[PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities
It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP command query-sev-capabilities as implemented by the Qemu Patch [1] which is merged to Qemu master branch and should be available with Qemu 7.1. This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD system from AMD's Key Distribution Service (KDS). Similar to cbitpos, reducedPhysBits, maxGuests & maxESGuests; the value of cpu0-id is also provided using 'virsh domcapability'. [1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/ Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com> --- include/libvirt/libvirt-host.h | 11 +++++++++++ src/conf/domain_capabilities.c | 4 ++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 12 ++++++++++++ src/qemu/qemu_driver.c | 5 +++++ src/qemu/qemu_monitor_json.c | 6 ++++++ 6 files changed, 39 insertions(+) diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index b5cf8a4a4a..d35abbd9aa 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr; */ # define VIR_NODE_SEV_CERT_CHAIN "cert-chain" +/** + * VIR_NODE_SEV_CPU0_ID: + * + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS), + * as VIR_TYPED_PARAMS_STRING. + * + * Since: v8.3.1 + */ +# define VIR_NODE_SEV_CPU0_ID "cpu0-id" + /** * VIR_NODE_SEV_CBITPOS: * diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index c394a7a390..2a888da1a9 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -601,6 +601,10 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf, sev->max_guests); virBufferAsprintf(buf, "<maxESGuests>%d</maxESGuests>\n", sev->max_es_guests); + if (sev->cpu0_id != NULL) { + virBufferAsprintf(buf, "<cpu0Id>%s</cpu0Id>\n", + sev->cpu0_id); + } virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "</sev>\n"); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 1d2f4ac7a5..f2eed80b15 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -185,6 +185,7 @@ typedef struct _virSEVCapability virSEVCapability; struct _virSEVCapability { char *pdh; char *cert_chain; + char *cpu0_id; unsigned int cbitpos; unsigned int reduced_phys_bits; unsigned int max_guests; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b91db851bb..2d3165e74a 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1957,6 +1957,9 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, tmp->pdh = g_strdup(src->pdh); tmp->cert_chain = g_strdup(src->cert_chain); + if (src->cpu0_id != NULL) { + tmp->cpu0_id = g_strdup(src->cpu0_id); + } tmp->cbitpos = src->cbitpos; tmp->reduced_phys_bits = src->reduced_phys_bits; @@ -4693,6 +4696,11 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virBuffer *buf) virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh); virBufferEscapeString(buf, "<certChain>%s</certChain>\n", sev->cert_chain); + if (sev->cpu0_id != NULL) { + virBufferEscapeString(buf, "<cpu0Id>%s</cpu0Id>\n", + sev->cpu0_id); + } + virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "</sev>\n"); } @@ -6478,6 +6486,10 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qemuCaps, domCaps->sev->pdh = g_strdup(cap->pdh); domCaps->sev->cert_chain = g_strdup(cap->cert_chain); + if (cap->cpu0_id != NULL) { + domCaps->sev->cpu0_id = g_strdup(cap->cpu0_id); + } + domCaps->sev->cbitpos = cap->cbitpos; domCaps->sev->reduced_phys_bits = cap->reduced_phys_bits; domCaps->sev->max_guests = cap->max_guests; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ee0963c30d..464c080409 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -19861,6 +19861,11 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps, VIR_NODE_SEV_CERT_CHAIN, sev->cert_chain) < 0) goto cleanup; + if ((sev->cpu0_id != NULL) && + (virTypedParamsAddString(&sevParams, &n, &maxpar, + VIR_NODE_SEV_CPU0_ID, sev->cpu0_id) < 0)) + goto cleanup; + if (virTypedParamsAddUInt(&sevParams, &n, &maxpar, VIR_NODE_SEV_CBITPOS, sev->cbitpos) < 0) goto cleanup; diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 776f4ab2ea..9e611e93e8 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6400,6 +6400,7 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, virJSONValue *caps; const char *pdh = NULL; const char *cert_chain = NULL; + const char *cpu0_id = NULL; unsigned int cbitpos; unsigned int reduced_phys_bits; g_autoptr(virSEVCapability) capability = NULL; @@ -6457,6 +6458,11 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, capability->cert_chain = g_strdup(cert_chain); + cpu0_id = virJSONValueObjectGetString(caps, "cpu0-id"); + if (cpu0_id != NULL) { + capability->cpu0_id = g_strdup(cpu0_id); + } + capability->cbitpos = cbitpos; capability->reduced_phys_bits = reduced_phys_bits; *capabilities = g_steal_pointer(&capability); -- 2.25.1
On Wed, Apr 27, 2022 at 07:57:12PM +0000, Niteesh Dubey wrote:
It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP command query-sev-capabilities as implemented by the Qemu Patch [1] which is merged to Qemu master branch and should be available with Qemu 7.1. This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD system from AMD's Key Distribution Service (KDS).
Similar to cbitpos, reducedPhysBits, maxGuests & maxESGuests; the value of cpu0-id is also provided using 'virsh domcapability'.
[1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com> --- include/libvirt/libvirt-host.h | 11 +++++++++++ src/conf/domain_capabilities.c | 4 ++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 12 ++++++++++++ src/qemu/qemu_driver.c | 5 +++++ src/qemu/qemu_monitor_json.c | 6 ++++++ 6 files changed, 39 insertions(+)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 4/27/22 21:57, Niteesh Dubey wrote:
It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP command query-sev-capabilities as implemented by the Qemu Patch [1] which is merged to Qemu master branch and should be available with Qemu 7.1. This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD system from AMD's Key Distribution Service (KDS).
Similar to cbitpos, reducedPhysBits, maxGuests & maxESGuests; the value of cpu0-id is also provided using 'virsh domcapability'.
[1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com> --- include/libvirt/libvirt-host.h | 11 +++++++++++ src/conf/domain_capabilities.c | 4 ++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 12 ++++++++++++ src/qemu/qemu_driver.c | 5 +++++ src/qemu/qemu_monitor_json.c | 6 ++++++ 6 files changed, 39 insertions(+)
diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index b5cf8a4a4a..d35abbd9aa 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr; */ # define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
+/** + * VIR_NODE_SEV_CPU0_ID: + * + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS), + * as VIR_TYPED_PARAMS_STRING. + * + * Since: v8.3.1
The next release is 8.4.0. The micro version number is reserved for maintanance releases (e.g. when a critical bug fix is backported). But we don't really do those. Anyway, fixed this small nit and pushed. Congratulations on your first libvirt contribution! Michal
On 5/5/2022 6:30 AM, Michal Prívozník wrote:
It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP command query-sev-capabilities as implemented by the Qemu Patch [1] which is merged to Qemu master branch and should be available with Qemu 7.1. This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD system from AMD's Key Distribution Service (KDS).
Similar to cbitpos, reducedPhysBits, maxGuests & maxESGuests; the value of cpu0-id is also provided using 'virsh domcapability'.
[1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com> --- include/libvirt/libvirt-host.h | 11 +++++++++++ src/conf/domain_capabilities.c | 4 ++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 12 ++++++++++++ src/qemu/qemu_driver.c | 5 +++++ src/qemu/qemu_monitor_json.c | 6 ++++++ 6 files changed, 39 insertions(+)
diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index b5cf8a4a4a..d35abbd9aa 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr; */ # define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
+/** + * VIR_NODE_SEV_CPU0_ID: + * + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS), + * as VIR_TYPED_PARAMS_STRING. + * + * Since: v8.3.1 The next release is 8.4.0. The micro version number is reserved for
On 4/27/22 21:57, Niteesh Dubey wrote: maintanance releases (e.g. when a critical bug fix is backported). But we don't really do those.
Anyway, fixed this small nit and pushed. Congratulations on your first libvirt contribution!
Michal
Thank you! Niteesh
On Thu, May 05, 2022 at 12:30:45PM +0200, Michal Prívozník wrote:
On 4/27/22 21:57, Niteesh Dubey wrote:
It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP command query-sev-capabilities as implemented by the Qemu Patch [1] which is merged to Qemu master branch and should be available with Qemu 7.1. This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD system from AMD's Key Distribution Service (KDS).
Similar to cbitpos, reducedPhysBits, maxGuests & maxESGuests; the value of cpu0-id is also provided using 'virsh domcapability'.
[1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com> --- include/libvirt/libvirt-host.h | 11 +++++++++++ src/conf/domain_capabilities.c | 4 ++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 12 ++++++++++++ src/qemu/qemu_driver.c | 5 +++++ src/qemu/qemu_monitor_json.c | 6 ++++++ 6 files changed, 39 insertions(+)
diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index b5cf8a4a4a..d35abbd9aa 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr; */ # define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
+/** + * VIR_NODE_SEV_CPU0_ID: + * + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS), + * as VIR_TYPED_PARAMS_STRING. + * + * Since: v8.3.1
The next release is 8.4.0. The micro version number is reserved for maintanance releases (e.g. when a critical bug fix is backported). But we don't really do those.
Anyway, fixed this small nit and pushed. Congratulations on your first libvirt contribution!
Heh, good job I accidentally forgot to push it after my review, as I totally missed the version ! With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (3)
-
Daniel P. Berrangé -
Michal Prívozník -
Niteesh Dubey