4757f653ca
- Bugfix: Enhance the capability to trace the shutdown status of large VMS - conf: qemu: support provide inject secret for Hygon CSV - conf: qemu: add libvirt support reuse id for hygon CSV - Automatically unbind all devices' driver under same root port and bind to vfio-pci in the context of CVM. - Consistent coding style with opensource. - build: Make daemons depend on generated *_protocol.[ch] - Add the get tmm memory info API into libvirt-host. Also should add the RPC calls into libvirtd for API calling. - Add cvm parameter into the type of LaunchSecurity which is a optional filed for libvirt xml Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit d6a30a53977380d182cdf5f873c4ceb1ec29a85a)
190 lines
6.8 KiB
Diff
190 lines
6.8 KiB
Diff
From ddf9053ad7df4553ec4abb04370e74f90bb134cf Mon Sep 17 00:00:00 2001
|
|
From: ikarosYuuki <tujipei@huawei.com>
|
|
Date: Fri, 2 Aug 2024 14:16:37 +0800
|
|
Subject: [PATCH] Add cvm parameter into the type of LaunchSecurity which is a
|
|
optional filed for libvirt xml. Its purpose is to pass the cvm parameter
|
|
through to qemu. Also this patch support virsh edit to save cvm parameter
|
|
into libvirt temporary xml.
|
|
|
|
---
|
|
src/conf/domain_conf.c | 4 ++++
|
|
src/conf/domain_conf.h | 1 +
|
|
src/conf/schemas/domaincommon.rng | 9 +++++++++
|
|
src/qemu/qemu_command.c | 5 +++++
|
|
src/qemu/qemu_driver.c | 8 ++++++++
|
|
src/qemu/qemu_firmware.c | 1 +
|
|
src/qemu/qemu_namespace.c | 1 +
|
|
src/qemu/qemu_process.c | 1 +
|
|
src/qemu/qemu_validate.c | 2 ++
|
|
9 files changed, 32 insertions(+)
|
|
|
|
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
|
index 4798d01d12..db49355788 100644
|
|
--- a/src/conf/domain_conf.c
|
|
+++ b/src/conf/domain_conf.c
|
|
@@ -1516,6 +1516,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
|
|
"",
|
|
"sev",
|
|
"s390-pv",
|
|
+ "cvm",
|
|
);
|
|
|
|
typedef enum {
|
|
@@ -3829,6 +3830,7 @@ virDomainSecDefFree(virDomainSecDef *def)
|
|
g_free(def->data.sev.session);
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
break;
|
|
@@ -13570,6 +13572,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
|
|
return NULL;
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
@@ -26614,6 +26617,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
|
|
}
|
|
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
break;
|
|
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
|
|
index e8a75afa2c..a687895726 100644
|
|
--- a/src/conf/domain_conf.h
|
|
+++ b/src/conf/domain_conf.h
|
|
@@ -2858,6 +2858,7 @@ typedef enum {
|
|
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
|
|
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
|
|
VIR_DOMAIN_LAUNCH_SECURITY_PV,
|
|
+ VIR_DOMAIN_LAUNCH_SECURITY_CVM,
|
|
|
|
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
|
|
} virDomainLaunchSecurity;
|
|
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
|
|
index b98a2ae602..f31603b2fd 100644
|
|
--- a/src/conf/schemas/domaincommon.rng
|
|
+++ b/src/conf/schemas/domaincommon.rng
|
|
@@ -520,6 +520,9 @@
|
|
<value>s390-pv</value>
|
|
</attribute>
|
|
</group>
|
|
+ <group>
|
|
+ <ref name="launchSecurityCVM"/>
|
|
+ </group>
|
|
</choice>
|
|
</element>
|
|
</define>
|
|
@@ -565,6 +568,12 @@
|
|
</interleave>
|
|
</define>
|
|
|
|
+ <define name="launchSecurityCVM">
|
|
+ <attribute name="type">
|
|
+ <value>cvm</value>
|
|
+ </attribute>
|
|
+ </define>
|
|
+
|
|
<!--
|
|
Enable or disable perf events for the domain. For each
|
|
of the events the following rules apply:
|
|
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
|
|
index 609eb6772e..6e16e65d54 100644
|
|
--- a/src/qemu/qemu_command.c
|
|
+++ b/src/qemu/qemu_command.c
|
|
@@ -7035,6 +7035,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
|
|
break;
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
+ virBufferAddLit(&buf, ",kvm-type=cvm");
|
|
+ break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
|
|
@@ -9769,6 +9772,8 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
return qemuBuildPVCommandLine(vm, cmd);
|
|
break;
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
+ break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype);
|
|
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
|
index 6b07bcc8dc..d7fb93b3b3 100644
|
|
--- a/src/qemu/qemu_driver.c
|
|
+++ b/src/qemu/qemu_driver.c
|
|
@@ -6315,6 +6315,14 @@ qemuDomainObjStart(virConnectPtr conn,
|
|
}
|
|
}
|
|
|
|
+ if (vm->def->sec && vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_CVM) {
|
|
+ if (virFileWriteStr("/proc/sys/vm/overcommit_memory", "1", 0)) {
|
|
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
+ _("Failed to enable overcommit_memory"));
|
|
+ return -1;
|
|
+ }
|
|
+ }
|
|
+
|
|
ret = qemuProcessStart(conn, driver, vm, NULL, asyncJob,
|
|
NULL, -1, NULL, NULL,
|
|
VIR_NETDEV_VPORT_PROFILE_OP_CREATE, start_flags);
|
|
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
|
|
index d39e61d071..31ed6e881b 100644
|
|
--- a/src/qemu/qemu_firmware.c
|
|
+++ b/src/qemu/qemu_firmware.c
|
|
@@ -1374,6 +1374,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
|
|
}
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
|
|
index 915d44310f..ff314ce243 100644
|
|
--- a/src/qemu/qemu_namespace.c
|
|
+++ b/src/qemu/qemu_namespace.c
|
|
@@ -660,6 +660,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
|
|
VIR_DEBUG("Set up launch security for SEV");
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
|
index 08d4f257eb..7ba5575037 100644
|
|
--- a/src/qemu/qemu_process.c
|
|
+++ b/src/qemu/qemu_process.c
|
|
@@ -7045,6 +7045,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
|
|
return qemuProcessPrepareSEVGuestInput(vm);
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
return 0;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
|
|
index a51cb6017d..449fb2f2d1 100644
|
|
--- a/src/qemu/qemu_validate.c
|
|
+++ b/src/qemu/qemu_validate.c
|
|
@@ -1322,6 +1322,8 @@ qemuValidateDomainDef(const virDomainDef *def,
|
|
return -1;
|
|
}
|
|
break;
|
|
+ case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
|
|
+ break;
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
|
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
|
virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
|
|
--
|
|
2.41.0.windows.1
|
|
|