6:32 p.m.
On 04/02/2018 10:18 AM, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted
VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Reviewed-by: "Daniel P. Berrangé" <berrange(a)redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com>
---
src/conf/domain_capabilities.h | 13 ++++
src/qemu/qemu_capabilities.c | 38 +++++++++++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_capspriv.h | 4 ++
src/qemu/qemu_monitor.c | 9 +++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 3 +
.../caps_2.12.0.x86_64.replies | 10 +++
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +-
10 files changed, 156 insertions(+), 1 deletion(-)
I ran the changes through coverity as a last thing to do...
....
+void
+virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
+ virSEVCapability *capabilities)
+{
+ virSEVCapability *cap = qemuCaps->sevCapabilities;
+
This hunk ...
+ if (cap) {
+ VIR_FREE(cap->pdh);
+ VIR_FREE(cap->cert_chain);
+ }
+
+ VIR_FREE(qemuCaps->sevCapabilities);
... should be a virQEMUSevCapabilitiesFree() type function which can be
called from qemuMonitorJSONGetSEVCapabilities
where the function would :
if (!cap)
return;
VIR_FREE(cap->pdh);
VIR_FREE(cap->cert_chain);
VIR_FREE(capabilities);
and the callers would need to ensure to 'overwrite' sevCapabilities with
something new or NULL.
+
+ qemuCaps->sevCapabilities = capabilities;
+}
[...]
diff --git a/src/qemu/qemu_monitor_json.c
b/src/qemu/qemu_monitor_json.c
index d80c4f1..e67f7b7 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6398,6 +6398,79 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
return ret;
}
+int
+qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
+ virSEVCapability **capabilities)
+{
+ int ret = -1;
+ virJSONValuePtr cmd;
+ virJSONValuePtr reply = NULL;
+ virJSONValuePtr caps;
+ virSEVCapability *capability = NULL;
+ const char *pdh = NULL, *cert_chain = NULL;
+ int cbitpos, reduced_phys_bits;
+
+ *capabilities = NULL;
+
+ if (!(cmd = qemuMonitorJSONMakeCommand("query-sev-capabilities",
+ NULL)))
+ return -1;
+
+ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+ goto cleanup;
+
+
+ if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+ goto cleanup;
+
+ caps = virJSONValueObjectGetObject(reply, "return");
+
+ if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0)
{
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'cbitpos' field is missing"));
+ goto cleanup;
+ }
+
+ if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits",
+ &reduced_phys_bits) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'reduced-phys-bits' field is missing"));
+ goto cleanup;
+ }
+
+ if (!(pdh = virJSONValueObjectGetString(caps, "pdh"))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'pdh' field is missing"));
+ goto cleanup;
+ }
+
+ if (!(cert_chain = virJSONValueObjectGetString(caps, "cert-chain"))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'cert-chain' field is missing"));
+ goto cleanup;
+ }
+
+ if (VIR_ALLOC(capability) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(capability->pdh, pdh) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0)
+ goto cleanup;
+
+ capability->cbitpos = cbitpos;
+ capability->reduced_phys_bits = reduced_phys_bits;
+ *capabilities = capability;
VIR_STEAL_PTR(*capabilities, capability);
+ ret = 0;
+
+ cleanup:
virQEMUSevCapabilitiesFree(capability);
John
+ virJSONValueFree(cmd);
+ virJSONValueFree(reply);
+
+ return ret;
+}
+