On Wed, Jul 27, 2022 at 12:34:58 +0200, Michal Privoznik wrote:
> SGX memory backend needs to access /dev/sgx_vepc (which allows
> userspace to allocate "raw" EPC without an associated enclave)
> and /dev/sgx_provision (which allows creating provisioning
> enclaves). Allow these two devices in CGroups if a domain is
> configured so.
>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
> src/qemu/qemu_cgroup.c | 76 +++++++++++++++++++++++++++++++++++-------
> src/qemu/qemu_domain.h | 2 ++
> 2 files changed, 66 insertions(+), 12 deletions(-)
[...]
> @@ -538,16 +575,31 @@ qemuTeardownMemoryDevicesCgroup(virDomainObj *vm,
> virDomainMemoryDef *mem)
> {
> qemuDomainObjPrivate *priv = vm->privateData;
> -
> - if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM &&
> - mem->model != VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM)
> - return 0;
> + const char *const sgxPaths[] = { QEMU_DEV_SGX_VEPVC,
> + QEMU_DEV_SGX_PROVISION, NULL };
Preferrably use the same alignment as in qemuSetupMemoryDevicesCgroup.
Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
