packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!358 [sync] PR-356: libvirt update to version 9.10.0-14

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @imxcc 
Signed-off-by: @imxcc
This commit is contained in:
openeuler-ci-bot 2024-12-13 01:38:22 +00:00 committed by Gitee
commit 6c63885fbf
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
9 changed files with 1292 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

189
Add-cvm-parameter-into-the-type-of-LaunchSecurity-wh.patch Normal file
View File

@ -0,0 +1,189 @@
From ddf9053ad7df4553ec4abb04370e74f90bb134cf Mon Sep 17 00:00:00 2001
From: ikarosYuuki <tujipei@huawei.com>
Date: Fri, 2 Aug 2024 14:16:37 +0800
Subject: [PATCH] Add cvm parameter into the type of LaunchSecurity which is a
optional filed for libvirt xml. Its purpose is to pass the cvm parameter
through to qemu. Also this patch support virsh edit to save cvm parameter
into libvirt temporary xml.
---
src/conf/domain_conf.c | 4 ++++
src/conf/domain_conf.h | 1 +
src/conf/schemas/domaincommon.rng | 9 +++++++++
src/qemu/qemu_command.c | 5 +++++
src/qemu/qemu_driver.c | 8 ++++++++
src/qemu/qemu_firmware.c | 1 +
src/qemu/qemu_namespace.c | 1 +
src/qemu/qemu_process.c | 1 +
src/qemu/qemu_validate.c | 2 ++
9 files changed, 32 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 4798d01d12..db49355788 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1516,6 +1516,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
"",
"sev",
"s390-pv",
+ "cvm",
);
typedef enum {
@@ -3829,6 +3830,7 @@ virDomainSecDefFree(virDomainSecDef *def)
g_free(def->data.sev.session);
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
break;
@@ -13570,6 +13572,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
return NULL;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -26614,6 +26617,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
}
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index e8a75afa2c..a687895726 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2858,6 +2858,7 @@ typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
VIR_DOMAIN_LAUNCH_SECURITY_PV,
+ VIR_DOMAIN_LAUNCH_SECURITY_CVM,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index b98a2ae602..f31603b2fd 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -520,6 +520,9 @@
<value>s390-pv</value>
</attribute>
</group>
+ <group>
+ <ref name="launchSecurityCVM"/>
+ </group>
</choice>
</element>
</define>
@@ -565,6 +568,12 @@
</interleave>
</define>
+ <define name="launchSecurityCVM">
+ <attribute name="type">
+ <value>cvm</value>
+ </attribute>
+ </define>
+
<!--
Enable or disable perf events for the domain. For each
of the events the following rules apply:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 609eb6772e..6e16e65d54 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7035,6 +7035,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+ virBufferAddLit(&buf, ",kvm-type=cvm");
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
@@ -9769,6 +9772,8 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
return qemuBuildPVCommandLine(vm, cmd);
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6b07bcc8dc..d7fb93b3b3 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6315,6 +6315,14 @@ qemuDomainObjStart(virConnectPtr conn,
}
}
+ if (vm->def->sec && vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_CVM) {
+ if (virFileWriteStr("/proc/sys/vm/overcommit_memory", "1", 0)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to enable overcommit_memory"));
+ return -1;
+ }
+ }
+
ret = qemuProcessStart(conn, driver, vm, NULL, asyncJob,
NULL, -1, NULL, NULL,
VIR_NETDEV_VPORT_PROFILE_OP_CREATE, start_flags);
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index d39e61d071..31ed6e881b 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1374,6 +1374,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
}
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 915d44310f..ff314ce243 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -660,6 +660,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
VIR_DEBUG("Set up launch security for SEV");
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 08d4f257eb..7ba5575037 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7045,6 +7045,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
return qemuProcessPrepareSEVGuestInput(vm);
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
return 0;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index a51cb6017d..449fb2f2d1 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1322,6 +1322,8 @@ qemuValidateDomainDef(const virDomainDef *def,
return -1;
}
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
--
2.41.0.windows.1

509
Add-the-get-tmm-memory-info-API-into-libvirt-host.-A.patch Normal file
View File

@ -0,0 +1,509 @@
From 96ec8dcd8c5ac0459259cf0d40a163bcee668484 Mon Sep 17 00:00:00 2001
From: ikarosYuuki <tujipei@huawei.com>
Date: Fri, 2 Aug 2024 14:18:11 +0800
Subject: [PATCH] Add the get tmm memory info API into libvirt-host. Also
should add the RPC calls into libvirtd for API calling.
---
include/libvirt/libvirt-host.h | 2 +
scripts/apibuild.py | 1 +
scripts/check-aclrules.py | 1 +
src/driver-hypervisor.h | 5 ++
src/libvirt-host.c | 36 ++++++++
src/libvirt_public.syms | 1 +
src/qemu/qemu_driver.c | 128 ++++++++++++++++++++++++++++
src/remote/remote_daemon_dispatch.c | 22 +++++
src/remote/remote_driver.c | 28 ++++++
src/remote/remote_protocol.x | 17 +++-
tools/virsh-host.c | 98 +++++++++++++++++++++
11 files changed, 338 insertions(+), 1 deletion(-)
diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index 3112f2b676..af7dede24e 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -1016,5 +1016,7 @@ int virNodeAllocPages(virConnectPtr conn,
unsigned int cellCount,
unsigned int flags);
+char *virConnectGetTmmMemoryInfo(virConnectPtr conn,
+ unsigned int detail);
#endif /* LIBVIRT_HOST_H */
diff --git a/scripts/apibuild.py b/scripts/apibuild.py
index 3ecc3eadf7..f1cfa5aa0a 100755
--- a/scripts/apibuild.py
+++ b/scripts/apibuild.py
@@ -109,6 +109,7 @@ ignored_functions = {
"virDomainMigrateConfirm3Params": "private function for migration",
"virDomainMigratePrepareTunnel3Params": "private function for tunnelled migration",
"virErrorCopyNew": "private",
+ "virConnectGetTmmMemoryInfo": "private function for tmm",
}
# The version in the .sym file might different from
diff --git a/scripts/check-aclrules.py b/scripts/check-aclrules.py
index e39dbd2ba8..e6bcf00b11 100755
--- a/scripts/check-aclrules.py
+++ b/scripts/check-aclrules.py
@@ -54,6 +54,7 @@ permitted = {
"localOnly": True,
"domainQemuAttach": True,
"domainHotpatchManage": True,
+ "connectGetTmmMemoryInfo": True,
}
# XXX this vzDomainMigrateConfirm3Params looks
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index e54af0515f..619a091ffa 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1457,6 +1457,10 @@ typedef char *
typedef struct _virHypervisorDriver virHypervisorDriver;
+typedef char *
+(*virDrvConnectGetTmmMemoryInfo)(virConnectPtr conn,
+ bool detail);
+
/**
* _virHypervisorDriver:
*
@@ -1728,4 +1732,5 @@ struct _virHypervisorDriver {
virDrvDomainStartDirtyRateCalc domainStartDirtyRateCalc;
virDrvDomainFDAssociate domainFDAssociate;
virDrvDomainHotpatchManage domainHotpatchManage;
+ virDrvConnectGetTmmMemoryInfo connectGetTmmMemoryInfo;
};
diff --git a/src/libvirt-host.c b/src/libvirt-host.c
index e67b36812e..e763d5c86c 100644
--- a/src/libvirt-host.c
+++ b/src/libvirt-host.c
@@ -1829,3 +1829,39 @@ virNodeGetSEVInfo(virConnectPtr conn,
virDispatchError(conn);
return -1;
}
+
+/*
+ * virConnectGetTmmMemoryInfo:
+ * @conn: pointer to the hypervisor connection
+ * @detail: whether libvirtd return detailed tmm memory information;
+ * the default value is 0 which means don't return detailed tmm memory information.
+ *
+ * If Tmm enable, then will fill the cotents of string buffer with tmm memory information.
+ *
+ * Returns string ptr in case of success, and NULL in case of failure.
+ *
+ * Since: 9.7.0
+ */
+char *
+virConnectGetTmmMemoryInfo(virConnectPtr conn,
+ unsigned int detail)
+{
+ VIR_DEBUG("conn=%p", conn);
+
+ virResetLastError();
+
+ virCheckConnectReturn(conn, NULL);
+
+ if (conn->driver->connectGetTmmMemoryInfo) {
+ char *ret;
+ ret = conn->driver->connectGetTmmMemoryInfo(conn, detail);
+ if (!ret)
+ goto error;
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ error:
+ virDispatchError(conn);
+ return NULL;
+}
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 8b38fe9a5f..72efec0b61 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -941,6 +941,7 @@ LIBVIRT_9.7.0 {
global:
virNetworkGetMetadata;
virNetworkSetMetadata;
+ virConnectGetTmmMemoryInfo;
} LIBVIRT_9.0.0;
# .... define new API here using predicted next version number ....
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d7fb93b3b3..5a5aa28449 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20010,6 +20010,133 @@ qemuDomainHotpatchManage(virDomainPtr domain,
return ret;
}
+static int
+qemuConnectTmmInfoListAppend(char **format,
+ char **infoStrList,
+ int targetNumaNum,
+ int *startIndex,
+ int maxListSize)
+{
+ char *numStart;
+ char *strPtr = NULL;
+ int numaNode, index, ret = 0;
+
+ for (index = *startIndex; index < maxListSize; index++) {
+ if (strlen(infoStrList[index]) == 0)
+ break;
+
+ numStart = strstr(infoStrList[index], "node ");
+ if (!numStart)
+ return -1;
+
+ virSkipToDigit((const char **)(&numStart));
+ ret = virStrToLong_i(numStart, &numStart, 10, &numaNode);
+ if (ret < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to get current numa node"));
+ return ret;
+ }
+
+ if (numaNode == targetNumaNum) {
+ strPtr = *format;
+ *format = g_strconcat(*format, "\n", infoStrList[index], NULL);
+ free(strPtr);
+ } else {
+ break;
+ }
+ }
+
+ *startIndex = index;
+
+ return ret;
+}
+
+static char *
+qemuConnectTmmDetailInfoFormat(char *baseMeminfo,
+ char *slabInfo)
+{
+ int ret, i = 0, j = 0;
+ char *numStart, *numListStart, *format = NULL;
+ char **baseMeminfoSplits = g_strsplit(baseMeminfo, "\n", 0);
+ char **slabInfoSplits = g_strsplit(slabInfo, "\n", 0);
+ int numaSize, numaIndex, headNumaNode;
+ ssize_t meminfoListSize = g_strv_length(baseMeminfoSplits);
+ ssize_t slabInfoSize = g_strv_length(slabInfoSplits);
+
+ numStart = strchr(baseMeminfoSplits[i], ':');
+ numListStart = strchr(baseMeminfoSplits[i], '(');
+ if (!numStart || !numListStart)
+ goto cleanup;
+
+ virSkipToDigit((const char **)(&numStart));
+ ret = virStrToLong_i(numStart, &numStart, 10, &numaSize);
+ if (ret < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to get available numa size"));
+ goto cleanup;
+ }
+
+ format = g_strconcat(baseMeminfoSplits[i++], NULL);
+
+ virSkipToDigit((const char **)(&numListStart));
+ for (numaIndex = 0; *numListStart && numaIndex < numaSize; numaIndex++, numListStart++) {
+ ret = virStrToLong_i(numListStart, &numListStart, 10, &headNumaNode);
+ if (ret < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to get current numa node"));
+ goto cleanup;
+ }
+
+ ret = qemuConnectTmmInfoListAppend(&format, baseMeminfoSplits, headNumaNode, &i, meminfoListSize);
+ if (ret < 0)
+ goto cleanup;
+ ret = qemuConnectTmmInfoListAppend(&format, slabInfoSplits, headNumaNode, &j, slabInfoSize);
+ if (ret < 0)
+ goto cleanup;
+ }
+
+cleanup:
+ g_strfreev(baseMeminfoSplits);
+ g_strfreev(slabInfoSplits);
+ return format;
+}
+
+static char *
+qemuConnectGetTmmMemoryInfo(virConnectPtr conn G_GNUC_UNUSED,
+ bool detail)
+{
+ int maxLen = 10 * 1024;
+ char *meminfo = NULL;
+ g_autofree char *formatInfo = NULL;
+ g_autofree char *baseMeminfo = NULL;
+ g_autofree char *slabInfo = NULL;
+ g_autofree char *buddyInfo = NULL;
+
+ if (virFileReadAll("/sys/kernel/tmm/memory_info", maxLen, &baseMeminfo) < 0)
+ goto end;
+ if (detail && virFileReadAll("/sys/kernel/tmm/slab_info", maxLen, &slabInfo) < 0)
+ goto end;
+ if (detail && virFileReadAll("/sys/kernel/tmm/buddy_info", maxLen, &buddyInfo) < 0)
+ goto end;
+
+ if (detail) {
+ if (!virStringIsEmpty(baseMeminfo) && !virStringIsEmpty(slabInfo)) {
+ formatInfo = qemuConnectTmmDetailInfoFormat(baseMeminfo, slabInfo);
+ if (formatInfo == NULL)
+ goto end;
+ } else {
+ formatInfo = g_strdup_printf(_("%s%s"), baseMeminfo, slabInfo);
+ }
+
+ meminfo = g_strdup_printf(_("%s\n%s"), formatInfo, buddyInfo);
+ } else {
+ meminfo = g_steal_pointer(&baseMeminfo);
+ }
+
+end:
+ return meminfo;
+}
+
static virHypervisorDriver qemuHypervisorDriver = {
.name = QEMU_DRIVER_NAME,
.connectURIProbe = qemuConnectURIProbe,
@@ -20260,6 +20387,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
.domainStartDirtyRateCalc = qemuDomainStartDirtyRateCalc, /* 7.2.0 */
.domainSetLaunchSecurityState = qemuDomainSetLaunchSecurityState, /* 8.0.0 */
.domainFDAssociate = qemuDomainFDAssociate, /* 9.0.0 */
+ .connectGetTmmMemoryInfo = qemuConnectGetTmmMemoryInfo, /* 9.0.0 */
};
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index 7542caa952..10f343843a 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -7125,6 +7125,28 @@ remoteDispatchNetworkPortGetParameters(virNetServer *server G_GNUC_UNUSED,
return rv;
}
+static int
+remoteDispatchConnectGetTmmMemoryInfo(virNetServer *server G_GNUC_UNUSED,
+ virNetServerClient *client,
+ virNetMessage *msg G_GNUC_UNUSED,
+ struct virNetMessageError *rerr,
+ remote_connect_get_tmm_memory_info_args *args,
+ remote_connect_get_tmm_memory_info_ret *ret)
+{
+ int rv = -1;
+ char *meminfo = NULL;
+ virConnectPtr conn = remoteGetHypervisorConn(client);
+
+ if (conn && (meminfo = virConnectGetTmmMemoryInfo(conn, args->detail))) {
+ rv = 0;
+ ret->meminfo = meminfo;
+ }
+
+ if (rv < 0)
+ virNetMessageSaveError(rerr);
+
+ return rv;
+}
/*----- Helpers. -----*/
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 9350e811d6..4b9ad30ed6 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -7406,6 +7406,33 @@ remoteDomainFDAssociate(virDomainPtr domain,
return 0;
}
+static char *
+remoteConnectGetTmmMemoryInfo(virConnectPtr conn,
+ bool detail)
+{
+ char *rv = NULL;
+ struct private_data *priv = conn->privateData;
+ remote_connect_get_tmm_memory_info_args args;
+ remote_connect_get_tmm_memory_info_ret ret;
+
+ remoteDriverLock(priv);
+
+ args.detail = detail;
+
+ memset(&ret, 0, sizeof(ret));
+
+ if (call(conn, priv, 0, REMOTE_PROC_CONNECT_GET_TMM_MEMORY_INFO,
+ (xdrproc_t)xdr_remote_connect_get_tmm_memory_info_args, (char *)&args,
+ (xdrproc_t)xdr_remote_connect_get_tmm_memory_info_ret, (char *)&ret) < 0) {
+ goto done;
+ }
+
+ rv = ret.meminfo;
+
+ done:
+ remoteDriverUnlock(priv);
+ return rv;
+}
/* get_nonnull_domain and get_nonnull_network turn an on-wire
* (name, uuid) pair into virDomainPtr or virNetworkPtr object.
@@ -7849,6 +7876,7 @@ static virHypervisorDriver hypervisor_driver = {
.domainStartDirtyRateCalc = remoteDomainStartDirtyRateCalc, /* 7.2.0 */
.domainSetLaunchSecurityState = remoteDomainSetLaunchSecurityState, /* 8.0.0 */
.domainFDAssociate = remoteDomainFDAssociate, /* 9.0.0 */
+ .connectGetTmmMemoryInfo = remoteConnectGetTmmMemoryInfo /* 9.0.0 */
};
static virNetworkDriver network_driver = {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index eea11df2ea..39069ce207 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -3973,6 +3973,15 @@ struct remote_domain_fd_associate_args {
remote_nonnull_string name;
unsigned int flags;
};
+
+struct remote_connect_get_tmm_memory_info_args {
+ unsigned int detail;
+};
+
+struct remote_connect_get_tmm_memory_info_ret {
+ remote_nonnull_string meminfo;
+};
+
/*----- Protocol. -----*/
/* Define the program number, protocol version and procedure numbers here. */
@@ -7038,5 +7047,11 @@ enum remote_procedure {
* @generate: both
* @acl: domain:read
*/
- REMOTE_PROC_DOMAIN_HOTPATCH_MANAGE = 800
+ REMOTE_PROC_DOMAIN_HOTPATCH_MANAGE = 800,
+
+ /**
+ * @generate: none
+ * @acl: connect:read
+ */
+ REMOTE_PROC_CONNECT_GET_TMM_MEMORY_INFO = 900
};
diff --git a/tools/virsh-host.c b/tools/virsh-host.c
index 6c14be865f..7fdd6aed53 100644
--- a/tools/virsh-host.c
+++ b/tools/virsh-host.c
@@ -1826,6 +1826,98 @@ cmdHypervisorCPUBaseline(vshControl *ctl,
return ret;
}
+/*
+ * "securememinfo" command
+ */
+static const vshCmdInfo info_tmm[] = {
+ {.name = "help",
+ .data = N_("Interaction with the tmm")
+ },
+ {.name = "desc",
+ .data = N_("Call the host kernel dev which is provided for virsh to use receiving tmm informations.")
+ },
+ {.name = NULL}
+};
+
+static const vshCmdOptDef opts_tmm[] = {
+ {.name = "dev",
+ .type = VSH_OT_DATA,
+ .flags = VSH_OFLAG_REQ,
+ .help = N_("Device name of host kernel dev")
+ },
+ {.name = "detail",
+ .type = VSH_OT_BOOL,
+ .help = N_("print detailed info if this option contained in cmd")
+ },
+ {.name = NULL}
+};
+
+static bool
+virshGetTmmMemoryInfo(vshControl *ctl,
+ const vshCmd *cmd)
+{
+ char *tmmMemoryInfo = NULL;
+ bool detail;
+ virshControl *priv = ctl->privData;
+
+ detail = vshCommandOptBool(cmd, "detail");
+ if (!(tmmMemoryInfo = virConnectGetTmmMemoryInfo(priv->conn, (unsigned int)detail))) {
+ vshError(ctl, _("Get tmm_memory_info failed"));
+ return false;
+ }
+
+ vshPrintExtra(ctl, _("%s"), tmmMemoryInfo);
+
+ VIR_FREE(tmmMemoryInfo);
+ return true;
+}
+
+typedef bool
+(*virshTmmFunc)(vshControl *ctl,
+ const vshCmd *cmd);
+
+struct _virshTmmFuncInfo {
+ const char *devName;
+ virshTmmFunc funcPtr;
+};
+
+typedef struct _virshTmmFuncInfo virshTmmFuncInfo;
+
+static virshTmmFuncInfo virshTmmFuncMap[] = {
+ {"tmm_memory_info", virshGetTmmMemoryInfo},
+};
+
+static bool
+virshTmmRunFunc(vshControl *ctl,
+ const char *devName,
+ const vshCmd *cmd)
+{
+ int funcIndex;
+
+ for (funcIndex = 0; funcIndex < sizeof(virshTmmFuncMap) / sizeof(virshTmmFuncInfo); funcIndex++) {
+ if (strcmp(devName, virshTmmFuncMap[funcIndex].devName) == 0) {
+ virshTmmFuncMap[funcIndex].funcPtr(ctl, cmd);
+ return true;
+ }
+ }
+
+ vshError(ctl, _("Invalid dev name"));
+ return false;
+}
+
+static bool
+cmdTmm(vshControl *ctl, const vshCmd *cmd)
+{
+ const char *devName = NULL;
+
+ if (vshCommandOptStringReq(ctl, cmd, "dev", &devName) < 0)
+ return false;
+
+ if (!virshTmmRunFunc(ctl, devName, cmd))
+ return false;
+
+ return true;
+}
const vshCmdDef hostAndHypervisorCmds[] = {
{.name = "allocpages",
@@ -1960,5 +2052,11 @@ const vshCmdDef hostAndHypervisorCmds[] = {
.info = info_version,
.flags = 0
},
+ {.name = "tmm",
+ .handler = cmdTmm,
+ .opts = opts_tmm,
+ .info = info_tmm,
+ .flags = 0
+ },
{.name = NULL}
};
--
2.41.0.windows.1

151
Automatically-unbind-all-devices-driver-under-same-r.patch Normal file
View File

@ -0,0 +1,151 @@
From f81b9542f0d172c06cb38efb61b472786533ae3f Mon Sep 17 00:00:00 2001
From: yangxiangkai <yangxiangkai@huawei.com>
Date: Wed, 4 Sep 2024 03:43:09 +0000
Subject: [PATCH] Automatically unbind all devices' driver under same root port
and bind to vfio-pci in the context of CVM.
---
src/hypervisor/virhostdev.c | 5 ++++
src/hypervisor/virhostdev.h | 1 +
src/qemu/qemu_process.c | 3 +++
src/util/virpci.c | 53 +++++++++++++++++++++++++++++++++++++
src/util/virpci.h | 3 +++
5 files changed, 65 insertions(+)
diff --git a/src/hypervisor/virhostdev.c b/src/hypervisor/virhostdev.c
index 4672bd8785..43493fc64a 100644
--- a/src/hypervisor/virhostdev.c
+++ b/src/hypervisor/virhostdev.c
@@ -707,6 +707,8 @@ virHostdevPreparePCIDevicesImpl(virHostdevManager *mgr,
* shared across guests. Check if that's the case. */
if (usesVFIO) {
data.usesVFIO = true;
+ if (flags & VIR_HOSTDEV_SP_SECURE)
+ virtccaVirPCIDeviceSetSecure(pci, true);
if (virPCIDeviceAddressIOMMUGroupIterate(devAddr,
virHostdevIsPCINodeDeviceUsed,
&data) < 0)
@@ -735,6 +737,9 @@ virHostdevPreparePCIDevicesImpl(virHostdevManager *mgr,
* actual device going forward */
VIR_DEBUG("Detaching managed PCI device %s",
virPCIDeviceGetName(pci));
+ if (virtccaVirPCIDeviceGetSecure(pci))
+ virtccaVirPCIDeviceDetach(pci);
+
if (virPCIDeviceDetach(pci,
mgr->activePCIHostdevs,
mgr->inactivePCIHostdevs) < 0)
diff --git a/src/hypervisor/virhostdev.h b/src/hypervisor/virhostdev.h
index 642d753ffb..6150d327aa 100644
--- a/src/hypervisor/virhostdev.h
+++ b/src/hypervisor/virhostdev.h
@@ -38,6 +38,7 @@ typedef enum {
VIR_HOSTDEV_SP_PCI = (1 << 8), /* support pci passthrough */
VIR_HOSTDEV_SP_USB = (1 << 9), /* support usb passthrough */
VIR_HOSTDEV_SP_SCSI = (1 << 10), /* support scsi passthrough */
+ VIR_HOSTDEV_SP_SECURE = (1 << 11), /* support secure dev passthrough */
} virHostdevFlag;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7ba5575037..892676c020 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7507,6 +7507,9 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
hostdev_flags |= VIR_HOSTDEV_STRICT_ACS_CHECK;
if (flags & VIR_QEMU_PROCESS_START_NEW)
hostdev_flags |= VIR_HOSTDEV_COLD_BOOT;
+ if (vm->def->sec && vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_CVM) {
+ hostdev_flags |= VIR_HOSTDEV_SP_SECURE;
+ }
if (qemuHostdevPrepareDomainDevices(driver, vm->def, hostdev_flags) < 0)
return -1;
diff --git a/src/util/virpci.c b/src/util/virpci.c
index baacde4c14..c5ae10956f 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -94,6 +94,9 @@ struct _virPCIDevice {
bool unbind_from_stub;
bool remove_slot;
bool reprobe;
+
+ /* used by virtcca CoDA feature*/
+ bool secure;
};
struct _virPCIDeviceList {
@@ -1377,6 +1380,56 @@ virPCIDeviceDetach(virPCIDevice *dev,
return 0;
}
+int
+virtccaVirPCIDeviceDetach(virPCIDevice *_dev)
+{
+ int ret = 0;
+ virPCIDevice *dev = NULL;
+ size_t i, j;
+
+ /* Given bus number, there are 32 devices and 8 functions */
+ for (i = 0; i < 32; i++) {
+ for (j = 0; j < 8; j++) {
+ virPCIDeviceAddress devAddr = {.domain = _dev->address.domain,
+ .bus = _dev->address.bus,
+ .slot = i, .function = j};
+ g_autofree char *name = virPCIDeviceAddressAsString(&devAddr);
+ g_autofree char *path = g_strdup_printf(PCI_SYSFS "devices/%s/config", name);
+
+ if (!virFileExists(path))
+ continue;
+
+ if (!(dev = virPCIDeviceNew(&devAddr)))
+ continue;
+
+ virPCIDeviceSetStubDriverType(dev, VIR_PCI_STUB_DRIVER_VFIO);
+
+ if (virPCIDeviceBindToStub(dev) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+ virPCIDeviceFree(dev);
+ }
+ }
+ return ret;
+
+cleanup:
+ virPCIDeviceFree(dev);
+ return ret;
+}
+
+bool
+virtccaVirPCIDeviceGetSecure(virPCIDevice *dev)
+{
+ return dev->secure;
+}
+
+void
+virtccaVirPCIDeviceSetSecure(virPCIDevice *dev, bool secure)
+{
+ dev->secure = secure;
+}
+
/*
* Pre-condition: inactivePCIHostdevs & activePCIHostdevs
* are locked
diff --git a/src/util/virpci.h b/src/util/virpci.h
index faca6cf6f9..7cc754f4af 100644
--- a/src/util/virpci.h
+++ b/src/util/virpci.h
@@ -302,6 +302,9 @@ void virPCIEDeviceInfoFree(virPCIEDeviceInfo *dev);
void virPCIDeviceAddressFree(virPCIDeviceAddress *address);
+int virtccaVirPCIDeviceDetach(virPCIDevice *dev);
+bool virtccaVirPCIDeviceGetSecure(virPCIDevice *dev);
+void virtccaVirPCIDeviceSetSecure(virPCIDevice *dev, bool secure);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDevice, virPCIDeviceFree);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDeviceAddress, virPCIDeviceAddressFree);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIEDeviceInfo, virPCIEDeviceInfoFree);
--
2.41.0.windows.1

66
Bugfix-Enhance-the-capability-to-trace-the-shutdown-.patch Normal file
View File

@ -0,0 +1,66 @@
From f97100914ff9e00c78e41012b695afe864df6c54 Mon Sep 17 00:00:00 2001
From: Adttil <2429917001@qq.com>
Date: Thu, 12 Dec 2024 19:39:52 +0800
Subject: [PATCH] Bugfix: Enhance the capability to trace the shutdown status
of large VMS
Since the passthrough device needs to be unpinned when shutting down,
this greatly extends the VM shutdown time. Previously, libvirt's
tracking time for the qemu process was only related to the number of
devices, which led to the tracking time exceeding the limit in scenarios
with large-size passthrough devices. Now fix him by adjusting the delay
to vary with memory size.
Signed-off-by: wwwumr <1127858301@qq.com>
Signed-off-by: Adttil <2429917001@qq.com>
---
src/qemu/qemu_process.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 63ce075812..89dfd23c84 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -103,6 +103,7 @@
#include "logging/log_protocol.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
+#define MEMORY_LATENCY_FACTOR (1 << 20)
VIR_LOG_INIT("qemu.qemu_process");
@@ -8610,6 +8611,9 @@ qemuProcessCreatePretendCmdBuild(virDomainObj *vm,
int
qemuProcessKill(virDomainObj *vm, unsigned int flags)
{
+ unsigned long long memoryPotentialDelay;
+ size_t extraWaitingTime;
+
VIR_DEBUG("vm=%p name=%s pid=%lld flags=0x%x",
vm, vm->def->name,
(long long)vm->pid, flags);
@@ -8629,10 +8633,19 @@ qemuProcessKill(virDomainObj *vm, unsigned int flags)
}
/* Request an extra delay of two seconds per current nhostdevs
- * to be safe against stalls by the kernel freeing up the resources */
+ * to be safe against stalls by the kernel freeing up the resources
+ * At the same time, Calculate the extra waiting delay required by the
+ * VM specifications. The unpin time during device passthrough is
+ * related to the momory */
+ extraWaitingTime = vm->def->nhostdevs * 2;
+ if (vm->def->nhostdevs > 0) {
+ memoryPotentialDelay = vm->def->mem.total_memory / MEMORY_LATENCY_FACTOR;
+ extraWaitingTime += (size_t)memoryPotentialDelay;
+ }
+
return virProcessKillPainfullyDelay(vm->pid,
!!(flags & VIR_QEMU_PROCESS_KILL_FORCE),
- vm->def->nhostdevs * 2,
+ extraWaitingTime,
false);
}
--
2.41.0.windows.1

49
Consistent-coding-style-with-opensource.patch Normal file
View File

@ -0,0 +1,49 @@
From 10972b18fd6d91a82bc4be81b21a2db72224e8a0 Mon Sep 17 00:00:00 2001
From: lihhua <lihuhua@huawei.com>
Date: Tue, 3 Sep 2024 10:40:35 +0800
Subject: [PATCH] Consistent coding style with opensource.
---
src/qemu/qemu_driver.c | 12 ++++++++++++
src/remote/remote_driver.c | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5a5aa28449..df275c403c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20051,6 +20051,18 @@ qemuConnectTmmInfoListAppend(char **format,
return ret;
}
+/*
+* The format of baseMeminfo should be:
+* available: X num nodes (1 2 3 4)
+* numa node 0 size: XXXMi
+* numa node 0 free: XXXMi
+* ...
+*
+* The format of slabInfo should be:
+* numa node 0 td meta_data cnt: xxx
+* numa node 0 td meta_data free cnt: xxx
+* ...
+*/
static char *
qemuConnectTmmDetailInfoFormat(char *baseMeminfo,
char *slabInfo)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 4b9ad30ed6..82d4c968ea 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -7876,7 +7876,7 @@ static virHypervisorDriver hypervisor_driver = {
.domainStartDirtyRateCalc = remoteDomainStartDirtyRateCalc, /* 7.2.0 */
.domainSetLaunchSecurityState = remoteDomainSetLaunchSecurityState, /* 8.0.0 */
.domainFDAssociate = remoteDomainFDAssociate, /* 9.0.0 */
- .connectGetTmmMemoryInfo = remoteConnectGetTmmMemoryInfo /* 9.0.0 */
+ .connectGetTmmMemoryInfo = remoteConnectGetTmmMemoryInfo, /* 9.0.0 */
};
static virNetworkDriver network_driver = {
--
2.41.0.windows.1

91
build-Make-daemons-depend-on-generated-_protocol.-ch.patch Normal file
View File

@ -0,0 +1,91 @@
From 2703f133869014a99cdfb9107e8315f4ea419d48 Mon Sep 17 00:00:00 2001
From: lihhua <lihuhua@huawei.com>
Date: Sat, 24 Aug 2024 11:11:42 +0800
Subject: [PATCH] build: Make daemons depend on generated *_protocol.[ch]
---
po/meson.build | 1 +
src/meson.build | 6 +++++-
src/remote/meson.build | 15 +++++++++++----
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/po/meson.build b/po/meson.build
index a20877ad34..592b254447 100644
--- a/po/meson.build
+++ b/po/meson.build
@@ -20,6 +20,7 @@ potfiles_dep = [
access_gen_sources,
admin_client_generated,
admin_driver_generated,
+ remote_protocol_generated,
remote_driver_generated,
remote_daemon_generated,
]
diff --git a/src/meson.build b/src/meson.build
index 6538c43628..f52d2d5994 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -616,7 +616,11 @@ foreach daemon : virt_daemons
bin = executable(
daemon['name'],
[
- daemon.get('sources', [ remote_daemon_sources, remote_daemon_generated ]),
+ daemon.get('sources', [
+ remote_protocol_generated,
+ remote_daemon_sources,
+ remote_daemon_generated
+ ]),
dtrace_gen_objects,
],
c_args: [
diff --git a/src/remote/meson.build b/src/remote/meson.build
index 16b903fcaf..43bf2d0083 100644
--- a/src/remote/meson.build
+++ b/src/remote/meson.build
@@ -7,8 +7,6 @@ remote_driver_generated = []
foreach name : [ 'remote', 'qemu', 'lxc' ]
client_bodies_h = '@0@_client_bodies.h'.format(name)
- protocol_c = '@0@_protocol.c'.format(name)
- protocol_h = '@0@_protocol.h'.format(name)
protocol_x = '@0@_protocol.x'.format(name)
remote_driver_generated += custom_target(
@@ -20,8 +18,16 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
],
capture: true,
)
+endforeach
- remote_driver_generated += custom_target(
+remote_protocol_generated = []
+
+foreach name : [ 'remote', 'qemu', 'lxc' ]
+ protocol_c = '@0@_protocol.c'.format(name)
+ protocol_h = '@0@_protocol.h'.format(name)
+ protocol_x = '@0@_protocol.x'.format(name)
+
+ remote_protocol_generated += custom_target(
protocol_h,
input: protocol_x,
output: protocol_h,
@@ -32,7 +38,7 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
],
)
- remote_driver_generated += custom_target(
+ remote_protocol_generated += custom_target(
protocol_c,
input: protocol_x,
output: protocol_c,
@@ -143,6 +149,7 @@ if conf.has('WITH_REMOTE')
remote_driver_lib = static_library(
'virt_remote_driver',
[
+ remote_protocol_generated,
remote_driver_sources,
remote_driver_generated,
],
--
2.41.0.windows.1

89
conf-qemu-add-libvirt-support-reuse-id-for-hygon-CSV.patch Normal file
View File

@ -0,0 +1,89 @@
From cbc574f26c7fa7d107a2827ea335a13c4b253726 Mon Sep 17 00:00:00 2001
From: panpingsheng <panpingsheng@hygon.cn>
Date: Fri, 8 Sep 2023 15:04:44 +0800
Subject: [PATCH] conf: qemu: add libvirt support reuse id for hygon CSV
csv xml format:
<launchSecurity type='sev'>
<policy>0x0081</policy>
<cbitpos>47</cbitpos>
<reducedPhysBits>5</reducedPhysBits>
<userid>usertest</userid>
</launchSecurity>
Signed-off-by: panpingsheng <panpingsheng@hygon.cn>
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
src/conf/domain_conf.c | 5 +++++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 4 ++++
3 files changed, 10 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index db49355788..2be4706b03 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3828,6 +3828,7 @@ virDomainSecDefFree(virDomainSecDef *def)
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
g_free(def->data.sev.dh_cert);
g_free(def->data.sev.session);
+ g_free(def->data.sev.user_id);
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
@@ -13547,6 +13548,7 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
def->dh_cert = virXPathString("string(./dhCert)", ctxt);
def->session = virXPathString("string(./session)", ctxt);
+ def->user_id = virXPathString("string(./userid)", ctxt);
return 0;
}
@@ -26613,6 +26615,9 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
if (sev->session)
virBufferEscapeString(&childBuf, "<session>%s</session>\n", sev->session);
+ if (sev->user_id)
+ virBufferEscapeString(&childBuf, "<userid>%s</userid>\n", sev->user_id);
+
break;
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index a687895726..c06ac9552c 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2873,6 +2873,7 @@ struct _virDomainSEVDef {
bool haveReducedPhysBits;
unsigned int reduced_phys_bits;
virTristateBool kernel_hashes;
+ char *user_id;
};
struct _virDomainSecDef {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6e16e65d54..d4a0d73aae 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9718,6 +9718,9 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
sev->policy, sev->cbitpos, sev->reduced_phys_bits);
+ if (sev->user_id)
+ VIR_DEBUG("user_id=%s", sev->user_id);
+
if (sev->dh_cert)
dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir);
@@ -9728,6 +9731,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
"u:cbitpos", sev->cbitpos,
"u:reduced-phys-bits", sev->reduced_phys_bits,
"u:policy", sev->policy,
+ "S:user-id", sev->user_id,
"S:dh-cert-file", dhpath,
"S:session-file", sessionpath,
"T:kernel-hashes", sev->kernel_hashes,
--
2.41.0.windows.1

129
conf-qemu-support-provide-inject-secret-for-Hygon-CS.patch Normal file
View File

@ -0,0 +1,129 @@
From 66ab1f1ce7ae35f757580062ef6653ae64c01522 Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Wed, 13 Nov 2024 16:12:57 +0800
Subject: [PATCH] conf: qemu: support provide inject secret for Hygon CSV
csv xml format:
<launchSecurity type='sev'>
<policy>0x0001</policy>
<cbitpos>47</cbitpos>
<reducePhysBits>5</reducedPhysBits>
<dhCert>U2FsdGVkX1+rW6B/JbYqNA==</dhCert>
<session>5aeG4mH2E/OqN1a3uT8hfg==</session>
<secretHeader>gW3E30rG/I3L1nD/YfG+DA==</secretHeader>
<secret>zP1oY9W7ZcPFtL0QeN11vQ==</secret>
</launchSecurity>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
src/conf/domain_conf.c | 8 ++++++++
src/conf/domain_conf.h | 2 ++
src/qemu/qemu_command.c | 10 ++++++++++
src/qemu/qemu_process.c | 10 ++++++++++
4 files changed, 30 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 2be4706b03..b3475757c3 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3829,6 +3829,8 @@ virDomainSecDefFree(virDomainSecDef *def)
g_free(def->data.sev.dh_cert);
g_free(def->data.sev.session);
g_free(def->data.sev.user_id);
+ g_free(def->data.sev.secret_header);
+ g_free(def->data.sev.secret);
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
@@ -13549,6 +13551,8 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
def->dh_cert = virXPathString("string(./dhCert)", ctxt);
def->session = virXPathString("string(./session)", ctxt);
def->user_id = virXPathString("string(./userid)", ctxt);
+ def->secret_header = virXPathString("string(./secretHeader)", ctxt);
+ def->secret = virXPathString("string(./secret)", ctxt);
return 0;
}
@@ -26617,6 +26621,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
if (sev->user_id)
virBufferEscapeString(&childBuf, "<userid>%s</userid>\n", sev->user_id);
+ if (sev->secret_header)
+ virBufferEscapeString(&childBuf, "<secretHeader>%s</secretHeader>\n", sev->secret_header);
+ if (sev->secret)
+ virBufferEscapeString(&childBuf, "<secret>%s</secret>\n", sev->secret);
break;
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c06ac9552c..f0e5535013 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2874,6 +2874,8 @@ struct _virDomainSEVDef {
unsigned int reduced_phys_bits;
virTristateBool kernel_hashes;
char *user_id;
+ char *secret_header;
+ char *secret;
};
struct _virDomainSecDef {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d4a0d73aae..0c47f019f2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9714,6 +9714,8 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
qemuDomainObjPrivate *priv = vm->privateData;
g_autofree char *dhpath = NULL;
g_autofree char *sessionpath = NULL;
+ g_autofree char *secretheaderpath = NULL;
+ g_autofree char *secretpath = NULL;
VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
sev->policy, sev->cbitpos, sev->reduced_phys_bits);
@@ -9727,6 +9729,12 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
if (sev->session)
sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
+ if (sev->secret_header)
+ secretheaderpath = g_strdup_printf("%s/secret_header.base64", priv->libDir);
+
+ if (sev->secret)
+ secretpath = g_strdup_printf("%s/secret.base64", priv->libDir);
+
if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
"u:cbitpos", sev->cbitpos,
"u:reduced-phys-bits", sev->reduced_phys_bits,
@@ -9735,6 +9743,8 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
"S:dh-cert-file", dhpath,
"S:session-file", sessionpath,
"T:kernel-hashes", sev->kernel_hashes,
+ "S:secret-header-file", secretheaderpath,
+ "S:secret-file", secretpath,
NULL) < 0)
return -1;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 892676c020..63ce075812 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7029,6 +7029,16 @@ qemuProcessPrepareSEVGuestInput(virDomainObj *vm)
return -1;
}
+ if (sev->secret_header) {
+ if (qemuProcessSEVCreateFile(vm, "secret_header", sev->secret_header) < 0)
+ return -1;
+ }
+
+ if (sev->secret) {
+ if (qemuProcessSEVCreateFile(vm, "secret", sev->secret) < 0)
+ return -1;
+ }
+
return 0;
}
--
2.41.0.windows.1

20
libvirt.spec
View File

@ -262,7 +262,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 9.10.0
Release: 13
Release: 14
License: LGPLv2+
URL: https://libvirt.org/
@ -321,6 +321,14 @@ Patch0047: Implement-the-method-of-getting-host-info-for-loonga.patch
Patch0048: rpc-ensure-temporary-GSource-is-removed-from-client-.patch
Patch0049: vdpa-vdpa-device-hotplug-unplug-bugfix-and-support-v.patch
Patch0050: Revert-node_device-fix-leak-of-DIR.patch
Patch0051: Add-cvm-parameter-into-the-type-of-LaunchSecurity-wh.patch
Patch0052: Add-the-get-tmm-memory-info-API-into-libvirt-host.-A.patch
Patch0053: build-Make-daemons-depend-on-generated-_protocol.-ch.patch
Patch0054: Consistent-coding-style-with-opensource.patch
Patch0055: Automatically-unbind-all-devices-driver-under-same-r.patch
Patch0056: conf-qemu-add-libvirt-support-reuse-id-for-hygon-CSV.patch
Patch0057: conf-qemu-support-provide-inject-secret-for-Hygon-CS.patch
Patch0058: Bugfix-Enhance-the-capability-to-trace-the-shutdown-.patch
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -2612,6 +2620,16 @@ exit 0
%endif
%changelog
* Thu Dec 12 2024 JiaboFeng <fengjiabo1@huawei.com> - 9.10.0-14
- Bugfix: Enhance the capability to trace the shutdown status of large VMS
- conf: qemu: support provide inject secret for Hygon CSV
- conf: qemu: add libvirt support reuse id for hygon CSV
- Automatically unbind all devices' driver under same root port and bind to vfio-pci in the context of CVM.
- Consistent coding style with opensource.
- build: Make daemons depend on generated *_protocol.[ch]
- Add the get tmm memory info API into libvirt-host. Also should add the RPC calls into libvirtd for API calling.
- Add cvm parameter into the type of LaunchSecurity which is a optional filed for libvirt xml
* Thu Nov 28 2024 Adttil <2429917001@qq.com> 9.10.0-13
- vdpa: support vdpa device boot index and fix hotplug/unplug bug