External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: command: support crypto device

Browse Source 
Support virtio-crypto device, also support cryptodev types:
- builtin
- lkcf

Finally, we can launch a VM(QEMU) with one or more crypto devices by
libvirt.

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
zhenwei pi 2023-01-17 09:46:53 +08:00 committed by Michal Privoznik
parent 0eb358e799
commit ff1941c935
3 changed files with 141 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
src/qemu/qemu_command.c
View File

@ -926,6 +926,12 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef *device,
}
break;
case VIR_DOMAIN_DEVICE_CRYPTO: {
*baseName = "virtio-crypto";
*virtioOptions = device->data.crypto->virtio;
break;
}
case VIR_DOMAIN_DEVICE_LEASE:
case VIR_DOMAIN_DEVICE_SOUND:
case VIR_DOMAIN_DEVICE_WATCHDOG:
@ -942,7 +948,6 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef *device,
case VIR_DOMAIN_DEVICE_MEMORY:
case VIR_DOMAIN_DEVICE_IOMMU:
case VIR_DOMAIN_DEVICE_AUDIO:
case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
default:
break;
@ -9894,6 +9899,96 @@ qemuBuildVsockCommandLine(virCommand *cmd,
}
VIR_ENUM_DECL(qemuCryptoBackend);
VIR_ENUM_IMPL(qemuCryptoBackend,
VIR_DOMAIN_CRYPTO_BACKEND_LAST,
"cryptodev-backend-builtin",
"cryptodev-backend-lkcf",
);
static int
qemuBuildCryptoBackendProps(virDomainCryptoDef *crypto,
virJSONValue **props)
{
g_autofree char *objAlias = NULL;
objAlias = g_strdup_printf("obj%s", crypto->info.alias);
if (qemuMonitorCreateObjectProps(props,
qemuCryptoBackendTypeToString(crypto->backend),
objAlias,
"p:queues", crypto->queues,
NULL) < 0)
return -1;
return 0;
}
static virJSONValue *
qemuBuildCryptoDevProps(const virDomainDef *def,
virDomainCryptoDef *dev,
virQEMUCaps *qemuCaps)
{
g_autoptr(virJSONValue) props = NULL;
g_autofree char *crypto = g_strdup_printf("obj%s", dev->info.alias);
if (!(props = qemuBuildVirtioDevProps(VIR_DOMAIN_DEVICE_CRYPTO, dev, qemuCaps)))
return NULL;
if (virJSONValueObjectAdd(&props,
"s:cryptodev", crypto,
"s:id", dev->info.alias,
NULL) < 0)
return NULL;
if (qemuBuildDeviceAddressProps(props, def, &dev->info) < 0)
return NULL;
return g_steal_pointer(&props);
}
static int
qemuBuildCryptoCommandLine(virCommand *cmd,
const virDomainDef *def,
virQEMUCaps *qemuCaps)
{
size_t i;
for (i = 0; i < def->ncryptos; i++) {
g_autoptr(virJSONValue) props = NULL;
virDomainCryptoDef *crypto = def->cryptos[i];
g_autoptr(virJSONValue) devprops = NULL;
if (!crypto->info.alias) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Crypto device is missing alias"));
return -1;
}
if (qemuBuildCryptoBackendProps(crypto, &props) < 0)
return -1;
if (qemuBuildObjectCommandlineFromJSON(cmd, props, qemuCaps) < 0)
return -1;
/* add the device */
if (qemuCommandAddExtDevice(cmd, &crypto->info, def, qemuCaps) < 0)
return -1;
if (!(devprops = qemuBuildCryptoDevProps(def, crypto, qemuCaps)))
return -1;
if (qemuBuildDeviceCommandlineFromJSON(cmd, devprops, def, qemuCaps) < 0)
return -1;
}
return 0;
}
typedef enum {
QEMU_COMMAND_DEPRECATION_BEHAVIOR_NONE = 0,
QEMU_COMMAND_DEPRECATION_BEHAVIOR_OMIT,
@ -10246,6 +10341,9 @@ qemuBuildCommandLine(virDomainObj *vm,
qemuBuildVsockCommandLine(cmd, def, def->vsock, qemuCaps) < 0)
return NULL;
if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0)
return NULL;
if (cfg->logTimestamp)
virCommandAddArgList(cmd, "-msg", "timestamp=on", NULL);

40
tests/qemuxml2argvdata/crypto-builtin.x86_64-latest.args Normal file
View File

@ -0,0 +1,40 @@
LC_ALL=C \
PATH=/bin \
HOME=/tmp/lib/domain--1-QEMUGuest1 \
USER=test \
LOGNAME=test \
XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
/usr/bin/qemu-system-x86_64 \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
-machine pc-q35-7.0,usb=off,dump-guest-core=off \
-accel tcg \
-cpu qemu64 \
-m size=1048576k,slots=16,maxmem=1130496k \
-overcommit mem-lock=off \
-smp 2,sockets=2,cores=1,threads=1 \
-object '{"qom-type":"memory-backend-ram","id":"ram-node0","size":536870912}' \
-numa node,nodeid=0,cpus=0,memdev=ram-node0 \
-object '{"qom-type":"memory-backend-ram","id":"ram-node1","size":536870912}' \
-numa node,nodeid=1,cpus=1,memdev=ram-node1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-no-acpi \
-boot strict=on \
-device '{"driver":"pcie-root-port","port":8,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x1"}' \
-device '{"driver":"pcie-root-port","port":9,"chassis":2,"id":"pci.2","bus":"pcie.0","addr":"0x1.0x1"}' \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.1","addr":"0x0"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-object '{"qom-type":"cryptodev-backend-builtin","id":"objcrypto0","queues":1}' \
-device '{"driver":"virtio-crypto-pci","cryptodev":"objcrypto0","id":"crypto0","bus":"pcie.0","addr":"0xa"}' \
-msg timestamp=on

2
tests/qemuxml2argvtest.c
View File

@ -2983,6 +2983,8 @@ mymain(void)
DO_TEST_CAPS_VER("sgx-epc", "7.0.0");
DO_TEST_CAPS_LATEST("crypto-builtin");
if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL)
virFileDeleteTree(fakerootdir);