[libvirt][PATCH v13 2/6] Get SGX capabilities form QMP

From: Haibin Huang Generate the QMP command for query-sgx-capabilities and the command return sgx capabilities from QMP. {"execute":"query-sgx-capabilities"} the right reply: {"return": { "sgx": true, "section-size": 197132288, "flc": true } } the error reply: {

[libvirt][PATCH v13 6/6] qemu: Add command-line to generate SGX EPC memory backend

According to the result parsing from xml, add the argument of SGX EPC memory backend into QEMU command line. With NUMA config: #qemu-system-x86_64 \ .. \ -object '{"qom-type":"memory-backend-epc","id":"memepc0","prealloc":true,"size":67108864,"host-nodes":[0,1],"policy":"

[libvirt][PATCH v13 5/6] conf: Introduce SGX EPC element into device memory xml

With NUMA config: ... 0-1 512 0 ... Without NUMA config: ... 512 ... Signed-off-by: Lin Yang Signed-off-by: Michal Privoznik --- docs/formatdomain.rst | 27 +++- src/conf/domain_conf.c

[libvirt][PATCH v13 4/6] conf: expose SGX feature in domain capabilities

From: Haibin Huang Extend hypervisor capabilities to include sgx feature. When available, the hypervisor supports launching an VM with SGX on Intel platfrom. The SGX feature tag privides additional details like section size and sgx1 or sgx2. Signed-off-by: Michal Privoznik Signed-off-by: Haibin

[libvirt][PATCH v13 0/6] Support query and use SGX

This patch series provides support for enabling Intel's Software Guard Extensions (SGX) feature in guest VM. Giving the SGX support in QEMU had been merged. Intel SGX is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or m

[libvirt][PATCH v13 1/6] Define SGX capabilities structs

From: Haibin Huang Signed-off-by: Michal Privoznik Signed-off-by: Haibin Huang --- src/conf/domain_capabilities.c | 10 ++ src/conf/domain_capabilities.h | 24 src/libvirt_private.syms | 1 + 3 files changed, 35 insertions(+) diff --git a/src/conf/domai

[libvirt][PATCH v13 3/6] Convert QMP capabilities to domain capabilities

From: Haibin Huang the QMP capabilities: {"return": { "sgx": true, "section-size": 1024, "flc": true } } the domain capabilities: yes 1 Signed-off-by: Michal Privoznik Signed-off-by: Haibin Huang --- src/qemu/qemu_capabilities.c |

[libvirt PATCH] conf: fix error message for wrong thread_pool_size

Fix the copy-and-paste error by referring to the correct variable. Fixes: 0df2e7df80452f81edbfeb0ee355235b533346a9 https://bugzilla.redhat.com/show_bug.cgi?id=2103132 Signed-off-by: Ján Tomko --- Pushed as trivial. src/conf/domain_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) d

[PATCH] storagepoolxml2argvtest: Fix output data for 'pool-netfs-protocol-ver'

The storage pool tests have host-specific versions which I neglected to update in commit c44930d932203b4a58dccbbeaa814fff6cea8216 thus breaking the test-suite on non-linux OSes. Fixes: c44930d932203b4a58dccbbeaa814fff6cea8216 Signed-off-by: Peter Krempa --- Pushed as a build-fix. .../pool-netf

Re: [PATCHv2] storage: pool: Allow more intricate nfs protocol versions

On a Friday in 2022, Peter Krempa wrote: Treat the 'protocolVer' field as a string so that e.g. '4.1' can be used. Forbid only ',' in the string as it's a separator of arguments for mount options. Signed-off-by: Peter Krempa --- v2: - forbid ',' in the version string. docs/formatstorage.rs

[PATCHv2] storage: pool: Allow more intricate nfs protocol versions

Treat the 'protocolVer' field as a string so that e.g. '4.1' can be used. Forbid only ',' in the string as it's a separator of arguments for mount options. Signed-off-by: Peter Krempa --- v2: - forbid ',' in the version string. docs/formatstorage.rst | 2 +- src/c

Re: [libvirt PATCH v2] tools: add virt-qmp-proxy for proxying QMP clients to libvirt QEMU guests

On 6/20/22 19:19, Daniel P. Berrangé wrote: > Libvirt provides QMP passthrough APIs for the QEMU driver and these are > exposed in virsh. It is not especially pleasant, however, using the raw > QMP JSON syntax. QEMU has a tool 'qmp-shell' which can speak QMP and > exposes a human friendly interacti

Re: [PATCH] security_selinux.c: Relabel existing mode="bind" UNIX sockets

On 6/28/22 14:33, David Michael wrote: > This supports sockets created by libvirt and passed by FD using the > same method as in security_dac.c. > > Signed-off-by: David Michael > --- > > Hi, > > Custom SELinux labels are not applied to sockets when they have > mode="bind", but other security m

Release of libvirt-8.5.0

The 8.5.0 release of both libvirt and libvirt-python is tagged and signed tarballs and source RPMs are available at https://libvirt.org/sources/ https://libvirt.org/sources/python/ Thanks everybody who helped with this release by sending patches, reviewing, testing, or providing feedback.

Re: [PATCH for 8.5.0] qemu_hotplug: Don't skip cleanup in qemuDomainAttachNetDevice()

On 7/1/22 10:43, Jiri Denemark wrote: > On Fri, Jul 01, 2022 at 09:43:16 +0200, Michal Privoznik wrote: >> Introduced in v8.4.0-rc1~183 but the first real problem >> introduced in v8.4.0-rc1~170, there's a >> qemuBuildInterfaceConnect() call inside of >> qemuDomainAttachNetDevice(). If the former f

Re: [PATCH for 8.5.0] qemu_hotplug: Don't skip cleanup in qemuDomainAttachNetDevice()

On Fri, Jul 01, 2022 at 09:43:16 +0200, Michal Privoznik wrote: > Introduced in v8.4.0-rc1~183 but the first real problem > introduced in v8.4.0-rc1~170, there's a > qemuBuildInterfaceConnect() call inside of > qemuDomainAttachNetDevice(). If the former fails, then the > function is immediately ret

[PATCH for 8.5.0] qemu_hotplug: Don't skip cleanup in qemuDomainAttachNetDevice()

Introduced in v8.4.0-rc1~183 but the first real problem introduced in v8.4.0-rc1~170, there's a qemuBuildInterfaceConnect() call inside of qemuDomainAttachNetDevice(). If the former fails, then the function is immediately returned from instead of jumping onto the cleanup label. This is crucial, bec