Re: [libvirt] [PATCH v8 02/11] conf: expose SEV feature in domain capabilities
On Wed, Jun 06, 2018 at 12:50:08PM -0500, Brijesh Singh wrote:
Extend hypervisor capabilities to include sev feature. When
available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like Platform Diffie-Hellman
(PDH) key and certificate chain which can be used by the guest owner to
establish a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com>
---
docs/formatdomaincaps.html.in | 30 ++++++++++++++++++++++++++
docs/schemas/domaincaps.rng | 14 ++++++++++++
src/conf/domain_capabilities.c | 19 ++++++++++++++++-
src/conf/domain_capabilities.h | 1 +
src/qemu/qemu_capabilities.c | 48 +++++++++++++++++++++++++++++++++++++++++-
5 files changed, 110 insertions(+), 2 deletions(-)
With the diff below squashed in:
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 54b0878b78..ec469bfb9a 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -614,6 +614,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps)
virDomainCapsFeatureGICFormat(&buf, &caps->gic);
virBufferAsprintf(&buf, "<vmcoreinfo
supported='%s'/>\n",
caps->vmcoreinfo ? "yes" : "no");
+
virBufferAsprintf(&buf, "<genid supported='%s'/>\n",
caps->genid ? "yes" : "no");
virDomainCapsFeatureSEVFormat(&buf, caps->sev);
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 503ed975eb..44ce12c7b9 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -5165,7 +5165,7 @@ virQEMUCapsFillDomainFeatureGICCaps(virQEMUCapsPtr qemuCaps,
* using the 'query-sev-capabilities' QMP command and stored in @qemuCaps
* and convert it to a form suitable for @domCaps.
*
- * Returns: 0 on success, <0 on failure
+ * Returns: 0 on success, -1 on failure
*/
static int
virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
@@ -5173,6 +5173,7 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
{
virSEVCapability *sev;
virSEVCapability *cap = qemuCaps->sevCapabilities;
+ int ret = -1;
if (!cap)
return 0;
@@ -5181,22 +5182,19 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
return -1;
if (VIR_STRDUP(sev->pdh, cap->pdh) < 0)
- goto out;
+ goto cleanup;
if (VIR_STRDUP(sev->cert_chain, cap->cert_chain) < 0)
- goto out;
+ goto cleanup;
sev->cbitpos = cap->cbitpos;
sev->reduced_phys_bits = cap->reduced_phys_bits;
- domCaps->sev = sev;
+ VIR_STEAL_PTR(domCaps->sev, sev);
- return 0;
-
- out:
- VIR_FREE(sev->cert_chain);
- VIR_FREE(sev->pdh);
- VIR_FREE(sev);
- return -1;
+ ret = 0;
+ cleanup:
+ virSEVCapabilitiesFree(sev);
+ return ret;
}