[PATCH v3 2/4] conf: Parse virtio-crypto in the domain XML

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch parse the domain XML with virtio-crypto
support, the virtio-crypto XML looks like this:

  <crypto model='virtio'>
    <backend type='builtin' queues='1'/>
  </crypto>

Signed-off-by: Longpeng(Mike) <longpeng2@xxxxxxxxxx>
---
 src/conf/domain_conf.c         | 213 ++++++++++++++++++++++++++++++++++++++++-
 src/conf/domain_conf.h         |  32 +++++++
 src/libvirt_private.syms       |   4 +
 src/qemu/qemu_domain_address.c |   1 +
 src/qemu/qemu_driver.c         |   6 ++
 src/qemu/qemu_hotplug.c        |   1 +
 6 files changed, 256 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c3149f9..ea353ea 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -253,7 +253,8 @@ VIR_ENUM_IMPL(virDomainDevice, VIR_DOMAIN_DEVICE_LAST,
               "tpm",
               "panic",
               "memory",
-              "iommu")
+              "iommu",
+              "crypto")
 
 VIR_ENUM_IMPL(virDomainDeviceAddress, VIR_DOMAIN_DEVICE_ADDRESS_TYPE_LAST,
               "none",
@@ -830,6 +831,14 @@ VIR_ENUM_IMPL(virDomainRNGBackend,
               "random",
               "egd");
 
+VIR_ENUM_IMPL(virDomainCryptoModel,
+              VIR_DOMAIN_CRYPTO_MODEL_LAST,
+              "virtio");
+
+VIR_ENUM_IMPL(virDomainCryptoBackend,
+              VIR_DOMAIN_CRYPTO_BACKEND_LAST,
+              "builtin");
+
 VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST,
               "tpm-tis")
 
@@ -2617,6 +2626,9 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def)
     case VIR_DOMAIN_DEVICE_IOMMU:
         VIR_FREE(def->data.iommu);
         break;
+    case VIR_DOMAIN_DEVICE_CRYPTO:
+        virDomainCryptoDefFree(def->data.crypto);
+        break;
     case VIR_DOMAIN_DEVICE_LAST:
     case VIR_DOMAIN_DEVICE_NONE:
         break;
@@ -2866,6 +2878,10 @@ void virDomainDefFree(virDomainDefPtr def)
 
     VIR_FREE(def->iommu);
 
+    for (i = 0; i < def->ncryptos; i++)
+        virDomainCryptoDefFree(def->cryptos[i]);
+    VIR_FREE(def->cryptos);
+
     VIR_FREE(def->idmap.uidmap);
     VIR_FREE(def->idmap.gidmap);
 
@@ -3453,6 +3469,8 @@ virDomainDeviceGetInfo(virDomainDeviceDefPtr device)
         return &device->data.panic->info;
     case VIR_DOMAIN_DEVICE_MEMORY:
         return &device->data.memory->info;
+    case VIR_DOMAIN_DEVICE_CRYPTO:
+        return &device->data.crypto->info;
 
     /* The following devices do not contain virDomainDeviceInfo */
     case VIR_DOMAIN_DEVICE_LEASE:
@@ -3768,6 +3786,13 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def,
             return -1;
     }
 
+    device.type = VIR_DOMAIN_DEVICE_CRYPTO;
+    for (i = 0; i < def->ncryptos; i++) {
+        device.data.crypto = def->cryptos[i];
+        if (cb(def, &device, &def->cryptos[i]->info, opaque) < 0)
+            return -1;
+    }
+
     /* Coverity is not very happy with this - all dead_error_condition */
 #if !STATIC_ANALYSIS
     /* This switch statement is here to trigger compiler warning when adding
@@ -3802,6 +3827,7 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def,
     case VIR_DOMAIN_DEVICE_RNG:
     case VIR_DOMAIN_DEVICE_MEMORY:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
         break;
     }
 #endif
@@ -5095,6 +5121,7 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_MEMORY:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_LAST:
         break;
@@ -13048,6 +13075,88 @@ virDomainRNGDefParseXML(virDomainXMLOptionPtr xmlopt,
 }
 
 
+static virDomainCryptoDefPtr
+virDomainCryptoDefParseXML(xmlNodePtr node,
+                           xmlXPathContextPtr ctxt,
+                           unsigned int flags)
+{
+    char *model = NULL;
+    char *backend = NULL;
+    char *queues = NULL;
+    virDomainCryptoDefPtr def;
+    xmlNodePtr save = ctxt->node;
+    xmlNodePtr *backends = NULL;
+    int nbackends;
+
+    if (VIR_ALLOC(def) < 0)
+        return NULL;
+
+    if (!(model = virXMLPropString(node, "model"))) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing Crypto device model"));
+        goto error;
+    }
+
+    if ((def->model = virDomainCryptoModelTypeFromString(model)) < 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("unknown Crypto model '%s'"), model);
+        goto error;
+    }
+
+    ctxt->node = node;
+
+    if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0)
+        goto error;
+
+    if (nbackends != 1) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("only one Crypto backend is supported"));
+        goto error;
+    }
+
+    if (!(backend = virXMLPropString(backends[0], "type"))) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing Crypto device backend type"));
+        goto error;
+    }
+
+    if ((def->backend = virDomainCryptoBackendTypeFromString(backend)) < 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("unknown Crypto backend model '%s'"), backend);
+        goto error;
+    }
+
+    switch ((virDomainCryptoBackend) def->backend) {
+    case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN:
+        queues = virXMLPropString(backends[0], "queues");
+        if (queues && virStrToLong_ui(queues, NULL, 10, &def->queues) < 0) {
+            virReportError(VIR_ERR_XML_ERROR,
+                            _("Malformed 'queues' value '%s'"), queues);
+        }
+        break;
+
+    case VIR_DOMAIN_CRYPTO_BACKEND_LAST:
+        break;
+    }
+
+    if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0)
+        goto error;
+
+ cleanup:
+    VIR_FREE(model);
+    VIR_FREE(backend);
+    VIR_FREE(queues);
+    VIR_FREE(backends);
+    ctxt->node = save;
+    return def;
+
+ error:
+    virDomainCryptoDefFree(def);
+    def = NULL;
+    goto cleanup;
+}
+
+
 static virDomainMemballoonDefPtr
 virDomainMemballoonDefParseXML(xmlNodePtr node,
                                xmlXPathContextPtr ctxt,
@@ -14643,6 +14752,10 @@ virDomainDeviceDefParse(const char *xmlStr,
         if (!(dev->data.iommu = virDomainIOMMUDefParseXML(node, ctxt)))
             goto error;
         break;
+    case VIR_DOMAIN_DEVICE_CRYPTO:
+        if (!(dev->data.crypto = virDomainCryptoDefParseXML(node, ctxt, flags)))
+            goto error;
+        break;
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_LAST:
         break;
@@ -17709,6 +17822,22 @@ virDomainDefParseXML(xmlDocPtr xml,
     }
     VIR_FREE(nodes);
 
+    /* Parse the crypto devices */
+    if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0)
+        goto error;
+    if (n && VIR_ALLOC_N(def->cryptos, n) < 0)
+        goto error;
+    for (i = 0; i < n; i++) {
+        virDomainCryptoDefPtr crypto = virDomainCryptoDefParseXML(nodes[i],
+                                                                  ctxt,
+                                                                  flags);
+        if (!crypto)
+            goto error;
+
+        def->cryptos[def->ncryptos++] = crypto;
+    }
+    VIR_FREE(nodes);
+
     if (virCPUDefParseXML(ctxt, "./cpu[1]", VIR_CPU_TYPE_GUEST, &def->cpu) < 0)
         goto error;
 
@@ -19815,6 +19944,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src,
 
 
 static bool
+virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src,
+                                    virDomainCryptoDefPtr dst)
+{
+    if (src->model != dst->model) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("Target Crypto model '%s' does not match source '%s'"),
+                       virDomainCryptoModelTypeToString(dst->model),
+                       virDomainCryptoModelTypeToString(src->model));
+        return false;
+    }
+
+    if (!virDomainDeviceInfoCheckABIStability(&src->info, &dst->info))
+        return false;
+
+    return true;
+}
+
+
+static bool
 virDomainHubDefCheckABIStability(virDomainHubDefPtr src,
                                  virDomainHubDefPtr dst)
 {
@@ -20718,6 +20866,17 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src,
         !xmlopt->abi.domain(src, dst))
         goto error;
 
+    if (src->ncryptos != dst->ncryptos) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("Target domain crypto device count %zu "
+                         "does not match source %zu"), dst->ncryptos, src->ncryptos);
+        goto error;
+    }
+
+    for (i = 0; i < src->ncryptos; i++)
+        if (!virDomainCryptoDefCheckABIStability(src->cryptos[i], dst->cryptos[i]))
+            goto error;
+
     /* Coverity is not very happy with this - all dead_error_condition */
 #if !STATIC_ANALYSIS
     /* This switch statement is here to trigger compiler warning when adding
@@ -20751,6 +20910,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src,
     case VIR_DOMAIN_DEVICE_SHMEM:
     case VIR_DOMAIN_DEVICE_MEMORY:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
         break;
     }
 #endif
@@ -23387,6 +23547,49 @@ virDomainRNGDefFree(virDomainRNGDefPtr def)
 
 
 static int
+virDomainCryptoDefFormat(virBufferPtr buf,
+                         virDomainCryptoDefPtr def,
+                         unsigned int flags)
+{
+    const char *model = virDomainCryptoModelTypeToString(def->model);
+    const char *backend = virDomainCryptoBackendTypeToString(def->backend);
+
+    virBufferAsprintf(buf, "<crypto model='%s'>\n", model);
+    virBufferAdjustIndent(buf, 2);
+    virBufferAsprintf(buf, "<backend type='%s'", backend);
+
+    switch ((virDomainCryptoBackend) def->backend) {
+    case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN:
+        if (def->queues)
+            virBufferAsprintf(buf, " queues='%u'", def->queues);
+
+        virBufferAddLit(buf, "/>\n");
+        break;
+
+    case VIR_DOMAIN_CRYPTO_BACKEND_LAST:
+        break;
+    }
+
+    if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0)
+        return -1;
+
+    virBufferAdjustIndent(buf, -2);
+    virBufferAddLit(buf, "</crypto>\n");
+    return 0;
+}
+
+void
+virDomainCryptoDefFree(virDomainCryptoDefPtr def)
+{
+    if (!def)
+        return;
+
+    virDomainDeviceInfoClear(&def->info);
+    VIR_FREE(def);
+}
+
+
+static int
 virDomainMemorySourceDefFormat(virBufferPtr buf,
                                virDomainMemoryDefPtr def)
 {
@@ -25418,6 +25621,11 @@ virDomainDefFormatInternal(virDomainDefPtr def,
             goto error;
     }
 
+    for (n = 0; n < def->ncryptos; n++) {
+        if (virDomainCryptoDefFormat(buf, def->cryptos[n], flags))
+            goto error;
+    }
+
     if (def->iommu)
         virDomainIOMMUDefFormat(buf, def->iommu);
 
@@ -26500,6 +26708,9 @@ virDomainDeviceDefCopy(virDomainDeviceDefPtr src,
     case VIR_DOMAIN_DEVICE_SHMEM:
         rc = virDomainShmemDefFormat(&buf, src->data.shmem, flags);
         break;
+    case VIR_DOMAIN_DEVICE_CRYPTO:
+        rc = virDomainCryptoDefFormat(&buf, src->data.crypto, flags);
+        break;
 
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_SMARTCARD:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 964bc02..3dd809a 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -159,6 +159,9 @@ typedef virDomainIOMMUDef *virDomainIOMMUDefPtr;
 typedef struct _virDomainVirtioOptions virDomainVirtioOptions;
 typedef virDomainVirtioOptions *virDomainVirtioOptionsPtr;
 
+typedef struct _virDomainCryptoDef virDomainCryptoDef;
+typedef virDomainCryptoDef *virDomainCryptoDefPtr;
+
 /* Flags for the 'type' field in virDomainDeviceDef */
 typedef enum {
     VIR_DOMAIN_DEVICE_NONE = 0,
@@ -185,6 +188,7 @@ typedef enum {
     VIR_DOMAIN_DEVICE_PANIC,
     VIR_DOMAIN_DEVICE_MEMORY,
     VIR_DOMAIN_DEVICE_IOMMU,
+    VIR_DOMAIN_DEVICE_CRYPTO,
 
     VIR_DOMAIN_DEVICE_LAST
 } virDomainDeviceType;
@@ -217,6 +221,7 @@ struct _virDomainDeviceDef {
         virDomainPanicDefPtr panic;
         virDomainMemoryDefPtr memory;
         virDomainIOMMUDefPtr iommu;
+        virDomainCryptoDefPtr crypto;
     } data;
 };
 
@@ -2043,6 +2048,26 @@ struct _virDomainRNGDef {
 };
 
 typedef enum {
+    VIR_DOMAIN_CRYPTO_MODEL_VIRTIO,
+
+    VIR_DOMAIN_CRYPTO_MODEL_LAST
+} virDomainCryptoModel;
+
+typedef enum {
+    VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN,
+
+    VIR_DOMAIN_CRYPTO_BACKEND_LAST
+} virDomainCryptoBackend;
+
+struct _virDomainCryptoDef {
+    int model;
+    int backend;
+    unsigned int queues; /* Multiqueue virtio-crypto */
+
+    virDomainDeviceInfo info;
+};
+
+typedef enum {
     VIR_DOMAIN_MEMORY_MODEL_NONE,
     VIR_DOMAIN_MEMORY_MODEL_DIMM, /* dimm hotpluggable memory device */
     VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device */
@@ -2380,6 +2405,9 @@ struct _virDomainDef {
     size_t npanics;
     virDomainPanicDefPtr *panics;
 
+    size_t ncryptos;
+    virDomainCryptoDefPtr *cryptos;
+
     /* Only 1 */
     virDomainWatchdogDefPtr watchdog;
     virDomainMemballoonDefPtr memballoon;
@@ -2908,6 +2936,8 @@ int virDomainDefCompatibleDevice(virDomainDefPtr def,
 
 void virDomainRNGDefFree(virDomainRNGDefPtr def);
 
+void virDomainCryptoDefFree(virDomainCryptoDefPtr def);
+
 int virDomainDiskIndexByAddress(virDomainDefPtr def,
                                 virPCIDeviceAddressPtr pci_controller,
                                 unsigned int bus, unsigned int target,
@@ -3236,6 +3266,8 @@ VIR_ENUM_DECL(virDomainShutdownReason)
 VIR_ENUM_DECL(virDomainShutoffReason)
 VIR_ENUM_DECL(virDomainCrashedReason)
 VIR_ENUM_DECL(virDomainPMSuspendedReason)
+VIR_ENUM_DECL(virDomainCryptoModel)
+VIR_ENUM_DECL(virDomainCryptoBackend)
 
 const char *virDomainStateReasonToString(virDomainState state, int reason);
 int virDomainStateReasonFromString(virDomainState state, const char *reason);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 888412a..b183bea 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -237,6 +237,10 @@ virDomainControllerRemove;
 virDomainControllerTypeToString;
 virDomainCpuPlacementModeTypeFromString;
 virDomainCpuPlacementModeTypeToString;
+virDomainCryptoBackendTypeFromString;
+virDomainCryptoBackendTypeToString;
+virDomainCryptoModelTypeFromString;
+virDomainCryptoModelTypeToString;
 virDomainDefAddController;
 virDomainDefAddImplicitDevices;
 virDomainDefAddUSBController;
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index b5b863f..5209fbe 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -796,6 +796,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev,
     case VIR_DOMAIN_DEVICE_LEASE:
     case VIR_DOMAIN_DEVICE_GRAPHICS:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
     case VIR_DOMAIN_DEVICE_NONE:
         return 0;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index cdb727b..1c2342c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7526,6 +7526,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("live attach of device '%s' is not supported"),
@@ -7619,6 +7620,7 @@ qemuDomainDetachDeviceLive(virDomainObjPtr vm,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("live detach of device '%s' is not supported"),
@@ -7735,6 +7737,7 @@ qemuDomainUpdateDeviceLive(virConnectPtr conn,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("live update of device '%s' is not supported"),
@@ -7910,6 +7913,7 @@ qemuDomainAttachDeviceConfig(virDomainDefPtr vmdef,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
          virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                         _("persistent attach of device '%s' is not supported"),
@@ -8076,6 +8080,7 @@ qemuDomainDetachDeviceConfig(virDomainDefPtr vmdef,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("persistent detach of device '%s' is not supported"),
@@ -8163,6 +8168,7 @@ qemuDomainUpdateDeviceConfig(virDomainDefPtr vmdef,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("persistent update of device '%s' is not supported"),
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index b5b62df..c7db125 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -4325,6 +4325,7 @@ qemuDomainRemoveDevice(virQEMUDriverPtr driver,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_CRYPTO:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("don't know how to remove a %s device"),
-- 
1.8.3.1


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux