1. Patchew
  2. Libvirt
  3. View series

[PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities

Niteesh Dubey posted 1 patch 2 years ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20220427195712.3747108-1-niteesh@linux.ibm.com
include/libvirt/libvirt-host.h | 11 +++++++++++
src/conf/domain_capabilities.c |  4 ++++
src/conf/domain_capabilities.h |  1 +
src/qemu/qemu_capabilities.c   | 12 ++++++++++++
src/qemu/qemu_driver.c         |  5 +++++
src/qemu/qemu_monitor_json.c   |  6 ++++++
6 files changed, 39 insertions(+)
[PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities
Posted by Niteesh Dubey 2 years ago 
It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP
 command query-sev-capabilities as implemented by the Qemu Patch [1] which
 is merged to Qemu master branch and should be available with Qemu 7.1.
 This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD
 system from AMD's Key Distribution Service (KDS).

Similar to  cbitpos, reducedPhysBits, maxGuests & maxESGuests;
 the value of cpu0-id is also provided using 'virsh domcapability'.

[1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/

Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com>
---
 include/libvirt/libvirt-host.h | 11 +++++++++++
 src/conf/domain_capabilities.c |  4 ++++
 src/conf/domain_capabilities.h |  1 +
 src/qemu/qemu_capabilities.c   | 12 ++++++++++++
 src/qemu/qemu_driver.c         |  5 +++++
 src/qemu/qemu_monitor_json.c   |  6 ++++++
 6 files changed, 39 insertions(+)

diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index b5cf8a4a4a..d35abbd9aa 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
  */
 # define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
 
+/**
+ * VIR_NODE_SEV_CPU0_ID:
+ *
+ * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve
+ * the signed CEK of the CPU from AMD's Key Distribution Service (KDS),
+ * as VIR_TYPED_PARAMS_STRING.
+ *
+ * Since: v8.3.1
+ */
+# define VIR_NODE_SEV_CPU0_ID "cpu0-id"
+
 /**
  * VIR_NODE_SEV_CBITPOS:
  *
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index c394a7a390..2a888da1a9 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -601,6 +601,10 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
                           sev->max_guests);
         virBufferAsprintf(buf, "<maxESGuests>%d</maxESGuests>\n",
                           sev->max_es_guests);
+        if (sev->cpu0_id != NULL) {
+            virBufferAsprintf(buf, "<cpu0Id>%s</cpu0Id>\n",
+                              sev->cpu0_id);
+        }
         virBufferAdjustIndent(buf, -2);
         virBufferAddLit(buf, "</sev>\n");
     }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 1d2f4ac7a5..f2eed80b15 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -185,6 +185,7 @@ typedef struct _virSEVCapability virSEVCapability;
 struct _virSEVCapability {
     char *pdh;
     char *cert_chain;
+    char *cpu0_id;
     unsigned int cbitpos;
     unsigned int reduced_phys_bits;
     unsigned int max_guests;
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index b91db851bb..2d3165e74a 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1957,6 +1957,9 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
 
     tmp->pdh = g_strdup(src->pdh);
     tmp->cert_chain = g_strdup(src->cert_chain);
+    if (src->cpu0_id != NULL) {
+        tmp->cpu0_id = g_strdup(src->cpu0_id);
+    }
 
     tmp->cbitpos = src->cbitpos;
     tmp->reduced_phys_bits = src->reduced_phys_bits;
@@ -4693,6 +4696,11 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virBuffer *buf)
     virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh);
     virBufferEscapeString(buf, "<certChain>%s</certChain>\n",
                           sev->cert_chain);
+    if (sev->cpu0_id != NULL) {
+        virBufferEscapeString(buf, "<cpu0Id>%s</cpu0Id>\n",
+                              sev->cpu0_id);
+    }
+
     virBufferAdjustIndent(buf, -2);
     virBufferAddLit(buf, "</sev>\n");
 }
@@ -6478,6 +6486,10 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qemuCaps,
 
     domCaps->sev->pdh = g_strdup(cap->pdh);
     domCaps->sev->cert_chain = g_strdup(cap->cert_chain);
+    if (cap->cpu0_id != NULL) {
+        domCaps->sev->cpu0_id = g_strdup(cap->cpu0_id);
+    }
+
     domCaps->sev->cbitpos = cap->cbitpos;
     domCaps->sev->reduced_phys_bits = cap->reduced_phys_bits;
     domCaps->sev->max_guests = cap->max_guests;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ee0963c30d..464c080409 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19861,6 +19861,11 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
                                 VIR_NODE_SEV_CERT_CHAIN, sev->cert_chain) < 0)
         goto cleanup;
 
+    if ((sev->cpu0_id != NULL) &&
+       (virTypedParamsAddString(&sevParams, &n, &maxpar,
+                                VIR_NODE_SEV_CPU0_ID, sev->cpu0_id) < 0))
+        goto cleanup;
+
     if (virTypedParamsAddUInt(&sevParams, &n, &maxpar,
                               VIR_NODE_SEV_CBITPOS, sev->cbitpos) < 0)
         goto cleanup;
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 776f4ab2ea..9e611e93e8 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6400,6 +6400,7 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon,
     virJSONValue *caps;
     const char *pdh = NULL;
     const char *cert_chain = NULL;
+    const char *cpu0_id = NULL;
     unsigned int cbitpos;
     unsigned int reduced_phys_bits;
     g_autoptr(virSEVCapability) capability = NULL;
@@ -6457,6 +6458,11 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon,
 
     capability->cert_chain = g_strdup(cert_chain);
 
+    cpu0_id = virJSONValueObjectGetString(caps, "cpu0-id");
+    if (cpu0_id != NULL) {
+        capability->cpu0_id = g_strdup(cpu0_id);
+    }
+
     capability->cbitpos = cbitpos;
     capability->reduced_phys_bits = reduced_phys_bits;
     *capabilities = g_steal_pointer(&capability);
-- 
2.25.1
Re: [PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities
Posted by Michal Prívozník 1 year, 12 months ago 
On 4/27/22 21:57, Niteesh Dubey wrote:
> It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP
>  command query-sev-capabilities as implemented by the Qemu Patch [1] which
>  is merged to Qemu master branch and should be available with Qemu 7.1.
>  This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD
>  system from AMD's Key Distribution Service (KDS).
> 
> Similar to  cbitpos, reducedPhysBits, maxGuests & maxESGuests;
>  the value of cpu0-id is also provided using 'virsh domcapability'.
> 
> [1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
> 
> Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com>
> ---
>  include/libvirt/libvirt-host.h | 11 +++++++++++
>  src/conf/domain_capabilities.c |  4 ++++
>  src/conf/domain_capabilities.h |  1 +
>  src/qemu/qemu_capabilities.c   | 12 ++++++++++++
>  src/qemu/qemu_driver.c         |  5 +++++
>  src/qemu/qemu_monitor_json.c   |  6 ++++++
>  6 files changed, 39 insertions(+)
> 
> diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
> index b5cf8a4a4a..d35abbd9aa 100644
> --- a/include/libvirt/libvirt-host.h
> +++ b/include/libvirt/libvirt-host.h
> @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
>   */
>  # define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
>  
> +/**
> + * VIR_NODE_SEV_CPU0_ID:
> + *
> + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve
> + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS),
> + * as VIR_TYPED_PARAMS_STRING.
> + *
> + * Since: v8.3.1

The next release is 8.4.0. The micro version number is reserved for
maintanance releases (e.g. when a critical bug fix is backported). But
we don't really do those.

Anyway, fixed this small nit and pushed. Congratulations on your first
libvirt contribution!

Michal
Re: [PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities
Posted by Daniel P. Berrangé 1 year, 12 months ago 
On Thu, May 05, 2022 at 12:30:45PM +0200, Michal Prívozník wrote:
> On 4/27/22 21:57, Niteesh Dubey wrote:
> > It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP
> >  command query-sev-capabilities as implemented by the Qemu Patch [1] which
> >  is merged to Qemu master branch and should be available with Qemu 7.1.
> >  This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD
> >  system from AMD's Key Distribution Service (KDS).
> > 
> > Similar to  cbitpos, reducedPhysBits, maxGuests & maxESGuests;
> >  the value of cpu0-id is also provided using 'virsh domcapability'.
> > 
> > [1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
> > 
> > Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com>
> > ---
> >  include/libvirt/libvirt-host.h | 11 +++++++++++
> >  src/conf/domain_capabilities.c |  4 ++++
> >  src/conf/domain_capabilities.h |  1 +
> >  src/qemu/qemu_capabilities.c   | 12 ++++++++++++
> >  src/qemu/qemu_driver.c         |  5 +++++
> >  src/qemu/qemu_monitor_json.c   |  6 ++++++
> >  6 files changed, 39 insertions(+)
> > 
> > diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
> > index b5cf8a4a4a..d35abbd9aa 100644
> > --- a/include/libvirt/libvirt-host.h
> > +++ b/include/libvirt/libvirt-host.h
> > @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
> >   */
> >  # define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
> >  
> > +/**
> > + * VIR_NODE_SEV_CPU0_ID:
> > + *
> > + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve
> > + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS),
> > + * as VIR_TYPED_PARAMS_STRING.
> > + *
> > + * Since: v8.3.1
> 
> The next release is 8.4.0. The micro version number is reserved for
> maintanance releases (e.g. when a critical bug fix is backported). But
> we don't really do those.
> 
> Anyway, fixed this small nit and pushed. Congratulations on your first
> libvirt contribution!

Heh, good job I accidentally forgot to push it after my review, as
I totally missed the version !

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
Re: [PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities
Posted by Niteesh Dubey 1 year, 12 months ago 
On 5/5/2022 6:30 AM, Michal Prívozník wrote:
> On 4/27/22 21:57, Niteesh Dubey wrote:
>> It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP
>>   command query-sev-capabilities as implemented by the Qemu Patch [1] which
>>   is merged to Qemu master branch and should be available with Qemu 7.1.
>>   This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD
>>   system from AMD's Key Distribution Service (KDS).
>>
>> Similar to  cbitpos, reducedPhysBits, maxGuests & maxESGuests;
>>   the value of cpu0-id is also provided using 'virsh domcapability'.
>>
>> [1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
>>
>> Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com>
>> ---
>>   include/libvirt/libvirt-host.h | 11 +++++++++++
>>   src/conf/domain_capabilities.c |  4 ++++
>>   src/conf/domain_capabilities.h |  1 +
>>   src/qemu/qemu_capabilities.c   | 12 ++++++++++++
>>   src/qemu/qemu_driver.c         |  5 +++++
>>   src/qemu/qemu_monitor_json.c   |  6 ++++++
>>   6 files changed, 39 insertions(+)
>>
>> diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
>> index b5cf8a4a4a..d35abbd9aa 100644
>> --- a/include/libvirt/libvirt-host.h
>> +++ b/include/libvirt/libvirt-host.h
>> @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
>>    */
>>   # define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
>>   
>> +/**
>> + * VIR_NODE_SEV_CPU0_ID:
>> + *
>> + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve
>> + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS),
>> + * as VIR_TYPED_PARAMS_STRING.
>> + *
>> + * Since: v8.3.1
> The next release is 8.4.0. The micro version number is reserved for
> maintanance releases (e.g. when a critical bug fix is backported). But
> we don't really do those.
>
> Anyway, fixed this small nit and pushed. Congratulations on your first
> libvirt contribution!
>
> Michal

Thank you!

Niteesh
Re: [PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities
Posted by Daniel P. Berrangé 1 year, 12 months ago 
On Wed, Apr 27, 2022 at 07:57:12PM +0000, Niteesh Dubey wrote:
> It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP
>  command query-sev-capabilities as implemented by the Qemu Patch [1] which
>  is merged to Qemu master branch and should be available with Qemu 7.1.
>  This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD
>  system from AMD's Key Distribution Service (KDS).
> 
> Similar to  cbitpos, reducedPhysBits, maxGuests & maxESGuests;
>  the value of cpu0-id is also provided using 'virsh domcapability'.
> 
> [1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/
> 
> Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com>
> ---
>  include/libvirt/libvirt-host.h | 11 +++++++++++
>  src/conf/domain_capabilities.c |  4 ++++
>  src/conf/domain_capabilities.h |  1 +
>  src/qemu/qemu_capabilities.c   | 12 ++++++++++++
>  src/qemu/qemu_driver.c         |  5 +++++
>  src/qemu/qemu_monitor_json.c   |  6 ++++++
>  6 files changed, 39 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.