From eaf02ea2d6a16a503eacfcff30e3c965399e1a01 Mon Sep 17 00:00:00 2001
From: Bin Guo <guobin@linux.alibaba.com>
Date: Wed, 18 Dec 2024 15:57:57 +0800
Subject: [PATCH] support the virtCCA feature

---
 ...eter-into-the-type-of-LaunchSecurity.patch | 189 +++++++
 ...mm-memory-info-API-into-libvirt-host.patch | 521 ++++++++++++++++++
 ...daemons-depend-on-generated-protocol.patch |  91 +++
 libvirt.spec                                  |   8 +-
 4 files changed, 808 insertions(+), 1 deletion(-)
 create mode 100644 Add-cvm-parameter-into-the-type-of-LaunchSecurity.patch
 create mode 100644 Add-get-tmm-memory-info-API-into-libvirt-host.patch
 create mode 100644 Make-daemons-depend-on-generated-protocol.patch

diff --git a/Add-cvm-parameter-into-the-type-of-LaunchSecurity.patch b/Add-cvm-parameter-into-the-type-of-LaunchSecurity.patch
new file mode 100644
index 0000000..cb50af6
--- /dev/null
+++ b/Add-cvm-parameter-into-the-type-of-LaunchSecurity.patch
@@ -0,0 +1,189 @@
+From b7e2bff641c87280369ed878768064c0f11e6caa Mon Sep 17 00:00:00 2001
+From: ikarosYuuki <tujipei@huawei.com>
+Date: Fri, 2 Aug 2024 14:16:37 +0800
+Subject: [PATCH 1/3] Add cvm parameter into the type of LaunchSecurity which
+ is a optional filed for libvirt xml. Its purpose is to pass the cvm parameter
+ through to qemu. Also this patch support virsh edit to save cvm parameter
+ into libvirt temporary xml.
+
+---
+ src/conf/domain_conf.c            | 4 ++++
+ src/conf/domain_conf.h            | 1 +
+ src/conf/schemas/domaincommon.rng | 9 +++++++++
+ src/qemu/qemu_command.c           | 5 +++++
+ src/qemu/qemu_driver.c            | 8 ++++++++
+ src/qemu/qemu_firmware.c          | 1 +
+ src/qemu/qemu_namespace.c         | 1 +
+ src/qemu/qemu_process.c           | 1 +
+ src/qemu/qemu_validate.c          | 2 ++
+ 9 files changed, 32 insertions(+)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index dd0cb9d548..b40f924bdc 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -1514,6 +1514,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
+               "",
+               "sev",
+               "s390-pv",
++              "cvm",
+ );
+ 
+ typedef enum {
+@@ -3823,6 +3824,7 @@ virDomainSecDefFree(virDomainSecDef *def)
+         g_free(def->data.sev.session);
+         break;
+     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
++    case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+         break;
+@@ -13512,6 +13514,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
+             return NULL;
+         break;
+     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
++    case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+         break;
+     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+@@ -26536,6 +26539,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
+     }
+ 
+     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
++    case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+         break;
+ 
+     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
+index 6681eb37b4..ddbe2884db 100644
+--- a/src/conf/domain_conf.h
++++ b/src/conf/domain_conf.h
+@@ -2846,6 +2846,7 @@ typedef enum {
+     VIR_DOMAIN_LAUNCH_SECURITY_NONE,
+     VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+     VIR_DOMAIN_LAUNCH_SECURITY_PV,
++    VIR_DOMAIN_LAUNCH_SECURITY_CVM,
+ 
+     VIR_DOMAIN_LAUNCH_SECURITY_LAST,
+ } virDomainLaunchSecurity;
+diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
+index b98a2ae602..f31603b2fd 100644
+--- a/src/conf/schemas/domaincommon.rng
++++ b/src/conf/schemas/domaincommon.rng
+@@ -520,6 +520,9 @@
+             <value>s390-pv</value>
+           </attribute>
+         </group>
++        <group>
++          <ref name="launchSecurityCVM"/>
++        </group>
+       </choice>
+     </element>
+   </define>
+@@ -565,6 +568,12 @@
+     </interleave>
+   </define>
+ 
++  <define name="launchSecurityCVM">
++    <attribute name="type">
++      <value>cvm</value>
++    </attribute>
++  </define>
++
+   <!--
+       Enable or disable perf events for the domain. For each
+       of the events the following rules apply:
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index 579774a8c0..30d9f8ee4b 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -7003,6 +7003,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
+         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+             virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
+             break;
++        case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
++            virBufferAddLit(&buf, ",kvm-type=cvm");
++            break;
+         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+             virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
+@@ -9731,6 +9734,8 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
+     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+         return qemuBuildPVCommandLine(vm, cmd);
+         break;
++    case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
++        break;
+     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+         virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype);
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 66c8e1dae3..6e05f3db2b 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -6314,6 +6314,14 @@ qemuDomainObjStart(virConnectPtr conn,
+         }
+     }
+ 
++    if (vm->def->sec && vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_CVM) {
++        if (virFileWriteStr("/proc/sys/vm/overcommit_memory", "1", 0)) {
++            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
++                           _("Failed to enable overcommit_memory"));
++            return -1;
++        }
++    }
++
+     ret = qemuProcessStart(conn, driver, vm, NULL, asyncJob,
+                            NULL, -1, NULL, NULL,
+                            VIR_NETDEV_VPORT_PROFILE_OP_CREATE, start_flags);
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index d39e61d071..31ed6e881b 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1374,6 +1374,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+             }
+             break;
+         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
++        case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+             break;
+         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
+index 915d44310f..ff314ce243 100644
+--- a/src/qemu/qemu_namespace.c
++++ b/src/qemu/qemu_namespace.c
+@@ -660,6 +660,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
+         VIR_DEBUG("Set up launch security for SEV");
+         break;
+     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
++    case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+         break;
+     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index fc05b4b24f..15f41048ee 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -6745,6 +6745,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
+     case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+         return qemuProcessPrepareSEVGuestInput(vm);
+     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
++    case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
+         return 0;
+     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
+index d32b20a423..01c8b6e36d 100644
+--- a/src/qemu/qemu_validate.c
++++ b/src/qemu/qemu_validate.c
+@@ -1322,6 +1322,8 @@ qemuValidateDomainDef(const virDomainDef *def,
+                 return -1;
+             }
+             break;
++        case VIR_DOMAIN_LAUNCH_SECURITY_CVM:
++            break;
+         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+             virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype);
+-- 
+2.43.5
+
diff --git a/Add-get-tmm-memory-info-API-into-libvirt-host.patch b/Add-get-tmm-memory-info-API-into-libvirt-host.patch
new file mode 100644
index 0000000..6599b6b
--- /dev/null
+++ b/Add-get-tmm-memory-info-API-into-libvirt-host.patch
@@ -0,0 +1,521 @@
+From 90009e02b4fd65a390d4e1297aa650fa2ebd6007 Mon Sep 17 00:00:00 2001
+From: ikarosYuuki <tujipei@huawei.com>
+Date: Fri, 2 Aug 2024 14:18:11 +0800
+Subject: [PATCH 2/3] Add the get tmm memory info API into libvirt-host. Also
+ should add the RPC calls into libvirtd for API calling.
+
+---
+ include/libvirt/libvirt-host.h      |   2 +
+ scripts/apibuild.py                 |   1 +
+ scripts/check-aclrules.py           |   1 +
+ src/driver-hypervisor.h             |   5 +
+ src/libvirt-host.c                  |  36 +++++++
+ src/libvirt_public.syms             |   1 +
+ src/qemu/qemu_driver.c              | 140 ++++++++++++++++++++++++++++
+ src/remote/remote_daemon_dispatch.c |  22 +++++
+ src/remote/remote_driver.c          |  28 ++++++
+ src/remote/remote_protocol.x        |  17 +++-
+ tools/virsh-host.c                  |  98 +++++++++++++++++++
+ 11 files changed, 350 insertions(+), 1 deletion(-)
+
+diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
+index e173553925..0caf16a040 100644
+--- a/include/libvirt/libvirt-host.h
++++ b/include/libvirt/libvirt-host.h
+@@ -1025,5 +1025,7 @@ int virNodeAllocPages(virConnectPtr conn,
+                       unsigned int cellCount,
+                       unsigned int flags);
+ 
++char *virConnectGetTmmMemoryInfo(virConnectPtr conn,
++                                 unsigned int detail);
+ 
+ #endif /* LIBVIRT_HOST_H */
+diff --git a/scripts/apibuild.py b/scripts/apibuild.py
+index 3ecc3eadf7..f1cfa5aa0a 100755
+--- a/scripts/apibuild.py
++++ b/scripts/apibuild.py
+@@ -109,6 +109,7 @@ ignored_functions = {
+     "virDomainMigrateConfirm3Params": "private function for migration",
+     "virDomainMigratePrepareTunnel3Params": "private function for tunnelled migration",
+     "virErrorCopyNew": "private",
++    "virConnectGetTmmMemoryInfo": "private function for tmm",
+ }
+ 
+ # The version in the .sym file might different from
+diff --git a/scripts/check-aclrules.py b/scripts/check-aclrules.py
+index ed6805058b..adeacba3df 100755
+--- a/scripts/check-aclrules.py
++++ b/scripts/check-aclrules.py
+@@ -53,6 +53,7 @@ permitted = {
+     "connectURIProbe": True,
+     "localOnly": True,
+     "domainQemuAttach": True,
++    "connectGetTmmMemoryInfo": True,
+ }
+ 
+ # XXX this vzDomainMigrateConfirm3Params looks
+diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
+index 5219344b72..4a991c710e 100644
+--- a/src/driver-hypervisor.h
++++ b/src/driver-hypervisor.h
+@@ -1450,6 +1450,10 @@ typedef int
+ 
+ typedef struct _virHypervisorDriver virHypervisorDriver;
+ 
++typedef char *
++(*virDrvConnectGetTmmMemoryInfo)(virConnectPtr conn,
++                                 bool detail);
++
+ /**
+  * _virHypervisorDriver:
+  *
+@@ -1720,4 +1724,5 @@ struct _virHypervisorDriver {
+     virDrvDomainGetMessages domainGetMessages;
+     virDrvDomainStartDirtyRateCalc domainStartDirtyRateCalc;
+     virDrvDomainFDAssociate domainFDAssociate;
++    virDrvConnectGetTmmMemoryInfo connectGetTmmMemoryInfo;
+ };
+diff --git a/src/libvirt-host.c b/src/libvirt-host.c
+index e67b36812e..e763d5c86c 100644
+--- a/src/libvirt-host.c
++++ b/src/libvirt-host.c
+@@ -1829,3 +1829,39 @@ virNodeGetSEVInfo(virConnectPtr conn,
+     virDispatchError(conn);
+     return -1;
+ }
++
++/*
++ * virConnectGetTmmMemoryInfo:
++ * @conn: pointer to the hypervisor connection
++ * @detail: whether libvirtd return detailed tmm memory information;
++ * the default value is 0 which means don't return detailed tmm memory information.
++ *
++ * If Tmm enable, then will fill the cotents of string buffer with tmm memory information.
++ *
++ * Returns string ptr in case of success, and NULL in case of failure.
++ *
++ * Since: 9.7.0
++ */
++char *
++virConnectGetTmmMemoryInfo(virConnectPtr conn,
++                           unsigned int detail)
++{
++    VIR_DEBUG("conn=%p", conn);
++
++    virResetLastError();
++
++    virCheckConnectReturn(conn, NULL);
++
++    if (conn->driver->connectGetTmmMemoryInfo) {
++        char *ret;
++        ret = conn->driver->connectGetTmmMemoryInfo(conn, detail);
++        if (!ret)
++            goto error;
++        return ret;
++    }
++
++    virReportUnsupportedError();
++ error:
++    virDispatchError(conn);
++    return NULL;
++}
+diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
+index bd1e916d2a..f674dc8f73 100644
+--- a/src/libvirt_public.syms
++++ b/src/libvirt_public.syms
+@@ -936,6 +936,7 @@ LIBVIRT_9.7.0 {
+     global:
+         virNetworkGetMetadata;
+         virNetworkSetMetadata;
++        virConnectGetTmmMemoryInfo;
+ } LIBVIRT_9.0.0;
+ 
+ # .... define new API here using predicted next version number ....
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 6e05f3db2b..0229f4748b 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -19947,6 +19947,145 @@ qemuDomainFDAssociate(virDomainPtr domain,
+ }
+ 
+ 
++static int
++qemuConnectTmmInfoListAppend(char **format,
++                             char **infoStrList,
++                             int targetNumaNum,
++                             int *startIndex,
++                             int maxListSize)
++{
++    char *numStart;
++    char *strPtr = NULL;
++    int numaNode, index, ret = 0;
++
++    for (index = *startIndex; index < maxListSize; index++) {
++        if (strlen(infoStrList[index]) == 0)
++            break;
++
++        numStart = strstr(infoStrList[index], "node ");
++        if (!numStart)
++            return -1;
++
++        virSkipToDigit((const char **)(&numStart));
++        ret = virStrToLong_i(numStart, &numStart, 10, &numaNode);
++        if (ret < 0) {
++            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
++                           _("Failed to get current numa node"));
++            return ret;
++        }
++
++        if (numaNode == targetNumaNum) {
++            strPtr = *format;
++            *format = g_strconcat(*format, "\n", infoStrList[index], NULL);
++            free(strPtr);
++        } else {
++            break;
++        }
++    }
++
++    *startIndex = index;
++
++    return ret;
++}
++
++/*
++* The format of baseMeminfo should be:
++* available: X num nodes (1 2 3 4)
++* numa node 0 size:         XXXMi
++* numa node 0 free:         XXXMi
++* ...
++*
++* The format of slabInfo should be:
++* numa node 0 td meta_data cnt:         xxx
++* numa node 0 td meta_data free cnt:    xxx
++* ...
++*/
++static char *
++qemuConnectTmmDetailInfoFormat(char *baseMeminfo,
++                               char *slabInfo)
++{
++    int ret, i = 0, j = 0;
++    char *numStart, *numListStart, *format = NULL;
++    char **baseMeminfoSplits = g_strsplit(baseMeminfo, "\n", 0);
++    char **slabInfoSplits = g_strsplit(slabInfo, "\n", 0);
++    int numaSize, numaIndex, headNumaNode;
++    ssize_t meminfoListSize = g_strv_length(baseMeminfoSplits);
++    ssize_t slabInfoSize = g_strv_length(slabInfoSplits);
++
++    numStart = strchr(baseMeminfoSplits[i], ':');
++    numListStart = strchr(baseMeminfoSplits[i], '(');
++    if (!numStart || !numListStart)
++        goto cleanup;
++
++    virSkipToDigit((const char **)(&numStart));
++    ret = virStrToLong_i(numStart, &numStart, 10, &numaSize);
++    if (ret < 0) {
++        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
++                       _("Failed to get available numa size"));
++        goto cleanup;
++    }
++
++    format = g_strconcat(baseMeminfoSplits[i++], NULL);
++
++    virSkipToDigit((const char **)(&numListStart));
++    for (numaIndex = 0; *numListStart && numaIndex < numaSize; numaIndex++, numListStart++) {
++        ret = virStrToLong_i(numListStart, &numListStart, 10, &headNumaNode);
++        if (ret < 0) {
++            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
++                           _("Failed to get current numa node"));
++            goto cleanup;
++        }
++
++        ret = qemuConnectTmmInfoListAppend(&format, baseMeminfoSplits, headNumaNode, &i, meminfoListSize);
++        if (ret < 0)
++            goto cleanup;
++        ret = qemuConnectTmmInfoListAppend(&format, slabInfoSplits, headNumaNode, &j, slabInfoSize);
++        if (ret < 0)
++            goto cleanup;
++    }
++
++cleanup:
++    g_strfreev(baseMeminfoSplits);
++    g_strfreev(slabInfoSplits);
++    return format;
++}
++
++static char *
++qemuConnectGetTmmMemoryInfo(virConnectPtr conn G_GNUC_UNUSED,
++                            bool detail)
++{
++    int maxLen = 10 * 1024;
++    char *meminfo = NULL;
++    g_autofree char *formatInfo = NULL;
++    g_autofree char *baseMeminfo = NULL;
++    g_autofree char *slabInfo = NULL;
++    g_autofree char *buddyInfo = NULL;
++
++    if (virFileReadAll("/sys/kernel/tmm/memory_info", maxLen, &baseMeminfo) < 0)
++        goto end;
++    if (detail && virFileReadAll("/sys/kernel/tmm/slab_info", maxLen, &slabInfo) < 0)
++        goto end;
++    if (detail && virFileReadAll("/sys/kernel/tmm/buddy_info", maxLen, &buddyInfo) < 0)
++        goto end;
++
++    if (detail) {
++        if (!virStringIsEmpty(baseMeminfo) && !virStringIsEmpty(slabInfo)) {
++            formatInfo = qemuConnectTmmDetailInfoFormat(baseMeminfo, slabInfo);
++            if (formatInfo == NULL)
++                goto end;
++        } else {
++            formatInfo = g_strdup_printf(_("%s%s"), baseMeminfo, slabInfo);
++        }
++
++        meminfo = g_strdup_printf(_("%s\n%s"), formatInfo, buddyInfo);
++    } else {
++        meminfo = g_steal_pointer(&baseMeminfo);
++    }
++
++end:
++    return meminfo;
++}
++
+ static virHypervisorDriver qemuHypervisorDriver = {
+     .name = QEMU_DRIVER_NAME,
+     .connectURIProbe = qemuConnectURIProbe,
+@@ -20196,6 +20335,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
+     .domainStartDirtyRateCalc = qemuDomainStartDirtyRateCalc, /* 7.2.0 */
+     .domainSetLaunchSecurityState = qemuDomainSetLaunchSecurityState, /* 8.0.0 */
+     .domainFDAssociate = qemuDomainFDAssociate, /* 9.0.0 */
++    .connectGetTmmMemoryInfo = qemuConnectGetTmmMemoryInfo, /* 9.0.0 */
+ };
+ 
+ 
+diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
+index 7542caa952..10f343843a 100644
+--- a/src/remote/remote_daemon_dispatch.c
++++ b/src/remote/remote_daemon_dispatch.c
+@@ -7125,6 +7125,28 @@ remoteDispatchNetworkPortGetParameters(virNetServer *server G_GNUC_UNUSED,
+     return rv;
+ }
+ 
++static int
++remoteDispatchConnectGetTmmMemoryInfo(virNetServer *server G_GNUC_UNUSED,
++                                      virNetServerClient *client,
++                                      virNetMessage *msg G_GNUC_UNUSED,
++                                      struct virNetMessageError *rerr,
++                                      remote_connect_get_tmm_memory_info_args *args,
++                                      remote_connect_get_tmm_memory_info_ret *ret)
++{
++    int rv = -1;
++    char *meminfo = NULL;
++    virConnectPtr conn = remoteGetHypervisorConn(client);
++
++    if (conn && (meminfo = virConnectGetTmmMemoryInfo(conn, args->detail))) {
++        rv = 0;
++        ret->meminfo = meminfo;
++    }
++
++    if (rv < 0)
++        virNetMessageSaveError(rerr);
++
++    return rv;
++}
+ 
+ /*----- Helpers. -----*/
+ 
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index c4831db6cd..4cbf7b04de 100644
+--- a/src/remote/remote_driver.c
++++ b/src/remote/remote_driver.c
+@@ -7406,6 +7406,33 @@ remoteDomainFDAssociate(virDomainPtr domain,
+     return 0;
+ }
+ 
++static char *
++remoteConnectGetTmmMemoryInfo(virConnectPtr conn,
++                              bool detail)
++{
++    char *rv = NULL;
++    struct private_data *priv = conn->privateData;
++    remote_connect_get_tmm_memory_info_args args;
++    remote_connect_get_tmm_memory_info_ret ret;
++
++    remoteDriverLock(priv);
++
++    args.detail = detail;
++
++    memset(&ret, 0, sizeof(ret));
++
++    if (call(conn, priv, 0, REMOTE_PROC_CONNECT_GET_TMM_MEMORY_INFO,
++             (xdrproc_t)xdr_remote_connect_get_tmm_memory_info_args, (char *)&args,
++             (xdrproc_t)xdr_remote_connect_get_tmm_memory_info_ret, (char *)&ret) < 0) {
++        goto done;
++    }
++
++    rv = ret.meminfo;
++
++ done:
++    remoteDriverUnlock(priv);
++    return rv;
++}
+ 
+ /* get_nonnull_domain and get_nonnull_network turn an on-wire
+  * (name, uuid) pair into virDomainPtr or virNetworkPtr object.
+@@ -7848,6 +7875,7 @@ static virHypervisorDriver hypervisor_driver = {
+     .domainStartDirtyRateCalc = remoteDomainStartDirtyRateCalc, /* 7.2.0 */
+     .domainSetLaunchSecurityState = remoteDomainSetLaunchSecurityState, /* 8.0.0 */
+     .domainFDAssociate = remoteDomainFDAssociate, /* 9.0.0 */
++    .connectGetTmmMemoryInfo = remoteConnectGetTmmMemoryInfo, /* 9.0.0 */
+ };
+ 
+ static virNetworkDriver network_driver = {
+diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
+index e295b0acc3..6763153c43 100644
+--- a/src/remote/remote_protocol.x
++++ b/src/remote/remote_protocol.x
+@@ -3962,6 +3962,15 @@ struct remote_domain_fd_associate_args {
+     remote_nonnull_string name;
+     unsigned int flags;
+ };
++
++struct remote_connect_get_tmm_memory_info_args {
++    unsigned int detail;
++};
++
++struct remote_connect_get_tmm_memory_info_ret {
++    remote_nonnull_string meminfo;
++};
++
+ /*----- Protocol. -----*/
+ 
+ /* Define the program number, protocol version and procedure numbers here. */
+@@ -7021,5 +7030,11 @@ enum remote_procedure {
+      * @generate: both
+      * @acl: none
+      */
+-    REMOTE_PROC_NETWORK_EVENT_CALLBACK_METADATA_CHANGE = 446
++    REMOTE_PROC_NETWORK_EVENT_CALLBACK_METADATA_CHANGE = 446,
++
++    /**
++     * @generate: none
++     * @acl: connect:read
++     */
++    REMOTE_PROC_CONNECT_GET_TMM_MEMORY_INFO = 900
+ };
+diff --git a/tools/virsh-host.c b/tools/virsh-host.c
+index 6c14be865f..7fdd6aed53 100644
+--- a/tools/virsh-host.c
++++ b/tools/virsh-host.c
+@@ -1826,6 +1826,98 @@ cmdHypervisorCPUBaseline(vshControl *ctl,
+     return ret;
+ }
+ 
++/*
++ * "securememinfo" command
++ */
++static const vshCmdInfo info_tmm[] = {
++    {.name = "help",
++     .data = N_("Interaction with the tmm")
++    },
++    {.name = "desc",
++     .data = N_("Call the host kernel dev which is provided for virsh to use receiving tmm informations.")
++    },
++    {.name = NULL}
++};
++
++static const vshCmdOptDef opts_tmm[] = {
++    {.name = "dev",
++     .type = VSH_OT_DATA,
++     .flags = VSH_OFLAG_REQ,
++     .help = N_("Device name of host kernel dev")
++    },
++    {.name = "detail",
++     .type = VSH_OT_BOOL,
++     .help = N_("print detailed info if this option contained in cmd")
++    },
++    {.name = NULL}
++};
++
++static bool
++virshGetTmmMemoryInfo(vshControl *ctl,
++                      const vshCmd *cmd)
++{
++    char *tmmMemoryInfo = NULL;
++    bool detail;
++    virshControl *priv = ctl->privData;
++
++    detail = vshCommandOptBool(cmd, "detail");
++    if (!(tmmMemoryInfo = virConnectGetTmmMemoryInfo(priv->conn, (unsigned int)detail))) {
++        vshError(ctl, _("Get tmm_memory_info failed"));
++        return false;
++    }
++
++    vshPrintExtra(ctl, _("%s"), tmmMemoryInfo);
++
++    VIR_FREE(tmmMemoryInfo);
++    return true;
++}
++
++typedef bool
++(*virshTmmFunc)(vshControl *ctl,
++                const vshCmd *cmd);
++
++struct _virshTmmFuncInfo {
++    const char *devName;
++    virshTmmFunc funcPtr;
++};
++
++typedef struct _virshTmmFuncInfo virshTmmFuncInfo;
++
++static virshTmmFuncInfo virshTmmFuncMap[] = {
++    {"tmm_memory_info", virshGetTmmMemoryInfo},
++};
++
++static bool
++virshTmmRunFunc(vshControl *ctl,
++                const char *devName,
++                const vshCmd *cmd)
++{
++    int funcIndex;
++
++    for (funcIndex = 0; funcIndex < sizeof(virshTmmFuncMap) / sizeof(virshTmmFuncInfo); funcIndex++) {
++        if (strcmp(devName, virshTmmFuncMap[funcIndex].devName) == 0) {
++            virshTmmFuncMap[funcIndex].funcPtr(ctl, cmd);
++            return true;
++        }
++    }
++
++    vshError(ctl, _("Invalid dev name"));
++    return false;
++}
++
++static bool
++cmdTmm(vshControl *ctl, const vshCmd *cmd)
++{
++    const char *devName = NULL;
++
++    if (vshCommandOptStringReq(ctl, cmd, "dev", &devName) < 0)
++        return false;
++
++    if (!virshTmmRunFunc(ctl, devName, cmd))
++        return false;
++
++    return true;
++}
+ 
+ const vshCmdDef hostAndHypervisorCmds[] = {
+     {.name = "allocpages",
+@@ -1960,5 +2052,11 @@ const vshCmdDef hostAndHypervisorCmds[] = {
+      .info = info_version,
+      .flags = 0
+     },
++    {.name = "tmm",
++     .handler = cmdTmm,
++     .opts = opts_tmm,
++     .info = info_tmm,
++     .flags = 0
++    },
+     {.name = NULL}
+ };
+-- 
+2.43.5
+
diff --git a/Make-daemons-depend-on-generated-protocol.patch b/Make-daemons-depend-on-generated-protocol.patch
new file mode 100644
index 0000000..a6a294a
--- /dev/null
+++ b/Make-daemons-depend-on-generated-protocol.patch
@@ -0,0 +1,91 @@
+From 1a4f5b997284c36ddf7164d027c73edee39b4b53 Mon Sep 17 00:00:00 2001
+From: lihhua <lihuhua@huawei.com>
+Date: Sat, 24 Aug 2024 11:11:42 +0800
+Subject: [PATCH 3/3] build: Make daemons depend on generated *_protocol.[ch]
+
+---
+ po/meson.build         |  1 +
+ src/meson.build        |  6 +++++-
+ src/remote/meson.build | 15 +++++++++++----
+ 3 files changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/po/meson.build b/po/meson.build
+index a20877ad34..592b254447 100644
+--- a/po/meson.build
++++ b/po/meson.build
+@@ -20,6 +20,7 @@ potfiles_dep = [
+   access_gen_sources,
+   admin_client_generated,
+   admin_driver_generated,
++  remote_protocol_generated,
+   remote_driver_generated,
+   remote_daemon_generated,
+ ]
+diff --git a/src/meson.build b/src/meson.build
+index 6538c43628..f52d2d5994 100644
+--- a/src/meson.build
++++ b/src/meson.build
+@@ -616,7 +616,11 @@ foreach daemon : virt_daemons
+   bin = executable(
+     daemon['name'],
+     [
+-      daemon.get('sources', [ remote_daemon_sources, remote_daemon_generated ]),
++      daemon.get('sources', [
++        remote_protocol_generated,
++        remote_daemon_sources,
++        remote_daemon_generated
++      ]),
+       dtrace_gen_objects,
+     ],
+     c_args: [
+diff --git a/src/remote/meson.build b/src/remote/meson.build
+index 16b903fcaf..43bf2d0083 100644
+--- a/src/remote/meson.build
++++ b/src/remote/meson.build
+@@ -7,8 +7,6 @@ remote_driver_generated = []
+ 
+ foreach name : [ 'remote', 'qemu', 'lxc' ]
+   client_bodies_h = '@0@_client_bodies.h'.format(name)
+-  protocol_c = '@0@_protocol.c'.format(name)
+-  protocol_h = '@0@_protocol.h'.format(name)
+   protocol_x = '@0@_protocol.x'.format(name)
+ 
+   remote_driver_generated += custom_target(
+@@ -20,8 +18,16 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
+     ],
+     capture: true,
+   )
++endforeach
+ 
+-  remote_driver_generated += custom_target(
++remote_protocol_generated = []
++
++foreach name : [ 'remote', 'qemu', 'lxc' ]
++  protocol_c = '@0@_protocol.c'.format(name)
++  protocol_h = '@0@_protocol.h'.format(name)
++  protocol_x = '@0@_protocol.x'.format(name)
++
++  remote_protocol_generated += custom_target(
+     protocol_h,
+     input: protocol_x,
+     output: protocol_h,
+@@ -32,7 +38,7 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
+     ],
+   )
+ 
+-  remote_driver_generated += custom_target(
++  remote_protocol_generated += custom_target(
+     protocol_c,
+     input: protocol_x,
+     output: protocol_c,
+@@ -143,6 +149,7 @@ if conf.has('WITH_REMOTE')
+   remote_driver_lib = static_library(
+     'virt_remote_driver',
+     [
++      remote_protocol_generated,
+       remote_driver_sources,
+       remote_driver_generated,
+     ],
+-- 
+2.43.5
+
diff --git a/libvirt.spec b/libvirt.spec
index 65671f1..287c2f4 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -1,4 +1,4 @@
-%define anolis_release 7
+%define anolis_release 8
 
 %define arches_qemu_kvm         x86_64 aarch64 loongarch64
 
@@ -170,6 +170,9 @@ Patch0005: cpu-Add-new-Dharma-CPU-model.patch
 Patch0006: libvirt-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch
 Patch0007: libvirt-remote-check-for-negative-array-lengths-before-allocation.patch
 Patch0008: 100-fix-CVE-2024-4418.patch
+Patch0009: Add-cvm-parameter-into-the-type-of-LaunchSecurity.patch
+Patch0010: Add-get-tmm-memory-info-API-into-libvirt-host.patch
+Patch0011: Make-daemons-depend-on-generated-protocol.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -2149,6 +2152,9 @@ exit 0
 
 
 %changelog
+* Wed Dec 18 2024 Bin Guo <guobin@linux.alibaba.com> - 9.10.0-8
+- support the virtCCA feature
+
 * Fri Nov 01 2024 mgb01105731 <mgb01105731@alibaba-inc.com> - 9.10.0-7
 - add patch for CVE-2024-4418
 
-- 
Gitee