Re: [libvirt] [PATCH v2 1/9] qemu: provide support to query the SEV capability

On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote: > QEMU version >= 2.12 provides support for launching an encrypted VMs on > AMD x86 platform using Secure Encrypted Virtualization (SEV) feature. > This patch adds support to query the SEV capability from the qemu. > > Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com&gt; > --- > src/conf/domain_capabilities.h | 13 ++++++++ > src/qemu/qemu_capabilities.c | 43 +++++++++++++++++++++++++ > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_capspriv.h | 4 +++ > src/qemu/qemu_monitor.c | 9 ++++++ > src/qemu/qemu_monitor.h | 3 ++ > src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++++++++++++++++++++++ > src/qemu/qemu_monitor_json.h | 3 ++ > 8 files changed, 149 insertions(+) > > diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h > index fa4c1e442f57..83d04d4c8506 100644 > --- a/src/conf/domain_capabilities.h > +++ b/src/conf/domain_capabilities.h > @@ -137,6 +137,19 @@ struct _virDomainCapsCPU { > virDomainCapsCPUModelsPtr custom; > }; > > +/* > + * SEV capabilities > + */ > +typedef struct _virSEVCapability virSEVCapability; > +typedef virSEVCapability *virSEVCapabilityPtr; > +struct _virSEVCapability { > + char *pdh; > + char *cert_chain; > + int cbitpos; > + int reduced_phys_bits; If you have any reason to re-spin this patch series, lets make these two be unsigned int, since IIUC -ve values are not possible.

> > + /* no way to query -object sev-guest */ > + if (ARCH_IS_X86(qemuCaps->arch) && > + qemuCaps->version >= 2012000) { > + virQEMUCapsSet(qemuCaps, QEMU_CAPS_SEV); > + } Sigh, we really need to fix introspection of -object types one day...