As agreed here, I've taken posted patches, did some changes and fixes and posted them: https://listman.redhat.com/archives/libvir-list/2022-July/233164.html The v13 version can be found here: https://listman.redhat.com/archives/libvir-list/2022-July/232679.html diff to v13: - I've worked my comments in (couple of memleaks, naming issues, ...) - Fixed problem with CGroups and namespaces - Fixed a problem with <memoryBacking> <source type='memfd'/>, which prevented domain from starting. Simply because wrong memory-backend was picked for SGX (-memfd was picked instead of -sgx). - Some cleanups, formatted before original patches (more tests, validation, code separation, ...) You can find these patches on my gitlab (among with green pipeline): https://gitlab.com/MichalPrivoznik/libvirt/-/commits/sgx_rework Haibin Huang (4): domain_capabilities: Define SGX capabilities structs qemu: Get SGX capabilities form QMP Convert QMP capabilities to domain capabilities conf: expose SGX feature in domain capabilities Lin Yang (2): conf: Introduce SGX EPC element into device memory xml qemu: Add command-line to generate SGX EPC memory backend Michal Prívozník (9): qemuxml2argvtest: Switch memory-hotplug-dimm-addr to latest caps qemuxml2xmltest: Test memory-hotplug-dimm-addr conf: Validate virDomainMemoryDef::targetNode qemu_command: Separate domain features building into a helper qemu_command: Separate domain memory building into a helper qemu_cgroup: Don't ignore ENOENT in qemuCgroupAllowDevicesPaths() qemu_cgroup: Allow SGX in devices controller qemu_namespace: Create SGX related nodes in domain's namespace security_dac: Set DAC label on SGX /dev nodes docs/formatdomain.rst | 25 +- docs/formatdomaincaps.rst | 40 +++ src/conf/domain_capabilities.c | 46 +++ src/conf/domain_capabilities.h | 22 ++ src/conf/domain_conf.c | 30 ++ src/conf/domain_conf.h | 1 + src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 22 ++ src/conf/schemas/domaincaps.rng | 40 +++ src/conf/schemas/domaincommon.rng | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 6 +- src/qemu/qemu_capabilities.c | 222 +++++++++++++ src/qemu/qemu_capabilities.h | 6 + src/qemu/qemu_cgroup.c | 82 ++++- src/qemu/qemu_command.c | 293 +++++++++++------- src/qemu/qemu_domain.c | 48 ++- src/qemu/qemu_domain.h | 2 + src/qemu/qemu_domain_address.c | 6 + src/qemu/qemu_driver.c | 1 + src/qemu/qemu_monitor.c | 10 + src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 148 ++++++++- src/qemu/qemu_monitor_json.h | 4 + src/qemu/qemu_namespace.c | 20 +- src/qemu/qemu_process.c | 2 + src/qemu/qemu_validate.c | 8 + src/security/security_apparmor.c | 1 + src/security/security_dac.c | 44 ++- src/security/security_selinux.c | 2 + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + tests/domaincapsdata/empty.xml | 1 + tests/domaincapsdata/libxl-xenfv.xml | 1 + tests/domaincapsdata/libxl-xenpv.xml | 1 + .../domaincapsdata/qemu_3.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_3.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_3.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.0.0-tcg.x86_64.xml | 1 + .../qemu_4.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + .../qemu_4.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 6 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 6 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 6 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 10 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 10 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 10 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 10 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 10 + .../caps_6.2.0.x86_64.replies | 24 +- .../caps_6.2.0.x86_64.xml | 7 + .../caps_7.0.0.x86_64.replies | 34 +- .../caps_7.0.0.x86_64.xml | 11 + .../caps_7.1.0.x86_64.replies | 34 +- .../caps_7.1.0.x86_64.xml | 11 + .../aarch64-aavmf-virtio-mmio.args | 2 +- .../aarch64-cpu-passthrough.args | 2 +- ...fault-cpu-kvm-virt-4.2.aarch64-latest.args | 2 +- ...fault-cpu-tcg-virt-4.2.aarch64-latest.args | 2 +- .../aarch64-features-sve.aarch64-latest.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-host.args | 2 +- .../aarch64-gic-none-tcg.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-v2.args | 2 +- tests/qemuxml2argvdata/aarch64-gic-v3.args | 2 +- .../qemuxml2argvdata/aarch64-pci-serial.args | 2 +- .../aarch64-tpm.aarch64-latest.args | 2 +- .../aarch64-traditional-pci.args | 2 +- .../aarch64-usb-controller-nec-xhci.args | 2 +- .../aarch64-usb-controller-qemu-xhci.args | 2 +- .../aarch64-video-default.args | 2 +- .../aarch64-video-virtio-gpu-pci.args | 2 +- .../aarch64-virt-2.6-virtio-pci-default.args | 2 +- .../aarch64-virt-default-nic.args | 2 +- .../aarch64-virt-graphics.aarch64-latest.args | 2 +- .../aarch64-virt-headless.aarch64-latest.args | 2 +- .../qemuxml2argvdata/aarch64-virt-virtio.args | 2 +- .../aarch64-virtio-pci-default.args | 2 +- .../aarch64-virtio-pci-manual-addresses.args | 2 +- .../balloon-mmio-deflate.args | 2 +- .../clock-timer-armvtimer.aarch64-latest.args | 2 +- ...ult-video-type-aarch64.aarch64-latest.args | 2 +- ...mware-auto-efi-aarch64.aarch64-latest.args | 2 +- ...-auto-efi-enrolled-keys.x86_64-latest.args | 2 +- ...-auto-efi-loader-secure.x86_64-latest.args | 2 +- ...to-efi-no-enrolled-keys.x86_64-latest.args | 2 +- ...are-auto-efi-no-secboot.x86_64-latest.args | 2 +- ...firmware-auto-efi-nvram.x86_64-latest.args | 2 +- ...rmware-auto-efi-secboot.x86_64-latest.args | 2 +- ...ware-auto-efi-stateless.x86_64-latest.args | 2 +- .../firmware-auto-efi.x86_64-latest.args | 2 +- ...manual-bios-rw-implicit.x86_64-latest.args | 2 +- ...firmware-manual-bios-rw.x86_64-latest.args | 2 +- .../firmware-manual-efi-acpi-aarch64.args | 2 +- .../firmware-manual-efi-noacpi-aarch64.args | 2 +- ...e-manual-efi-nvram-file.x86_64-latest.args | 2 +- ...efi-nvram-network-iscsi.x86_64-latest.args | 2 +- ...l-efi-nvram-network-nbd.x86_64-latest.args | 2 +- ...nual-efi-nvram-template.x86_64-latest.args | 2 +- ...re-manual-efi-stateless.x86_64-latest.args | 2 +- .../firmware-manual-noefi-noacpi-aarch64.args | 2 +- .../hvf-aarch64-virt-headless.args | 2 +- .../intel-iommu-aw-bits.x86_64-latest.args | 2 +- ...ntel-iommu-caching-mode.x86_64-latest.args | 2 +- ...ntel-iommu-device-iotlb.x86_64-latest.args | 2 +- .../intel-iommu-eim.x86_64-latest.args | 2 +- .../iommu-smmuv3.aarch64-latest.args | 2 +- .../launch-security-s390-pv.s390x-latest.args | 2 +- ...nch-security-sev-direct.x86_64-latest.args | 2 +- ...ev-missing-platform-info.x86_64-6.0.0.args | 2 +- .../launch-security-sev.x86_64-6.0.0.args | 2 +- .../mach-virt-console-virtio.args | 2 +- .../mach-virt-serial-native.args | 2 +- .../mach-virt-serial-pci.args | 2 +- .../mach-virt-serial-usb.args | 2 +- .../machine-aeskeywrap-off-cap.args | 2 +- .../machine-aeskeywrap-off-caps.args | 2 +- .../machine-aeskeywrap-on-cap.args | 2 +- .../machine-aeskeywrap-on-caps.args | 2 +- .../machine-deakeywrap-off-cap.args | 2 +- .../machine-deakeywrap-off-caps.args | 2 +- .../machine-deakeywrap-on-cap.args | 2 +- .../machine-deakeywrap-on-caps.args | 2 +- ...emory-hotplug-dimm-addr.x86_64-latest.args | 42 +++ .../memory-hotplug-dimm-addr.xml | 2 +- .../memory-hotplug-invalid-targetnode.err | 1 + .../memory-hotplug-invalid-targetnode.xml | 42 +++ ...e-expander-bus-aarch64.aarch64-latest.args | 2 +- ...eries-cpu-compat-power10.ppc64-latest.args | 2 +- ...series-cpu-compat-power9.ppc64-latest.args | 2 +- tests/qemuxml2argvdata/pseries-features.args | 2 +- .../sgx-epc-numa.x86_64-latest.args | 40 +++ tests/qemuxml2argvdata/sgx-epc-numa.xml | 64 ++++ ...mm-addr.args => sgx-epc.x86_64-6.2.0.args} | 29 +- tests/qemuxml2argvdata/sgx-epc.xml | 52 ++++ .../virtio-iommu-aarch64.aarch64-latest.args | 2 +- tests/qemuxml2argvtest.c | 7 +- ...memory-hotplug-dimm-addr.x86_64-latest.xml | 63 ++++ .../sgx-epc-numa.x86_64-latest.xml | 1 + .../sgx-epc.x86_64-6.2.0.xml | 1 + tests/qemuxml2xmltest.c | 4 + 189 files changed, 1621 insertions(+), 266 deletions(-) create mode 100644 tests/qemuxml2argvdata/memory-hotplug-dimm-addr.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.err create mode 100644 tests/qemuxml2argvdata/memory-hotplug-invalid-targetnode.xml create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/sgx-epc-numa.xml rename tests/qemuxml2argvdata/{memory-hotplug-dimm-addr.args => sgx-epc.x86_64-6.2.0.args} (39%) create mode 100644 tests/qemuxml2argvdata/sgx-epc.xml create mode 100644 tests/qemuxml2xmloutdata/memory-hotplug-dimm-addr.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc-numa.x86_64-latest.xml create mode 120000 tests/qemuxml2xmloutdata/sgx-epc.x86_64-6.2.0.xml -- 2.35.1
