From nobody Mon Dec 15 03:26:02 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1499414897627699.5702907990456; Fri, 7 Jul 2017 01:08:17 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 00EC94DD49; Fri, 7 Jul 2017 08:08:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BBE517800E; Fri, 7 Jul 2017 08:08:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2D5171841C42; Fri, 7 Jul 2017 08:08:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v6788BqS028188 for ; Fri, 7 Jul 2017 04:08:11 -0400 Received: by smtp.corp.redhat.com (Postfix) id B71D76C95C; Fri, 7 Jul 2017 08:08:11 +0000 (UTC) Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com [10.5.110.32]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AE07C6C94E; Fri, 7 Jul 2017 08:08:06 +0000 (UTC) Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) (using TLSv1 with cipher RC4-SHA (112/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 854E2C058EA1; Fri, 7 Jul 2017 08:08:03 +0000 (UTC) Received: from 172.30.72.56 (EHLO DGGEML401-HUB.china.huawei.com) ([172.30.72.56]) by dggrg03-dlp.huawei.com (MOS 4.4.6-GA FastPath queued) with ESMTP id AQS83696; Fri, 07 Jul 2017 16:07:39 +0800 (CST) Received: from localhost (10.177.246.209) by DGGEML401-HUB.china.huawei.com (10.3.17.32) with Microsoft SMTP Server id 14.3.301.0; Fri, 7 Jul 2017 16:07:29 +0800 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 00EC94DD49 Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 00EC94DD49 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 854E2C058EA1 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=longpeng2@huawei.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 854E2C058EA1 From: "Longpeng(Mike)" To: Date: Fri, 7 Jul 2017 16:07:13 +0800 Message-ID: <1499414836-86604-6-git-send-email-longpeng2@huawei.com> In-Reply-To: <1499414836-86604-1-git-send-email-longpeng2@huawei.com> References: <1499414836-86604-1-git-send-email-longpeng2@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.177.246.209] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.595F414B.0100, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: d7164b5a458eb8eb4ec4517a1d4325c0 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 07 Jul 2017 08:08:05 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 07 Jul 2017 08:08:05 +0000 (UTC) for IP:'45.249.212.189' DOMAIN:'szxga03-in.huawei.com' HELO:'szxga03-in.huawei.com' FROM:'longpeng2@huawei.com' RCPT:'' X-RedHat-Spam-Score: 0.398 (BAYES_50, DCC_REPUT_00_12, RP_MATCHES_RCVD, SPF_PASS) 45.249.212.189 szxga03-in.huawei.com 45.249.212.189 szxga03-in.huawei.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: weidong.huang@huawei.com, wangxinxin.wang@huawei.com, arei.gonglei@huawei.com, longpeng.mike@gmail.com, mkletzan@redhat.com, "Longpeng\(Mike\)" , mhartmay@linux.vnet.ibm.com Subject: [libvirt] [PATCH v4 5/8] qemu: Implement support for 'builtin' backend for virtio-crypto X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 07 Jul 2017 08:08:14 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This patch implements support for the virtio-crypto-pci device and the builtin backend in qemu. qemu is invoked with these additional parameters if the device id enabled: (to add the backend) -object cryptodev-backend-builtin,id=3Dobjcrypto0,queues=3D1 (to add the device) -device virtio-crypto-pci,cryptodev=3Dobjcrypto0,id=3Dcrypto0 Signed-off-by: Longpeng(Mike) --- src/qemu/qemu_alias.c | 20 +++++++ src/qemu/qemu_alias.h | 3 + src/qemu/qemu_command.c | 126 +++++++++++++++++++++++++++++++++++++= ++++ src/qemu/qemu_command.h | 3 + src/qemu/qemu_domain_address.c | 26 ++++++++- 5 files changed, 177 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index 914b2b9..2b6e049 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -332,6 +332,26 @@ qemuAssignDeviceRNGAlias(virDomainDefPtr def, } =20 =20 +int +qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto) +{ + size_t i; + int maxidx =3D 0; + int idx; + + for (i =3D 0; i < def->ncryptos; i++) { + if ((idx =3D qemuDomainDeviceAliasIndex(&def->cryptos[i]->info, "c= rypto")) >=3D maxidx) + maxidx =3D idx + 1; + } + + if (virAsprintf(&crypto->info.alias, "crypto%d", maxidx) < 0) + return -1; + + return 0; +} + + /** * qemuAssignDeviceMemoryAlias: * @def: domain definition. Necessary only if @oldAlias is true. diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index 300fd4d..fe59928 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -57,6 +57,9 @@ int qemuAssignDeviceRedirdevAlias(virDomainDefPtr def, int qemuAssignDeviceRNGAlias(virDomainDefPtr def, virDomainRNGDefPtr rng); =20 +int qemuAssignDeviceCryptoAlias(const virDomainDef *def, + virDomainCryptoDefPtr crypto); + int qemuAssignDeviceMemoryAlias(virDomainDefPtr def, virDomainMemoryDefPtr mems, bool oldAlias); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c53ab97..5278edc 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5992,6 +5992,129 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager, =20 =20 static char * +qemuBuildCryptoBackendStr(virDomainCryptoDefPtr crypto, + virQEMUCapsPtr qemuCaps) +{ + const char *type =3D NULL; + char *alias =3D NULL; + char *queue =3D NULL; + char *backstr =3D NULL; + + if (virAsprintf(&alias, "obj%s", crypto->info.alias) < 0) + goto cleanup; + + if (crypto->queues > 0) { + if (virAsprintf(&queue, "queues=3D%u", crypto->queues) < 0) + goto cleanup; + } + + switch ((virDomainCryptoBackend)crypto->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_BUILTIN)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("this qemu doesn't support the builtin backen= d")); + goto cleanup; + } + + type =3D "cryptodev-backend-builtin"; + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("unknown crypto backend")); + goto cleanup; + } + + if (queue) + ignore_value(virAsprintf(&backstr, "%s,id=3D%s,%s", type, alias, q= ueue)); + else + ignore_value(virAsprintf(&backstr, "%s,id=3D%s", type, alias)); + + cleanup: + VIR_FREE(alias); + return backstr; +} + + +char * +qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps) +{ + virBuffer buf =3D VIR_BUFFER_INITIALIZER; + + if (dev->model !=3D VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("this qemu doesn't support crypto device model '%= s'"), + virDomainRNGModelTypeToString(dev->model)); + goto error; + } + + if (dev->info.type !=3D VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported address type %s for virtio crypto de= vice"), + virDomainDeviceAddressTypeToString(dev->info.type)); + goto error; + } + + virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=3Dobj%s,id=3D%s", + dev->info.alias, dev->info.alias); + + if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0) + goto error; + + return virBufferContentAndReset(&buf); + + error: + virBufferFreeAndReset(&buf); + return NULL; +} + + +static int +qemuBuildCryptoCommandLine(virCommandPtr cmd, + const virDomainDef *def, + virQEMUCapsPtr qemuCaps) +{ + size_t i; + + for (i =3D 0; i < def->ncryptos; i++) { + virDomainCryptoDefPtr crypto =3D def->cryptos[i]; + char *tmp; + + if (qemuAssignDeviceCryptoAlias(def, crypto)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device assign alias faile")); + return -1; + } + + if (!crypto->info.alias) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("crypto device is missing alias")); + return -1; + } + + /* add the crypto backend */ + if (!(tmp =3D qemuBuildCryptoBackendStr(crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-object", tmp, NULL); + VIR_FREE(tmp); + + /* add the device */ + if (!(tmp =3D qemuBuildCryptoDevStr(def, crypto, qemuCaps))) + return -1; + + virCommandAddArgList(cmd, "-device", tmp, NULL); + VIR_FREE(tmp); + } + + return 0; +} + + +static char * qemuBuildSmbiosBiosStr(virSysinfoBIOSDefPtr def) { virBuffer buf =3D VIR_BUFFER_INITIALIZER; @@ -10220,6 +10343,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, chardevStdioLogd) < 0) goto error; =20 + if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0) + goto error; + if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index f5e3e5f..996840d 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -204,6 +204,9 @@ char *qemuBuildShmemDevStr(virDomainDefPtr def, virQEMUCapsPtr qemuCaps) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); =20 +char *qemuBuildCryptoDevStr(const virDomainDef *def, + virDomainCryptoDefPtr dev, + virQEMUCapsPtr qemuCaps); =20 =20 #endif /* __QEMU_COMMAND_H__*/ diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index 5209fbe..9bd064b 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -331,6 +331,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr d= ef, def->rngs[i]->info.type =3D type; } =20 + for (i =3D 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model =3D=3D VIR_DOMAIN_CRYPTO_MODEL_VIRTIO && + def->cryptos[i]->info.type =3D=3D VIR_DOMAIN_DEVICE_ADDRESS_TY= PE_NONE) + def->cryptos[i]->info.type =3D type; + } + if (type =3D=3D VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) { for (i =3D 0; i < def->nfss; i++) { if (def->fss[i]->info.type =3D=3D VIR_DOMAIN_DEVICE_ADDRESS_TY= PE_NONE) @@ -738,6 +744,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDevi= ceDefPtr dev, return 0; } =20 + case VIR_DOMAIN_DEVICE_CRYPTO: + switch ((virDomainCryptoModel) dev->data.crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + return virtioFlags; + + case VIR_DOMAIN_RNG_MODEL_LAST: + return 0; + } + case VIR_DOMAIN_DEVICE_VIDEO: switch ((virDomainVideoType) dev->data.video->type) { case VIR_DOMAIN_VIDEO_TYPE_VIRTIO: @@ -796,7 +811,6 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDevic= eDefPtr dev, case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_GRAPHICS: case VIR_DOMAIN_DEVICE_IOMMU: - case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: return 0; @@ -1775,6 +1789,16 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def, goto error; } =20 + /* VirtIO CRYPTO */ + for (i =3D 0; i < def->ncryptos; i++) { + if (def->cryptos[i]->model !=3D VIR_DOMAIN_CRYPTO_MODEL_VIRTIO || + !virDeviceInfoPCIAddressWanted(&def->cryptos[i]->info)) + continue; + + if (qemuDomainPCIAddressReserveNextAddr(addrs, &def->cryptos[i]->i= nfo) < 0) + goto error; + } + /* A watchdog - check if it is a PCI device */ if (def->watchdog && def->watchdog->model =3D=3D VIR_DOMAIN_WATCHDOG_MODEL_I6300ESB && --=20 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list