qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] target/i386: sev: add 'sev-max-guests' field

From: Daniel P . Berrangé
Subject: Re: [Qemu-devel] [PATCH v2] target/i386: sev: add 'sev-max-guests' field to 'query-sev-capabilities'
Date: Fri, 12 Apr 2019 09:20:41 +0100
User-agent: Mutt/1.11.3 (2019-02-01) 
On Fri, Apr 12, 2019 at 10:05:23AM +0200, Paolo Bonzini wrote:
> On 12/04/19 09:58, Laszlo Ersek wrote:
> > On 04/12/19 01:55, Singh, Brijesh wrote:
> >> There are limited numbers of the SEV guests that can be run concurrently.
> >> A management applications may need to know this limit so that it can place
> >> SEV VMs on hosts which have suitable resources available.
> >>
> >> Currently, this limit is not exposed to the application. Add a new
> >> 'sev-max-guest' field in the query-sev-capabilities to provide this
> >> information.
> >>
> >> Cc: Paolo Bonzini <address@hidden>
> >> Cc: Markus Armbruster <address@hidden>
> >> Cc: Eric Blake <address@hidden>
> >> Cc: Daniel P. Berrangé <address@hidden>
> >> Cc: Laszlo Ersek <address@hidden>
> >> Cc: Erik Skultety <address@hidden>
> >> Cc: Tom Lendacky <address@hidden>
> >> Signed-off-by: Brijesh Singh <address@hidden>
> >> ---
> >>
> >> changes since v1:
> >>  - document the new field and add (since 4.1) annotation.
> >>
> >>  qapi/target.json  | 9 +++++++--
> >>  target/i386/sev.c | 9 +++++++--
> >>  2 files changed, 14 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/qapi/target.json b/qapi/target.json
> >> index 1d4d54b600..8cd4fc7919 100644
> >> --- a/qapi/target.json
> >> +++ b/qapi/target.json
> >> @@ -177,13 +177,17 @@
> >>  # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
> >>  #                     enabled
> >>  #
> >> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES 
> >> disabled
> >> +#                  (since 4.1)
> >> +#
> >>  # Since: 2.12
> >>  ##
> >>  { 'struct': 'SevCapability',
> >>    'data': { 'pdh': 'str',
> >>              'cert-chain': 'str',
> >>              'cbitpos': 'int',
> >> -            'reduced-phys-bits': 'int'},
> >> +            'reduced-phys-bits': 'int',
> >> +            'sev-max-guests': 'int'},
> >>    'if': 'defined(TARGET_I386)' }
> >>  
> >>  ##
> >> @@ -200,7 +204,8 @@
> >>  #
> >>  # -> { "execute": "query-sev-capabilities" }
> >>  # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
> >> -#                  "cbitpos": 47, "reduced-phys-bits": 5}}
> >> +#                  "cbitpos": 47, "reduced-phys-bits": 5,
> >> +#                  "sev-max-guests" : 15}}
> > 
> > There seems to be a superfluous space character before the colon, but I
> > don't think it matters much.
> > 
> >>  #
> >>  ##
> >>  { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
> >> diff --git a/target/i386/sev.c b/target/i386/sev.c
> >> index cd77f6b5d4..6829586fbe 100644
> >> --- a/target/i386/sev.c
> >> +++ b/target/i386/sev.c
> >> @@ -488,7 +488,7 @@ sev_get_capabilities(void)
> >>      guchar *pdh_data = NULL;
> >>      guchar *cert_chain_data = NULL;
> >>      size_t pdh_len = 0, cert_chain_len = 0;
> >> -    uint32_t ebx;
> >> +    uint32_t ebx, ecx, edx;
> >>      int fd;
> >>  
> >>      fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
> >> @@ -507,7 +507,7 @@ sev_get_capabilities(void)
> >>      cap->pdh = g_base64_encode(pdh_data, pdh_len);
> >>      cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
> >>  
> >> -    host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
> >> +    host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx);
> >>      cap->cbitpos = ebx & 0x3f;
> >>  
> >>      /*
> >> @@ -516,6 +516,11 @@ sev_get_capabilities(void)
> >>       */
> >>      cap->reduced_phys_bits = 1;
> >>  
> >> +    /*
> >> +     * The maximum number of SEV guests with SEV-ES disabled that can run
> >> +     * simultaneously.
> >> +     */
> >> +    cap->sev_max_guests = ecx - edx + 1;
> >>  out:
> >>      g_free(pdh_data);
> >>      g_free(cert_chain_data);
> >>
> > 
> > Reviewed-by: Laszlo Ersek <address@hidden>
> 
> As mentioned in v1, I don't think a management application should need
> to run QEMU in order to figure this out.

Libvirt is already running this query-sev-capabilities command to find
out information about SEV support, so from our POV this is the natural
place to report the max limits.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
reply via email to
[Prev in Thread] Current Thread [Next in Thread]