SECURITY_CVM,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index b98a2ae602..f31603b2fd 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -520,6 +520,9 @@
<value>s390-pv</value>
</attribute>
</group>
+ <group>
+ <ref name="launchSecurityCVM"/>
+ </group>
</choice>
</element>
</define>
@@ -565,6 +568,12 @@
</interleave>
</define>
+ <define name="launchSecurityCVM">
+ <attribute name="type">
+ <value>cvm</value>
+ </attribute>
+ </define>
+
<!--
Enable or disable perf events for the domain. For each
of the events the following rules apply:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 609eb6772e..6e16e65d54 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7035,6 +7035,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+ virBufferAddLit(&buf, ",kvm-type=cvm");
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
@@ -9769,6 +9772,8 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
return qemuBuildPVCommandLine(vm, cmd);
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6b07bcc8dc..d7fb93b3b3 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6315,6 +6315,14 @@ qemuDomainObjStart(virConnectPtr conn,
}
}
+ if (vm->def->sec && vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_CVM) {
+ if (virFileWriteStr("/proc/sys/vm/overcommit_memory", "1", 0)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to enable overcommit_memory"));
+ return -1;
+ }
+ }
+
ret = qemuProcessStart(conn, driver, vm, NULL, asyncJob,
NULL, -1, NULL, NULL,
VIR_NETDEV_VPORT_PROFILE_OP_CREATE, start_flags);
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index d39e61d071..31ed6e881b 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1374,6 +1374,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
}
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 915d44310f..ff314ce243 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -660,6 +660,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
VIR_DEBUG("Set up launch security for SEV");
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 08d4f257eb..7ba5575037 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7045,6 +7045,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
return qemuProcessPrepareSEVGuestInput(vm);
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
return 0;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index a51cb6017d..449fb2f2d1 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1322,6 +1322,8 @@ qemuValidateDomainDef(const virDomainDef *def,
return -1;
}
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
--
2.41.0.windows.1
Reference in New Issue Copy Permalink